{"report_id":"0ee6ba2d-e87f-42e3-b1ab-46292309d0c4","version":6,"status":"done","tags":["bet365","gambling","phishing"],"date":"2026-03-03T22:32:09Z","url":{"schema":"https","addr":"bb641000.com","fqdn":"bb641000.com","domain":"bb641000.com","tld":"com"},"ip":{"addr":"20.255.200.238","port":0,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"final":{"url":{"schema":"https","addr":"bb641000.com:8989/","fqdn":"bb641000.com","domain":"bb641000.com","tld":"com"},"title":"...","dom":{"size":781509,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (10772)","md5":"e4200d57df1cbc58aebb877490f54227","sha1":"d77533d16656d3c094cef89e5676e8f196e2398e","sha256":"7069892d19260ab7cd23f1409f3d622156217b255faf0e33c71b97d04e31d806","sha512":"da8d057797c13beef5a1c13d95cb7d1888a164872bc2abe3baad1f8bdc403dacecfb979076bfc566d0f0ab1702c8d45fe10294d08b1de1e8c4ee1b1079d80837","ssdeep":"6144:cYhhdmdbdJWaG0vsDQMF71O0+uJaNLhxGt5oTrrQoc:edbdJtG0vsx71ORzGkrQoc","tlshash":"48f43c1332e5121a56b370ba4e6d378425399a87ff01cd64bc9e15d8efc1e9232e3b94","dom_hash":"domhash8a09668b16361180d932e4144989918a","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"https","addr":"bb641000.com","fqdn":"bb641000.com","domain":"bb641000.com","tld":"com"},"ip":{"addr":"20.255.200.238","port":0,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-04-07T22:32:09Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":2,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-03","alert":"Sinkholed","trigger":"bb641000.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Bet365","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Bet365 phishing","tags":["bet365","gambling","phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - Bet365","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Bet365 phishing","tags":["bet365","gambling","phishing"],"meta":null}]},"summary":[{"fqdn":"bb641000.com","ip":{"addr":"20.255.104.129","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"domain_registered":"2025-08-07","domain_rank":0,"first_seen":"2026-03-03T22:32:11.32179Z","last_seen":"2026-03-03T22:32:11.32179Z","alert_count":14,"request_count":13,"received_data":1504738,"sent_data":7214,"comment":"","tags":null,"fingerprints":[{"name":"Moment.js","description":"Moment.js is a free and open-source JavaScript library that removes the need to use the native JavaScript Date object directly.","website":"https://momentjs.com","common_platform_enumeration":"cpe:2.3:a:momentjs:moment:*:*:*:*:*:*:*:*","icon":"Moment.js.svg","categories":["JavaScript libraries"]},{"name":"jQuery:1.11.3","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"Swiper","description":"Swiper is a JavaScript library that creates modern touch sliders with hardware-accelerated transitions.","website":"https://swiperjs.com","common_platform_enumeration":"","icon":"Swiper.svg","categories":["JavaScript libraries"]},{"name":"Bootstrap","description":"Bootstrap is a free and open-source CSS framework directed at responsive, mobile-first front-end web development. It contains CSS and JavaScript-based design templates for typography, forms, buttons, navigation, and other interface components.","website":"https://getbootstrap.com","common_platform_enumeration":"cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*","icon":"Bootstrap.svg","categories":["UI frameworks"]}]},{"fqdn":"pk7k4q.pham.xin","ip":{"addr":"116.153.4.244","port":443,"asn":4837,"as":"CHINA UNICOM China169 Backbone","country":"China","country_code":"CN"},"domain_registered":"2022-10-09","domain_rank":0,"first_seen":"2026-02-11T00:13:03.978455Z","last_seen":"2026-02-27T06:46:25.689176Z","alert_count":35,"request_count":53,"received_data":2140994,"sent_data":26137,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Bet365","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Bet365 phishing","tags":["bet365","gambling","phishing"],"meta":null}]},"javascript":{"script":[{"url":{"schema":"https","addr":"pk7k4q.pham.xin/ftl/commonPage/js/websocket/CometMarathon.js","fqdn":"pk7k4q.pham.xin","domain":"pham.xin","tld":"xin"},"ip":{"addr":"116.153.4.244","port":443,"asn":4837,"as":"CHINA UNICOM China169 Backbone","country":"China","country_code":"CN"},"introduction_type":"scriptElement","is_inline":false,"md5":"466a7ed7d00986d45375c0cbffb5233c","sha1":"68845ead668e9abd29c24b491dbf97b219226c08","sha256":"7ddafae5a0a552d2d56101cdc8306403e8fb9570759d66c48b25893b409f0123","sha512":"752801557c12ee7830f1f2e55352ab9c033aff01ff79abdffaee1601c54cdfc85a2041facfc5a7e180706812be5ad08668eada116544197fd2a784bac1903ea0","ssdeep":"192:0Pf+0Sn4NyRSTTPhvygOdWuTdC3d7QPXLHOm8cSCl1Ej3m7YAPzhsoqFncJ0j:0Pf+fnwfcXSaGLj","tlshash":"9e32314b6cf75085592b32b50f9f24447239d8572605e81c7dccaae48f98b6c0b6bfb8","size":11905,"data":"","first_seen":"2023-04-05T18:30:47Z","last_seen":"2026-06-08T03:51:22.324795Z","times_seen":17453,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pk7k4q.pham.xin/ftl/commonPage/js/moment.js","fqdn":"pk7k4q.pham.xin","domain":"pham.xin","tld":"xin"},"ip":{"addr":"116.153.4.244","port":443,"asn":4837,"as":"CHINA UNICOM China169 Backbone","country":"China","country_code":"CN"},"introduction_type":"scriptElement","is_inline":false,"md5":"36c8f828395a9395549bd6e7307cb7e9","sha1":"f30a4961558e2d3d4405e7d93aa28fdb63245e78","sha256":"5d5e32fa1e06a0bc9396f349d142ad248e82086543e438c890e43f41e692db33","sha512":"40c24a9011e1bbdd98bd95b341c400bdaf48fefd953fcb407368fe3c685ac09196b55e230c03ca9890c35fe9acef2c916bed52423dc1a7b532a1db9817c03a8e","ssdeep":"1536:qOL1yBkBeb9wNoHpH7tjl2Ulwjwaj2BH3fMobEKeYEoZYiMirUw0:qOCWeH70R2BkobE+cw0","tlshash":"aeb35f5a59e31023496362294fdf2011ba388123590dee487d8da3d49f9ed7c47bafec","size":117433,"data":"","first_seen":"2023-07-29T10:21:40Z","last_seen":"2026-06-08T03:51:22.348552Z","times_seen":17488,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bb641000.com:8989/","fqdn":"bb641000.com","domain":"bb641000.com","tld":"com"},"ip":{"addr":"20.255.104.129","port":8989,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"9846b4b0c961f85e4c150bd29f4b86e1","sha1":"adf30369fc215e80b26536f1e24a1824ad3b81d5","sha256":"163a003d567f6d41f861d978c558eced69ed2b25c863055ed8171eefa350784b","sha512":"cf37c88b0608cef82c3627c952577e291343b8f63323da2dd77b34ab0500d5494bf377f85e968cb058124ff32345f184aeea9447eda67d9e887d688e2e5c81de","ssdeep":"","tlshash":"1c80000a8c0088cfac038e00803c00a23acc202a0022c2202a00a803aa00032023a0f2","size":29,"data":"","first_seen":"2023-03-07T01:14:38Z","last_seen":"2026-06-07T07:30:11.574937Z","times_seen":9745,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pk7k4q.pham.xin/ftl/commonPage/js/websocket/Comet.js","fqdn":"pk7k4q.pham.xin","domain":"pham.xin","tld":"xin"},"ip":{"addr":"116.153.4.244","port":443,"asn":4837,"as":"CHINA UNICOM China169 Backbone","country":"China","country_code":"CN"},"introduction_type":"scriptElement","is_inline":false,"md5":"1008fe6a5e1a182d7775963b85405bb2","sha1":"e174a7b08cc3cb5545af1cd33d2814e604119392","sha256":"7479f6f22194ac37dd6d3f5a579b4682ac8dcb6389fb961cf4140f3fcc707a20","sha512":"26e07821ee1e8e94c4bada028e049df7572cac06f2e8dae958baa7a011eb201a6a1d4ed0cfa15017a3f52a0cb949343de0b33ca6da7c245f763c86d5adfb0223","ssdeep":"192:4Pf+aTbLSru4NyRs8VDv1KygOdWuTyVC3d7QPXLHOm8cSCl1Ej7bY8l7YJIJvO5N:4Pf+aTbe4M2cXzsjDUfj","tlshash":"ab721e4a2cf76086552732b90f5f64543235a8172605e91c7dcca6e08f98b7c1babff8","size":17162,"data":"","first_seen":"2023-04-05T18:30:47Z","last_seen":"2026-06-07T07:30:11.494719Z","times_seen":17452,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bb641000.com:8989/","fqdn":"bb641000.com","domain":"bb641000.com","tld":"com"},"ip":{"addr":"20.255.104.129","port":8989,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"37f0336a6fe3f56c661b149ecf659efe","sha1":"9aff4163d5da3b8d760f0593c583dd8d1f6dfc14","sha256":"f33f7afadc5c318efdd57d35da2dc2aebe39fd166a61905ce37b9f7363f51c2f","sha512":"d24a42f5f1834957e5616b5f61d52db98c3351e5ab3346f1fee8e7ca6ba62dc7c51f4ae645a8dd403194e2df3f8d2ea2c3b34d371a67dde201979552033cbace","ssdeep":"","tlshash":"279004510f71113ddc305157055c13747050c13ddc1ffcd43413d57c04741300011401","size":48,"data":"","first_seen":"2023-03-07T01:14:38Z","last_seen":"2026-06-07T07:30:11.575592Z","times_seen":16886,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pk7k4q.pham.xin/ftl/commonPage/js/gui-base.js","fqdn":"pk7k4q.pham.xin","domain":"pham.xin","tld":"xin"},"ip":{"addr":"116.153.4.244","port":443,"asn":4837,"as":"CHINA UNICOM China169 Backbone","country":"China","country_code":"CN"},"introduction_type":"scriptElement","is_inline":false,"md5":"e6ce47d880d7a50ddf91b074c8572edf","sha1":"6a3657c67209136e5b544859daecf16f2d153b72","sha256":"c49e04c7ecfd07c74b58cf161ef2b58f2bc837a9091ed1ae090a33734cdaa734","sha512":"0946a1cb9d048b485dadf4056a4aa7be685a8906240a828a5ac776a4e1eae2ed5ef238bd0724da41cce33324357ba44704d34a6766430f1552630f9a17b664f4","ssdeep":"768:+lkflKVlvREcS38xHmuqrRO/5IS3oFaJX+mQdudqD9jAXImsUh8H3yALdODRG4eK:6ClKVlvREcYoHz0PszIfoALkMEY16pB","tlshash":"4353c80a72b130a106efb1b6515f460d323a6927d44ac458b97c9ae43f74f28316bf7e","size":60909,"data":"","first_seen":"2023-08-26T00:19:56Z","last_seen":"2026-06-08T03:51:22.34618Z","times_seen":16698,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bb641000.com:8989/","fqdn":"bb641000.com","domain":"bb641000.com","tld":"com"},"ip":{"addr":"20.255.104.129","port":8989,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"9750d9e7084d16026fc64f53c96baf76","sha1":"bbd915c01d7ccaaf23f8a075ee3bbc7fcdfbcca5","sha256":"79e55f8e77723d9154f74c2e94cb91b6557c9f949a3e95fb33c09f7a4146fd2f","sha512":"13486fe10fdd613d2e4583e4493f8aa09c703ad21d1c35664d6a9f7d47fbdd5acf73214dfed66a624108156cebff2114ee594f13345a4366fb4c0d8c69416e65","ssdeep":"48:9iSbBeaiKWikXIJiXZi3WWiDoi+yhivWiF/iKGikXs9iX+i3vWiDYi+fhivtikXD:39Db2kTQDm923fU23Q23O23R23Q2fO","tlshash":"9be1a3b12896b0e34314807c59be3b050e6e4f56791960e5b2bf13c8abf4e8f5963dd8","size":7225,"data":"","first_seen":"2024-07-04T06:53:07Z","last_seen":"2026-05-31T23:24:43.722211Z","times_seen":256,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bb641000.com:8989/","fqdn":"bb641000.com","domain":"bb641000.com","tld":"com"},"ip":{"addr":"20.255.104.129","port":8989,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"a2dfe7db95be9792922530c88ef88da4","sha1":"fc992fc77fdfa4abe3570569fbdc53a1c5714c0c","sha256":"d05ab645a69476e9a8ba932b58907e3d8f103bf23aedafbe3e76b27f4a22358a","sha512":"99065782830b3e3f013910fd9aa795fd6b341e7892eaec200ad05305920552798f2446dad45dd254de8185095f36af246cee24052b58f05eb17dee20d59b5abe","ssdeep":"","tlshash":"7f210e524f048a9b77cdc7195060241c6ccca06fbc94b988f6ce9ba70f5ea9e56fd083","size":1279,"data":"","first_seen":"2025-10-03T11:28:12.468736Z","last_seen":"2026-03-15T12:05:04.391268Z","times_seen":1669,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bb641000.com:8989/commonPage/lan/i18n.js?t=1772577107.22","fqdn":"bb641000.com","domain":"bb641000.com","tld":"com"},"ip":{"addr":"20.255.104.129","port":8989,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"5b4aa30de4cd6ddf77f605a51ff605b6","sha1":"c8bb1f3b03d5761eed3ea4f46ff5fecefc073a17","sha256":"cc4e7202f70eafff7b87180b00678d691be1ed192c7242e9b1de34f64131897b","sha512":"4db4f035228d5b451877534b35486af9993604b7620a1c7bb8d2daf277aef5166541a8c8be3d86c16b4dca1af28366c2ead71c739067f967096912f848bfe6f7","ssdeep":"","tlshash":"ed21fe68f6e065e32dae8aa3eda23f6f11754abd00973107537831ce017dba79c6c408","size":1310,"data":"","first_seen":"2026-03-03T22:32:15.042582Z","last_seen":"2026-03-03T22:32:15.042582Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pk7k4q.pham.xin/ftl/commonPage/js/jquery/jquery-1.11.3.min.js","fqdn":"pk7k4q.pham.xin","domain":"pham.xin","tld":"xin"},"ip":{"addr":"60.13.97.57","port":443,"asn":4837,"as":"CHINA UNICOM China169 Backbone","country":"China","country_code":"CN"},"introduction_type":"scriptElement","is_inline":false,"md5":"b091a47f6b91e26c93a848092c6f3788","sha1":"52918af2d431e73464060b35d364640c8db75606","sha256":"329ab92b9276ef4e3148f69be6b208969bebdf2db3121a589caa172453fd9f10","sha512":"ab444102be476f0104eeff79c9b596174852b4fe8cbd0b5a0279d56f106a166ec39304636e09326213de000b102ce8f517bb268a9abb2955c56ee4f18b464ea8","ssdeep":"1536:OP10iSi65U/dXXeyhzeBuG+HYE0WEeLDFoNqLTW8+S5VRZIVI6xSb8xh2ZbQnRmS:R+41ZqLTW8xRrqSb8qGH77da98Hr3","tlshash":"6893d8d9b7d67162977730b850bf510bb13a98eab80c4ca0f0a4d8e47d74a89507bf2d","size":95956,"data":"","first_seen":"2023-03-07T01:10:10Z","last_seen":"2026-06-07T07:30:11.536389Z","times_seen":18326,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bb641000.com:8989/","fqdn":"bb641000.com","domain":"bb641000.com","tld":"com"},"ip":{"addr":"20.255.104.129","port":8989,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"147846706127a78f2cd127d7ff76998e","sha1":"cefc696c4283ffcb87139b5cd16e8ea6dfa6078c","sha256":"c39427d84627fb69795948e31b96eaa4c8dc5224ece54403e13d81d715392b19","sha512":"6954c479499a9b9ae8ab650025d54b4697d56ae3e4ebc3e0d0aab9055b5982cb8ec0f799985bd7fbcf84c94cca3cbd8d74f265bf4729cde3aea8ea58cf69aedb","ssdeep":"","tlshash":"cf0199218c7940d07d5113a0236f7b0cb522463b5dc1f244722e9b617fea8af029abde","size":704,"data":"","first_seen":"2026-02-28T05:46:49.229432Z","last_seen":"2026-05-05T00:00:21.170957Z","times_seen":5,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pk7k4q.pham.xin/ftl/commonPage/js/idangerous.swiper.min.js","fqdn":"pk7k4q.pham.xin","domain":"pham.xin","tld":"xin"},"ip":{"addr":"116.153.4.244","port":443,"asn":4837,"as":"CHINA UNICOM China169 Backbone","country":"China","country_code":"CN"},"introduction_type":"scriptElement","is_inline":false,"md5":"f15409fb02c527ce1f66a2fd3c4aa0e9","sha1":"1e1e1bcc0f49e99e14ba34991cffe0745178d302","sha256":"1a1b5d3d6fbfc28abe37a668abd59494208c63c5f0b5d040cf4bbbd137f87c27","sha512":"66a384d6ad5fba862e778e24c43326a718328b6f860469fb5eb69c2687b0bbdc3c2dfa9049b0e3d5509214db1dbec4477f5c3654dc04446a505379a4300d4908","ssdeep":"768:oTFZ8CkWyYzh9MTvl7prcAgQW5ppZ+rPPWRqKDyBuq0t:cZiY9uTJuAgQW5LZ+rPPWRLt","tlshash":"5613f8c1b32031a741f3626e91fecb4271f54966aa05d4dcb5ed84c41ab489a03beff9","size":45187,"data":"","first_seen":"2023-08-15T12:01:05Z","last_seen":"2026-06-07T07:30:11.533498Z","times_seen":17303,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bb641000.com:8989/","fqdn":"bb641000.com","domain":"bb641000.com","tld":"com"},"ip":{"addr":"20.255.104.129","port":8989,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"a2dfe7db95be9792922530c88ef88da4","sha1":"fc992fc77fdfa4abe3570569fbdc53a1c5714c0c","sha256":"d05ab645a69476e9a8ba932b58907e3d8f103bf23aedafbe3e76b27f4a22358a","sha512":"99065782830b3e3f013910fd9aa795fd6b341e7892eaec200ad05305920552798f2446dad45dd254de8185095f36af246cee24052b58f05eb17dee20d59b5abe","ssdeep":"","tlshash":"7f210e524f048a9b77cdc7195060241c6ccca06fbc94b988f6ce9ba70f5ea9e56fd083","size":1279,"data":"","first_seen":"2025-10-03T11:28:12.468736Z","last_seen":"2026-03-15T12:05:04.391268Z","times_seen":1669,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bb641000.com:8989/","fqdn":"bb641000.com","domain":"bb641000.com","tld":"com"},"ip":{"addr":"20.255.104.129","port":8989,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"d650838a4ef14d94b4c8e6a18e291432","sha1":"070651ae4c71e81c0f67969fa127d295919d3827","sha256":"38f389675dedb96078e4f72478eadc8cb960385c4483ad4c177fc25473b8e23b","sha512":"fabb57636400bd4f2d0f2550aa1896b7a913ecd7fd2dd762af5bc2b6191521503bca7607a0ec7ee3494747117a0913d621f1660a636cbc3d0180ce04f42e0bbf","ssdeep":"384:2F05MtGUz1xrijAMr1uIzZdHMl3PEkdn69oz1R0f6Iem:2KytGUOjAMr1uIzLuF6e1A6Iem","tlshash":"acd241cc57b20c60e993b43be54b1e1c31285c979a8aa4bffd8c25708f84d6512e59fe","size":29844,"data":"","first_seen":"2026-03-03T22:32:15.06252Z","last_seen":"2026-03-14T12:18:18.017887Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bb641000.com:8989/","fqdn":"bb641000.com","domain":"bb641000.com","tld":"com"},"ip":{"addr":"20.255.104.129","port":8989,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"ab8b1bcffc72e505e0f37f693d6a87a5","sha1":"849c792d84445ff1cc946c4458255dce152a68da","sha256":"36e8c37b1055713547aa080372b86615e1f9858d3f632cb0f949e05247f8e607","sha512":"cb717ce8dccbd48d7b8ac79f8018ff327637fce9ef4441b832a9ba7af57cfae5e476170ec2490374e8026a0b6a6a265399d4ad2801ebdb37b7a0092d8f9331a3","ssdeep":"192:1BDi+KreB5FlJ7KRn8rVavN3nryOcCxiAcJGw/d2mi7yn:TTKCBRhKRn6YEDdV","tlshash":"ec42c8a821fe392301d371394f1e6a072532599bc396ad013e5e8b884fe977c46b36c7","size":12737,"data":"","first_seen":"2024-06-28T11:39:26Z","last_seen":"2026-06-07T07:30:11.579799Z","times_seen":12672,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bb641000.com:8989/","fqdn":"bb641000.com","domain":"bb641000.com","tld":"com"},"ip":{"addr":"20.255.104.129","port":8989,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"6681856885ee92601b7711c11d19553f","sha1":"95ab4437869df8c790cad28e0753a4c9ea362e73","sha256":"ce52fd46b2a5cfd741a2f0c39bc2d5218271b5690bdf8ec33af94f1062e98d23","sha512":"5f2a2fe1e899778e0687301ff306fd8c35b869c0675f726653be98393da31fedc388b4d3ed25d7075a0da69656458fc929bb00daf92e1381e19bb49764bea4b5","ssdeep":"192:dvbLsKRfG3Ncq2w30CowkzcDC/L04alCUM:d93d3","tlshash":"1722cb08f1bb1da540b3203c1faff082ae64564b9d89cd02bc4d59c45f09aede971f9a","size":10725,"data":"","first_seen":"2023-04-05T18:30:47Z","last_seen":"2026-06-07T07:30:11.580464Z","times_seen":17284,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pk7k4q.pham.xin/ftl/commonPage/js/websocket/PopUp.js","fqdn":"pk7k4q.pham.xin","domain":"pham.xin","tld":"xin"},"ip":{"addr":"116.153.4.244","port":443,"asn":4837,"as":"CHINA UNICOM China169 Backbone","country":"China","country_code":"CN"},"introduction_type":"scriptElement","is_inline":false,"md5":"07864ad2e2759d53f8f2f14dd4295bd9","sha1":"95144219e2eb702c4c4a707c3622b086876cf41c","sha256":"871bf30791bb89605b61cea815c3786246274b65ede3b8a8b8c2dd9244cfa89d","sha512":"f469d0f23c75e918d55e076d72481fca7043ac5eff9025aaac1f26860d080e4fc3c5d28f8f9ee1dae80719aca2b83f39ea82a129c221980bd7d63c212bacc119","ssdeep":"","tlshash":"9041ae54baf359a12c9b71f3aaaf30413160f2479505ed017d0cb9945f1d228b2cf7e9","size":2088,"data":"","first_seen":"2023-03-07T01:14:38Z","last_seen":"2026-06-08T03:51:22.33842Z","times_seen":17520,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bb641000.com:8989/message_zh_CN.js?v=1771834111856","fqdn":"bb641000.com","domain":"bb641000.com","tld":"com"},"ip":{"addr":"20.255.104.129","port":8989,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"6f122062201cd2cedac9761f4c46b2a3","sha1":"5bced4febcad095851dd9d0dc4438d8e96aa8715","sha256":"96e43037ced41b7e8dfe16f604a02f6093aa1b65e9f349ea697e486e29bcd814","sha512":"b9cfd2e598fe9a778bea162e5180ca88bf01d2c02cceaeb27304e827fd0814662733d0df3ed07e2f3d5d0c34fea3f0e25b277d75fdc1a4de20c41eb169d225c0","ssdeep":"384:vTrBmS53qEviCysRI/2aTvfyxtvgfG+S7MjRBQP1RODaP5YnRn21IRBGN9Jaqxk7:IIy92nyfB+vODR01IRBG3JpfsIU","tlshash":"38e23ba604bedffb581615d6d44700c921d96b895afc7928bed0ee1e1b863c604f3387","size":32151,"data":"","first_seen":"2026-01-15T08:15:21.591485Z","last_seen":"2026-06-08T10:38:12.609811Z","times_seen":6850,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bb641000.com:8989/","fqdn":"bb641000.com","domain":"bb641000.com","tld":"com"},"ip":{"addr":"20.255.104.129","port":8989,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"d15a9b513acdcf3e9b08901384511565","sha1":"f1fe72392137895e4952f835c0330f76aacfecdf","sha256":"9fa644edfd9af9be6b244016e8f4f0eaee414732edc6ba3641e8647253359995","sha512":"9bb3e57667fd095c42db5514ac18c9b41baf50b81ded3ff810486ce394e1034751a941fefdb4e0e09bb98613b5dfc0a842d37cd9802671928e5f49380b9eda29","ssdeep":"","tlshash":"b071013cf4fa2228282b6085779b2821a5915427144dfd0cbb1ff3389fe9d25ee566c7","size":3647,"data":"","first_seen":"2023-04-05T18:30:47Z","last_seen":"2026-06-07T07:30:11.581264Z","times_seen":17277,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bb641000.com:8989/","fqdn":"bb641000.com","domain":"bb641000.com","tld":"com"},"ip":{"addr":"20.255.104.129","port":8989,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"cede9f5a46e9217858cca9ec5be51ba0","sha1":"5cba76c169f3d455f684159d098e631e9de88416","sha256":"ba35e4a0c0ba207a9c47208ecf3e0a4a2159264af05306b05c64dc718a94da78","sha512":"1c64ca8da54016e57aaa2ebca5c1bf1b4635dd2461f31c62682b662a7c3e3d1cbd105b3efdb293137990d67789fe52843c2769a0c9aeb394e4c001c2b7c52bd5","ssdeep":"384:5ijAMr1uI3+GhcqJmYcIyaFIy/BIyv3IyPlpK:gjAMr1uI3+GW5IXIaIqIYpK","tlshash":"6be2608c63b20c54ed933437e65b274cb0a85c57998ae8b8fd8d51604fc4d5922e2bef","size":32275,"data":"","first_seen":"2026-03-03T22:32:15.065373Z","last_seen":"2026-03-14T12:18:18.020985Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bb641000.com:8989/","fqdn":"bb641000.com","domain":"bb641000.com","tld":"com"},"ip":{"addr":"20.255.104.129","port":8989,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"9f5bce1aa50f72fd0834901c70db4f43","sha1":"41771079bee5eb45539e694a5eff580732ab26b0","sha256":"a50724b65a2657f6e67adbf98a3dd135de52b4786350f0b1bd142adff38c7ffd","sha512":"d1445eef1431e8e11779bb3aa9da243cfc04ea0abe4cb9a62b6b0f5940a9ea17ad7d0926a51925feb06ce2afc435ce9050c3955ce973407eebfa4dd1d0ca35af","ssdeep":"192:cyzyMkzf77qsBQXbhG1SUnqpT7H8DvswVAJ4jy7j3vU4P8eaoCrHoQcasI4kHwCW:mMkjq0TqEVAJ184P4DiQzR0KmgqQ2N","tlshash":"599210b876f701b24c667477875a2144e100f0ebb648ee087d4e56dc4fa8a34b3a6fd5","size":19701,"data":"","first_seen":"2023-04-05T18:30:47Z","last_seen":"2026-06-07T07:30:11.582699Z","times_seen":17251,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bb641000.com:8989/","fqdn":"bb641000.com","domain":"bb641000.com","tld":"com"},"ip":{"addr":"20.255.104.129","port":8989,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"edaddb8132e9e0880252c5b6c47bf1c1","sha1":"dc08b5b6ca432b46cca94f1f297491e1b08736ea","sha256":"b98809417c0240085bf70f2a1127f0b622c1514651737e7e4ffac4b39e4da17e","sha512":"00dbcc0a7b89e5e377bc26573fa3b9f1d09267044b3ee1c594e22522f8a17733bf041ebfa09ddb2e70a9f495437933f8a4e42875a16a3221067bf1df558c090b","ssdeep":"","tlshash":"da4000000000000000000000000000000000000300000000300000000f000000000000","size":6,"data":"","first_seen":"2023-03-07T01:14:38Z","last_seen":"2026-06-07T07:30:11.58353Z","times_seen":20356,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bb641000.com:8989/","fqdn":"bb641000.com","domain":"bb641000.com","tld":"com"},"ip":{"addr":"20.255.104.129","port":8989,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"9f1681b5a72417b33c2869aab85af152","sha1":"b40a6d9c6d058c2bd6e126a1b0191182926b9d04","sha256":"eabdfd0c5237f406e0acbef879968e72e5e3d62dd8e8b6bcee48e5ab7f4d0154","sha512":"d9190153595e85b071dbf1c92212e7c30a5de2e1d6c4533558bb5f4235d6227c327751799ce20fa50a875a4ceb25227f4eb7d133c3257d8770c1131117d8bda4","ssdeep":"","tlshash":"1631d8d2f3cd01fd42099504248620d9b11dc2394219d48efa9d3c8e73d696e232f32f","size":1761,"data":"","first_seen":"2023-04-05T18:30:47Z","last_seen":"2026-06-07T07:30:11.584253Z","times_seen":17228,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bb641000.com:8989/","fqdn":"bb641000.com","domain":"bb641000.com","tld":"com"},"ip":{"addr":"20.255.104.129","port":8989,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"9c3f7d9e5de3b764c32a679ad06ae3db","sha1":"9ab260e36b46c6ca6f58066ee914f3826d86a37f","sha256":"fefe9a763127c0f92edfe95be1000aeed2eda7690482769c90dc9488dbe5d33a","sha512":"1517bde6929159474692270e256f6021611365d30618b57d1fd325e7170bc7540bac8500e1ccd438d2a3d5f3b6cf1456ba39560d5cbc685f4b56b4c2b4126ad3","ssdeep":"","tlshash":"0e51462618e8c076a31b639d0b9f1141b53c750bc3ac8d357d0d5b758fe451452dabdd","size":2561,"data":"","first_seen":"2023-11-23T15:36:17Z","last_seen":"2026-06-07T07:30:11.584941Z","times_seen":15235,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bb641000.com:8989/","fqdn":"bb641000.com","domain":"bb641000.com","tld":"com"},"ip":{"addr":"20.255.104.129","port":8989,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"525f21f50515ead4f047d9e1b03a50b4","sha1":"0568f65ce0ec5d94977ed8fda0f4dcb182a5f882","sha256":"37db399eb7310f79581ca7ad6f1a66dd8e4ca1e409b4c96f236e431de3b4ab30","sha512":"7b0f752e20b6b553dfa8559f308ba7d48db8eb991c79cf547732045c6a812261c42335480d4057659fe381e081ba0ebf87dfa3ddae241d2fb3186b4f9955968c","ssdeep":"768:cHHmhEOPRtPvJdcz4nPWVCKJV+3/svMIR0Kd3gYeLLvcOvBea/u+IaAVbaa1aTKg:C3LqqjIIa4aTuUwlo8/J0vwr90AIC8","tlshash":"a0c3c71c75e712a664b330791baf31007072941b690ddd04bd5dbac06f98a3da3b6bee","size":127155,"data":"","first_seen":"2026-02-28T05:46:49.236243Z","last_seen":"2026-03-14T12:18:18.026169Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pk7k4q.pham.xin/ftl/commonPage/js/jquery/jquery-1.11.3.min.js","fqdn":"pk7k4q.pham.xin","domain":"pham.xin","tld":"xin"},"ip":{"addr":"60.13.97.57","port":443,"asn":4837,"as":"CHINA UNICOM China169 Backbone","country":"China","country_code":"CN"},"introduction_type":"scriptElement","is_inline":false,"md5":"b091a47f6b91e26c93a848092c6f3788","sha1":"52918af2d431e73464060b35d364640c8db75606","sha256":"329ab92b9276ef4e3148f69be6b208969bebdf2db3121a589caa172453fd9f10","sha512":"ab444102be476f0104eeff79c9b596174852b4fe8cbd0b5a0279d56f106a166ec39304636e09326213de000b102ce8f517bb268a9abb2955c56ee4f18b464ea8","ssdeep":"1536:OP10iSi65U/dXXeyhzeBuG+HYE0WEeLDFoNqLTW8+S5VRZIVI6xSb8xh2ZbQnRmS:R+41ZqLTW8xRrqSb8qGH77da98Hr3","tlshash":"6893d8d9b7d67162977730b850bf510bb13a98eab80c4ca0f0a4d8e47d74a89507bf2d","size":95956,"data":"","first_seen":"2023-03-07T01:10:10Z","last_seen":"2026-06-07T07:30:11.536389Z","times_seen":18326,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pk7k4q.pham.xin/ftl/commonPage/js/lazyload.js","fqdn":"pk7k4q.pham.xin","domain":"pham.xin","tld":"xin"},"ip":{"addr":"116.153.4.244","port":443,"asn":4837,"as":"CHINA UNICOM China169 Backbone","country":"China","country_code":"CN"},"introduction_type":"scriptElement","is_inline":false,"md5":"d87854586672bff7f886a47da85da5ed","sha1":"8d0537030dc7a81ade87a41a75fd5a75e4e33da1","sha256":"17859187f895c27de8869fb6bfec579fd68c4588d0af71d08d334be92d144ada","sha512":"d8c3e724f00bcf1ebfe1f8e96dda01243cf22aef18a0fc5a25a42d84458ff58a22a316dabf1d80d1b4f4c28db79edbdf9ba19df755d72f2b0b9f64497137672f","ssdeep":"192:Cdr+EgBD7NiM7B1wV20jSCQrF/bcbe7/bgdCx4RTsmS3KDsS3CggvBSChKRJ0Suk:Cdr+JBDYpV20Ez+obgdsm3ROCJIqSJvG","tlshash":"304200483deb51aba1d3b0f89a5f11447235810b160eee253d6c9395af6093932f2ff9","size":12053,"data":"","first_seen":"2023-08-15T12:01:05Z","last_seen":"2026-06-08T03:51:22.325701Z","times_seen":17244,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pk7k4q.pham.xin/ftl/commonPage/js/jquery/jquery.nicescroll.min.js","fqdn":"pk7k4q.pham.xin","domain":"pham.xin","tld":"xin"},"ip":{"addr":"116.153.4.244","port":443,"asn":4837,"as":"CHINA UNICOM China169 Backbone","country":"China","country_code":"CN"},"introduction_type":"scriptElement","is_inline":false,"md5":"b5bc8cd626b389bde727a91e6ce79436","sha1":"3df6c39300ac286cf596b3bda273cb39ff825429","sha256":"a1eb48eeb3b3f2ba41940d3041464f0b386b7a7c4a8acb42f3017e691f4b116e","sha512":"2c1dde58ce83d9b716919dfc42602aef3022be012b3f92e61b17b674303ecbf0b9d308064b6d6c2443cf3e3dfd36bfb332eab62e64b56bef0be801e6f4610f12","ssdeep":"768:CwJl9VwAdGuMbJVAOi9ee9RjOEe1sdMv5rjITry:Cxb7AdRjOEKhHay","tlshash":"9553a7cd7522346b05de5235d18b4b4a623a9857730b90e4762c8cf46d29bbaf223f7c","size":64651,"data":"","first_seen":"2023-03-07T01:14:38Z","last_seen":"2026-06-08T03:51:22.348002Z","times_seen":17630,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pk7k4q.pham.xin/061410/rcenter/common/js/gamebox/common/jquery.validate.extend.msites.js","fqdn":"pk7k4q.pham.xin","domain":"pham.xin","tld":"xin"},"ip":{"addr":"116.153.4.244","port":443,"asn":4837,"as":"CHINA UNICOM China169 Backbone","country":"China","country_code":"CN"},"introduction_type":"scriptElement","is_inline":false,"md5":"4fe7dadf050dad2dcfd386d21b880281","sha1":"07e7feb8dc9309fe66d86d7a9e27f8efd32ab0bd","sha256":"aa891aafe8e98e1e15d81b2b116e6c3808d0bbbec56cd24818e2e7ac911877c9","sha512":"9da40e5132ece9fe346f27aa467b2496545c84197131c633e5b1ff1f641ece723440ec0289e82d7948b85bcd901b9e3eb6e36f8e0339ae05e4a32621e895accf","ssdeep":"384:yC+tJn9Dbvbf1P3QSBxDrdiewZnnoTW39if+04xSlR4nbiamdrjNfrzInGINYlor:NWJnlN3QSBxDMewZnnoTW39L0MSR4biK","tlshash":"a762954d3a9514bb4adf31b770ab204f767e8800852c91c4bdbca0d166b5ee072e7e6d","size":14857,"data":"","first_seen":"2023-03-07T01:14:38Z","last_seen":"2026-06-08T03:51:22.328454Z","times_seen":17500,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bb641000.com:8989/","fqdn":"bb641000.com","domain":"bb641000.com","tld":"com"},"ip":{"addr":"20.255.104.129","port":8989,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"479c01001c455527cf2aafec087accad","sha1":"230c5d853a00977d890c25cb56b5a07c5e0acd0e","sha256":"0ad2a7081ff475ce3a2068fe69547248166c0fd39f26fbf03f2ac5db073a16cf","sha512":"ebedabe18db451b91ae6cfe4a55712d0401a1cd5545a5b9344edcbb68c7cb678a1a8a6efc20f101d99e8cc094a060bb32deccf9e694a837ee17a8f8585bd43c6","ssdeep":"","tlshash":"1f21233e1c17a1b52ef7046a9b7bd5a63af2051b2442e400bc8cd8193f14fc11c25bde","size":1389,"data":"","first_seen":"2023-08-21T11:10:45Z","last_seen":"2026-06-07T07:30:11.586469Z","times_seen":16887,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bb641000.com:8989/","fqdn":"bb641000.com","domain":"bb641000.com","tld":"com"},"ip":{"addr":"20.255.104.129","port":8989,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"7932637ac9b0a1125acfaeffa837b6af","sha1":"01107a42cef642f68e70ef30502ecb6c0de6a0d6","sha256":"f938651bd7efeb3c523dcca3df1c9a0cc63b12f604816c8e49636fda5b1b1c7e","sha512":"6ee9dd22796803d3a44aaf8a59219dc077e2cf7ebe2b58efe545c7f08028496e595fbea31d2990cc0f210054f6cd91055326484acd544aa29889712c2c050f57","ssdeep":"","tlshash":"bc71315e7559bc949bd3202a4a7f1008727b486f2928c850fa5dcc50af5cf0f2362b9f","size":3486,"data":"","first_seen":"2023-10-24T11:42:08Z","last_seen":"2026-06-07T07:30:11.58824Z","times_seen":15967,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bb641000.com:8989/","fqdn":"bb641000.com","domain":"bb641000.com","tld":"com"},"ip":{"addr":"20.255.104.129","port":8989,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"dd4934ec50598a49950c57836d268ba9","sha1":"9830d9f40b0baf411ea1e7b7a4b65675cf35ae04","sha256":"89e8ae92a48e530a676704a7858edcc65fdd1488e39280ba8da4cb80dc5729d5","sha512":"1b7e75147ff199dc7900be58df3ab41039a70322ab2db2d697238b166447a915cefafb3e1cc17377a7ecfc08b641fd9ab51351f060abb405ceed36ee1e5b1b9c","ssdeep":"","tlshash":"c641df0d25ee1008d01729a9fbbbf50c632994272ca4ed08b50dd2154f6ed7ed2b9a9f","size":2036,"data":"","first_seen":"2023-11-22T16:18:01Z","last_seen":"2026-06-07T07:30:11.5897Z","times_seen":15182,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bb641000.com:8989/","fqdn":"bb641000.com","domain":"bb641000.com","tld":"com"},"ip":{"addr":"20.255.104.129","port":8989,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"introduction_type":"Function","is_inline":false,"md5":"cf0aad09d2e7287c48d72501c4ed8cbd","sha1":"7950b8c00d5a278b662dbccd11af31398a408e51","sha256":"72512199b29d971b5fe854b1f610604dcbdec2c38666c106f1d15863e0df32db","sha512":"2c1680bded9b22be2e6c38d76e46ef67bd438c6c9d99c804f9dcb77ca30bd5aa6f090c89a51205cc7efb466040a171eaa318ffe6fdf046c924394ce7867218f7","ssdeep":"","tlshash":"75d02b4472e3280c08f22b214cde250508a271b610484d08b10ce9d64bb5522b97773c","size":278,"data":"","first_seen":"2023-04-14T20:29:13Z","last_seen":"2026-06-07T07:30:11.57416Z","times_seen":13043,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pk7k4q.pham.xin/ftl/commonPage/js/bootstrap-dialog.min.js","fqdn":"pk7k4q.pham.xin","domain":"pham.xin","tld":"xin"},"ip":{"addr":"116.153.4.244","port":443,"asn":4837,"as":"CHINA UNICOM China169 Backbone","country":"China","country_code":"CN"},"introduction_type":"scriptElement","is_inline":false,"md5":"5ce8851dc823429a42ab6147554403cc","sha1":"28f381f0e0aa4f5d56690e65723bd97fb59a38e6","sha256":"dd1edf5e54071903c4c1e81e33636444899d645df6b18bad22249da07f91c811","sha512":"f42a4d48c666d9c78fcb6c6061141452899085c504bf15e23749611dda00b6913e75ebbe47ca436a2ed016175d0918f193e474f13974a2f6a5304e18909a87ee","ssdeep":"384:3ai3F3N3VKUINthDa7Vnq86z3JCDKSz1m0hMtkJI2Cg0WEUOv5Dq:T3l3INthDu1YCDKS5flC9m1","tlshash":"6a9261ccb2d9b54c47abe072143f200df03a996951496119bc79e9ebecf060aa077f79","size":20132,"data":"","first_seen":"2023-03-07T01:14:38Z","last_seen":"2026-06-08T03:51:22.346942Z","times_seen":17554,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pk7k4q.pham.xin/ftl/commonPage/js/layer.js","fqdn":"pk7k4q.pham.xin","domain":"pham.xin","tld":"xin"},"ip":{"addr":"116.153.4.244","port":443,"asn":4837,"as":"CHINA UNICOM China169 Backbone","country":"China","country_code":"CN"},"introduction_type":"scriptElement","is_inline":false,"md5":"cb96339625e9d456e32f86cdb3c7a7a1","sha1":"1301165c58bbb13c542cba493b7ab5774e87e31f","sha256":"17fb047ba6828fcbdf2ca226fa4594cfded2b2fdfeaff89a5bd81c7cf0359919","sha512":"53083bf4d6d450b1e9402c3f3dc40fb3434a27d47fbabee51f4ce1d3577f2a0aabe90cf5f6dfc22830a3878ec7552a6bf6bff605c82a4f832c79f34f7657ccef","ssdeep":"384:r1dCih92A3DgrLXSt/SdMrXqE6tGLxzAOTElH0jjhtjfs8:r1YiV3D+WtXItqF13k8","tlshash":"6aa2b76a754034976323906ad11fba0b31f21d24d7078128f22bb4ae1dbcd95a2b7f5f","size":21994,"data":"","first_seen":"2023-04-05T18:30:47Z","last_seen":"2026-06-08T03:51:22.32075Z","times_seen":17442,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pk7k4q.pham.xin/061410/rcenter/common/js/jquery/plugins/jquery.validate/jquery.validate.js","fqdn":"pk7k4q.pham.xin","domain":"pham.xin","tld":"xin"},"ip":{"addr":"60.13.97.57","port":443,"asn":4837,"as":"CHINA UNICOM China169 Backbone","country":"China","country_code":"CN"},"introduction_type":"scriptElement","is_inline":false,"md5":"9c41709c2b64126b909c101a27f39153","sha1":"4ab666b36c092577acb41390ad90e96d5fea7711","sha256":"c1963697eeafb63b6c29e95da2d38d91dd907ab656e130e6e1c34d1dcd149f60","sha512":"f235dccead15199e58495c6faee849c50252b9beed29a04ae46a7a9bdbccfd569a8ab452e7fcf923b7048dfda0c3d7bd51261874642d40e994d1640ca89e330e","ssdeep":"768:u4ygd0iB6d9zYDO5qYT8fwTW3Jny+XiKZNtrt2tG:NB0iB6d9zYDO5qYTMwTW3Jny+jrP","tlshash":"e6c2b7093585102f4ecf30fbb897524f72ba95a45019a069b5fca4d1bef9f8530a6f38","size":27822,"data":"","first_seen":"2023-04-05T18:30:47Z","last_seen":"2026-06-08T03:51:22.340504Z","times_seen":17430,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bb641000.com:8989/","fqdn":"bb641000.com","domain":"bb641000.com","tld":"com"},"ip":{"addr":"20.255.104.129","port":8989,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"d1880ce6f7e86a563b54412066416edc","sha1":"379f66a5c76c995e8255b0f825f2d2ef05d3ab74","sha256":"dadb28dfc6a383dc589a4c01a6db796fab7be6c40b7f7d413a189394ecac0bf1","sha512":"c5764f5080dc814bc985f6c4b26e18684cfe09bd3bb2dadb92e45500f82f583561e31d4b722d43628a014f5bb0c4f97019f91dbf0432d38909e7468e86e2bc49","ssdeep":"","tlshash":"70312f221117907787f2fb12a27f2406c80f878a953c99ee739f9070bb014fd71aaa4d","size":1827,"data":"","first_seen":"2024-07-12T23:08:52Z","last_seen":"2026-06-07T07:30:11.591126Z","times_seen":12357,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bb641000.com:8989/","fqdn":"bb641000.com","domain":"bb641000.com","tld":"com"},"ip":{"addr":"20.255.104.129","port":8989,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"e6ea297058f6d52d83390d9ea7f914aa","sha1":"349df987c3c4c50687d993b31f83cfea7f796730","sha256":"2f21ca2376a9112f70c12ecc46d75ff792b067f5edceae5ea06011c13cf14e56","sha512":"80999dd48f3db744a7cc59dc9cec9303b35216f65d2711891705dbc5dcfb34a18c5c015a2615573aaf59315882c5724ab5dc0e218e8f9cfa2579c4ef37d81cc5","ssdeep":"96:Ge2n8LmEhLzcRXKBxap3cSubfC7WjnM9LidafQa+X9MhsvVQCi:D2n8LmEhAXKfapMSu7C7w2WX988QCi","tlshash":"e0c10e4e72e120b199a7a52c929f901024725403080fdd1dbe4d93a4df89d7fb6ba3ef","size":6025,"data":"","first_seen":"2023-08-02T04:42:13Z","last_seen":"2026-06-07T07:30:11.592514Z","times_seen":17147,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pk7k4q.pham.xin/ftl/commonPage/js/jquery/jquery.super-marquee.js","fqdn":"pk7k4q.pham.xin","domain":"pham.xin","tld":"xin"},"ip":{"addr":"116.153.4.244","port":443,"asn":4837,"as":"CHINA UNICOM China169 Backbone","country":"China","country_code":"CN"},"introduction_type":"scriptElement","is_inline":false,"md5":"f77d83590bc0a69298f2fbcc5d9911cd","sha1":"1d6aa25d7052f53ad0181385e5efe72f224bbdb9","sha256":"1d042b9441e860ddcc01b9e9e5e8d354121ee0e31b47f6e18a321e2e633d22e7","sha512":"a39dc6c01df32c8f72842af346f4d67e1278d37a74a0541537b8274b421bcfbc547a2f4844f3c4b6c5cdda4c78f0a8f41171c87ffd149ab52526a95bc6c5bf61","ssdeep":"96:nwzrUsI9/8w/ISEgOGXFRNcrc8PQjc3Pb:+rUsk88OnJQA3D","tlshash":"2991252d7290f5d559cf3c3be02b0b050c785123a54e00927a65def279ba379a607e1f","size":4433,"data":"","first_seen":"2023-03-07T01:14:38Z","last_seen":"2026-06-08T03:51:22.3474Z","times_seen":17508,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pk7k4q.pham.xin/061410/rcenter/common/static/js/gb.validation.min.js?v=1771834111856","fqdn":"pk7k4q.pham.xin","domain":"pham.xin","tld":"xin"},"ip":{"addr":"116.153.4.244","port":443,"asn":4837,"as":"CHINA UNICOM China169 Backbone","country":"China","country_code":"CN"},"introduction_type":"scriptElement","is_inline":false,"md5":"a55780dc13cbf1a8d375f14ebb659cf2","sha1":"9548cc269bcde0dc48e166fa6bab37af8a649e57","sha256":"35d147a863ab8828e073ca1ae89d476a9cede797c410ac555597c1f442452cc8","sha512":"3514366118d038da9131739e4557dc5fd92b8b7d3a27af00a7c2d8f4cfd49f4932991cba899fcc8171ac59eb356b25e717494225912f37d65600305ce2d3ace9","ssdeep":"768:WqBveMjZ1oE/eL8hhMjm9a1hI4vhej4pZ:Xpo5GhMjm9a1hI4vheUpZ","tlshash":"cee231166b7701e2916b71e10e4f9a083174952b5a87ce08bdac92e09f18d787373ff8","size":32679,"data":"","first_seen":"2023-04-05T18:30:47Z","last_seen":"2026-06-08T03:51:22.342072Z","times_seen":17750,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bb641000.com:8989/","fqdn":"bb641000.com","domain":"bb641000.com","tld":"com"},"ip":{"addr":"20.255.104.129","port":8989,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"4e6bbb84979a27014e74be230fe8440f","sha1":"aafe0c1dba07e91354abfb25d154c0acbed24d61","sha256":"03e9af072f4db23c6c6cd74a89c796a3c764731da4734682f3ccfc07e0e54e74","sha512":"445744eb54e6f81910f41add7f3ae90b45f311a7a3b5b86bb57079210dbe60c35b0b45ce06f3e4284c55578e2e2878d656ce445fa0040dc5e6edd47017a5a116","ssdeep":"","tlshash":"36e02649d63a68e0507364ac2b7f203129ee920ba009ce68fe2d13c16f444150b71786","size":390,"data":"","first_seen":"2023-04-05T18:30:47Z","last_seen":"2026-06-07T07:30:11.593727Z","times_seen":14838,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bb641000.com:8989/","fqdn":"bb641000.com","domain":"bb641000.com","tld":"com"},"ip":{"addr":"20.255.104.129","port":8989,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"8d24a27b56a588bcb83462bf72dfe16a","sha1":"5a3a122a406ad4445c3b78f44ec4c32b7a13f7a0","sha256":"56287f4aa127f4034565f096be5459fa251e64215fa4e2c3979e5b7f2399d526","sha512":"1f76fc8263164bc9f876f7e50591d96e0302f065841ffbe3218632f94e5de2bb96ae02507c69f570ff6ade45bd2ae472f516f1e7bfd5d8f1404a6e979c326c0a","ssdeep":"48:Lh9J1waQo72wlPxv13vhvh9J1tato72tlMxv16oBJIOBf1ra/TJIDF1IeoUdvDBh:LzY67b1hvzVv7y4PaPxIfaZWGi17YjM","tlshash":"3781d07a32f24881907b50b91f2e37809335588fbf3d6868be5d0ac01f2a41ac096f5f","size":4121,"data":"","first_seen":"2023-04-19T10:42:24Z","last_seen":"2026-06-06T23:54:10.570157Z","times_seen":1051,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bb641000.com:8989/","fqdn":"bb641000.com","domain":"bb641000.com","tld":"com"},"ip":{"addr":"20.255.104.129","port":8989,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"dfad0b85340890d759c51064e5e64f49","sha1":"a9cb1fa0918953b54beda8a5d738fea441d48744","sha256":"301acadb0c6093aa419cd1ce2f509e052f5e97da0328ff092d09b9dc980f0f9c","sha512":"39c66046fa825634a253a91f1de88ea0cb1f71d55e0cab68392394f1a5abbc64d2ce277291290552331d4a45b7038349cd4a096ecbc2bb295ca0fada94907a35","ssdeep":"96:QMyuljaBrX6IcBi6bkY+rpyP7SCf+vLIPXbczD+tcsoZ0+AcLD9dv05:QMyuljaBrqIcVbk3dyP7SCksPozYcYA2","tlshash":"9391d90671e512b7683710946ffe73040796906b5748c8387c4e37d05f98a3a6276bce","size":4389,"data":"","first_seen":"2023-04-19T10:42:24Z","last_seen":"2026-05-05T00:00:21.182146Z","times_seen":214,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bb641000.com:8989/","fqdn":"bb641000.com","domain":"bb641000.com","tld":"com"},"ip":{"addr":"20.255.104.129","port":8989,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"8660aed96cd6ce54c5d3957331366c3e","sha1":"6991ff5972df9f73babd4264922a2363d3deba01","sha256":"02c87cd56d1bc50132f372ef0c12981f84ac487bcd4415e0e7b4e17623e22694","sha512":"7bda961e10b2dd6d3488c06946dbf38a07ce8a5c7ce16f01a5c798653b3a59cd756143c88527d0282657059e3ba36d271bd17b0dfa5862cd7d1777a089cbc7a7","ssdeep":"1536:xXQQIbtSAkAdo99dreWgIT2fY4N6nH8Xl5oTLnrQFCH6w3StD:x+4r99dreWgIqfY4SWl5oTLnrQUHy","tlshash":"bfa3c577a35d3dee407323caa25b52e1957c48b8735bde80ec7c81ec68c7a945322e16","size":107019,"data":"","first_seen":"2023-04-19T10:42:24Z","last_seen":"2026-05-05T00:00:21.182608Z","times_seen":214,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pk7k4q.pham.xin/ftl/commonPage/js/float.js","fqdn":"pk7k4q.pham.xin","domain":"pham.xin","tld":"xin"},"ip":{"addr":"116.153.4.244","port":443,"asn":4837,"as":"CHINA UNICOM China169 Backbone","country":"China","country_code":"CN"},"introduction_type":"scriptElement","is_inline":false,"md5":"829af863b0cdc4a603919824ae046299","sha1":"1d417b1553e4ecb7125ebf2005b74255291fbf73","sha256":"1dbe4afbc9ed220c08b9e95577b56f83e2e8e0f7620c5dc18266bb325e5bb271","sha512":"e1202fa26fd353dfb2f989d3d45512e0691c062076297399f5fe62f63e7f5b194fec4a3d7fe2f09be1a6a945e197e7d68445d33dcc6f80b23a315112d9ae5b6c","ssdeep":"96:G4SXFXVXDL+R5NxuHie/moRUgIm/Kv3RKXg+Iw3qCNv5IC80b7Yr+HpH:G7xhDL+jNxzeBVLKJ1LeqCwCxb7YspH","tlshash":"04e1506e03b1212195aff1beaf1e424c6631905b2507dd057e0c87c46fa493c4636fee","size":6959,"data":"","first_seen":"2023-03-07T01:14:38Z","last_seen":"2026-06-07T07:30:11.51234Z","times_seen":17483,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"bb641000.com/","fqdn":"bb641000.com","domain":"bb641000.com","tld":"com"},"ip":{"addr":"20.255.104.129","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-03T22:31:45.894Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bb641000.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 10 Jan 2026 17:12:31 GMT","end":"Fri, 10 Apr 2026 17:12:30 GMT"},"fingerprint":{"sha1":"55:DC:78:0C:62:CD:E0:5C:FD:08:79:7D:93:4E:7F:F0:5E:52:AA:66","sha256":"A6:CE:85:47:A8:24:C0:29:0B:C9:CA:62:E8:28:90:69:36:E2:81:DE:59:28:EA:9A:75:5C:E2:6F:53:74:50:11"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: bb641000.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 307 Temporary Redirect\r\ncontent-type: text/html; charset=utf-8\r\nlocation: https://bb641000.com:8989/\r\ncontent-length: 62\r\ndate: Tue, 03 Mar 2026 22:31:46 GMT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"307","status_text":"Temporary Redirect","fingerprints":null,"data":{"size":712733,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T11:34:21.534624Z","times_seen":16238222,"resource_available":true,"data":null}},"time_used":1358,"timings":{"blocked":568,"dns":129,"connect":217,"send":0,"wait":218,"receive":0,"ssl":224},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-03","alert":"Sinkholed","trigger":"bb641000.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pk7k4q.pham.xin/ftl/bet365-1359/themes/style/bootstrap-dialog.min.css","fqdn":"pk7k4q.pham.xin","domain":"pham.xin","tld":"xin"},"ip":{"addr":"116.153.4.244","port":443,"asn":4837,"as":"CHINA UNICOM China169 Backbone","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://bb641000.com:8989/","date":"2026-03-03T22:31:47.579Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.pham.xin","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Mon, 02 Feb 2026 00:00:00 GMT","end":"Tue, 02 Feb 2027 23:59:59 GMT"},"fingerprint":{"sha1":"8D:E1:DB:0C:6A:1E:A1:35:4C:A9:36:95:EB:81:E2:4F:E3:B4:B0:F4","sha256":"17:C8:21:E9:B5:4D:A2:16:1A:91:DD:6B:E8:57:BB:1B:57:64:E3:89:CA:6F:EB:3B:04:1B:7A:5E:19:36:49:7D"}}},"request":{"raw":"GET /ftl/bet365-1359/themes/style/bootstrap-dialog.min.css HTTP/1.1\r\nHost: pk7k4q.pham.xin\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bb641000.com:8989/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Thu, 30 Sep 2021 05:55:00 GMT\r\nContent-Encoding: gzip\r\nEtag: W/\"61555134-adc\"\r\nDate: Tue, 03 Feb 2026 11:19:24 GMT\r\nContent-Type: text/css\r\nVary: Accept-Encoding, Accept-Encoding\r\nAccess-Control-Allow-Origin: *\r\nX-Frame-Options: SAMEORIGIN\r\nExpires: Fri, 06 Feb 2026 11:19:24 GMT\r\nX-Cache: HIT\r\nuuid: -\r\nout-line: gb-cdn-211\r\nServer: SLT-MID\r\nCache-Control: max-age=259200\r\nAge: 0\r\nContent-Length: 630\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 1841269294839575283\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Refresh Hit\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":2780,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"304eb84809c6637b7cdd0dc6225c5761","sha1":"e724aff10b16dc82bf1086cd3b70d8396f630d64","sha256":"cb1d0b332c0218bbb360fd25d693f88293b54389caf88c36ffcfd8adc948d0e4","sha512":"7283d3d20b85a21e53d2f281a7bc4bebaaa407cd3a4304454ab4b4a96150d3dbf0743d95e9bc67482626913e7ff464532410168f8f0207c61c1654a8796cdefb","ssdeep":"","tlshash":"c051791c0eaa0895a15f45cc77ee6f2164b83093444eae9937ef332c8f85466b9f6b04","first_seen":"2023-04-14T20:29:14Z","last_seen":"2026-06-07T07:30:11.543028Z","times_seen":11043,"resource_available":false,"data":null}},"time_used":3142,"timings":{"blocked":1299,"dns":764,"connect":268,"send":0,"wait":532,"receive":0,"ssl":277},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Bet365","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Bet365 phishing","tags":["bet365","gambling","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"bb641000.com:8989/headerInfo.html?t=mmb6n8g6","fqdn":"bb641000.com","domain":"bb641000.com","tld":"com"},"ip":{"addr":"20.255.104.129","port":8989,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://bb641000.com:8989/","date":"2026-03-03T22:31:51.185Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bb641000.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 10 Jan 2026 17:12:31 GMT","end":"Fri, 10 Apr 2026 17:12:30 GMT"},"fingerprint":{"sha1":"55:DC:78:0C:62:CD:E0:5C:FD:08:79:7D:93:4E:7F:F0:5E:52:AA:66","sha256":"A6:CE:85:47:A8:24:C0:29:0B:C9:CA:62:E8:28:90:69:36:E2:81:DE:59:28:EA:9A:75:5C:E2:6F:53:74:50:11"}}},"request":{"raw":"GET /headerInfo.html?t=mmb6n8g6 HTTP/1.1\r\nHost: bb641000.com:8989\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/javascript, */*; q=0.01\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Requested-With: XMLHttpRequest\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bb641000.com:8989/\r\nCookie: sticket=XhNV010TkRBeE1DMW; route=31b5452c7ebd24ef97de659f4fb68f7c\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-disposition: inline;filename=f.txt\r\ncontent-encoding: gzip\r\ncontent-type: text/html;charset=utf-8\r\ndate: Tue, 03 Mar 2026 22:31:51 GMT\r\nout-line: gb-cdn-801\r\nsub-sys: msite\r\nuuid: 01359-01-00000000-1772577111d591\r\nvary: Accept-Encoding\r\nx-frame-options: SAMEORIGIN\r\ncontent-length: 116\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":127,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"JSON text data","md5":"330f89ab671ac6d35498de07608e84eb","sha1":"831a1bcdc2933c2b959a7d8e709bbfe3dd09a261","sha256":"6f45191a2c066118dd4f65f7480e512b8ca0df3ae761ae07f0290b094279aac0","sha512":"22f6b208e4f177781d286576c120ae4cea9440737573baab6014905c48b9cb224871bcf110a60f4518355ca0b95735e0ad9bf56827504444f4c645e90c86f985","ssdeep":"","tlshash":"7bb022282b0accaec8832200c280020822080000f0c2be0ce2bce20238ca2ea0023223","first_seen":"2026-03-03T22:32:15.003123Z","last_seen":"2026-03-03T22:32:15.003123Z","times_seen":1,"resource_available":false,"data":null}},"time_used":238,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":238,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-03","alert":"Sinkholed","trigger":"bb641000.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bb641000.com:8989/mobile-api/v5/origin/loginSwitchCheck.html","fqdn":"bb641000.com","domain":"bb641000.com","tld":"com"},"ip":{"addr":"20.255.104.129","port":8989,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://bb641000.com:8989/","date":"2026-03-03T22:31:51.508Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bb641000.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 10 Jan 2026 17:12:31 GMT","end":"Fri, 10 Apr 2026 17:12:30 GMT"},"fingerprint":{"sha1":"55:DC:78:0C:62:CD:E0:5C:FD:08:79:7D:93:4E:7F:F0:5E:52:AA:66","sha256":"A6:CE:85:47:A8:24:C0:29:0B:C9:CA:62:E8:28:90:69:36:E2:81:DE:59:28:EA:9A:75:5C:E2:6F:53:74:50:11"}}},"request":{"raw":"GET /mobile-api/v5/origin/loginSwitchCheck.html HTTP/1.1\r\nHost: bb641000.com:8989\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/javascript, */*; q=0.01\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Requested-With: XMLHttpRequest\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bb641000.com:8989/\r\nCookie: sticket=XhNV010TkRBeE1DMW; route=31b5452c7ebd24ef97de659f4fb68f7c\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-headers: Content-Type,Access-Token,X-Requested-With\r\naccess-control-allow-methods: *\r\naccess-control-max-age: 3600\r\ncontent-disposition: inline;filename=f.txt\r\ncontent-encoding: br\r\ncontent-type: text/html;charset=utf-8\r\ndate: Tue, 03 Mar 2026 22:31:51 GMT\r\nout-line: gb-cdn-801\r\nset-cookie: route=169b5c290b6963ddbef067cfad367b83; Path=/\r\nsub-sys: mobile\r\nuuid: 01359-01-00000000-17725771110f33\r\nvary: Accept-Encoding\r\nx-frame-options: SAMEORIGIN\r\ncontent-length: 100\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":177,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"JSON text data","md5":"fd35a3411a4e42611886a9fe13bf3536","sha1":"b600fd1c3a5d8ddb84fceaac27089c3134b514da","sha256":"bf97accf9ae0af7dd79f1aaf9e4d0a08e079e88704a776c89f242480e9022865","sha512":"4be55efffddd553da4222e1a797316ed86f6f9d8eaa49d630ece109c9212dc875675122d42327cc4f2db890b59db4e6eb3bc7441b76e7ece523cace81e7f681c","ssdeep":"","tlshash":"2cc08046e0145c6acb023344959459402fdc045270c9d89edc4c4914f7cb4dba322c1b","first_seen":"2023-10-28T16:47:49Z","last_seen":"2026-06-07T02:18:31.023497Z","times_seen":240,"resource_available":false,"data":null}},"time_used":228,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":228,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-03","alert":"Sinkholed","trigger":"bb641000.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pk7k4q.pham.xin/ftl/bet365-1359/images/index-chess.jpg?wsSecret=5acf35907efd1055a111dbeb20d6ed2b\u0026wsTime=1772577110","fqdn":"pk7k4q.pham.xin","domain":"pham.xin","tld":"xin"},"ip":{"addr":"116.153.4.244","port":443,"asn":4837,"as":"CHINA UNICOM China169 Backbone","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://bb641000.com:8989/","date":"2026-03-03T22:31:51.802Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.pham.xin","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Mon, 02 Feb 2026 00:00:00 GMT","end":"Tue, 02 Feb 2027 23:59:59 GMT"},"fingerprint":{"sha1":"8D:E1:DB:0C:6A:1E:A1:35:4C:A9:36:95:EB:81:E2:4F:E3:B4:B0:F4","sha256":"17:C8:21:E9:B5:4D:A2:16:1A:91:DD:6B:E8:57:BB:1B:57:64:E3:89:CA:6F:EB:3B:04:1B:7A:5E:19:36:49:7D"}}},"request":{"raw":"GET /ftl/bet365-1359/images/index-chess.jpg?wsSecret=5acf35907efd1055a111dbeb20d6ed2b\u0026wsTime=1772577110 HTTP/1.1\r\nHost: pk7k4q.pham.xin\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bb641000.com:8989/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Tue, 03 Mar 2026 22:31:52 GMT\r\nContent-Type: image/jpeg\r\nETag: \"613c72a8-2e92\"\r\nAccess-Control-Allow-Origin: *\r\nX-Frame-Options: SAMEORIGIN\r\nExpires: Fri, 06 Mar 2026 22:31:52 GMT\r\nX-Cache: MISS\r\nuuid: -\r\nout-line: gb-cdn-212\r\nServer: SLT-MID\r\nLast-Modified: Sat, 11 Sep 2021 09:11:04 GMT\r\nCache-Control: max-age=259200\r\nAge: 0\r\nContent-Length: 11922\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 14356258972023597977\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Miss, Cache Miss\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":11922,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 270x81, components 3","md5":"ed93aae29ca896964a86103b00f80f99","sha1":"1880c553dc77b4effbb5d28ad72f93de1e550ec5","sha256":"496f6b90ab41e0578054f60089032a0483247165dce969a83d70f4842496608a","sha512":"56022639c38cbbc845532acac2823030a6cce2a695bd71e02a5837606f17d57ae8d46115685ee58d6bbc3bf6a43f135ae070ff5a52a2f987841e71cf51a9bca8","ssdeep":"192:T7Ndn0K94kf1t4CtyzwAShdHq7+dLbibguo/iD3pbKNRdpM2+MnGXVOClqll6alI:Tr1Nt4+yEA2Hqu8oKVbKNRd5Gltr","tlshash":"9a32b0f9ee434950f986d1f243789257a1fd648d86d7cc8b2502119bcce9b73ac1eb28","first_seen":"2023-05-01T09:33:58Z","last_seen":"2026-06-08T02:15:46.4708Z","times_seen":859,"resource_available":false,"data":null}},"time_used":928,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":917,"receive":11,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Bet365","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Bet365 phishing","tags":["bet365","gambling","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"pk7k4q.pham.xin/ftl/bet365-1359/themes/images/body-bg.gif?wsSecret=07d65fd6639d5760862132a9ea107144\u0026wsTime=1772577110","fqdn":"pk7k4q.pham.xin","domain":"pham.xin","tld":"xin"},"ip":{"addr":"60.13.97.57","port":443,"asn":4837,"as":"CHINA UNICOM China169 Backbone","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://bb641000.com:8989/","date":"2026-03-03T22:31:51.827Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.pham.xin","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Mon, 02 Feb 2026 00:00:00 GMT","end":"Tue, 02 Feb 2027 23:59:59 GMT"},"fingerprint":{"sha1":"8D:E1:DB:0C:6A:1E:A1:35:4C:A9:36:95:EB:81:E2:4F:E3:B4:B0:F4","sha256":"17:C8:21:E9:B5:4D:A2:16:1A:91:DD:6B:E8:57:BB:1B:57:64:E3:89:CA:6F:EB:3B:04:1B:7A:5E:19:36:49:7D"}}},"request":{"raw":"GET /ftl/bet365-1359/themes/images/body-bg.gif?wsSecret=07d65fd6639d5760862132a9ea107144\u0026wsTime=1772577110 HTTP/1.1\r\nHost: pk7k4q.pham.xin\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bb641000.com:8989/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Tue, 03 Mar 2026 22:31:51 GMT\r\nContent-Type: image/gif\r\nETag: \"613c72a8-2f6\"\r\nX-Frame-Options: SAMEORIGIN\r\nExpires: Fri, 06 Mar 2026 22:31:51 GMT\r\nX-Cache: MISS\r\nuuid: -\r\nout-line: gb-cdn-211\r\nServer: SLT-MID\r\nLast-Modified: Sat, 11 Sep 2021 09:11:04 GMT\r\nCache-Control: max-age=259200\r\nAge: 0\r\nContent-Length: 758\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 7218590864589776237\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Miss, Cache Miss\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":758,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 1 x 500","md5":"41a9eebb99ba7c3b2a905aaa45726923","sha1":"abf17115c33bdea05313ce6bcebe3fe4d7da935a","sha256":"f9b50670a93fcef81c4f838f7da60d397994bea07f83af0f51ae89d670f1189c","sha512":"347710e76b0f8ec7e31baa70d6fec384525a61e7f22763946a9486d5b288ae069500229dc49615f83f8f3816312b8cf50426125e9fbf1230703d2a2c06d5ae8b","ssdeep":"","tlshash":"fc019997f973fff9f9007277d83c32250385de815145c3ca59c1a800c4153c46a67a15","first_seen":"2023-05-04T04:29:49Z","last_seen":"2026-06-04T15:41:12.085555Z","times_seen":3438,"resource_available":false,"data":null}},"time_used":379,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":379,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Bet365","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Bet365 phishing","tags":["bet365","gambling","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"pk7k4q.pham.xin/ftl/commonPage/themes/gui-skin-default.css","fqdn":"pk7k4q.pham.xin","domain":"pham.xin","tld":"xin"},"ip":{"addr":"116.153.4.244","port":443,"asn":4837,"as":"CHINA UNICOM China169 Backbone","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://bb641000.com:8989/","date":"2026-03-03T22:31:47.577Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.pham.xin","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Mon, 02 Feb 2026 00:00:00 GMT","end":"Tue, 02 Feb 2027 23:59:59 GMT"},"fingerprint":{"sha1":"8D:E1:DB:0C:6A:1E:A1:35:4C:A9:36:95:EB:81:E2:4F:E3:B4:B0:F4","sha256":"17:C8:21:E9:B5:4D:A2:16:1A:91:DD:6B:E8:57:BB:1B:57:64:E3:89:CA:6F:EB:3B:04:1B:7A:5E:19:36:49:7D"}}},"request":{"raw":"GET /ftl/commonPage/themes/gui-skin-default.css HTTP/1.1\r\nHost: pk7k4q.pham.xin\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bb641000.com:8989/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Tue, 11 Jul 2023 08:40:09 GMT\r\nEtag: \"64ad1569-7b6e\"\r\nDate: Tue, 03 Mar 2026 02:46:21 GMT\r\nContent-Type: text/css\r\nVary: Accept-Encoding, Accept-Encoding\r\nAccess-Control-Allow-Origin: *\r\nX-Frame-Options: SAMEORIGIN\r\nExpires: Fri, 06 Mar 2026 02:46:21 GMT\r\nX-Cache: HIT\r\nuuid: -\r\nout-line: gb-cdn-211\r\nServer: SLT-MID\r\nCache-Control: max-age=259200\r\nAge: 11226\r\nContent-Length: 31598\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 10589590650988781174\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":31598,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with very long lines (7014)","md5":"1d6c464e8e5800ca483689206174ec6e","sha1":"d5ff05232c516152a711ec5c6d060a2f2cc791e3","sha256":"08d29322d883091252b3348e9514dac589896516374e8a319fd1190dd67f8e30","sha512":"4e259baddb36f5a8894c26f0f50c453200cb738c5e9d8131e146288a0d25ed3d4dd42f173392f8dbae521fd8344425b2b6e1ade92bd08edf7ab010cb577f775e","ssdeep":"384:/FboUEeh9ScJRfc0uGWw8Ms4N4muQh8v8brn8w/NtSmdz:/FbPSVGmNQjLPFtSi","tlshash":"7be29834f20022a9b563c7a570d1dd4a362de592d2170ebdf26b319c8f425ce263bb6c","first_seen":"2025-04-07T03:18:03.900415Z","last_seen":"2026-06-08T10:38:12.61174Z","times_seen":10715,"resource_available":false,"data":null}},"time_used":3145,"timings":{"blocked":1312,"dns":766,"connect":255,"send":0,"wait":471,"receive":38,"ssl":300},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pk7k4q.pham.xin/ftl/commonPage/js/bootstrap-dialog.min.js","fqdn":"pk7k4q.pham.xin","domain":"pham.xin","tld":"xin"},"ip":{"addr":"116.153.4.244","port":443,"asn":4837,"as":"CHINA UNICOM China169 Backbone","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://bb641000.com:8989/","date":"2026-03-03T22:31:47.615Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.pham.xin","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Mon, 02 Feb 2026 00:00:00 GMT","end":"Tue, 02 Feb 2027 23:59:59 GMT"},"fingerprint":{"sha1":"8D:E1:DB:0C:6A:1E:A1:35:4C:A9:36:95:EB:81:E2:4F:E3:B4:B0:F4","sha256":"17:C8:21:E9:B5:4D:A2:16:1A:91:DD:6B:E8:57:BB:1B:57:64:E3:89:CA:6F:EB:3B:04:1B:7A:5E:19:36:49:7D"}}},"request":{"raw":"GET /ftl/commonPage/js/bootstrap-dialog.min.js HTTP/1.1\r\nHost: pk7k4q.pham.xin\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bb641000.com:8989/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Fri, 20 Sep 2019 08:35:27 GMT\r\nContent-Encoding: gzip\r\nEtag: W/\"5d848f4f-4ea4\"\r\nDate: Tue, 03 Mar 2026 22:27:31 GMT\r\nContent-Type: application/javascript; charset=utf-8\r\nVary: Accept-Encoding\r\nAccess-Control-Allow-Origin: *\r\nX-Frame-Options: SAMEORIGIN\r\nExpires: Fri, 06 Mar 2026 22:27:31 GMT\r\nX-Cache: HIT\r\nuuid: -\r\nout-line: gb-cdn-211\r\nServer: SLT-MID\r\nCache-Control: max-age=259200\r\nAge: 258\r\nContent-Length: 5007\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 9637983129619471317\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":20132,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (20132), with no line terminators","md5":"5ce8851dc823429a42ab6147554403cc","sha1":"28f381f0e0aa4f5d56690e65723bd97fb59a38e6","sha256":"dd1edf5e54071903c4c1e81e33636444899d645df6b18bad22249da07f91c811","sha512":"f42a4d48c666d9c78fcb6c6061141452899085c504bf15e23749611dda00b6913e75ebbe47ca436a2ed016175d0918f193e474f13974a2f6a5304e18909a87ee","ssdeep":"384:3ai3F3N3VKUINthDa7Vnq86z3JCDKSz1m0hMtkJI2Cg0WEUOv5Dq:T3l3INthDu1YCDKS5flC9m1","tlshash":"6a9261ccb2d9b54c47abe072143f200df03a996951496119bc79e9ebecf060aa077f79","first_seen":"2023-03-07T01:14:38Z","last_seen":"2026-06-08T03:51:22.346942Z","times_seen":17554,"resource_available":true,"data":null}},"time_used":2331,"timings":{"blocked":2066,"dns":0,"connect":0,"send":0,"wait":265,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Bet365","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Bet365 phishing","tags":["bet365","gambling","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"pk7k4q.pham.xin/ftl/commonPage/js/jquery/jquery.nicescroll.min.js","fqdn":"pk7k4q.pham.xin","domain":"pham.xin","tld":"xin"},"ip":{"addr":"116.153.4.244","port":443,"asn":4837,"as":"CHINA UNICOM China169 Backbone","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://bb641000.com:8989/","date":"2026-03-03T22:31:47.618Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.pham.xin","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Mon, 02 Feb 2026 00:00:00 GMT","end":"Tue, 02 Feb 2027 23:59:59 GMT"},"fingerprint":{"sha1":"8D:E1:DB:0C:6A:1E:A1:35:4C:A9:36:95:EB:81:E2:4F:E3:B4:B0:F4","sha256":"17:C8:21:E9:B5:4D:A2:16:1A:91:DD:6B:E8:57:BB:1B:57:64:E3:89:CA:6F:EB:3B:04:1B:7A:5E:19:36:49:7D"}}},"request":{"raw":"GET /ftl/commonPage/js/jquery/jquery.nicescroll.min.js HTTP/1.1\r\nHost: pk7k4q.pham.xin\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bb641000.com:8989/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Fri, 20 Sep 2019 08:35:27 GMT\r\nEtag: \"5d848f4f-fc8b\"\r\nDate: Thu, 19 Feb 2026 02:24:20 GMT\r\nContent-Type: application/javascript; charset=utf-8\r\nVary: Accept-Encoding, Accept-Encoding\r\nAccess-Control-Allow-Origin: *\r\nX-Frame-Options: SAMEORIGIN\r\nExpires: Sun, 22 Feb 2026 02:24:20 GMT\r\nX-Cache: HIT\r\nuuid: -\r\nout-line: gb-cdn-212\r\nServer: SLT-MID\r\nCache-Control: max-age=259200\r\nAge: 5179\r\nContent-Length: 64651\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 17373220308028484997\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":64651,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (64577)","md5":"b5bc8cd626b389bde727a91e6ce79436","sha1":"3df6c39300ac286cf596b3bda273cb39ff825429","sha256":"a1eb48eeb3b3f2ba41940d3041464f0b386b7a7c4a8acb42f3017e691f4b116e","sha512":"2c1dde58ce83d9b716919dfc42602aef3022be012b3f92e61b17b674303ecbf0b9d308064b6d6c2443cf3e3dfd36bfb332eab62e64b56bef0be801e6f4610f12","ssdeep":"768:CwJl9VwAdGuMbJVAOi9ee9RjOEe1sdMv5rjITry:Cxb7AdRjOEKhHay","tlshash":"9553a7cd7522346b05de5235d18b4b4a623a9857730b90e4762c8cf46d29bbaf223f7c","first_seen":"2023-03-07T01:14:38Z","last_seen":"2026-06-08T03:51:22.348002Z","times_seen":17630,"resource_available":true,"data":null}},"time_used":2657,"timings":{"blocked":2103,"dns":0,"connect":0,"send":0,"wait":278,"receive":276,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Bet365","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Bet365 phishing","tags":["bet365","gambling","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"pk7k4q.pham.xin/ftl/commonPage/themes/gui-layer.css","fqdn":"pk7k4q.pham.xin","domain":"pham.xin","tld":"xin"},"ip":{"addr":"60.13.97.57","port":443,"asn":4837,"as":"CHINA UNICOM China169 Backbone","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://bb641000.com:8989/","date":"2026-03-03T22:31:49.466Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.pham.xin","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Mon, 02 Feb 2026 00:00:00 GMT","end":"Tue, 02 Feb 2027 23:59:59 GMT"},"fingerprint":{"sha1":"8D:E1:DB:0C:6A:1E:A1:35:4C:A9:36:95:EB:81:E2:4F:E3:B4:B0:F4","sha256":"17:C8:21:E9:B5:4D:A2:16:1A:91:DD:6B:E8:57:BB:1B:57:64:E3:89:CA:6F:EB:3B:04:1B:7A:5E:19:36:49:7D"}}},"request":{"raw":"GET /ftl/commonPage/themes/gui-layer.css HTTP/1.1\r\nHost: pk7k4q.pham.xin\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pk7k4q.pham.xin/ftl/commonPage/themes/gui-base.css\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Thu, 17 Aug 2023 08:10:09 GMT\r\nContent-Encoding: gzip\r\nEtag: W/\"64ddd5e1-c760\"\r\nDate: Wed, 25 Feb 2026 01:32:13 GMT\r\nContent-Type: text/css\r\nVary: Accept-Encoding\r\nAccess-Control-Allow-Origin: *\r\nX-Frame-Options: SAMEORIGIN\r\nExpires: Sat, 28 Feb 2026 01:32:13 GMT\r\nX-Cache: HIT\r\nuuid: -\r\nout-line: gb-cdn-211\r\nServer: SLT-MID\r\nCache-Control: max-age=259200\r\nAge: 11135\r\nContent-Length: 6923\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 11263601755848539040\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":51040,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with very long lines (489)","md5":"858eefc3fa70af7d0115c901908471f5","sha1":"29c181bbbc09a424f7de7cb57629bd8a9e3c679a","sha256":"9f6a77c93f998e065f1ed52eb9943a3c560a50366bba2c8a34a4a1223c793caf","sha512":"3731234bfa0b2abf45883da0ab74960a77f167dc158f4eae4f9c58293bfe6ccf322fabdbd4100bd5fdba0f463cbf18ba44d89b0bed695b65b8edce7edc9441ec","ssdeep":"384:RCEe+wekUqKrIQycnvqP9bQmAJS0OuaIHmOKpPg+2fF93sJJ:RCf+wekUqjpqCP+OuaIHmOK6+2fFVSJ","tlshash":"67330d22a16816cd7156eac8705dbab7b7fc8c02e21717bcf8ab304fd28d5439476a47","first_seen":"2023-08-17T12:06:57Z","last_seen":"2026-06-08T10:38:12.621597Z","times_seen":16326,"resource_available":false,"data":null}},"time_used":277,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":276,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pk7k4q.pham.xin/ftl/commonPage/js/jquery/jquery-1.11.3.min.js","fqdn":"pk7k4q.pham.xin","domain":"pham.xin","tld":"xin"},"ip":{"addr":"60.13.97.57","port":443,"asn":4837,"as":"CHINA UNICOM China169 Backbone","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://bb641000.com:8989/","date":"2026-03-03T22:31:49.850Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.pham.xin","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Mon, 02 Feb 2026 00:00:00 GMT","end":"Tue, 02 Feb 2027 23:59:59 GMT"},"fingerprint":{"sha1":"8D:E1:DB:0C:6A:1E:A1:35:4C:A9:36:95:EB:81:E2:4F:E3:B4:B0:F4","sha256":"17:C8:21:E9:B5:4D:A2:16:1A:91:DD:6B:E8:57:BB:1B:57:64:E3:89:CA:6F:EB:3B:04:1B:7A:5E:19:36:49:7D"}}},"request":{"raw":"GET /ftl/commonPage/js/jquery/jquery-1.11.3.min.js HTTP/1.1\r\nHost: pk7k4q.pham.xin\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bb641000.com:8989/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Fri, 20 Sep 2019 08:35:27 GMT\r\nEtag: \"5d848f4f-176d4\"\r\nDate: Tue, 03 Feb 2026 10:09:43 GMT\r\nContent-Type: application/javascript; charset=utf-8\r\nVary: Accept-Encoding, Accept-Encoding\r\nAccess-Control-Allow-Origin: *\r\nX-Frame-Options: SAMEORIGIN\r\nExpires: Fri, 06 Feb 2026 10:09:43 GMT\r\nX-Cache: HIT\r\nuuid: -\r\nout-line: gb-cdn-212\r\nServer: SLT-MID\r\nCache-Control: max-age=259200\r\nAge: 10203\r\nContent-Length: 95956\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 480917073976118922\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":95956,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (32038)","md5":"b091a47f6b91e26c93a848092c6f3788","sha1":"52918af2d431e73464060b35d364640c8db75606","sha256":"329ab92b9276ef4e3148f69be6b208969bebdf2db3121a589caa172453fd9f10","sha512":"ab444102be476f0104eeff79c9b596174852b4fe8cbd0b5a0279d56f106a166ec39304636e09326213de000b102ce8f517bb268a9abb2955c56ee4f18b464ea8","ssdeep":"1536:OP10iSi65U/dXXeyhzeBuG+HYE0WEeLDFoNqLTW8+S5VRZIVI6xSb8xh2ZbQnRmS:R+41ZqLTW8xRrqSb8qGH77da98Hr3","tlshash":"6893d8d9b7d67162977730b850bf510bb13a98eab80c4ca0f0a4d8e47d74a89507bf2d","first_seen":"2023-03-07T01:10:10Z","last_seen":"2026-06-07T07:30:11.536389Z","times_seen":18326,"resource_available":true,"data":null}},"time_used":565,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":257,"receive":308,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Bet365","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Bet365 phishing","tags":["bet365","gambling","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"bb641000.com:8989/mobile-api/v5/origin/getFloat.html","fqdn":"bb641000.com","domain":"bb641000.com","tld":"com"},"ip":{"addr":"20.255.104.129","port":8989,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://bb641000.com:8989/","date":"2026-03-03T22:31:50.474Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bb641000.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 10 Jan 2026 17:12:31 GMT","end":"Fri, 10 Apr 2026 17:12:30 GMT"},"fingerprint":{"sha1":"55:DC:78:0C:62:CD:E0:5C:FD:08:79:7D:93:4E:7F:F0:5E:52:AA:66","sha256":"A6:CE:85:47:A8:24:C0:29:0B:C9:CA:62:E8:28:90:69:36:E2:81:DE:59:28:EA:9A:75:5C:E2:6F:53:74:50:11"}}},"request":{"raw":"POST /mobile-api/v5/origin/getFloat.html HTTP/1.1\r\nHost: bb641000.com:8989\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/javascript, */*; q=0.01\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 68\r\nOrigin: https://bb641000.com:8989\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bb641000.com:8989/\r\nCookie: sticket=XhNV010TkRBeE1DMW\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":68,"data":"locale=zh_CN\u0026terminal=pc\u0026is_native=false\u0026version=v3055\u0026resolution=2x"}},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-headers: Content-Type,Access-Token,X-Requested-With\r\naccess-control-allow-methods: *\r\naccess-control-allow-origin: https://bb641000.com:8989\r\naccess-control-max-age: 3600\r\ncontent-disposition: inline;filename=f.txt\r\ncontent-encoding: gzip\r\ncontent-type: text/html;charset=utf-8\r\ndate: Tue, 03 Mar 2026 22:31:50 GMT\r\nout-line: gb-cdn-801\r\nset-cookie: route=c7419011ef227a9b9406a6c2cd9b5007; Path=/\r\nsub-sys: mobile\r\nuuid: 01359-01-00000000-1772577110e9a3\r\nvary: Accept-Encoding\r\nx-frame-options: SAMEORIGIN\r\ncontent-length: 3650\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":31421,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"JSON text data","md5":"a439eca95e02a0260b2d804223861b5f","sha1":"4aa8bf15159a47f0ef42f0e920b34acb3417b33c","sha256":"6d7dfa7b75d2e4d40bcc03eb36eb4b960d675030e97bed7e16337becdf25252b","sha512":"f7892d5af92ab28ea9884cd5f3423b1d8a3afb9ff35594845b87895974c3dcac873cc438f26de960ad44b070527e93cd33fc36cc56ec0ecc83689f69316726a1","ssdeep":"768:Uum1S96svxg7l0A7YIRdm7JSYE7KGl+AZDFirW4x08zvDIJR:Uum1S96svxg7l0A7YIRdm7JSYE7KGl+w","tlshash":"45e29313b778800065f7c8cab19767f920850a5ddb4b1979bb258b39dccfabf3250266","first_seen":"2026-02-28T05:46:49.211458Z","last_seen":"2026-03-03T22:36:24.860796Z","times_seen":3,"resource_available":false,"data":null}},"time_used":277,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":277,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-03","alert":"Sinkholed","trigger":"bb641000.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pk7k4q.pham.xin/fserver/files/gb/1359/carousel/10023/1754027233110.jpg?wsSecret=5f5c6820841710e4b549f98fda24126b\u0026wsTime=1772577110","fqdn":"pk7k4q.pham.xin","domain":"pham.xin","tld":"xin"},"ip":{"addr":"116.153.4.244","port":443,"asn":4837,"as":"CHINA UNICOM China169 Backbone","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://bb641000.com:8989/","date":"2026-03-03T22:31:51.523Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.pham.xin","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Mon, 02 Feb 2026 00:00:00 GMT","end":"Tue, 02 Feb 2027 23:59:59 GMT"},"fingerprint":{"sha1":"8D:E1:DB:0C:6A:1E:A1:35:4C:A9:36:95:EB:81:E2:4F:E3:B4:B0:F4","sha256":"17:C8:21:E9:B5:4D:A2:16:1A:91:DD:6B:E8:57:BB:1B:57:64:E3:89:CA:6F:EB:3B:04:1B:7A:5E:19:36:49:7D"}}},"request":{"raw":"GET /fserver/files/gb/1359/carousel/10023/1754027233110.jpg?wsSecret=5f5c6820841710e4b549f98fda24126b\u0026wsTime=1772577110 HTTP/1.1\r\nHost: pk7k4q.pham.xin\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bb641000.com:8989/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Tue, 03 Mar 2026 22:31:51 GMT\r\nContent-Type: image/jpeg\r\nVary: Accept-Encoding\r\nETag: \"688c54e1-30249\"\r\nExpires: Fri, 06 Mar 2026 22:31:51 GMT\r\nAccess-Control-Allow-Origin: *\r\nX-Frame-Options: SAMEORIGIN\r\nX-Cache: MISS\r\nuuid: -\r\nout-line: gb-cdn-212\r\nServer: SLT-MID\r\nLast-Modified: Fri, 01 Aug 2025 05:47:13 GMT\r\nCache-Control: max-age=259200\r\nAge: 0\r\nContent-Length: 197193\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 3778804974500314287\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Miss, Cache Miss\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":197193,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 850x214, components 3","md5":"7eafdc95d6878420ae5db6d556fa8a42","sha1":"0d190f19ba211e3be8f8e3c42d7167ab3f833fc5","sha256":"af380e8d2aa904663dd6ba872f7d4c2ee4c51ca1f2ba677aaf54676dd2caf726","sha512":"10a6716d4a6f17475bbbc90cd2cef89b6a29b4a5b9d619c6ff1a4b55b7d31b535d743e99f337194bb6b8bd3e658999a74b3cc5380e3af52e58e12ca8b7a44a17","ssdeep":"6144:ug21ikrUm4Gs34MZ6IlZeVJQ+fvARyh5nLki0:J2EkrYGsozIbeVIyzn0","tlshash":"9e1422e98283b3789e5666c71c0ea86dcb30198375fb2e7c50674379cb3af605d87894","first_seen":"2025-08-05T12:02:07.42724Z","last_seen":"2026-05-05T00:00:21.152573Z","times_seen":61,"resource_available":false,"data":null}},"time_used":1223,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":535,"receive":688,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bb641000.com:8989/mobile-api/v5/origin/getThirdParam.html","fqdn":"bb641000.com","domain":"bb641000.com","tld":"com"},"ip":{"addr":"20.255.104.129","port":8989,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://bb641000.com:8989/","date":"2026-03-03T22:31:51.742Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bb641000.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 10 Jan 2026 17:12:31 GMT","end":"Fri, 10 Apr 2026 17:12:30 GMT"},"fingerprint":{"sha1":"55:DC:78:0C:62:CD:E0:5C:FD:08:79:7D:93:4E:7F:F0:5E:52:AA:66","sha256":"A6:CE:85:47:A8:24:C0:29:0B:C9:CA:62:E8:28:90:69:36:E2:81:DE:59:28:EA:9A:75:5C:E2:6F:53:74:50:11"}}},"request":{"raw":"GET /mobile-api/v5/origin/getThirdParam.html HTTP/1.1\r\nHost: bb641000.com:8989\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/javascript, */*; q=0.01\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Requested-With: XMLHttpRequest\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bb641000.com:8989/\r\nCookie: sticket=XhNV010TkRBeE1DMW; route=169b5c290b6963ddbef067cfad367b83\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-headers: Content-Type,Access-Token,X-Requested-With\r\naccess-control-allow-methods: *\r\naccess-control-max-age: 3600\r\ncontent-disposition: inline;filename=f.txt\r\ncontent-encoding: br\r\ncontent-type: text/html;charset=utf-8\r\ndate: Tue, 03 Mar 2026 22:31:51 GMT\r\nout-line: gb-cdn-801\r\nsub-sys: mobile\r\nuuid: 01359-01-00000000-1772577111b25d\r\nvary: Accept-Encoding\r\nx-frame-options: SAMEORIGIN\r\ncontent-length: 74\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":106,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"JSON text data","md5":"fac6ab3260d2e6bc56c9325f53be686b","sha1":"f2e37dee0780449943e4f1d04031531fa00a1bcd","sha256":"3e2bbee2fbffb2a20ff47141ca28039a92b3ceddf964dc1d6f7a800a9e2fd6d9","sha512":"a689caab1e5602c211f698d4c99b98b70f0ccba6982249a875b66c661c00d592c2d23141ed0ef256907bc4f799feced5d204f59f8defe601b8a052c1b0c45467","ssdeep":"","tlshash":"5eb012835128bcb38b0327d1a4ecae0051ec01d280c40026dc9c8d188b548d27343432","first_seen":"2023-10-28T16:47:49Z","last_seen":"2026-06-07T02:18:31.061227Z","times_seen":241,"resource_available":false,"data":null}},"time_used":230,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":230,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-03","alert":"Sinkholed","trigger":"bb641000.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pk7k4q.pham.xin/ftl/commonPage/js/layer.js","fqdn":"pk7k4q.pham.xin","domain":"pham.xin","tld":"xin"},"ip":{"addr":"116.153.4.244","port":443,"asn":4837,"as":"CHINA UNICOM China169 Backbone","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://bb641000.com:8989/","date":"2026-03-03T22:31:47.616Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.pham.xin","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Mon, 02 Feb 2026 00:00:00 GMT","end":"Tue, 02 Feb 2027 23:59:59 GMT"},"fingerprint":{"sha1":"8D:E1:DB:0C:6A:1E:A1:35:4C:A9:36:95:EB:81:E2:4F:E3:B4:B0:F4","sha256":"17:C8:21:E9:B5:4D:A2:16:1A:91:DD:6B:E8:57:BB:1B:57:64:E3:89:CA:6F:EB:3B:04:1B:7A:5E:19:36:49:7D"}}},"request":{"raw":"GET /ftl/commonPage/js/layer.js HTTP/1.1\r\nHost: pk7k4q.pham.xin\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bb641000.com:8989/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Fri, 20 Sep 2019 08:35:27 GMT\r\nContent-Encoding: gzip\r\nEtag: W/\"5d848f4f-55f6\"\r\nDate: Tue, 03 Feb 2026 09:42:34 GMT\r\nContent-Type: application/javascript; charset=utf-8\r\nVary: Accept-Encoding\r\nAccess-Control-Allow-Origin: *\r\nX-Frame-Options: SAMEORIGIN\r\nExpires: Fri, 06 Feb 2026 09:42:34 GMT\r\nX-Cache: HIT\r\nuuid: -\r\nout-line: gb-cdn-211\r\nServer: SLT-MID\r\nCache-Control: max-age=259200\r\nAge: 3920\r\nContent-Length: 7599\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 3764345071162517931\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":22006,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (21910)","md5":"cb96339625e9d456e32f86cdb3c7a7a1","sha1":"1301165c58bbb13c542cba493b7ab5774e87e31f","sha256":"17fb047ba6828fcbdf2ca226fa4594cfded2b2fdfeaff89a5bd81c7cf0359919","sha512":"53083bf4d6d450b1e9402c3f3dc40fb3434a27d47fbabee51f4ce1d3577f2a0aabe90cf5f6dfc22830a3878ec7552a6bf6bff605c82a4f832c79f34f7657ccef","ssdeep":"384:r1dCih92A3DgrLXSt/SdMrXqE6tGLxzAOTElH0jjhtjfs8:r1YiV3D+WtXItqF13k8","tlshash":"6aa2b76a754034976323906ad11fba0b31f21d24d7078128f22bb4ae1dbcd95a2b7f5f","first_seen":"2023-04-05T18:30:47Z","last_seen":"2026-06-08T03:51:22.32075Z","times_seen":17442,"resource_available":true,"data":null}},"time_used":2320,"timings":{"blocked":2066,"dns":0,"connect":0,"send":0,"wait":253,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pk7k4q.pham.xin/ftl/commonPage/js/idangerous.swiper.min.js","fqdn":"pk7k4q.pham.xin","domain":"pham.xin","tld":"xin"},"ip":{"addr":"116.153.4.244","port":443,"asn":4837,"as":"CHINA UNICOM China169 Backbone","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://bb641000.com:8989/","date":"2026-03-03T22:31:47.602Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.pham.xin","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Mon, 02 Feb 2026 00:00:00 GMT","end":"Tue, 02 Feb 2027 23:59:59 GMT"},"fingerprint":{"sha1":"8D:E1:DB:0C:6A:1E:A1:35:4C:A9:36:95:EB:81:E2:4F:E3:B4:B0:F4","sha256":"17:C8:21:E9:B5:4D:A2:16:1A:91:DD:6B:E8:57:BB:1B:57:64:E3:89:CA:6F:EB:3B:04:1B:7A:5E:19:36:49:7D"}}},"request":{"raw":"GET /ftl/commonPage/js/idangerous.swiper.min.js HTTP/1.1\r\nHost: pk7k4q.pham.xin\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bb641000.com:8989/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Fri, 11 Aug 2023 04:30:09 GMT\r\nContent-Encoding: gzip\r\nEtag: W/\"64d5b951-b083\"\r\nDate: Tue, 03 Feb 2026 09:40:32 GMT\r\nContent-Type: application/javascript; charset=utf-8\r\nVary: Accept-Encoding, Accept-Encoding\r\nAccess-Control-Allow-Origin: *\r\nX-Frame-Options: SAMEORIGIN\r\nExpires: Fri, 06 Feb 2026 09:40:32 GMT\r\nX-Cache: HIT\r\nuuid: -\r\nout-line: gb-cdn-212\r\nServer: SLT-MID\r\nCache-Control: max-age=259200\r\nAge: 12335\r\nContent-Length: 11957\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 14205172241022101026\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":45187,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (32034)","md5":"f15409fb02c527ce1f66a2fd3c4aa0e9","sha1":"1e1e1bcc0f49e99e14ba34991cffe0745178d302","sha256":"1a1b5d3d6fbfc28abe37a668abd59494208c63c5f0b5d040cf4bbbd137f87c27","sha512":"66a384d6ad5fba862e778e24c43326a718328b6f860469fb5eb69c2687b0bbdc3c2dfa9049b0e3d5509214db1dbec4477f5c3654dc04446a505379a4300d4908","ssdeep":"768:oTFZ8CkWyYzh9MTvl7prcAgQW5ppZ+rPPWRqKDyBuq0t:cZiY9uTJuAgQW5LZ+rPPWRLt","tlshash":"5613f8c1b32031a741f3626e91fecb4271f54966aa05d4dcb5ed84c41ab489a03beff9","first_seen":"2023-08-15T12:01:05Z","last_seen":"2026-06-07T07:30:11.533498Z","times_seen":17303,"resource_available":true,"data":null}},"time_used":2040,"timings":{"blocked":1730,"dns":0,"connect":0,"send":0,"wait":277,"receive":33,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pk7k4q.pham.xin/061410/rcenter/common/js/gamebox/common/jquery.validate.extend.msites.js","fqdn":"pk7k4q.pham.xin","domain":"pham.xin","tld":"xin"},"ip":{"addr":"116.153.4.244","port":443,"asn":4837,"as":"CHINA UNICOM China169 Backbone","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://bb641000.com:8989/","date":"2026-03-03T22:31:47.621Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.pham.xin","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Mon, 02 Feb 2026 00:00:00 GMT","end":"Tue, 02 Feb 2027 23:59:59 GMT"},"fingerprint":{"sha1":"8D:E1:DB:0C:6A:1E:A1:35:4C:A9:36:95:EB:81:E2:4F:E3:B4:B0:F4","sha256":"17:C8:21:E9:B5:4D:A2:16:1A:91:DD:6B:E8:57:BB:1B:57:64:E3:89:CA:6F:EB:3B:04:1B:7A:5E:19:36:49:7D"}}},"request":{"raw":"GET /061410/rcenter/common/js/gamebox/common/jquery.validate.extend.msites.js HTTP/1.1\r\nHost: pk7k4q.pham.xin\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bb641000.com:8989/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Tue, 27 Aug 2024 03:30:00 GMT\r\nContent-Encoding: gzip\r\nEtag: W/\"66cd4838-3a09\"\r\nDate: Thu, 19 Feb 2026 02:18:14 GMT\r\nContent-Type: application/javascript; charset=utf-8\r\nVary: Accept-Encoding\r\nAccess-Control-Allow-Origin: *\r\nX-Frame-Options: SAMEORIGIN\r\nExpires: Sun, 22 Feb 2026 02:18:14 GMT\r\nX-Cache: HIT\r\nuuid: -\r\nout-line: gb-cdn-211\r\nServer: SLT-MID\r\nCache-Control: max-age=259200\r\nAge: 11929\r\nContent-Length: 4126\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 13728960589700358908\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":14857,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (14855), with no line terminators","md5":"4fe7dadf050dad2dcfd386d21b880281","sha1":"07e7feb8dc9309fe66d86d7a9e27f8efd32ab0bd","sha256":"aa891aafe8e98e1e15d81b2b116e6c3808d0bbbec56cd24818e2e7ac911877c9","sha512":"9da40e5132ece9fe346f27aa467b2496545c84197131c633e5b1ff1f641ece723440ec0289e82d7948b85bcd901b9e3eb6e36f8e0339ae05e4a32621e895accf","ssdeep":"384:yC+tJn9Dbvbf1P3QSBxDrdiewZnnoTW39if+04xSlR4nbiamdrjNfrzInGINYlor:NWJnlN3QSBxDMewZnnoTW39L0MSR4biK","tlshash":"a762954d3a9514bb4adf31b770ab204f767e8800852c91c4bdbca0d166b5ee072e7e6d","first_seen":"2023-03-07T01:14:38Z","last_seen":"2026-06-08T03:51:22.328454Z","times_seen":17500,"resource_available":true,"data":null}},"time_used":2575,"timings":{"blocked":2316,"dns":0,"connect":0,"send":0,"wait":259,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Bet365","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Bet365 phishing","tags":["bet365","gambling","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"bb641000.com:8989/ftl//commonPage/themes/images/hongbao/icon-close-1.png","fqdn":"bb641000.com","domain":"bb641000.com","tld":"com"},"ip":{"addr":"20.255.104.129","port":8989,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://bb641000.com:8989/","date":"2026-03-03T22:31:51.182Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bb641000.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 10 Jan 2026 17:12:31 GMT","end":"Fri, 10 Apr 2026 17:12:30 GMT"},"fingerprint":{"sha1":"55:DC:78:0C:62:CD:E0:5C:FD:08:79:7D:93:4E:7F:F0:5E:52:AA:66","sha256":"A6:CE:85:47:A8:24:C0:29:0B:C9:CA:62:E8:28:90:69:36:E2:81:DE:59:28:EA:9A:75:5C:E2:6F:53:74:50:11"}}},"request":{"raw":"GET /ftl//commonPage/themes/images/hongbao/icon-close-1.png HTTP/1.1\r\nHost: bb641000.com:8989\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bb641000.com:8989/\r\nCookie: sticket=XhNV010TkRBeE1DMW; route=31b5452c7ebd24ef97de659f4fb68f7c\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncache-control: max-age=259200\r\ncontent-type: image/png\r\ndate: Tue, 03 Mar 2026 22:31:51 GMT\r\netag: \"611369ee-17c7\"\r\nexpires: Fri, 06 Mar 2026 22:31:51 GMT\r\nlast-modified: Wed, 11 Aug 2021 06:10:54 GMT\r\nout-line: gb-cdn-801\r\nuuid: -\r\nx-cache: HIT\r\nx-frame-options: SAMEORIGIN\r\ncontent-length: 6087\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":6087,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 60 x 60, 8-bit/color RGBA, non-interlaced","md5":"30eb0e841ea47a1f05854ebca3f9e9c1","sha1":"0cb9874c32ff8837c1ffaf89cba502ceb3483b2b","sha256":"382670ae61fc81522b190a0536d7b993058183aea2ffe81d197ded6af07d2183","sha512":"fd47cf0bb2d3596a715a7ad2e2f7f6437cfb93f341cbf24b9b8075149fa133c73abe01bee306ad60dc35fa0ce5a107ba622fea5e7ec6a72bb0722d984a25c1fc","ssdeep":"96:/2URCIOJqXmd2krCPBxOw2dzdZuNX5wxbx9sE/nK+/zGhVkLDDH/G11IXhI:hCIOJPdjQx12dTpxrsA7uMfGvIXu","tlshash":"48c1afe2285f7cacf71ddc65620a0b97da21fc570423daa4783952f9cac2604e5c1f8b","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-06T23:54:10.485567Z","times_seen":5825,"resource_available":false,"data":null}},"time_used":209,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":208,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-03","alert":"Sinkholed","trigger":"bb641000.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Bet365","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Bet365 phishing","tags":["bet365","gambling","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"pk7k4q.pham.xin/ftl/bet365-1359/themes/images/sec-nav-bg-grad.gif?wsSecret=88a2898a3dac1b404645653d76319553\u0026wsTime=1772577110","fqdn":"pk7k4q.pham.xin","domain":"pham.xin","tld":"xin"},"ip":{"addr":"116.153.4.244","port":443,"asn":4837,"as":"CHINA UNICOM China169 Backbone","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://bb641000.com:8989/","date":"2026-03-03T22:31:51.833Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.pham.xin","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Mon, 02 Feb 2026 00:00:00 GMT","end":"Tue, 02 Feb 2027 23:59:59 GMT"},"fingerprint":{"sha1":"8D:E1:DB:0C:6A:1E:A1:35:4C:A9:36:95:EB:81:E2:4F:E3:B4:B0:F4","sha256":"17:C8:21:E9:B5:4D:A2:16:1A:91:DD:6B:E8:57:BB:1B:57:64:E3:89:CA:6F:EB:3B:04:1B:7A:5E:19:36:49:7D"}}},"request":{"raw":"GET /ftl/bet365-1359/themes/images/sec-nav-bg-grad.gif?wsSecret=88a2898a3dac1b404645653d76319553\u0026wsTime=1772577110 HTTP/1.1\r\nHost: pk7k4q.pham.xin\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bb641000.com:8989/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Tue, 03 Mar 2026 22:31:52 GMT\r\nContent-Type: image/gif\r\nETag: \"613c72a8-178\"\r\nX-Frame-Options: SAMEORIGIN\r\nExpires: Fri, 06 Mar 2026 22:31:52 GMT\r\nX-Cache: MISS\r\nuuid: -\r\nout-line: gb-cdn-212\r\nServer: SLT-MID\r\nLast-Modified: Sat, 11 Sep 2021 09:11:04 GMT\r\nCache-Control: max-age=259200\r\nAge: 0\r\nContent-Length: 376\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 18170101160672977171\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Miss, Cache Miss\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":376,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 1 x 594","md5":"355b2cb853d78ae262c093065eaa6e70","sha1":"3e8d2a456204e635cfe5bd959cff47faf63023fc","sha256":"cd58d657e3d79583a5722257d8770e3b5f620f1d58e392f1d9460cc89ac485fa","sha512":"0700f78d8d439d90ed2eba294bccc07451cec67b8bf518c13a8221cccf223a31c9e620f193874149ac818a39a90efbaa8748607600b01c7c0f89f89b18521042","ssdeep":"","tlshash":"04e02d731aa377b0de08ec39abcb30ba280d243eb20ab1c0300c74da85c1832fd088c0","first_seen":"2023-05-02T11:06:58Z","last_seen":"2026-06-08T00:40:31.398225Z","times_seen":4773,"resource_available":false,"data":null}},"time_used":699,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":699,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Bet365","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Bet365 phishing","tags":["bet365","gambling","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"pk7k4q.pham.xin/ftl/bet365-1359/themes/images/play.png?wsSecret=9bf27e6210795c0ab1d7187bac576971\u0026wsTime=1772577110","fqdn":"pk7k4q.pham.xin","domain":"pham.xin","tld":"xin"},"ip":{"addr":"60.13.97.57","port":443,"asn":4837,"as":"CHINA UNICOM China169 Backbone","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://bb641000.com:8989/","date":"2026-03-03T22:31:51.839Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.pham.xin","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Mon, 02 Feb 2026 00:00:00 GMT","end":"Tue, 02 Feb 2027 23:59:59 GMT"},"fingerprint":{"sha1":"8D:E1:DB:0C:6A:1E:A1:35:4C:A9:36:95:EB:81:E2:4F:E3:B4:B0:F4","sha256":"17:C8:21:E9:B5:4D:A2:16:1A:91:DD:6B:E8:57:BB:1B:57:64:E3:89:CA:6F:EB:3B:04:1B:7A:5E:19:36:49:7D"}}},"request":{"raw":"GET /ftl/bet365-1359/themes/images/play.png?wsSecret=9bf27e6210795c0ab1d7187bac576971\u0026wsTime=1772577110 HTTP/1.1\r\nHost: pk7k4q.pham.xin\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bb641000.com:8989/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Tue, 03 Mar 2026 22:31:51 GMT\r\nContent-Type: image/png\r\nETag: \"617a3a4e-104\"\r\nAccess-Control-Allow-Origin: *\r\nX-Frame-Options: SAMEORIGIN\r\nExpires: Fri, 06 Mar 2026 22:31:51 GMT\r\nX-Cache: MISS\r\nuuid: -\r\nout-line: gb-cdn-211\r\nServer: SLT-MID\r\nLast-Modified: Thu, 28 Oct 2021 05:51:10 GMT\r\nCache-Control: max-age=259200\r\nAge: 0\r\nContent-Length: 260\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 16605541900447277257\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Miss, Cache Miss\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":260,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 10 x 14, 8-bit colormap, non-interlaced","md5":"e602938a99acc154421381f39d5652d8","sha1":"e12cb203b3e61b0cae31ad5cb3241555caba6c10","sha256":"73500ead881aa273814d982b0a0e78dc29ebf04f37b5932667785f6f7c45a664","sha512":"2ebd04d65c7fb0d5be672dfdcb0e907bbfae26f3ba75021a3ae7ace8ec0ecbe2f39676e63137522edaec2266754bfd8cbfa12e502b33e859deb2fdf7db21405c","ssdeep":"","tlshash":"d5d02bdac8050cb7c69cd4b3550e17346e11050d61d2074c50ca95f799b25052444d04","first_seen":"2023-05-04T04:29:49Z","last_seen":"2026-05-05T00:00:21.158248Z","times_seen":3217,"resource_available":false,"data":null}},"time_used":375,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":375,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Bet365","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Bet365 phishing","tags":["bet365","gambling","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"pk7k4q.pham.xin/ftl/bet365-1359/themes/images/rdao-r-2.png?wsSecret=7f51f7c69d98089b4f33bebfbc31a5ba\u0026wsTime=1772577110","fqdn":"pk7k4q.pham.xin","domain":"pham.xin","tld":"xin"},"ip":{"addr":"116.153.4.244","port":443,"asn":4837,"as":"CHINA UNICOM China169 Backbone","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://bb641000.com:8989/","date":"2026-03-03T22:31:51.854Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.pham.xin","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Mon, 02 Feb 2026 00:00:00 GMT","end":"Tue, 02 Feb 2027 23:59:59 GMT"},"fingerprint":{"sha1":"8D:E1:DB:0C:6A:1E:A1:35:4C:A9:36:95:EB:81:E2:4F:E3:B4:B0:F4","sha256":"17:C8:21:E9:B5:4D:A2:16:1A:91:DD:6B:E8:57:BB:1B:57:64:E3:89:CA:6F:EB:3B:04:1B:7A:5E:19:36:49:7D"}}},"request":{"raw":"GET /ftl/bet365-1359/themes/images/rdao-r-2.png?wsSecret=7f51f7c69d98089b4f33bebfbc31a5ba\u0026wsTime=1772577110 HTTP/1.1\r\nHost: pk7k4q.pham.xin\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bb641000.com:8989/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Tue, 03 Mar 2026 22:31:53 GMT\r\nContent-Type: image/png\r\nETag: \"613c72a8-3071\"\r\nAccess-Control-Allow-Origin: *\r\nX-Frame-Options: SAMEORIGIN\r\nExpires: Fri, 06 Mar 2026 22:31:53 GMT\r\nX-Cache: MISS\r\nuuid: -\r\nout-line: gb-cdn-212\r\nServer: SLT-MID\r\nLast-Modified: Sat, 11 Sep 2021 09:11:04 GMT\r\nCache-Control: max-age=259200\r\nAge: 0\r\nContent-Length: 12401\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 3194442447330384174\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Miss, Cache Miss\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":12401,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 147 x 57, 8-bit/color RGB, non-interlaced","md5":"b5c72992b0327b36f67ba1f1ddcc9709","sha1":"4260a70304e373ad0c9dc8945459d132b5ebe38d","sha256":"90fd92cbe288eeef841ebbb0760c2b041aee0196b4b9a1ad4d47cd3cb344a760","sha512":"cc234a0e7953edd49f77a37002eb6b7dc858da304da4c18698958b70b508bdde4d7b6ace5fefec893e62639f4b1037e221f4c70feb19e928a42305f4398fa8c9","ssdeep":"192:RFINM5IVkNpieBIFSBOlDb179kPFt1b7Xfsz/WU70WaBtw/BmPM/l6CX4213Il:HqMeaqEBOxb17KhZU7HEtomPM/ECo2i","tlshash":"cb42d056fe28b213eccfdb472cf462415082ef0201b5d75cdae40633b474fb58aa896a","first_seen":"2023-05-01T02:34:20Z","last_seen":"2026-06-08T02:15:46.47187Z","times_seen":1024,"resource_available":false,"data":null}},"time_used":1685,"timings":{"blocked":1175,"dns":0,"connect":0,"send":0,"wait":509,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Bet365","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Bet365 phishing","tags":["bet365","gambling","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"pk7k4q.pham.xin/ftl/commonPage/themes/images/hongbao/hongbao_type2.png?wsSecret=1d0cb50c7d7784cc1996fe95b8519155\u0026wsTime=1772577110","fqdn":"pk7k4q.pham.xin","domain":"pham.xin","tld":"xin"},"ip":{"addr":"116.153.4.244","port":443,"asn":4837,"as":"CHINA UNICOM China169 Backbone","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://bb641000.com:8989/","date":"2026-03-03T22:31:51.859Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.pham.xin","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Mon, 02 Feb 2026 00:00:00 GMT","end":"Tue, 02 Feb 2027 23:59:59 GMT"},"fingerprint":{"sha1":"8D:E1:DB:0C:6A:1E:A1:35:4C:A9:36:95:EB:81:E2:4F:E3:B4:B0:F4","sha256":"17:C8:21:E9:B5:4D:A2:16:1A:91:DD:6B:E8:57:BB:1B:57:64:E3:89:CA:6F:EB:3B:04:1B:7A:5E:19:36:49:7D"}}},"request":{"raw":"GET /ftl/commonPage/themes/images/hongbao/hongbao_type2.png?wsSecret=1d0cb50c7d7784cc1996fe95b8519155\u0026wsTime=1772577110 HTTP/1.1\r\nHost: pk7k4q.pham.xin\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bb641000.com:8989/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Tue, 03 Mar 2026 22:31:53 GMT\r\nContent-Type: image/png\r\nETag: \"61309af5-17a0d\"\r\nAccess-Control-Allow-Origin: *\r\nX-Frame-Options: SAMEORIGIN\r\nExpires: Fri, 06 Mar 2026 22:31:53 GMT\r\nX-Cache: MISS\r\nuuid: -\r\nout-line: gb-cdn-212\r\nServer: SLT-MID\r\nLast-Modified: Thu, 02 Sep 2021 09:35:49 GMT\r\nCache-Control: max-age=259200\r\nAge: 0\r\nContent-Length: 96781\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 2388913805549756597\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Miss, Cache Miss\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":96781,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 250 x 290, 8-bit/color RGBA, non-interlaced","md5":"7cba82537203f393f21f63f855ecb3a6","sha1":"5be53b9f8a346d56535ddc1fed69707aec03e2b8","sha256":"69bfc1a826e8db539aba70f98c11d3cb0f3d9f8f47a9e150c259211e8070f18a","sha512":"1c63c905b303806f541b7f4aa915807c94e83b6948e8fc0400fc2a50407293482036b178407c978d41c373f049d76b7a51feb2c99a51a27a7624f28c08cf59f0","ssdeep":"1536:+r++jI4xlhz3pW9GnMk3ZVpFBPAY18Ugyr3G4SLgDExH4nskMxrx8Zqq:M+AVxD3p0hktFBYY18Ugyq4S8gZms1j0","tlshash":"8593020f39de44a71079d9ecdca061924d43c5524746cc9fbe9a985e13bf8add28b382","first_seen":"2023-05-04T04:29:50Z","last_seen":"2026-06-06T23:54:10.475258Z","times_seen":357,"resource_available":false,"data":null}},"time_used":2437,"timings":{"blocked":1386,"dns":0,"connect":0,"send":0,"wait":548,"receive":503,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Bet365","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Bet365 phishing","tags":["bet365","gambling","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"pk7k4q.pham.xin/ftl/commonPage/themes/fonts/gui-fonts/gui.ttf","fqdn":"pk7k4q.pham.xin","domain":"pham.xin","tld":"xin"},"ip":{"addr":"116.153.4.244","port":443,"asn":4837,"as":"CHINA UNICOM China169 Backbone","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://bb641000.com:8989/","date":"2026-03-03T22:31:49.893Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.pham.xin","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Mon, 02 Feb 2026 00:00:00 GMT","end":"Tue, 02 Feb 2027 23:59:59 GMT"},"fingerprint":{"sha1":"8D:E1:DB:0C:6A:1E:A1:35:4C:A9:36:95:EB:81:E2:4F:E3:B4:B0:F4","sha256":"17:C8:21:E9:B5:4D:A2:16:1A:91:DD:6B:E8:57:BB:1B:57:64:E3:89:CA:6F:EB:3B:04:1B:7A:5E:19:36:49:7D"}}},"request":{"raw":"GET /ftl/commonPage/themes/fonts/gui-fonts/gui.ttf HTTP/1.1\r\nHost: pk7k4q.pham.xin\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://bb641000.com:8989\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pk7k4q.pham.xin/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Thu, 04 Sep 2025 09:10:07 GMT\r\nEtag: \"68b9576f-68cc4\"\r\nDate: Tue, 03 Feb 2026 09:52:15 GMT\r\nContent-Type: application/octet-stream\r\nAccess-Control-Allow-Origin: *\r\nX-Frame-Options: SAMEORIGIN\r\nExpires: Fri, 06 Feb 2026 09:52:15 GMT\r\nX-Cache: HIT\r\nuuid: -\r\nout-line: gb-cdn-211\r\nServer: SLT-MID\r\nCache-Control: max-age=259200\r\nAge: 6475\r\nContent-Length: 429252\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 9637969587639457491\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":429252,"size_decoded":0,"mime_type":"application/octet-stream","magic":"TrueType Font data, 11 tables, 1st \"OS/2\", 14 names, Macintosh, type 1 string, icomoon    ","md5":"791bc072a3e361510b60c0994a742bf3","sha1":"f08c63ea64126c0f3b24c67fd0e0c5ae5df1b08e","sha256":"7a8e26265738d3cb0f201a53fb168cd59bb721cf0407f00bf25f720cfdcd760e","sha512":"d5548476dd786b5d0d77b02d36199c32d7895e0be8084be18a682f02303971b4c85f6d48e1faa94f51b2eb5ebe61cf91f97299515bcde23fb654a94cbd445509","ssdeep":"12288:pI/XwKnKzir7YTsVYzb/nb/X3M1MP2EF9PpKHQ:pIjnvrsoVK/nbPOAlvP","tlshash":"0e947d07936def8e9451a2e24845d0235ce2e104df3ed366eece7c5cd0258e88d79b9a","first_seen":"2025-09-06T05:10:02.121568Z","last_seen":"2026-04-17T08:01:36.639999Z","times_seen":1267,"resource_available":false,"data":null}},"time_used":2664,"timings":{"blocked":842,"dns":2,"connect":235,"send":0,"wait":239,"receive":741,"ssl":241},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pk7k4q.pham.xin/ftl/bet365-1359/images/logo.svg?wsSecret=d5499c76a76e709ef00bbb064626cc00\u0026wsTime=1772577110","fqdn":"pk7k4q.pham.xin","domain":"pham.xin","tld":"xin"},"ip":{"addr":"116.153.4.244","port":443,"asn":4837,"as":"CHINA UNICOM China169 Backbone","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://bb641000.com:8989/","date":"2026-03-03T22:31:51.796Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.pham.xin","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Mon, 02 Feb 2026 00:00:00 GMT","end":"Tue, 02 Feb 2027 23:59:59 GMT"},"fingerprint":{"sha1":"8D:E1:DB:0C:6A:1E:A1:35:4C:A9:36:95:EB:81:E2:4F:E3:B4:B0:F4","sha256":"17:C8:21:E9:B5:4D:A2:16:1A:91:DD:6B:E8:57:BB:1B:57:64:E3:89:CA:6F:EB:3B:04:1B:7A:5E:19:36:49:7D"}}},"request":{"raw":"GET /ftl/bet365-1359/images/logo.svg?wsSecret=d5499c76a76e709ef00bbb064626cc00\u0026wsTime=1772577110 HTTP/1.1\r\nHost: pk7k4q.pham.xin\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bb641000.com:8989/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Tue, 03 Mar 2026 22:31:51 GMT\r\nContent-Type: image/svg+xml\r\nETag: \"613c72a8-bd8\"\r\nAccess-Control-Allow-Origin: *\r\nX-Frame-Options: SAMEORIGIN\r\nExpires: Fri, 06 Mar 2026 22:31:51 GMT\r\nX-Cache: MISS\r\nuuid: -\r\nout-line: gb-cdn-211\r\nServer: SLT-MID\r\nLast-Modified: Sat, 11 Sep 2021 09:11:04 GMT\r\nCache-Control: max-age=259200\r\nAge: 0\r\nContent-Length: 3032\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 8839061488403566482\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Miss, Cache Miss\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":3032,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"de19000e3dff9d3a775668ae7e849a0f","sha1":"a775c6cad039b8016263db1d9ac92379296ba174","sha256":"e86e3afd834a8412cae16da4bbeb2b04eea33a3ab4d7508a26d3063157c76212","sha512":"6dfa3f9019c27f5e468feaeece3ee23d1d28dbef29a9fe3215d9d639a98d7c70db53c13993253ff7021e3060dfc4bde2936908a87161c3deb99ea81463f00a4e","ssdeep":"","tlshash":"3551a78d033dc4e9bef94a571ea83bc4737090be68b201e0925754ae94622b1f500e75","first_seen":"2023-05-17T05:31:08Z","last_seen":"2026-05-05T00:00:21.115228Z","times_seen":215,"resource_available":false,"data":null}},"time_used":354,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":354,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Bet365","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Bet365 phishing","tags":["bet365","gambling","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"pk7k4q.pham.xin/061410/rcenter/common/static/js/gb.validation.min.js?v=1771834111856","fqdn":"pk7k4q.pham.xin","domain":"pham.xin","tld":"xin"},"ip":{"addr":"116.153.4.244","port":443,"asn":4837,"as":"CHINA UNICOM China169 Backbone","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://bb641000.com:8989/","date":"2026-03-03T22:31:47.755Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.pham.xin","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Mon, 02 Feb 2026 00:00:00 GMT","end":"Tue, 02 Feb 2027 23:59:59 GMT"},"fingerprint":{"sha1":"8D:E1:DB:0C:6A:1E:A1:35:4C:A9:36:95:EB:81:E2:4F:E3:B4:B0:F4","sha256":"17:C8:21:E9:B5:4D:A2:16:1A:91:DD:6B:E8:57:BB:1B:57:64:E3:89:CA:6F:EB:3B:04:1B:7A:5E:19:36:49:7D"}}},"request":{"raw":"GET /061410/rcenter/common/static/js/gb.validation.min.js?v=1771834111856 HTTP/1.1\r\nHost: pk7k4q.pham.xin\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bb641000.com:8989/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Wed, 05 Oct 2022 09:40:30 GMT\r\nContent-Encoding: gzip\r\nEtag: W/\"633d510e-7fd7\"\r\nDate: Tue, 03 Mar 2026 12:13:30 GMT\r\nContent-Type: application/javascript; charset=utf-8\r\nVary: Accept-Encoding\r\nAccess-Control-Allow-Origin: *\r\nX-Frame-Options: SAMEORIGIN\r\nExpires: Fri, 06 Mar 2026 12:13:30 GMT\r\nX-Cache: HIT\r\nuuid: -\r\nout-line: gb-cdn-211\r\nServer: SLT-MID\r\nCache-Control: max-age=259200\r\nAge: 6880\r\nContent-Length: 5207\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 17366146333738054362\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":32727,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (801)","md5":"a55780dc13cbf1a8d375f14ebb659cf2","sha1":"9548cc269bcde0dc48e166fa6bab37af8a649e57","sha256":"35d147a863ab8828e073ca1ae89d476a9cede797c410ac555597c1f442452cc8","sha512":"3514366118d038da9131739e4557dc5fd92b8b7d3a27af00a7c2d8f4cfd49f4932991cba899fcc8171ac59eb356b25e717494225912f37d65600305ce2d3ace9","ssdeep":"768:WqBveMjZ1oE/eL8hhMjm9a1hI4vhej4pZ:Xpo5GhMjm9a1hI4vheUpZ","tlshash":"cee231166b7701e2916b71e10e4f9a083174952b5a87ce08bdac92e09f18d787373ff8","first_seen":"2023-04-05T18:30:47Z","last_seen":"2026-06-08T03:51:22.342072Z","times_seen":17750,"resource_available":true,"data":null}},"time_used":2530,"timings":{"blocked":2277,"dns":0,"connect":0,"send":0,"wait":253,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pk7k4q.pham.xin/ftl/commonPage/zh_CN/mobileTopic/images/special_3.jpg","fqdn":"pk7k4q.pham.xin","domain":"pham.xin","tld":"xin"},"ip":{"addr":"60.13.97.57","port":443,"asn":4837,"as":"CHINA UNICOM China169 Backbone","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://bb641000.com:8989/","date":"2026-03-03T22:31:47.941Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.pham.xin","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Mon, 02 Feb 2026 00:00:00 GMT","end":"Tue, 02 Feb 2027 23:59:59 GMT"},"fingerprint":{"sha1":"8D:E1:DB:0C:6A:1E:A1:35:4C:A9:36:95:EB:81:E2:4F:E3:B4:B0:F4","sha256":"17:C8:21:E9:B5:4D:A2:16:1A:91:DD:6B:E8:57:BB:1B:57:64:E3:89:CA:6F:EB:3B:04:1B:7A:5E:19:36:49:7D"}}},"request":{"raw":"GET /ftl/commonPage/zh_CN/mobileTopic/images/special_3.jpg HTTP/1.1\r\nHost: pk7k4q.pham.xin\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bb641000.com:8989/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Fri, 20 Sep 2019 08:35:27 GMT\r\nEtag: \"5d848f4f-1ad7\"\r\nDate: Tue, 03 Feb 2026 09:40:32 GMT\r\nContent-Type: image/jpeg\r\nAccess-Control-Allow-Origin: *\r\nX-Frame-Options: SAMEORIGIN\r\nExpires: Fri, 06 Feb 2026 09:40:32 GMT\r\nX-Cache: HIT\r\nuuid: -\r\nout-line: gb-cdn-211\r\nServer: SLT-MID\r\nCache-Control: max-age=259200\r\nAge: 10113\r\nContent-Length: 6871\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 3627444112416791240\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":6871,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 168x168, components 3","md5":"99be4bfe275809d4e436b77c991b1381","sha1":"54eadee77394eb62ccf377ae68d9f49acb5b6785","sha256":"4ca35131972acdf420b94f0d64a5a0f504eb5a7b0e6fb7b8b467916a12aae37d","sha512":"452a79b02619ed5c1e4f81fc5a4a209cb8a11d03aadb1841ae9be18fbca088652cdb54340329c1bf57771abfb02ffed4bf75b61f4df96866b7f2358c36ae75a3","ssdeep":"192:p7FikLUR+6X7MCy5nSb1jSG99DX8yclWGo2yscY8:pfA3+gSGjX25+Y8","tlshash":"4ae18e26da8bdb85c4a4f2713f7d881a5551da1a5bd3f02160f8c41b3c9327c15e7a8f","first_seen":"2023-04-30T20:28:22Z","last_seen":"2026-06-08T03:51:22.343269Z","times_seen":17419,"resource_available":false,"data":null}},"time_used":3050,"timings":{"blocked":2793,"dns":0,"connect":0,"send":0,"wait":256,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Bet365","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Bet365 phishing","tags":["bet365","gambling","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"pk7k4q.pham.xin/ftl/bet365-1359/themes/style/common.css","fqdn":"pk7k4q.pham.xin","domain":"pham.xin","tld":"xin"},"ip":{"addr":"116.153.4.244","port":443,"asn":4837,"as":"CHINA UNICOM China169 Backbone","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://bb641000.com:8989/","date":"2026-03-03T22:31:47.578Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.pham.xin","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Mon, 02 Feb 2026 00:00:00 GMT","end":"Tue, 02 Feb 2027 23:59:59 GMT"},"fingerprint":{"sha1":"8D:E1:DB:0C:6A:1E:A1:35:4C:A9:36:95:EB:81:E2:4F:E3:B4:B0:F4","sha256":"17:C8:21:E9:B5:4D:A2:16:1A:91:DD:6B:E8:57:BB:1B:57:64:E3:89:CA:6F:EB:3B:04:1B:7A:5E:19:36:49:7D"}}},"request":{"raw":"GET /ftl/bet365-1359/themes/style/common.css HTTP/1.1\r\nHost: pk7k4q.pham.xin\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bb641000.com:8989/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Wed, 15 Dec 2021 01:55:33 GMT\r\nContent-Encoding: gzip\r\nEtag: W/\"61b94b15-d023\"\r\nDate: Mon, 02 Mar 2026 06:12:39 GMT\r\nContent-Type: text/css\r\nVary: Accept-Encoding\r\nAccess-Control-Allow-Origin: *\r\nX-Frame-Options: SAMEORIGIN\r\nExpires: Thu, 05 Mar 2026 06:12:39 GMT\r\nX-Cache: HIT\r\nuuid: -\r\nout-line: gb-cdn-211\r\nServer: SLT-MID\r\nCache-Control: max-age=259200\r\nAge: 5135\r\nContent-Length: 13048\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 6834246356677935151\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":53283,"size_decoded":0,"mime_type":"text/css","magic":"assembler source, Unicode text, UTF-8 text, with very long lines (1682)","md5":"35acbc4df407b5760bfe7ece4a166f55","sha1":"7e93c0854c3229ef37e5a44486bc955d5a7b3555","sha256":"d27264e3e297c224233a8fe570149ee8e0ad474532e2531c0ee305e0b0e82ebb","sha512":"52919ade94fc3162d27ed402ede57586825a56d4e9d55d78b20b0037662c32f1f9c312b29e8955153ae99c96b08f4831ac4daa6ca2c92f50a9e027f50bfdb5e0","ssdeep":"768:drYssRWKCgH0C/x0zgGO78KrtqqOCYNXub13+FfBi8dawV8i/1y:XcH0CGO7Rwtx1HifwWiNy","tlshash":"5e33b732d351224b7097e19efc7eeb99175e9002e30656bcbdb631aac2cf654013a7c5","first_seen":"2025-04-08T03:17:52.159331Z","last_seen":"2026-05-05T00:00:21.150209Z","times_seen":91,"resource_available":false,"data":null}},"time_used":3106,"timings":{"blocked":1320,"dns":765,"connect":263,"send":0,"wait":453,"receive":1,"ssl":301},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bb641000.com:8989/message_zh_CN.js?v=1771834111856","fqdn":"bb641000.com","domain":"bb641000.com","tld":"com"},"ip":{"addr":"20.255.104.129","port":8989,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://bb641000.com:8989/","date":"2026-03-03T22:31:47.611Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bb641000.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 10 Jan 2026 17:12:31 GMT","end":"Fri, 10 Apr 2026 17:12:30 GMT"},"fingerprint":{"sha1":"55:DC:78:0C:62:CD:E0:5C:FD:08:79:7D:93:4E:7F:F0:5E:52:AA:66","sha256":"A6:CE:85:47:A8:24:C0:29:0B:C9:CA:62:E8:28:90:69:36:E2:81:DE:59:28:EA:9A:75:5C:E2:6F:53:74:50:11"}}},"request":{"raw":"GET /message_zh_CN.js?v=1771834111856 HTTP/1.1\r\nHost: bb641000.com:8989\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bb641000.com:8989/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-origin: *\r\ncache-control: max-age=259200\r\ncontent-encoding: gzip\r\ncontent-type: application/javascript;charset=UTF-8\r\ndate: Tue, 03 Mar 2026 22:31:47 GMT\r\nexpires: Fri, 06 Mar 2026 22:31:47 GMT\r\nout-line: gb-cdn-801\r\nuuid: 01359-01-00000000-17725771071710\r\nvary: Accept-Encoding\r\nx-cache: HIT\r\nx-frame-options: SAMEORIGIN\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":33499,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"Unicode text, UTF-8 text, with very long lines (15759), with LF, NEL line terminators","md5":"5e29a736bb07482814f4fb40f94618e3","sha1":"95031dd994aa15757b741e35e8165e6e54b396e6","sha256":"9cc0606e9e078be2bd4a7f0128364ad8a989ba363258d3d6058d8cf79b1fd3a8","sha512":"6df469c4d40670119fc0071f8339fc104ef3f9b8e96608462fb533295ae361da6c177d7d67a3ea50bb2da87e8c27cab6f4a54019f8feb61c5a846350d315c8c8","ssdeep":"768:IIy92nyfB+vODR01IRBG3Jpf3OEg7/wiwL38:Ib9BB+vF1IRBG/Op","tlshash":"05f24c8746fecbf68a4a0af99c5301ae22b557c8c9ec79147f90ddd92b457c900a7383","first_seen":"2026-01-15T08:15:21.544222Z","last_seen":"2026-06-07T07:30:11.553837Z","times_seen":6773,"resource_available":false,"data":null}},"time_used":359,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":359,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-03","alert":"Sinkholed","trigger":"bb641000.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pk7k4q.pham.xin/ftl/commonPage/themes/hb/css/pc.css","fqdn":"pk7k4q.pham.xin","domain":"pham.xin","tld":"xin"},"ip":{"addr":"116.153.4.244","port":443,"asn":4837,"as":"CHINA UNICOM China169 Backbone","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://bb641000.com:8989/","date":"2026-03-03T22:31:47.623Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.pham.xin","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Mon, 02 Feb 2026 00:00:00 GMT","end":"Tue, 02 Feb 2027 23:59:59 GMT"},"fingerprint":{"sha1":"8D:E1:DB:0C:6A:1E:A1:35:4C:A9:36:95:EB:81:E2:4F:E3:B4:B0:F4","sha256":"17:C8:21:E9:B5:4D:A2:16:1A:91:DD:6B:E8:57:BB:1B:57:64:E3:89:CA:6F:EB:3B:04:1B:7A:5E:19:36:49:7D"}}},"request":{"raw":"GET /ftl/commonPage/themes/hb/css/pc.css HTTP/1.1\r\nHost: pk7k4q.pham.xin\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bb641000.com:8989/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Fri, 20 Sep 2019 08:35:27 GMT\r\nContent-Encoding: gzip\r\nEtag: W/\"5d848f4f-b5d\"\r\nDate: Wed, 04 Feb 2026 02:12:24 GMT\r\nContent-Type: text/css\r\nVary: Accept-Encoding\r\nAccess-Control-Allow-Origin: *\r\nX-Frame-Options: SAMEORIGIN\r\nExpires: Sat, 07 Feb 2026 02:12:24 GMT\r\nX-Cache: HIT\r\nuuid: -\r\nout-line: gb-cdn-211\r\nServer: SLT-MID\r\nCache-Control: max-age=259200\r\nAge: 1075\r\nContent-Length: 911\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 17815711393538654733\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":2909,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"1da71520b7a0a61526a8fa8d0feb40d1","sha1":"ba1bf69dad8783563328054cae58ccabf1b00829","sha256":"5eb4d895bcb33061cda238c8ff4985ede69a866819b980c732cf3802ec101e8d","sha512":"d1cb92160523c231c4942f27c018bd3b30f89fc60153e23eb0a49d0696c896b0904ebe5db7cb97a0686f656d04a58f3ccf8fc0f09f2be703fa8400bd3270dfa8","ssdeep":"","tlshash":"d451dd305a02b1aaf42ffa677420874c2537004373169b3e72fd7ad1cfca9696136ad4","first_seen":"2023-04-05T18:30:47Z","last_seen":"2026-06-08T03:51:22.329757Z","times_seen":17230,"resource_available":false,"data":null}},"time_used":2658,"timings":{"blocked":2385,"dns":0,"connect":0,"send":0,"wait":273,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Bet365","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Bet365 phishing","tags":["bet365","gambling","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"bb641000.com:8989/mobile-api/v5/chess/getActivityMsg.html?function=sign","fqdn":"bb641000.com","domain":"bb641000.com","tld":"com"},"ip":{"addr":"20.255.104.129","port":8989,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://bb641000.com:8989/","date":"2026-03-03T22:31:51.437Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bb641000.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 10 Jan 2026 17:12:31 GMT","end":"Fri, 10 Apr 2026 17:12:30 GMT"},"fingerprint":{"sha1":"55:DC:78:0C:62:CD:E0:5C:FD:08:79:7D:93:4E:7F:F0:5E:52:AA:66","sha256":"A6:CE:85:47:A8:24:C0:29:0B:C9:CA:62:E8:28:90:69:36:E2:81:DE:59:28:EA:9A:75:5C:E2:6F:53:74:50:11"}}},"request":{"raw":"GET /mobile-api/v5/chess/getActivityMsg.html?function=sign HTTP/1.1\r\nHost: bb641000.com:8989\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/javascript, */*; q=0.01\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Requested-With: XMLHttpRequest\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bb641000.com:8989/\r\nCookie: sticket=XhNV010TkRBeE1DMW; route=31b5452c7ebd24ef97de659f4fb68f7c\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-headers: Content-Type,Access-Token,X-Requested-With\r\naccess-control-allow-methods: *\r\naccess-control-max-age: 3600\r\ncontent-disposition: inline;filename=f.txt\r\ncontent-encoding: br\r\ncontent-type: text/html;charset=utf-8\r\ndate: Tue, 03 Mar 2026 22:31:51 GMT\r\nout-line: gb-cdn-801\r\nset-cookie: route=169b5c290b6963ddbef067cfad367b83; Path=/\r\nsub-sys: mobile\r\nuuid: 01359-01-00000000-1772577111fedc\r\nvary: Accept-Encoding\r\nx-frame-options: SAMEORIGIN\r\ncontent-length: 104\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":143,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"JSON text data","md5":"61d6e435e18e1e92ba599e851618d1ba","sha1":"163826036880ee85449ea0e85757f67d6a1a8352","sha256":"f503b97e4889c00a9fa0522c8b9ffb2f8dcfe6c4a1249340c0b0ab8e58240e04","sha512":"605d388cf670533b3164db8cc4a7103d819a6877bbc6de20045c153237e1ae75673560ec71ff6e07f43ae545faa787ddfc74739c3af6727b6147be3f0366a738","ssdeep":"","tlshash":"77c02b87e2282cb387031bc090e8bf40c3ec01b3c0c80416dc8c8d0847748b9a302426","first_seen":"2023-10-28T16:47:49Z","last_seen":"2026-06-07T02:18:31.01178Z","times_seen":237,"resource_available":false,"data":null}},"time_used":248,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":248,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-03","alert":"Sinkholed","trigger":"bb641000.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pk7k4q.pham.xin/061410/rcenter/common/static/css/gb.validation.min.css","fqdn":"pk7k4q.pham.xin","domain":"pham.xin","tld":"xin"},"ip":{"addr":"116.153.4.244","port":443,"asn":4837,"as":"CHINA UNICOM China169 Backbone","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://bb641000.com:8989/","date":"2026-03-03T22:31:47.756Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.pham.xin","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Mon, 02 Feb 2026 00:00:00 GMT","end":"Tue, 02 Feb 2027 23:59:59 GMT"},"fingerprint":{"sha1":"8D:E1:DB:0C:6A:1E:A1:35:4C:A9:36:95:EB:81:E2:4F:E3:B4:B0:F4","sha256":"17:C8:21:E9:B5:4D:A2:16:1A:91:DD:6B:E8:57:BB:1B:57:64:E3:89:CA:6F:EB:3B:04:1B:7A:5E:19:36:49:7D"}}},"request":{"raw":"GET /061410/rcenter/common/static/css/gb.validation.min.css HTTP/1.1\r\nHost: pk7k4q.pham.xin\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bb641000.com:8989/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Wed, 05 Oct 2022 09:40:30 GMT\r\nContent-Encoding: gzip\r\nEtag: W/\"633d510e-2d52\"\r\nDate: Sun, 01 Mar 2026 03:06:01 GMT\r\nContent-Type: text/css\r\nVary: Accept-Encoding\r\nAccess-Control-Allow-Origin: *\r\nX-Frame-Options: SAMEORIGIN\r\nExpires: Wed, 04 Mar 2026 03:06:01 GMT\r\nX-Cache: HIT\r\nuuid: -\r\nout-line: gb-cdn-212\r\nServer: SLT-MID\r\nCache-Control: max-age=259200\r\nAge: 11227\r\nContent-Length: 3788\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 17228591634645794075\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":11602,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with very long lines (2295)","md5":"12630e8fd95b53f705159b9cd1c2b372","sha1":"1be26841536b82ff280211796e9de339c642795f","sha256":"2c0c712726319f142f14ea06ccdba0ddb9f880571581ab1d0c193d4083a5baa8","sha512":"3084c7d3f917e379235e29b0f641e69f7a9a89b9c30b088292e3b3800cc67e16414b2df9aed1ed144cd2c37bbd035a8f6389d71ace13d17dd32a315c7719a88b","ssdeep":"192:zyzNcfuLLpjyFp291taF4lcrCQ4RFvVhkxP4OKyptj6ZqQ:znmdyF24F6crCQ4R4P4Dx","tlshash":"ed32a673ba220244790d9d442f46ee02bb1b40176a4f8eabff91786cdf825c9b67074c","first_seen":"2025-04-07T03:18:03.798848Z","last_seen":"2026-06-08T03:51:22.315897Z","times_seen":10772,"resource_available":false,"data":null}},"time_used":2791,"timings":{"blocked":2440,"dns":0,"connect":0,"send":0,"wait":350,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pk7k4q.pham.xin/ftl/commonPage/themes/gui-base.css","fqdn":"pk7k4q.pham.xin","domain":"pham.xin","tld":"xin"},"ip":{"addr":"116.153.4.244","port":443,"asn":4837,"as":"CHINA UNICOM China169 Backbone","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://bb641000.com:8989/","date":"2026-03-03T22:31:47.575Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.pham.xin","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Mon, 02 Feb 2026 00:00:00 GMT","end":"Tue, 02 Feb 2027 23:59:59 GMT"},"fingerprint":{"sha1":"8D:E1:DB:0C:6A:1E:A1:35:4C:A9:36:95:EB:81:E2:4F:E3:B4:B0:F4","sha256":"17:C8:21:E9:B5:4D:A2:16:1A:91:DD:6B:E8:57:BB:1B:57:64:E3:89:CA:6F:EB:3B:04:1B:7A:5E:19:36:49:7D"}}},"request":{"raw":"GET /ftl/commonPage/themes/gui-base.css HTTP/1.1\r\nHost: pk7k4q.pham.xin\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bb641000.com:8989/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Wed, 25 Feb 2026 06:51:20 GMT\r\nContent-Encoding: gzip\r\nEtag: W/\"699e9be8-146ad\"\r\nDate: Tue, 03 Mar 2026 21:13:49 GMT\r\nContent-Type: text/css\r\nVary: Accept-Encoding\r\nAccess-Control-Allow-Origin: *\r\nX-Frame-Options: SAMEORIGIN\r\nExpires: Fri, 06 Mar 2026 21:13:49 GMT\r\nX-Cache: HIT\r\nuuid: -\r\nout-line: gb-cdn-211\r\nServer: SLT-MID\r\nCache-Control: max-age=259200\r\nAge: 4680\r\nContent-Length: 17173\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 7586325079890548723\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":83629,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with very long lines (12023)","md5":"ae436617c02061eb715fce1f6e4d84ba","sha1":"d29e23c56a6972ed8c139be8fd55022e8dc79dc2","sha256":"95be5699e27ae8ba00031ebaad84c414dbe6ab48f6445007513e072c9243eaae","sha512":"614e0041902efc437f9ef9ab63f0ee9e7d1236e0a5d811013dc75509c0669ef44b24ffefec0cf367ed241b6615b506b27a951cc17f168e7ff97f09b9564c4137","ssdeep":"1536:hh/EEJVfpLdXYSN4H1Y7B/Daf4ZxnVXCg9bI:VXYSNE+RVXW","tlshash":"0a8385b2e15824e63373c856a381fbda2554b122c5134efdf89f655c8bc738612a2f6c","first_seen":"2026-03-02T15:35:34.435383Z","last_seen":"2026-04-17T08:01:36.591141Z","times_seen":1009,"resource_available":false,"data":null}},"time_used":3163,"timings":{"blocked":1297,"dns":767,"connect":252,"send":0,"wait":501,"receive":57,"ssl":286},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pk7k4q.pham.xin/ftl/commonPage/js/websocket/CometMarathon.js","fqdn":"pk7k4q.pham.xin","domain":"pham.xin","tld":"xin"},"ip":{"addr":"116.153.4.244","port":443,"asn":4837,"as":"CHINA UNICOM China169 Backbone","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://bb641000.com:8989/","date":"2026-03-03T22:31:47.607Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.pham.xin","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Mon, 02 Feb 2026 00:00:00 GMT","end":"Tue, 02 Feb 2027 23:59:59 GMT"},"fingerprint":{"sha1":"8D:E1:DB:0C:6A:1E:A1:35:4C:A9:36:95:EB:81:E2:4F:E3:B4:B0:F4","sha256":"17:C8:21:E9:B5:4D:A2:16:1A:91:DD:6B:E8:57:BB:1B:57:64:E3:89:CA:6F:EB:3B:04:1B:7A:5E:19:36:49:7D"}}},"request":{"raw":"GET /ftl/commonPage/js/websocket/CometMarathon.js HTTP/1.1\r\nHost: pk7k4q.pham.xin\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bb641000.com:8989/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Thu, 21 Apr 2022 04:30:12 GMT\r\nEtag: \"6260ddd4-2f13\"\r\nDate: Tue, 03 Feb 2026 09:42:41 GMT\r\nContent-Type: application/javascript; charset=utf-8\r\nVary: Accept-Encoding, Accept-Encoding\r\nAccess-Control-Allow-Origin: *\r\nX-Frame-Options: SAMEORIGIN\r\nExpires: Fri, 06 Feb 2026 09:42:41 GMT\r\nX-Cache: HIT\r\nuuid: -\r\nout-line: gb-cdn-211\r\nServer: SLT-MID\r\nCache-Control: max-age=259200\r\nAge: 13935\r\nContent-Length: 12051\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 3856983381016353756\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":12051,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"466a7ed7d00986d45375c0cbffb5233c","sha1":"68845ead668e9abd29c24b491dbf97b219226c08","sha256":"7ddafae5a0a552d2d56101cdc8306403e8fb9570759d66c48b25893b409f0123","sha512":"752801557c12ee7830f1f2e55352ab9c033aff01ff79abdffaee1601c54cdfc85a2041facfc5a7e180706812be5ad08668eada116544197fd2a784bac1903ea0","ssdeep":"192:0Pf+0Sn4NyRSTTPhvygOdWuTdC3d7QPXLHOm8cSCl1Ej3m7YAPzhsoqFncJ0j:0Pf+fnwfcXSaGLj","tlshash":"9e32314b6cf75085592b32b50f9f24447239d8572605e81c7dccaae48f98b6c0b6bfb8","first_seen":"2023-04-05T18:30:47Z","last_seen":"2026-06-08T03:51:22.324795Z","times_seen":17453,"resource_available":true,"data":null}},"time_used":2058,"timings":{"blocked":1791,"dns":0,"connect":0,"send":0,"wait":260,"receive":7,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pk7k4q.pham.xin/ftl/commonPage/js/websocket/PopUp.js","fqdn":"pk7k4q.pham.xin","domain":"pham.xin","tld":"xin"},"ip":{"addr":"116.153.4.244","port":443,"asn":4837,"as":"CHINA UNICOM China169 Backbone","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://bb641000.com:8989/","date":"2026-03-03T22:31:47.610Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.pham.xin","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Mon, 02 Feb 2026 00:00:00 GMT","end":"Tue, 02 Feb 2027 23:59:59 GMT"},"fingerprint":{"sha1":"8D:E1:DB:0C:6A:1E:A1:35:4C:A9:36:95:EB:81:E2:4F:E3:B4:B0:F4","sha256":"17:C8:21:E9:B5:4D:A2:16:1A:91:DD:6B:E8:57:BB:1B:57:64:E3:89:CA:6F:EB:3B:04:1B:7A:5E:19:36:49:7D"}}},"request":{"raw":"GET /ftl/commonPage/js/websocket/PopUp.js HTTP/1.1\r\nHost: pk7k4q.pham.xin\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bb641000.com:8989/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Thu, 21 Apr 2022 04:30:12 GMT\r\nContent-Encoding: gzip\r\nEtag: W/\"6260ddd4-828\"\r\nDate: Sun, 08 Feb 2026 20:13:03 GMT\r\nContent-Type: application/javascript; charset=utf-8\r\nVary: Accept-Encoding\r\nAccess-Control-Allow-Origin: *\r\nX-Frame-Options: SAMEORIGIN\r\nExpires: Wed, 11 Feb 2026 20:13:03 GMT\r\nX-Cache: HIT\r\nuuid: -\r\nout-line: gb-cdn-212\r\nServer: SLT-MID\r\nCache-Control: max-age=259200\r\nAge: 5436\r\nContent-Length: 797\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 1700667261898368509\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":2088,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"Unicode text, UTF-8 text","md5":"07864ad2e2759d53f8f2f14dd4295bd9","sha1":"95144219e2eb702c4c4a707c3622b086876cf41c","sha256":"871bf30791bb89605b61cea815c3786246274b65ede3b8a8b8c2dd9244cfa89d","sha512":"f469d0f23c75e918d55e076d72481fca7043ac5eff9025aaac1f26860d080e4fc3c5d28f8f9ee1dae80719aca2b83f39ea82a129c221980bd7d63c212bacc119","ssdeep":"","tlshash":"9041ae54baf359a12c9b71f3aaaf30413160f2479505ed017d0cb9945f1d228b2cf7e9","first_seen":"2023-03-07T01:14:38Z","last_seen":"2026-06-08T03:51:22.33842Z","times_seen":17520,"resource_available":true,"data":null}},"time_used":2071,"timings":{"blocked":1802,"dns":0,"connect":0,"send":0,"wait":268,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Bet365","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Bet365 phishing","tags":["bet365","gambling","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"pk7k4q.pham.xin/ftl/bet365-1359/themes/images/rdao-r-1.png?wsSecret=42954a6c5d86a7989b2e0f637b0f4db8\u0026wsTime=1772577110","fqdn":"pk7k4q.pham.xin","domain":"pham.xin","tld":"xin"},"ip":{"addr":"60.13.97.57","port":443,"asn":4837,"as":"CHINA UNICOM China169 Backbone","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://bb641000.com:8989/","date":"2026-03-03T22:31:51.853Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.pham.xin","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Mon, 02 Feb 2026 00:00:00 GMT","end":"Tue, 02 Feb 2027 23:59:59 GMT"},"fingerprint":{"sha1":"8D:E1:DB:0C:6A:1E:A1:35:4C:A9:36:95:EB:81:E2:4F:E3:B4:B0:F4","sha256":"17:C8:21:E9:B5:4D:A2:16:1A:91:DD:6B:E8:57:BB:1B:57:64:E3:89:CA:6F:EB:3B:04:1B:7A:5E:19:36:49:7D"}}},"request":{"raw":"GET /ftl/bet365-1359/themes/images/rdao-r-1.png?wsSecret=42954a6c5d86a7989b2e0f637b0f4db8\u0026wsTime=1772577110 HTTP/1.1\r\nHost: pk7k4q.pham.xin\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bb641000.com:8989/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Tue, 03 Mar 2026 22:31:53 GMT\r\nContent-Type: image/png\r\nETag: \"613c72a8-3002\"\r\nAccess-Control-Allow-Origin: *\r\nX-Frame-Options: SAMEORIGIN\r\nExpires: Fri, 06 Mar 2026 22:31:53 GMT\r\nX-Cache: MISS\r\nuuid: -\r\nout-line: gb-cdn-211\r\nServer: SLT-MID\r\nLast-Modified: Sat, 11 Sep 2021 09:11:04 GMT\r\nCache-Control: max-age=259200\r\nAge: 0\r\nContent-Length: 12290\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 11703867837596605005\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Miss, Cache Miss\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":12290,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 147 x 57, 8-bit/color RGB, non-interlaced","md5":"e2385d2a0d7c043e90ec1e1e3bf6a1e4","sha1":"1be4ba4215520c1e884c27991984e185e2848283","sha256":"c578480a5ddbede9c417bd3e3a85d752b13d61e4e8127e4d1868b708807b562e","sha512":"cf7a514c39d2512fc3c0f7d84c4af956d1d6927f8411dd37766b7ddceca56beb50fc17b0341d78b442e7eebf12c4137942b08c5265211f865581245f09b39575","ssdeep":"384:l1LjlQQIY0/qcuBkNdOq40XqCLAM8xeYfRk2a26:l1Lj2QM9IkNlXHA1LfG2ad","tlshash":"7442c089a84025e5a20ce2d360e98673dfd6c8c557d1f9be2def04b96b10c7115f41ce","first_seen":"2023-05-01T02:34:20Z","last_seen":"2026-06-08T02:15:46.434446Z","times_seen":1030,"resource_available":false,"data":null}},"time_used":1452,"timings":{"blocked":954,"dns":0,"connect":0,"send":0,"wait":497,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Bet365","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Bet365 phishing","tags":["bet365","gambling","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"pk7k4q.pham.xin/ftl/commonPage/js/lazyload.js","fqdn":"pk7k4q.pham.xin","domain":"pham.xin","tld":"xin"},"ip":{"addr":"116.153.4.244","port":443,"asn":4837,"as":"CHINA UNICOM China169 Backbone","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://bb641000.com:8989/","date":"2026-03-03T22:31:47.613Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.pham.xin","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Mon, 02 Feb 2026 00:00:00 GMT","end":"Tue, 02 Feb 2027 23:59:59 GMT"},"fingerprint":{"sha1":"8D:E1:DB:0C:6A:1E:A1:35:4C:A9:36:95:EB:81:E2:4F:E3:B4:B0:F4","sha256":"17:C8:21:E9:B5:4D:A2:16:1A:91:DD:6B:E8:57:BB:1B:57:64:E3:89:CA:6F:EB:3B:04:1B:7A:5E:19:36:49:7D"}}},"request":{"raw":"GET /ftl/commonPage/js/lazyload.js HTTP/1.1\r\nHost: pk7k4q.pham.xin\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bb641000.com:8989/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Mon, 07 Aug 2023 03:05:10 GMT\r\nContent-Encoding: gzip\r\nEtag: W/\"64d05f66-2f79\"\r\nDate: Wed, 11 Feb 2026 00:49:37 GMT\r\nContent-Type: application/javascript; charset=utf-8\r\nVary: Accept-Encoding\r\nAccess-Control-Allow-Origin: *\r\nX-Frame-Options: SAMEORIGIN\r\nExpires: Sat, 14 Feb 2026 00:49:37 GMT\r\nX-Cache: HIT\r\nuuid: -\r\nout-line: gb-cdn-212\r\nServer: SLT-MID\r\nCache-Control: max-age=259200\r\nAge: 2542\r\nContent-Length: 2731\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 8326853009123254088\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":12153,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"d87854586672bff7f886a47da85da5ed","sha1":"8d0537030dc7a81ade87a41a75fd5a75e4e33da1","sha256":"17859187f895c27de8869fb6bfec579fd68c4588d0af71d08d334be92d144ada","sha512":"d8c3e724f00bcf1ebfe1f8e96dda01243cf22aef18a0fc5a25a42d84458ff58a22a316dabf1d80d1b4f4c28db79edbdf9ba19df755d72f2b0b9f64497137672f","ssdeep":"192:Cdr+EgBD7NiM7B1wV20jSCQrF/bcbe7/bgdCx4RTsmS3KDsS3CggvBSChKRJ0Suk:Cdr+JBDYpV20Ez+obgdsm3ROCJIqSJvG","tlshash":"304200483deb51aba1d3b0f89a5f11447235810b160eee253d6c9395af6093932f2ff9","first_seen":"2023-08-15T12:01:05Z","last_seen":"2026-06-08T03:51:22.325701Z","times_seen":17244,"resource_available":true,"data":null}},"time_used":2069,"timings":{"blocked":1816,"dns":0,"connect":0,"send":0,"wait":253,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pk7k4q.pham.xin/ftl/commonPage/js/gui-base.js","fqdn":"pk7k4q.pham.xin","domain":"pham.xin","tld":"xin"},"ip":{"addr":"116.153.4.244","port":443,"asn":4837,"as":"CHINA UNICOM China169 Backbone","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://bb641000.com:8989/","date":"2026-03-03T22:31:47.614Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.pham.xin","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Mon, 02 Feb 2026 00:00:00 GMT","end":"Tue, 02 Feb 2027 23:59:59 GMT"},"fingerprint":{"sha1":"8D:E1:DB:0C:6A:1E:A1:35:4C:A9:36:95:EB:81:E2:4F:E3:B4:B0:F4","sha256":"17:C8:21:E9:B5:4D:A2:16:1A:91:DD:6B:E8:57:BB:1B:57:64:E3:89:CA:6F:EB:3B:04:1B:7A:5E:19:36:49:7D"}}},"request":{"raw":"GET /ftl/commonPage/js/gui-base.js HTTP/1.1\r\nHost: pk7k4q.pham.xin\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bb641000.com:8989/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Thu, 17 Aug 2023 06:15:09 GMT\r\nContent-Encoding: gzip\r\nEtag: W/\"64ddbaed-ee5c\"\r\nDate: Thu, 19 Feb 2026 03:10:54 GMT\r\nContent-Type: application/javascript; charset=utf-8\r\nVary: Accept-Encoding\r\nAccess-Control-Allow-Origin: *\r\nX-Frame-Options: SAMEORIGIN\r\nExpires: Sun, 22 Feb 2026 03:10:54 GMT\r\nX-Cache: HIT\r\nuuid: -\r\nout-line: gb-cdn-212\r\nServer: SLT-MID\r\nCache-Control: max-age=259200\r\nAge: 8071\r\nContent-Length: 15779\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 6692974794168027228\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":61020,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (11056)","md5":"e6ce47d880d7a50ddf91b074c8572edf","sha1":"6a3657c67209136e5b544859daecf16f2d153b72","sha256":"c49e04c7ecfd07c74b58cf161ef2b58f2bc837a9091ed1ae090a33734cdaa734","sha512":"0946a1cb9d048b485dadf4056a4aa7be685a8906240a828a5ac776a4e1eae2ed5ef238bd0724da41cce33324357ba44704d34a6766430f1552630f9a17b664f4","ssdeep":"768:+lkflKVlvREcS38xHmuqrRO/5IS3oFaJX+mQdudqD9jAXImsUh8H3yALdODRG4eK:6ClKVlvREcYoHz0PszIfoALkMEY16pB","tlshash":"4353c80a72b130a106efb1b6515f460d323a6927d44ac458b97c9ae43f74f28316bf7e","first_seen":"2023-08-26T00:19:56Z","last_seen":"2026-06-08T03:51:22.34618Z","times_seen":16698,"resource_available":true,"data":null}},"time_used":2311,"timings":{"blocked":2053,"dns":0,"connect":0,"send":0,"wait":257,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pk7k4q.pham.xin/ftl/commonPage/images/favicon/favicon_1359.png?wsSecret=26e95ee488db9d1aee956933097986aa\u0026wsTime=1772577110","fqdn":"pk7k4q.pham.xin","domain":"pham.xin","tld":"xin"},"ip":{"addr":"116.153.4.244","port":443,"asn":4837,"as":"CHINA UNICOM China169 Backbone","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://bb641000.com:8989/","date":"2026-03-03T22:31:53.734Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.pham.xin","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Mon, 02 Feb 2026 00:00:00 GMT","end":"Tue, 02 Feb 2027 23:59:59 GMT"},"fingerprint":{"sha1":"8D:E1:DB:0C:6A:1E:A1:35:4C:A9:36:95:EB:81:E2:4F:E3:B4:B0:F4","sha256":"17:C8:21:E9:B5:4D:A2:16:1A:91:DD:6B:E8:57:BB:1B:57:64:E3:89:CA:6F:EB:3B:04:1B:7A:5E:19:36:49:7D"}}},"request":{"raw":"GET /ftl/commonPage/images/favicon/favicon_1359.png?wsSecret=26e95ee488db9d1aee956933097986aa\u0026wsTime=1772577110 HTTP/1.1\r\nHost: pk7k4q.pham.xin\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bb641000.com:8989/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Tue, 03 Mar 2026 22:31:53 GMT\r\nContent-Type: image/png\r\nETag: \"6311d300-9fc\"\r\nAccess-Control-Allow-Origin: *\r\nX-Frame-Options: SAMEORIGIN\r\nExpires: Fri, 06 Mar 2026 22:31:53 GMT\r\nX-Cache: MISS\r\nuuid: -\r\nout-line: gb-cdn-211\r\nServer: SLT-MID\r\nLast-Modified: Fri, 02 Sep 2022 09:55:12 GMT\r\nCache-Control: max-age=259200\r\nAge: 0\r\nContent-Length: 2556\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 742091615269949608\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Miss, Cache Miss\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":2556,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 64 x 64, 8-bit colormap, non-interlaced","md5":"c17d01def3d99c16179f81f432c5c524","sha1":"a2e24bf86f2f7567f138fc8dbc22e26faa933a49","sha256":"46c3b7a56ba9aee50d352dd833f532668ed2d6198562c7cfef856c0da50ea7d0","sha512":"944d90656cc1fe462358e57fa273f2e1ebace2629a1c66dd11fa0a8238d3274e88d8489d105cba4fb37cc4c63134e4ca374f63e4bc670f97ea60a681cd9795cc","ssdeep":"","tlshash":"56515c01d6ddada566c21c3d175bf344a294f630bc2706c3c3264737225aae5f14cacb","first_seen":"2023-05-15T07:57:20Z","last_seen":"2026-05-05T00:00:21.115852Z","times_seen":223,"resource_available":false,"data":null}},"time_used":527,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":524,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Bet365","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Bet365 phishing","tags":["bet365","gambling","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"pk7k4q.pham.xin/ftl/commonPage/js/moment.js","fqdn":"pk7k4q.pham.xin","domain":"pham.xin","tld":"xin"},"ip":{"addr":"116.153.4.244","port":443,"asn":4837,"as":"CHINA UNICOM China169 Backbone","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://bb641000.com:8989/","date":"2026-03-03T22:31:47.622Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.pham.xin","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Mon, 02 Feb 2026 00:00:00 GMT","end":"Tue, 02 Feb 2027 23:59:59 GMT"},"fingerprint":{"sha1":"8D:E1:DB:0C:6A:1E:A1:35:4C:A9:36:95:EB:81:E2:4F:E3:B4:B0:F4","sha256":"17:C8:21:E9:B5:4D:A2:16:1A:91:DD:6B:E8:57:BB:1B:57:64:E3:89:CA:6F:EB:3B:04:1B:7A:5E:19:36:49:7D"}}},"request":{"raw":"GET /ftl/commonPage/js/moment.js HTTP/1.1\r\nHost: pk7k4q.pham.xin\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bb641000.com:8989/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Tue, 18 Jul 2023 06:40:10 GMT\r\nContent-Encoding: gzip\r\nEtag: W/\"64b633ca-1cab9\"\r\nDate: Thu, 19 Feb 2026 03:22:19 GMT\r\nContent-Type: application/javascript; charset=utf-8\r\nVary: Accept-Encoding\r\nAccess-Control-Allow-Origin: *\r\nX-Frame-Options: SAMEORIGIN\r\nExpires: Sun, 22 Feb 2026 03:22:19 GMT\r\nX-Cache: HIT\r\nuuid: -\r\nout-line: gb-cdn-212\r\nServer: SLT-MID\r\nCache-Control: max-age=259200\r\nAge: 7829\r\nContent-Length: 26968\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 8832976634102175891\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":117433,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"36c8f828395a9395549bd6e7307cb7e9","sha1":"f30a4961558e2d3d4405e7d93aa28fdb63245e78","sha256":"5d5e32fa1e06a0bc9396f349d142ad248e82086543e438c890e43f41e692db33","sha512":"40c24a9011e1bbdd98bd95b341c400bdaf48fefd953fcb407368fe3c685ac09196b55e230c03ca9890c35fe9acef2c916bed52423dc1a7b532a1db9817c03a8e","ssdeep":"1536:qOL1yBkBeb9wNoHpH7tjl2Ulwjwaj2BH3fMobEKeYEoZYiMirUw0:qOCWeH70R2BkobE+cw0","tlshash":"aeb35f5a59e31023496362294fdf2011ba388123590dee487d8da3d49f9ed7c47bafec","first_seen":"2023-07-29T10:21:40Z","last_seen":"2026-06-08T03:51:22.348552Z","times_seen":17488,"resource_available":true,"data":null}},"time_used":2590,"timings":{"blocked":2325,"dns":0,"connect":0,"send":0,"wait":264,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pk7k4q.pham.xin/ftl/bet365-1359/images/index-game.jpg?wsSecret=7302830da24a24cc5154b4c3a4761628\u0026wsTime=1772577110","fqdn":"pk7k4q.pham.xin","domain":"pham.xin","tld":"xin"},"ip":{"addr":"116.153.4.244","port":443,"asn":4837,"as":"CHINA UNICOM China169 Backbone","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://bb641000.com:8989/","date":"2026-03-03T22:31:51.801Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.pham.xin","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Mon, 02 Feb 2026 00:00:00 GMT","end":"Tue, 02 Feb 2027 23:59:59 GMT"},"fingerprint":{"sha1":"8D:E1:DB:0C:6A:1E:A1:35:4C:A9:36:95:EB:81:E2:4F:E3:B4:B0:F4","sha256":"17:C8:21:E9:B5:4D:A2:16:1A:91:DD:6B:E8:57:BB:1B:57:64:E3:89:CA:6F:EB:3B:04:1B:7A:5E:19:36:49:7D"}}},"request":{"raw":"GET /ftl/bet365-1359/images/index-game.jpg?wsSecret=7302830da24a24cc5154b4c3a4761628\u0026wsTime=1772577110 HTTP/1.1\r\nHost: pk7k4q.pham.xin\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bb641000.com:8989/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Tue, 03 Mar 2026 22:31:51 GMT\r\nContent-Type: image/jpeg\r\nETag: \"613c72a8-7d87\"\r\nAccess-Control-Allow-Origin: *\r\nX-Frame-Options: SAMEORIGIN\r\nExpires: Fri, 06 Mar 2026 22:31:51 GMT\r\nX-Cache: MISS\r\nuuid: -\r\nout-line: gb-cdn-211\r\nServer: SLT-MID\r\nLast-Modified: Sat, 11 Sep 2021 09:11:04 GMT\r\nCache-Control: max-age=259200\r\nAge: 0\r\nContent-Length: 32135\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 9615458370676015599\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Miss, Cache Miss\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":32135,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=81, bps=0, PhotometricInterpretation=RGB, orientation=upper-left, width=271], progressive, precision 8, 270x81, components 3","md5":"3952e090ab928f5bc36747b275645f3c","sha1":"37d155d25da1ece2eaa2adc5de9bccb2a524985b","sha256":"dbddab3a290b16fc7b43e0a1093ffdec6a2ff91c104f9eff21df181a5336118c","sha512":"c7c2c6347376a82289f7ee2d43ad1b18a9284ec4c13ae744ca8be9c07fa67ee545941440fb21ae75f58040e05700bee1ecd1bff02667ffc4a3ad3c3f57cea921","ssdeep":"384:5KYfVPiNKYf6nbhhmNDoOeUk8eGoTmTYxnA0MZdfPDNcSg7TgcV1vYNji3CLexS1:oYPlvbiNVeUHQAcA0WbcSg7Uc8N23w7","tlshash":"c6e2c0311bd3cd2af6e139746a86da5b27046fe4aae316953b0c7441bff23d25d2ca01","first_seen":"2023-05-01T09:33:58Z","last_seen":"2026-06-08T02:15:46.441235Z","times_seen":847,"resource_available":false,"data":null}},"time_used":372,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":329,"receive":43,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Bet365","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Bet365 phishing","tags":["bet365","gambling","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"pk7k4q.pham.xin/ftl/bet365-1359/themes/images/sports-infos-bg.png?wsSecret=4855bd135b106726ed032abd295eb4ad\u0026wsTime=1772577110","fqdn":"pk7k4q.pham.xin","domain":"pham.xin","tld":"xin"},"ip":{"addr":"60.13.97.57","port":443,"asn":4837,"as":"CHINA UNICOM China169 Backbone","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://bb641000.com:8989/","date":"2026-03-03T22:31:51.835Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.pham.xin","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Mon, 02 Feb 2026 00:00:00 GMT","end":"Tue, 02 Feb 2027 23:59:59 GMT"},"fingerprint":{"sha1":"8D:E1:DB:0C:6A:1E:A1:35:4C:A9:36:95:EB:81:E2:4F:E3:B4:B0:F4","sha256":"17:C8:21:E9:B5:4D:A2:16:1A:91:DD:6B:E8:57:BB:1B:57:64:E3:89:CA:6F:EB:3B:04:1B:7A:5E:19:36:49:7D"}}},"request":{"raw":"GET /ftl/bet365-1359/themes/images/sports-infos-bg.png?wsSecret=4855bd135b106726ed032abd295eb4ad\u0026wsTime=1772577110 HTTP/1.1\r\nHost: pk7k4q.pham.xin\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bb641000.com:8989/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Tue, 03 Mar 2026 22:31:52 GMT\r\nContent-Type: image/png\r\nETag: \"613c72a8-10d7\"\r\nAccess-Control-Allow-Origin: *\r\nX-Frame-Options: SAMEORIGIN\r\nExpires: Fri, 06 Mar 2026 22:31:52 GMT\r\nX-Cache: MISS\r\nuuid: -\r\nout-line: gb-cdn-212\r\nServer: SLT-MID\r\nLast-Modified: Sat, 11 Sep 2021 09:11:04 GMT\r\nCache-Control: max-age=259200\r\nAge: 0\r\nContent-Length: 4311\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 6686510840296727433\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Miss, Cache Miss\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":4311,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 414 x 204, 8-bit/color RGB, non-interlaced","md5":"69957649d4c70d7b7cc0c1aa434c462f","sha1":"9070128b8ee6a699818e5deb33c926581d5b0b6f","sha256":"6cff75537c35a2a855cafaf1d2d45767867dbc28774da40ed8c4fd4f4f74a813","sha512":"585a30cd82d6e1c07b021483bd6d71229d64ce630798502ff41ac1a45d9d292411da51ffb94b85b36724bdc4843a3a428dfce79477340567d798380b8d9d0982","ssdeep":"96:AKnvd+9mMtdeFzLgDi7xRsIJOqPAAalpPLFE9dzKZefTE11XmLVOZ/eW/crP5:Jnl+9mMTdilRs97LQzLTQXcVOoDB","tlshash":"8f918d0ff2b97168754023066aa4a4254f524298991eb7658e1de3a34866a2cdf3bc22","first_seen":"2023-05-04T04:29:49Z","last_seen":"2026-05-05T00:00:21.135823Z","times_seen":3221,"resource_available":false,"data":null}},"time_used":605,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":602,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Bet365","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Bet365 phishing","tags":["bet365","gambling","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"pk7k4q.pham.xin/ftl/bet365-1359/themes/images/rdaobg.png?wsSecret=abdf8aed2766a3445b511587f2ff307a\u0026wsTime=1772577110","fqdn":"pk7k4q.pham.xin","domain":"pham.xin","tld":"xin"},"ip":{"addr":"60.13.97.57","port":443,"asn":4837,"as":"CHINA UNICOM China169 Backbone","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://bb641000.com:8989/","date":"2026-03-03T22:31:51.845Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.pham.xin","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Mon, 02 Feb 2026 00:00:00 GMT","end":"Tue, 02 Feb 2027 23:59:59 GMT"},"fingerprint":{"sha1":"8D:E1:DB:0C:6A:1E:A1:35:4C:A9:36:95:EB:81:E2:4F:E3:B4:B0:F4","sha256":"17:C8:21:E9:B5:4D:A2:16:1A:91:DD:6B:E8:57:BB:1B:57:64:E3:89:CA:6F:EB:3B:04:1B:7A:5E:19:36:49:7D"}}},"request":{"raw":"GET /ftl/bet365-1359/themes/images/rdaobg.png?wsSecret=abdf8aed2766a3445b511587f2ff307a\u0026wsTime=1772577110 HTTP/1.1\r\nHost: pk7k4q.pham.xin\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bb641000.com:8989/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Tue, 03 Mar 2026 22:31:52 GMT\r\nContent-Type: image/png\r\nETag: \"613c72a8-5a0c\"\r\nAccess-Control-Allow-Origin: *\r\nX-Frame-Options: SAMEORIGIN\r\nExpires: Fri, 06 Mar 2026 22:31:52 GMT\r\nX-Cache: MISS\r\nuuid: -\r\nout-line: gb-cdn-211\r\nServer: SLT-MID\r\nLast-Modified: Sat, 11 Sep 2021 09:11:04 GMT\r\nCache-Control: max-age=259200\r\nAge: 0\r\nContent-Length: 23052\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 17438092791262803034\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Miss, Cache Miss\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":23052,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 175 x 369, 8-bit/color RGBA, interlaced","md5":"f27cb3aa610d5d073308ee4066a3a726","sha1":"62504a85e14b7ec505899645378a9abf9f3f6954","sha256":"0e2e11002eb67d3b6eec134eecfec90b787ed55a128b7e5adc159da22b2a252f","sha512":"4ccb5a2f86f6a3781cac1e95ce28ec81329252fa68bbce582f5e7271734105e661f8c7fc0907559dcac15d10b9e6f7be413f0df1592407b18db554513a790c4c","ssdeep":"384:SensccjIl2Dy3KgEX2JAMQA9hKF3DhJjdW3qtTHzumv//4wVuyx2/M8o8jhuJpp:viIl2DyagECAAhwTjjnVjvI22k89Ypp","tlshash":"e7a2d01ce8432a5e6c5b63291fbd04230e678161f829eb4769dfb0566cab8fe443d087","first_seen":"2023-05-01T02:34:20Z","last_seen":"2026-06-08T02:15:46.428384Z","times_seen":1011,"resource_available":false,"data":null}},"time_used":962,"timings":{"blocked":585,"dns":0,"connect":0,"send":0,"wait":357,"receive":20,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Bet365","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Bet365 phishing","tags":["bet365","gambling","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"bb641000.com:8989/","fqdn":"bb641000.com","domain":"bb641000.com","tld":"com"},"ip":{"addr":"20.255.104.129","port":8989,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-03T22:31:46.687Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bb641000.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 10 Jan 2026 17:12:31 GMT","end":"Fri, 10 Apr 2026 17:12:30 GMT"},"fingerprint":{"sha1":"55:DC:78:0C:62:CD:E0:5C:FD:08:79:7D:93:4E:7F:F0:5E:52:AA:66","sha256":"A6:CE:85:47:A8:24:C0:29:0B:C9:CA:62:E8:28:90:69:36:E2:81:DE:59:28:EA:9A:75:5C:E2:6F:53:74:50:11"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: bb641000.com:8989\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: text/html; charset=utf-8\r\ndate: Tue, 03 Mar 2026 22:31:47 GMT\r\nout-line: gb-cdn-801\r\nuuid: -\r\nvary: Accept-Encoding\r\nx-frame-options: SAMEORIGIN\r\nx-html-cache: HIT-3600\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Moment.js","description":"Moment.js is a free and open-source JavaScript library that removes the need to use the native JavaScript Date object directly.","website":"https://momentjs.com","common_platform_enumeration":"cpe:2.3:a:momentjs:moment:*:*:*:*:*:*:*:*","icon":"Moment.js.svg","categories":["JavaScript libraries"]},{"name":"jQuery:1.11.3","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"Swiper","description":"Swiper is a JavaScript library that creates modern touch sliders with hardware-accelerated transitions.","website":"https://swiperjs.com","common_platform_enumeration":"","icon":"Swiper.svg","categories":["JavaScript libraries"]},{"name":"Bootstrap","description":"Bootstrap is a free and open-source CSS framework directed at responsive, mobile-first front-end web development. It contains CSS and JavaScript-based design templates for typography, forms, buttons, navigation, and other interface components.","website":"https://getbootstrap.com","common_platform_enumeration":"cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*","icon":"Bootstrap.svg","categories":["UI frameworks"]}],"data":{"size":712733,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"4efc339c28ba8ec0171d9887d5e93cab","sha1":"c3562afc9337271b74aa6b6c90e989c6da2a185a","sha256":"496c0579f9d6bcabea566be72aaf96984380c4b196e99f5a22ecc38ba6d0e666","sha512":"c525a0b5247d3e19e4e2a37471a78d3435936ecc9ac09aa7437053b40f6813535b8afd0ef7788289d762af23cf85e666747b6dede3a9a9c7608bd0ac63cd76d9","ssdeep":"6144:HdxsbdJWaG0vsDUM/wCh0+uJaNLhxGt5oTrrQY:vsbdJtG0vsIChRzGkrQY","tlshash":"dbe4390367e6155a697b70b94a7e33402535998bfe01cc24fcae15ccaf81dd172e3ea8","first_seen":"2026-03-03T22:32:15.041772Z","last_seen":"2026-03-03T22:32:15.041772Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1076,"timings":{"blocked":426,"dns":2,"connect":210,"send":0,"wait":222,"receive":0,"ssl":213},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-03","alert":"Sinkholed","trigger":"bb641000.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bb641000.com:8989/commonPage/lan/i18n.js?t=1772577107.22","fqdn":"bb641000.com","domain":"bb641000.com","tld":"com"},"ip":{"addr":"20.255.104.129","port":8989,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://bb641000.com:8989/","date":"2026-03-03T22:31:47.581Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bb641000.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 10 Jan 2026 17:12:31 GMT","end":"Fri, 10 Apr 2026 17:12:30 GMT"},"fingerprint":{"sha1":"55:DC:78:0C:62:CD:E0:5C:FD:08:79:7D:93:4E:7F:F0:5E:52:AA:66","sha256":"A6:CE:85:47:A8:24:C0:29:0B:C9:CA:62:E8:28:90:69:36:E2:81:DE:59:28:EA:9A:75:5C:E2:6F:53:74:50:11"}}},"request":{"raw":"GET /commonPage/lan/i18n.js?t=1772577107.22 HTTP/1.1\r\nHost: bb641000.com:8989\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bb641000.com:8989/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-origin: *\r\ncontent-encoding: gzip\r\ncontent-type: application/javascript; charset=utf-8\r\ndate: Tue, 03 Mar 2026 22:31:47 GMT\r\nout-line: gb-cdn-801\r\nuuid: 01359-01-00000000-1772577107e88a\r\nvary: Accept-Encoding\r\nx-frame-options: SAMEORIGIN\r\ncontent-length: 818\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1310,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"ASCII text, with very long lines (1217)","md5":"5b4aa30de4cd6ddf77f605a51ff605b6","sha1":"c8bb1f3b03d5761eed3ea4f46ff5fecefc073a17","sha256":"cc4e7202f70eafff7b87180b00678d691be1ed192c7242e9b1de34f64131897b","sha512":"4db4f035228d5b451877534b35486af9993604b7620a1c7bb8d2daf277aef5166541a8c8be3d86c16b4dca1af28366c2ead71c739067f967096912f848bfe6f7","ssdeep":"","tlshash":"ed21fe68f6e065e32dae8aa3eda23f6f11754abd00973107537831ce017dba79c6c408","first_seen":"2026-03-03T22:32:15.042582Z","last_seen":"2026-03-03T22:32:15.042582Z","times_seen":1,"resource_available":true,"data":null}},"time_used":385,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":385,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-03","alert":"Sinkholed","trigger":"bb641000.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pk7k4q.pham.xin/ftl/commonPage/js/theme/default/layer.css?v=3.1.0","fqdn":"pk7k4q.pham.xin","domain":"pham.xin","tld":"xin"},"ip":{"addr":"116.153.4.244","port":443,"asn":4837,"as":"CHINA UNICOM China169 Backbone","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://bb641000.com:8989/","date":"2026-03-03T22:31:50.460Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.pham.xin","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Mon, 02 Feb 2026 00:00:00 GMT","end":"Tue, 02 Feb 2027 23:59:59 GMT"},"fingerprint":{"sha1":"8D:E1:DB:0C:6A:1E:A1:35:4C:A9:36:95:EB:81:E2:4F:E3:B4:B0:F4","sha256":"17:C8:21:E9:B5:4D:A2:16:1A:91:DD:6B:E8:57:BB:1B:57:64:E3:89:CA:6F:EB:3B:04:1B:7A:5E:19:36:49:7D"}}},"request":{"raw":"GET /ftl/commonPage/js/theme/default/layer.css?v=3.1.0 HTTP/1.1\r\nHost: pk7k4q.pham.xin\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bb641000.com:8989/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Fri, 03 Sep 2021 08:10:10 GMT\r\nContent-Encoding: gzip\r\nEtag: W/\"6131d862-48e4\"\r\nDate: Tue, 03 Feb 2026 12:54:52 GMT\r\nContent-Type: text/css\r\nVary: Accept-Encoding\r\nAccess-Control-Allow-Origin: *\r\nX-Frame-Options: SAMEORIGIN\r\nExpires: Fri, 06 Feb 2026 12:54:52 GMT\r\nX-Cache: HIT\r\nuuid: -\r\nout-line: gb-cdn-211\r\nServer: SLT-MID\r\nCache-Control: max-age=259200\r\nAge: 658\r\nContent-Length: 3111\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 1559579794408362682\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":18660,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"5cf9259b7dd27aacd46161ec23d261cf","sha1":"ba0c399616a5ae9cdd8aec5b76ba4aae4822367c","sha256":"7f73a66b3a9a38576d124b6243a8984d795028e3493b8fa3f688d8dbe10cbccc","sha512":"834ae73090b76f7dad48a5efa850a0009d5104cfcab402b7c343ceb49410584c3a60a4eea800d366f380dc8364f5f00e3d38101c379fd5fa19f9492781d9ada1","ssdeep":"192:99OUf4PBsPIOpyNYpyBVpkgdpkqg60yQG0yrGlwSlyDXLIXiYHIli5aT6XeFTfb1:C4CyFP/FgkFxUE6QS","tlshash":"b7821de599a31584751b8214dbee267232f85c83e40fcc6cf7df354f4f086a592a1a4b","first_seen":"2023-04-05T18:30:47Z","last_seen":"2026-06-07T07:30:11.53514Z","times_seen":17714,"resource_available":false,"data":null}},"time_used":273,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":273,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Bet365","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Bet365 phishing","tags":["bet365","gambling","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"pk7k4q.pham.xin/ftl/bet365-1359/themes/images/rdao-l-3.png?wsSecret=72217cc4a137358eb9651446228f885b\u0026wsTime=1772577110","fqdn":"pk7k4q.pham.xin","domain":"pham.xin","tld":"xin"},"ip":{"addr":"60.13.97.57","port":443,"asn":4837,"as":"CHINA UNICOM China169 Backbone","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://bb641000.com:8989/","date":"2026-03-03T22:31:51.850Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.pham.xin","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Mon, 02 Feb 2026 00:00:00 GMT","end":"Tue, 02 Feb 2027 23:59:59 GMT"},"fingerprint":{"sha1":"8D:E1:DB:0C:6A:1E:A1:35:4C:A9:36:95:EB:81:E2:4F:E3:B4:B0:F4","sha256":"17:C8:21:E9:B5:4D:A2:16:1A:91:DD:6B:E8:57:BB:1B:57:64:E3:89:CA:6F:EB:3B:04:1B:7A:5E:19:36:49:7D"}}},"request":{"raw":"GET /ftl/bet365-1359/themes/images/rdao-l-3.png?wsSecret=72217cc4a137358eb9651446228f885b\u0026wsTime=1772577110 HTTP/1.1\r\nHost: pk7k4q.pham.xin\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bb641000.com:8989/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Tue, 03 Mar 2026 22:31:53 GMT\r\nContent-Type: image/png\r\nETag: \"613c72a8-3120\"\r\nAccess-Control-Allow-Origin: *\r\nX-Frame-Options: SAMEORIGIN\r\nExpires: Fri, 06 Mar 2026 22:31:53 GMT\r\nX-Cache: MISS\r\nuuid: -\r\nout-line: gb-cdn-212\r\nServer: SLT-MID\r\nLast-Modified: Sat, 11 Sep 2021 09:11:04 GMT\r\nCache-Control: max-age=259200\r\nAge: 0\r\nContent-Length: 12576\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 17086413719424098018\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Miss, Cache Miss\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":12576,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 147 x 57, 8-bit/color RGB, non-interlaced","md5":"2d59ff3b03c35665687729fb98ed5478","sha1":"c4c4b17fbfb5849c5c95f063b87b6bf322a1b5ea","sha256":"32f2a358d3f2a798ddf394ac652c3998349c366dd467df5234071c0548398770","sha512":"9671895b14f189107793741e2336585cc66f70275f2d406de2a442f2918f911ae79fce57a74b1b8645b2831053f7f5782ba1f1cdd7e891961ffcc738b257d84d","ssdeep":"384:usnRa8PIA5FpuffMcx26k9VI4rl6+IXQw4QDfunlK:uIRa8gkFpuHMohsVIUkklMIo","tlshash":"5242cfb806b9fb2b33840d8475b0780b46622edcd5d4d8f4d6dc157ab2ae0794924cdf","first_seen":"2023-05-01T02:34:21Z","last_seen":"2026-06-08T02:15:46.450462Z","times_seen":1010,"resource_available":false,"data":null}},"time_used":1448,"timings":{"blocked":879,"dns":0,"connect":0,"send":0,"wait":568,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Bet365","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Bet365 phishing","tags":["bet365","gambling","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"pk7k4q.pham.xin/ftl/bet365-1359/themes/images/rdao-l-4.png?wsSecret=4d12ccb49ced3756eb7245e569827852\u0026wsTime=1772577110","fqdn":"pk7k4q.pham.xin","domain":"pham.xin","tld":"xin"},"ip":{"addr":"116.153.4.244","port":443,"asn":4837,"as":"CHINA UNICOM China169 Backbone","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://bb641000.com:8989/","date":"2026-03-03T22:31:51.852Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.pham.xin","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Mon, 02 Feb 2026 00:00:00 GMT","end":"Tue, 02 Feb 2027 23:59:59 GMT"},"fingerprint":{"sha1":"8D:E1:DB:0C:6A:1E:A1:35:4C:A9:36:95:EB:81:E2:4F:E3:B4:B0:F4","sha256":"17:C8:21:E9:B5:4D:A2:16:1A:91:DD:6B:E8:57:BB:1B:57:64:E3:89:CA:6F:EB:3B:04:1B:7A:5E:19:36:49:7D"}}},"request":{"raw":"GET /ftl/bet365-1359/themes/images/rdao-l-4.png?wsSecret=4d12ccb49ced3756eb7245e569827852\u0026wsTime=1772577110 HTTP/1.1\r\nHost: pk7k4q.pham.xin\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bb641000.com:8989/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Tue, 03 Mar 2026 22:31:52 GMT\r\nContent-Type: image/png\r\nETag: \"613c72a8-374d\"\r\nAccess-Control-Allow-Origin: *\r\nX-Frame-Options: SAMEORIGIN\r\nExpires: Fri, 06 Mar 2026 22:31:52 GMT\r\nX-Cache: MISS\r\nuuid: -\r\nout-line: gb-cdn-211\r\nServer: SLT-MID\r\nLast-Modified: Sat, 11 Sep 2021 09:11:04 GMT\r\nCache-Control: max-age=259200\r\nAge: 0\r\nContent-Length: 14157\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 1277242525411649698\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Miss, Cache Miss\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":14157,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 147 x 70, 8-bit/color RGB, non-interlaced","md5":"408a47dbec9333221ee9937cf6513a0c","sha1":"b87f2425f70c7d0f8af2c41a0d3db5b4ef96a146","sha256":"a359740e674cfee1c6697c6cf4b6e1cc86de89d856d5601652aa5ce7c4b48203","sha512":"b1101ee62131000f76d0ea1fae026acff61c70d937ae7bdc887077dfdf6bca68bae1e495a3e587d5d433150e7932ebd1a2f111b5163a85c503386e56a837ca3b","ssdeep":"384:oXTlCu/v1oAmkBA0qLcScR8vmGzk1O/mex2t:UsEtogBA0qoHmk1O/jkt","tlshash":"2652bf0a5d284c3fc8f56e0258a300a3ec602d986951d86ff15f99ced63e6dec55a0d1","first_seen":"2023-05-01T02:34:20Z","last_seen":"2026-06-08T02:15:46.430858Z","times_seen":1015,"resource_available":false,"data":null}},"time_used":1282,"timings":{"blocked":895,"dns":0,"connect":0,"send":0,"wait":362,"receive":25,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Bet365","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Bet365 phishing","tags":["bet365","gambling","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"pk7k4q.pham.xin/ftl/bet365-1359/themes/images/rdao-r-3.png?wsSecret=b5fc4434e486d8b4af05196b3425f924\u0026wsTime=1772577110","fqdn":"pk7k4q.pham.xin","domain":"pham.xin","tld":"xin"},"ip":{"addr":"116.153.4.244","port":443,"asn":4837,"as":"CHINA UNICOM China169 Backbone","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://bb641000.com:8989/","date":"2026-03-03T22:31:51.855Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.pham.xin","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Mon, 02 Feb 2026 00:00:00 GMT","end":"Tue, 02 Feb 2027 23:59:59 GMT"},"fingerprint":{"sha1":"8D:E1:DB:0C:6A:1E:A1:35:4C:A9:36:95:EB:81:E2:4F:E3:B4:B0:F4","sha256":"17:C8:21:E9:B5:4D:A2:16:1A:91:DD:6B:E8:57:BB:1B:57:64:E3:89:CA:6F:EB:3B:04:1B:7A:5E:19:36:49:7D"}}},"request":{"raw":"GET /ftl/bet365-1359/themes/images/rdao-r-3.png?wsSecret=b5fc4434e486d8b4af05196b3425f924\u0026wsTime=1772577110 HTTP/1.1\r\nHost: pk7k4q.pham.xin\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bb641000.com:8989/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Tue, 03 Mar 2026 22:31:53 GMT\r\nContent-Type: image/png\r\nETag: \"613c72a8-304f\"\r\nAccess-Control-Allow-Origin: *\r\nX-Frame-Options: SAMEORIGIN\r\nExpires: Fri, 06 Mar 2026 22:31:53 GMT\r\nX-Cache: MISS\r\nuuid: -\r\nout-line: gb-cdn-211\r\nServer: SLT-MID\r\nLast-Modified: Sat, 11 Sep 2021 09:11:04 GMT\r\nCache-Control: max-age=259200\r\nAge: 0\r\nContent-Length: 12367\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 11746138993092226998\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Miss, Cache Miss\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":12367,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 147 x 57, 8-bit/color RGB, non-interlaced","md5":"98567b2a6024c4e690574cc2f4d8a91f","sha1":"c75986b57ba3fd98791a1cee632184a2c5a99d0b","sha256":"2eaddbbc263065a1ab9a7f46309cb8a2f39875a06aef11da4409203216c83834","sha512":"2f3e11858c5d9e2bf63fc13c5252afbb20de6c72d87678f95f0575d4a104bb0c95145ace728866afdecae2ab3f804681ead6fe2f30e2306e842cc2ea18e9f0e3","ssdeep":"384:v1f0t2zwaw/ziwfQOk4nI6/jynmn03I/Ynp:v6t2zwv/ziqT1I6rynK03IAp","tlshash":"7242cf49ed343da7d1fdcacc4ca658b092529760c6c2b2b09b8601711cb97fdb284446","first_seen":"2023-05-01T02:34:21Z","last_seen":"2026-06-08T02:15:46.474995Z","times_seen":1026,"resource_available":false,"data":null}},"time_used":1547,"timings":{"blocked":1204,"dns":0,"connect":0,"send":0,"wait":342,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Bet365","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Bet365 phishing","tags":["bet365","gambling","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"pk7k4q.pham.xin/ftl/commonPage/js/float.js","fqdn":"pk7k4q.pham.xin","domain":"pham.xin","tld":"xin"},"ip":{"addr":"116.153.4.244","port":443,"asn":4837,"as":"CHINA UNICOM China169 Backbone","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://bb641000.com:8989/","date":"2026-03-03T22:31:47.601Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.pham.xin","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Mon, 02 Feb 2026 00:00:00 GMT","end":"Tue, 02 Feb 2027 23:59:59 GMT"},"fingerprint":{"sha1":"8D:E1:DB:0C:6A:1E:A1:35:4C:A9:36:95:EB:81:E2:4F:E3:B4:B0:F4","sha256":"17:C8:21:E9:B5:4D:A2:16:1A:91:DD:6B:E8:57:BB:1B:57:64:E3:89:CA:6F:EB:3B:04:1B:7A:5E:19:36:49:7D"}}},"request":{"raw":"GET /ftl/commonPage/js/float.js HTTP/1.1\r\nHost: pk7k4q.pham.xin\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bb641000.com:8989/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Thu, 26 Aug 2021 07:50:18 GMT\r\nEtag: \"612747ba-1b2f\"\r\nDate: Thu, 19 Feb 2026 03:21:31 GMT\r\nContent-Type: application/javascript; charset=utf-8\r\nVary: Accept-Encoding, Accept-Encoding\r\nAccess-Control-Allow-Origin: *\r\nX-Frame-Options: SAMEORIGIN\r\nExpires: Sun, 22 Feb 2026 03:21:31 GMT\r\nX-Cache: HIT\r\nuuid: -\r\nout-line: gb-cdn-211\r\nServer: SLT-MID\r\nCache-Control: max-age=259200\r\nAge: 658\r\nContent-Length: 6959\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 8517487404767782269\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":6959,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"829af863b0cdc4a603919824ae046299","sha1":"1d417b1553e4ecb7125ebf2005b74255291fbf73","sha256":"1dbe4afbc9ed220c08b9e95577b56f83e2e8e0f7620c5dc18266bb325e5bb271","sha512":"e1202fa26fd353dfb2f989d3d45512e0691c062076297399f5fe62f63e7f5b194fec4a3d7fe2f09be1a6a945e197e7d68445d33dcc6f80b23a315112d9ae5b6c","ssdeep":"96:G4SXFXVXDL+R5NxuHie/moRUgIm/Kv3RKXg+Iw3qCNv5IC80b7Yr+HpH:G7xhDL+jNxzeBVLKJ1LeqCwCxb7YspH","tlshash":"04e1506e03b1212195aff1beaf1e424c6631905b2507dd057e0c87c46fa493c4636fee","first_seen":"2023-03-07T01:14:38Z","last_seen":"2026-06-07T07:30:11.51234Z","times_seen":17483,"resource_available":true,"data":null}},"time_used":3135,"timings":{"blocked":1393,"dns":741,"connect":275,"send":0,"wait":337,"receive":1,"ssl":386},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Bet365","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Bet365 phishing","tags":["bet365","gambling","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"pk7k4q.pham.xin/ftl/bet365-1359/themes/images/bg-products.gif?wsSecret=06b5acda19cf4ee4a88b81ba3e72fa4f\u0026wsTime=1772577110","fqdn":"pk7k4q.pham.xin","domain":"pham.xin","tld":"xin"},"ip":{"addr":"60.13.97.57","port":443,"asn":4837,"as":"CHINA UNICOM China169 Backbone","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://bb641000.com:8989/","date":"2026-03-03T22:31:51.837Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.pham.xin","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Mon, 02 Feb 2026 00:00:00 GMT","end":"Tue, 02 Feb 2027 23:59:59 GMT"},"fingerprint":{"sha1":"8D:E1:DB:0C:6A:1E:A1:35:4C:A9:36:95:EB:81:E2:4F:E3:B4:B0:F4","sha256":"17:C8:21:E9:B5:4D:A2:16:1A:91:DD:6B:E8:57:BB:1B:57:64:E3:89:CA:6F:EB:3B:04:1B:7A:5E:19:36:49:7D"}}},"request":{"raw":"GET /ftl/bet365-1359/themes/images/bg-products.gif?wsSecret=06b5acda19cf4ee4a88b81ba3e72fa4f\u0026wsTime=1772577110 HTTP/1.1\r\nHost: pk7k4q.pham.xin\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bb641000.com:8989/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Tue, 03 Mar 2026 22:31:52 GMT\r\nContent-Type: image/gif\r\nETag: \"613c72a8-5224\"\r\nX-Frame-Options: SAMEORIGIN\r\nExpires: Fri, 06 Mar 2026 22:31:52 GMT\r\nX-Cache: MISS\r\nuuid: -\r\nout-line: gb-cdn-212\r\nServer: SLT-MID\r\nLast-Modified: Sat, 11 Sep 2021 09:11:04 GMT\r\nCache-Control: max-age=259200\r\nAge: 0\r\nContent-Length: 21028\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 11856202098842059894\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Miss, Cache Miss\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":21028,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 271 x 302","md5":"e6c33fd46eacf329da3565adb295287a","sha1":"79b107df875842fd4e22809f21b60c322d128cce","sha256":"1694db51d04b5d207f7bc4ca11a7fcd2ca171b2f4c2c2b12d1c75e5cb3dbe20f","sha512":"06db3e6ae5d5cacbece221ad4ced0fe5015c52f178052d7c17e1036f9730da4ff1131e47ef215bd2262f66eaf44141f9e3dca199893ea033a327651a5d4dd8a4","ssdeep":"384:kEET68D/HXZItYhdphEcpdLS7cIVuPDDQJSOiDNfApER5vumtiNS3:QTLZI+XJd+7yPvQJ7WNk8B3tiU3","tlshash":"0a92e1632d75ff4a2a47a1f9cce7a0438361b31465fb0702e1a467a2534c1c6e45ee2d","first_seen":"2023-05-04T04:29:49Z","last_seen":"2026-05-05T00:00:21.168418Z","times_seen":3223,"resource_available":false,"data":null}},"time_used":752,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":627,"receive":125,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Bet365","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Bet365 phishing","tags":["bet365","gambling","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"pk7k4q.pham.xin/ftl/bet365-1359/themes/images/rdao-l-title.png?wsSecret=6572a0f4f94f356fe4614ca4831e33c5\u0026wsTime=1772577110","fqdn":"pk7k4q.pham.xin","domain":"pham.xin","tld":"xin"},"ip":{"addr":"60.13.97.57","port":443,"asn":4837,"as":"CHINA UNICOM China169 Backbone","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://bb641000.com:8989/","date":"2026-03-03T22:31:51.842Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.pham.xin","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Mon, 02 Feb 2026 00:00:00 GMT","end":"Tue, 02 Feb 2027 23:59:59 GMT"},"fingerprint":{"sha1":"8D:E1:DB:0C:6A:1E:A1:35:4C:A9:36:95:EB:81:E2:4F:E3:B4:B0:F4","sha256":"17:C8:21:E9:B5:4D:A2:16:1A:91:DD:6B:E8:57:BB:1B:57:64:E3:89:CA:6F:EB:3B:04:1B:7A:5E:19:36:49:7D"}}},"request":{"raw":"GET /ftl/bet365-1359/themes/images/rdao-l-title.png?wsSecret=6572a0f4f94f356fe4614ca4831e33c5\u0026wsTime=1772577110 HTTP/1.1\r\nHost: pk7k4q.pham.xin\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bb641000.com:8989/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Tue, 03 Mar 2026 22:31:52 GMT\r\nContent-Type: image/png\r\nETag: \"613c72a8-36c1\"\r\nAccess-Control-Allow-Origin: *\r\nX-Frame-Options: SAMEORIGIN\r\nExpires: Fri, 06 Mar 2026 22:31:52 GMT\r\nX-Cache: MISS\r\nuuid: -\r\nout-line: gb-cdn-211\r\nServer: SLT-MID\r\nLast-Modified: Sat, 11 Sep 2021 09:11:04 GMT\r\nCache-Control: max-age=259200\r\nAge: 0\r\nContent-Length: 14017\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 5091517472275646318\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Miss, Cache Miss\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":14017,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 50 x 247, 8-bit/color RGBA, non-interlaced","md5":"a9bc5bbecc55ef7980fc3cfd6c338657","sha1":"7bddde2e742e74809dd2462c9e12f5748f4f22e6","sha256":"968753c19b6dcbfd000fdfc85ab7a54aea63164a51f993583683e7eb6ec7a82b","sha512":"5324d145a2752472d573a19c8cd782c7d244960d9518487529d4dcdeff529c116119b16a157619068db7dc58161ef1b241eaf807a86096ff90ac4b21b5c27b0d","ssdeep":"384:PyWmtgcnRztiuKECOBRA6P+0dY4D0YS6eNE06PX0nIvq:PyNgcn7K1iRrdHveNMEIi","tlshash":"d252e18defc1f54ac2e8ceaf5ef330114181309562f6b66098e2114bc098acb46ed5cb","first_seen":"2023-05-01T02:34:21Z","last_seen":"2026-06-08T02:15:46.431369Z","times_seen":1023,"resource_available":false,"data":null}},"time_used":591,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":524,"receive":67,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Bet365","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Bet365 phishing","tags":["bet365","gambling","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"pk7k4q.pham.xin/ftl/bet365-1359/themes/images/rdao-r-4.png?wsSecret=3145aef2c23bc1348f241e467176b621\u0026wsTime=1772577110","fqdn":"pk7k4q.pham.xin","domain":"pham.xin","tld":"xin"},"ip":{"addr":"116.153.4.244","port":443,"asn":4837,"as":"CHINA UNICOM China169 Backbone","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://bb641000.com:8989/","date":"2026-03-03T22:31:51.856Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.pham.xin","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Mon, 02 Feb 2026 00:00:00 GMT","end":"Tue, 02 Feb 2027 23:59:59 GMT"},"fingerprint":{"sha1":"8D:E1:DB:0C:6A:1E:A1:35:4C:A9:36:95:EB:81:E2:4F:E3:B4:B0:F4","sha256":"17:C8:21:E9:B5:4D:A2:16:1A:91:DD:6B:E8:57:BB:1B:57:64:E3:89:CA:6F:EB:3B:04:1B:7A:5E:19:36:49:7D"}}},"request":{"raw":"GET /ftl/bet365-1359/themes/images/rdao-r-4.png?wsSecret=3145aef2c23bc1348f241e467176b621\u0026wsTime=1772577110 HTTP/1.1\r\nHost: pk7k4q.pham.xin\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bb641000.com:8989/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Tue, 03 Mar 2026 22:31:53 GMT\r\nContent-Type: image/png\r\nETag: \"613c72a8-3922\"\r\nAccess-Control-Allow-Origin: *\r\nX-Frame-Options: SAMEORIGIN\r\nExpires: Fri, 06 Mar 2026 22:31:53 GMT\r\nX-Cache: MISS\r\nuuid: -\r\nout-line: gb-cdn-211\r\nServer: SLT-MID\r\nLast-Modified: Sat, 11 Sep 2021 09:11:04 GMT\r\nCache-Control: max-age=259200\r\nAge: 0\r\nContent-Length: 14626\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 15458805453846212416\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Miss, Cache Miss\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":14626,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 147 x 53, 8-bit/color RGB, non-interlaced","md5":"113d3f2af50abaadad7df566c6c82d22","sha1":"9ac7ddf5cd311e88709d29b3a69bf209c5ca1e51","sha256":"a1a9bff1875165cafe5c41941486db0a6b12028b63e6738d1f79980cb2408caf","sha512":"a9f8174ee1300bbbe90a2d5358758e7d83932b64191374fae2960d48c6860c30268de649e1108e6b1e5402b1c17b84abb1267b3d2d1e0e3915ba29d45392cdae","ssdeep":"384:OEesk78FGrdSgJTFYaLxOJGltTrtYrqdcdr3l5sqiu:ORskkgAglNtOJitV2JXV","tlshash":"7762c05dae5330039e8eaba5cf3fe0710d5a1729e055c4eb1117e8b754980e4c34a5be","first_seen":"2023-05-01T02:34:20Z","last_seen":"2026-06-08T02:15:46.463459Z","times_seen":1026,"resource_available":false,"data":null}},"time_used":1776,"timings":{"blocked":1277,"dns":0,"connect":0,"send":0,"wait":438,"receive":61,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Bet365","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Bet365 phishing","tags":["bet365","gambling","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"bb641000.com:8989/index/getAppsUrl.html?device=android\u0026fPixelId=\u0026accessToken=\u0026apiVersion=","fqdn":"bb641000.com","domain":"bb641000.com","tld":"com"},"ip":{"addr":"20.255.104.129","port":8989,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://bb641000.com:8989/","date":"2026-03-03T22:31:50.595Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bb641000.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 10 Jan 2026 17:12:31 GMT","end":"Fri, 10 Apr 2026 17:12:30 GMT"},"fingerprint":{"sha1":"55:DC:78:0C:62:CD:E0:5C:FD:08:79:7D:93:4E:7F:F0:5E:52:AA:66","sha256":"A6:CE:85:47:A8:24:C0:29:0B:C9:CA:62:E8:28:90:69:36:E2:81:DE:59:28:EA:9A:75:5C:E2:6F:53:74:50:11"}}},"request":{"raw":"GET /index/getAppsUrl.html?device=android\u0026fPixelId=\u0026accessToken=\u0026apiVersion= HTTP/1.1\r\nHost: bb641000.com:8989\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Requested-With: XMLHttpRequest\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bb641000.com:8989/\r\nCookie: sticket=XhNV010TkRBeE1DMW\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-disposition: inline;filename=f.txt\r\ncontent-encoding: gzip\r\ncontent-type: text/html;charset=utf-8\r\ndate: Tue, 03 Mar 2026 22:31:50 GMT\r\nout-line: gb-cdn-801\r\nset-cookie: route=31b5452c7ebd24ef97de659f4fb68f7c; Path=/\r\nsub-sys: msite\r\nuuid: 01359-01-00000000-17725771100210\r\nvary: Accept-Encoding\r\nx-frame-options: SAMEORIGIN\r\ncontent-length: 884\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1120,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"JSON text data","md5":"c93fa3d7ee5f4469ac12d1c261872b10","sha1":"d918f74472124d8fe8233915d4f3727c7c16e16c","sha256":"7d74177e650f815c1e8f6c0b5b842c4eafbc41536c4162a3375d55c44bde2fd2","sha512":"a085e6afb23e2bc4203330bff2faab7a202b9307c6b6c52249a6d9d2afb0884707358a9d5376fcbc296fac2c8631bce056c462a281542656a03a3aae613b3518","ssdeep":"","tlshash":"0121c62d193e997b56bc5d8964d41ac0ae6a432f0b84b225b75cfb27bbc8800a033664","first_seen":"2026-03-03T22:32:15.049411Z","last_seen":"2026-03-03T22:36:24.895635Z","times_seen":2,"resource_available":false,"data":null}},"time_used":280,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":280,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-03","alert":"Sinkholed","trigger":"bb641000.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bb641000.com:8989/index/getUserTimeZoneDate.html?t=mmb6n89f","fqdn":"bb641000.com","domain":"bb641000.com","tld":"com"},"ip":{"addr":"20.255.104.129","port":8989,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://bb641000.com:8989/","date":"2026-03-03T22:31:50.934Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bb641000.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 10 Jan 2026 17:12:31 GMT","end":"Fri, 10 Apr 2026 17:12:30 GMT"},"fingerprint":{"sha1":"55:DC:78:0C:62:CD:E0:5C:FD:08:79:7D:93:4E:7F:F0:5E:52:AA:66","sha256":"A6:CE:85:47:A8:24:C0:29:0B:C9:CA:62:E8:28:90:69:36:E2:81:DE:59:28:EA:9A:75:5C:E2:6F:53:74:50:11"}}},"request":{"raw":"GET /index/getUserTimeZoneDate.html?t=mmb6n89f HTTP/1.1\r\nHost: bb641000.com:8989\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/javascript, */*; q=0.01\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Requested-With: XMLHttpRequest\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bb641000.com:8989/\r\nCookie: sticket=XhNV010TkRBeE1DMW; route=31b5452c7ebd24ef97de659f4fb68f7c\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncachettl: 3\r\ncontent-disposition: inline;filename=f.txt\r\ncontent-encoding: br\r\ncontent-type: text/html;charset=utf-8\r\ndate: Tue, 03 Mar 2026 22:31:51 GMT\r\nout-line: gb-cdn-801\r\nsub-sys: msite\r\nuuid: 01359-01-00000000-1772577111a8fa\r\nvary: Accept-Encoding\r\nx-frame-options: SAMEORIGIN\r\ncontent-length: 99\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":121,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"JSON text data","md5":"b29e033cb403b0c2541991c038758940","sha1":"e93aca3db379c7e7fe173a224ec4d25debbc51ad","sha256":"49a2d8e8a6e5c48bd3c94b1867cab990aaecf4d18c0d6c28fa85eebb71a08685","sha512":"65d781f21bdfa4654cfe3a8f6b147d862ba1087d95a1b49d9ca61bcadc8f2c2f97c73ca1147a647c509f82b9cd75fa508a7c2861722c49afdb1e546c3b4df3b5","ssdeep":"","tlshash":"1bb0921908d41d1e0eb0e5e09209b8deaa1da12b4ac2ca651ad2ec9da86c8887828212","first_seen":"2026-03-03T22:32:15.050245Z","last_seen":"2026-03-03T22:32:15.050245Z","times_seen":1,"resource_available":false,"data":null}},"time_used":235,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":235,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-03","alert":"Sinkholed","trigger":"bb641000.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pk7k4q.pham.xin/ftl/bet365-1359/images/index-casino.jpg?wsSecret=5a492f83bf7a536aee80127907574b2a\u0026wsTime=1772577110","fqdn":"pk7k4q.pham.xin","domain":"pham.xin","tld":"xin"},"ip":{"addr":"116.153.4.244","port":443,"asn":4837,"as":"CHINA UNICOM China169 Backbone","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://bb641000.com:8989/","date":"2026-03-03T22:31:51.799Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.pham.xin","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Mon, 02 Feb 2026 00:00:00 GMT","end":"Tue, 02 Feb 2027 23:59:59 GMT"},"fingerprint":{"sha1":"8D:E1:DB:0C:6A:1E:A1:35:4C:A9:36:95:EB:81:E2:4F:E3:B4:B0:F4","sha256":"17:C8:21:E9:B5:4D:A2:16:1A:91:DD:6B:E8:57:BB:1B:57:64:E3:89:CA:6F:EB:3B:04:1B:7A:5E:19:36:49:7D"}}},"request":{"raw":"GET /ftl/bet365-1359/images/index-casino.jpg?wsSecret=5a492f83bf7a536aee80127907574b2a\u0026wsTime=1772577110 HTTP/1.1\r\nHost: pk7k4q.pham.xin\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bb641000.com:8989/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Tue, 03 Mar 2026 22:31:52 GMT\r\nContent-Type: image/jpeg\r\nETag: \"613c72a8-9967\"\r\nAccess-Control-Allow-Origin: *\r\nX-Frame-Options: SAMEORIGIN\r\nExpires: Fri, 06 Mar 2026 22:31:52 GMT\r\nX-Cache: MISS\r\nuuid: -\r\nout-line: gb-cdn-212\r\nServer: SLT-MID\r\nLast-Modified: Sat, 11 Sep 2021 09:11:04 GMT\r\nCache-Control: max-age=259200\r\nAge: 0\r\nContent-Length: 39271\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 13313973532850951595\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Miss, Cache Miss\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":39271,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=81, bps=0, PhotometricInterpretation=RGB, orientation=upper-left, width=271], baseline, precision 8, 270x81, components 3","md5":"abf180088cd18dbb8b8a87e947aa4285","sha1":"b511424b6a88d4faf129e526340ac617caaeb11a","sha256":"b136864ffef1cf1bca9a4106031e7f247fb62bb717db1a495c96c7d8b5b77da3","sha512":"846fae11172592913f58d2945a3cb9824f3de2adaabc29f22de42e58db0009ab8d080407b60c0782e52fb2869385ff5ddd4f6877b8101ec0e1b3fcd9e03029bc","ssdeep":"768:7BEaOnPFBEaOFF0f/K+aOW6ceGs6gp30NsUbGGDeex1yX6DS:dJEJoKXK+jW6cegY0NsgGGv1xDS","tlshash":"7503cf2aaf53ef67f9e58eb5a4e5c28542402e5598772b63725c14037fb07e28f3d208","first_seen":"2023-05-01T09:33:58Z","last_seen":"2026-06-08T02:15:46.424594Z","times_seen":854,"resource_available":false,"data":null}},"time_used":925,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":914,"receive":11,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Bet365","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Bet365 phishing","tags":["bet365","gambling","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"pk7k4q.pham.xin/ftl/bet365-1359/themes/images/rdao-l-2.png?wsSecret=f306a45de270b3fadd608db1832eeda2\u0026wsTime=1772577110","fqdn":"pk7k4q.pham.xin","domain":"pham.xin","tld":"xin"},"ip":{"addr":"116.153.4.244","port":443,"asn":4837,"as":"CHINA UNICOM China169 Backbone","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://bb641000.com:8989/","date":"2026-03-03T22:31:51.849Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.pham.xin","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Mon, 02 Feb 2026 00:00:00 GMT","end":"Tue, 02 Feb 2027 23:59:59 GMT"},"fingerprint":{"sha1":"8D:E1:DB:0C:6A:1E:A1:35:4C:A9:36:95:EB:81:E2:4F:E3:B4:B0:F4","sha256":"17:C8:21:E9:B5:4D:A2:16:1A:91:DD:6B:E8:57:BB:1B:57:64:E3:89:CA:6F:EB:3B:04:1B:7A:5E:19:36:49:7D"}}},"request":{"raw":"GET /ftl/bet365-1359/themes/images/rdao-l-2.png?wsSecret=f306a45de270b3fadd608db1832eeda2\u0026wsTime=1772577110 HTTP/1.1\r\nHost: pk7k4q.pham.xin\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bb641000.com:8989/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Tue, 03 Mar 2026 22:31:53 GMT\r\nContent-Type: image/png\r\nETag: \"613c72a8-3323\"\r\nAccess-Control-Allow-Origin: *\r\nX-Frame-Options: SAMEORIGIN\r\nExpires: Fri, 06 Mar 2026 22:31:53 GMT\r\nX-Cache: MISS\r\nuuid: -\r\nout-line: gb-cdn-212\r\nServer: SLT-MID\r\nLast-Modified: Sat, 11 Sep 2021 09:11:04 GMT\r\nCache-Control: max-age=259200\r\nAge: 0\r\nContent-Length: 13091\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 2987406259299516394\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Miss, Cache Miss\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":13091,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 147 x 57, 8-bit/color RGB, non-interlaced","md5":"75441b34f2b090890fb8271d36703609","sha1":"9e2ecd7b86efc2ec2dd1a899344d7bb2e0a733f3","sha256":"04fe7cf05d017591f89db653cd7b0326f1c4d81d578529c50791343d460169f1","sha512":"bde07a7d20804ec63358e8d74b22f67b960717a2ca6e2546101a8e4a9079fda080a91be789a8e6b4ffd272acaee87d26e855a2a26fc7cd2f29c4ba2231e948eb","ssdeep":"384:K2anaz0xZ5nPoI0lIQPP1kad9mLZlAmmZ:K2UpngIeD9mz6","tlshash":"3242d047c9d02a873bd89c88d7e7c016ad8208281dfc72105c8ed47f9d121fa9466fe7","first_seen":"2023-05-01T02:34:21Z","last_seen":"2026-06-08T02:15:46.433954Z","times_seen":1005,"resource_available":false,"data":null}},"time_used":1396,"timings":{"blocked":873,"dns":0,"connect":0,"send":0,"wait":522,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Bet365","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Bet365 phishing","tags":["bet365","gambling","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"pk7k4q.pham.xin/ftl/commonPage/js/jquery/jquery-1.11.3.min.js","fqdn":"pk7k4q.pham.xin","domain":"pham.xin","tld":"xin"},"ip":{"addr":"116.153.4.244","port":443,"asn":4837,"as":"CHINA UNICOM China169 Backbone","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://bb641000.com:8989/","date":"2026-03-03T22:31:47.584Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.pham.xin","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Mon, 02 Feb 2026 00:00:00 GMT","end":"Tue, 02 Feb 2027 23:59:59 GMT"},"fingerprint":{"sha1":"8D:E1:DB:0C:6A:1E:A1:35:4C:A9:36:95:EB:81:E2:4F:E3:B4:B0:F4","sha256":"17:C8:21:E9:B5:4D:A2:16:1A:91:DD:6B:E8:57:BB:1B:57:64:E3:89:CA:6F:EB:3B:04:1B:7A:5E:19:36:49:7D"}}},"request":{"raw":"GET /ftl/commonPage/js/jquery/jquery-1.11.3.min.js HTTP/1.1\r\nHost: pk7k4q.pham.xin\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bb641000.com:8989/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Fri, 20 Sep 2019 08:35:27 GMT\r\nEtag: \"5d848f4f-176d4\"\r\nDate: Tue, 03 Feb 2026 10:09:43 GMT\r\nContent-Type: application/javascript; charset=utf-8\r\nVary: Accept-Encoding, Accept-Encoding\r\nAccess-Control-Allow-Origin: *\r\nX-Frame-Options: SAMEORIGIN\r\nExpires: Fri, 06 Feb 2026 10:09:43 GMT\r\nX-Cache: HIT\r\nuuid: -\r\nout-line: gb-cdn-212\r\nServer: SLT-MID\r\nCache-Control: max-age=259200\r\nAge: 13582\r\nContent-Length: 95956\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 720713801102907251\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":95956,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (32038)","md5":"b091a47f6b91e26c93a848092c6f3788","sha1":"52918af2d431e73464060b35d364640c8db75606","sha256":"329ab92b9276ef4e3148f69be6b208969bebdf2db3121a589caa172453fd9f10","sha512":"ab444102be476f0104eeff79c9b596174852b4fe8cbd0b5a0279d56f106a166ec39304636e09326213de000b102ce8f517bb268a9abb2955c56ee4f18b464ea8","ssdeep":"1536:OP10iSi65U/dXXeyhzeBuG+HYE0WEeLDFoNqLTW8+S5VRZIVI6xSb8xh2ZbQnRmS:R+41ZqLTW8xRrqSb8qGH77da98Hr3","tlshash":"6893d8d9b7d67162977730b850bf510bb13a98eab80c4ca0f0a4d8e47d74a89507bf2d","first_seen":"2023-03-07T01:10:10Z","last_seen":"2026-06-07T07:30:11.536389Z","times_seen":18326,"resource_available":true,"data":null}},"time_used":3549,"timings":{"blocked":1406,"dns":760,"connect":273,"send":0,"wait":392,"receive":332,"ssl":384},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Bet365","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Bet365 phishing","tags":["bet365","gambling","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"pk7k4q.pham.xin/ftl/commonPage/js/websocket/Comet.js","fqdn":"pk7k4q.pham.xin","domain":"pham.xin","tld":"xin"},"ip":{"addr":"116.153.4.244","port":443,"asn":4837,"as":"CHINA UNICOM China169 Backbone","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://bb641000.com:8989/","date":"2026-03-03T22:31:47.604Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.pham.xin","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Mon, 02 Feb 2026 00:00:00 GMT","end":"Tue, 02 Feb 2027 23:59:59 GMT"},"fingerprint":{"sha1":"8D:E1:DB:0C:6A:1E:A1:35:4C:A9:36:95:EB:81:E2:4F:E3:B4:B0:F4","sha256":"17:C8:21:E9:B5:4D:A2:16:1A:91:DD:6B:E8:57:BB:1B:57:64:E3:89:CA:6F:EB:3B:04:1B:7A:5E:19:36:49:7D"}}},"request":{"raw":"GET /ftl/commonPage/js/websocket/Comet.js HTTP/1.1\r\nHost: pk7k4q.pham.xin\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bb641000.com:8989/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Mon, 19 Jul 2021 23:50:13 GMT\r\nEtag: \"60f60fb5-43bc\"\r\nDate: Wed, 11 Feb 2026 00:49:34 GMT\r\nContent-Type: application/javascript; charset=utf-8\r\nVary: Accept-Encoding, Accept-Encoding\r\nAccess-Control-Allow-Origin: *\r\nX-Frame-Options: SAMEORIGIN\r\nExpires: Sat, 14 Feb 2026 00:49:34 GMT\r\nX-Cache: HIT\r\nuuid: -\r\nout-line: gb-cdn-211\r\nServer: SLT-MID\r\nCache-Control: max-age=259200\r\nAge: 5953\r\nContent-Length: 17340\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 8145518600244321510\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":17340,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"1008fe6a5e1a182d7775963b85405bb2","sha1":"e174a7b08cc3cb5545af1cd33d2814e604119392","sha256":"7479f6f22194ac37dd6d3f5a579b4682ac8dcb6389fb961cf4140f3fcc707a20","sha512":"26e07821ee1e8e94c4bada028e049df7572cac06f2e8dae958baa7a011eb201a6a1d4ed0cfa15017a3f52a0cb949343de0b33ca6da7c245f763c86d5adfb0223","ssdeep":"192:4Pf+aTbLSru4NyRs8VDv1KygOdWuTyVC3d7QPXLHOm8cSCl1Ej7bY8l7YJIJvO5N:4Pf+aTbe4M2cXzsjDUfj","tlshash":"ab721e4a2cf76086552732b90f5f64543235a8172605e91c7dcca6e08f98b7c1babff8","first_seen":"2023-04-05T18:30:47Z","last_seen":"2026-06-07T07:30:11.494719Z","times_seen":17452,"resource_available":true,"data":null}},"time_used":2015,"timings":{"blocked":1747,"dns":0,"connect":0,"send":0,"wait":267,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pk7k4q.pham.xin/ftl/commonPage/js/jquery/jquery.super-marquee.js","fqdn":"pk7k4q.pham.xin","domain":"pham.xin","tld":"xin"},"ip":{"addr":"116.153.4.244","port":443,"asn":4837,"as":"CHINA UNICOM China169 Backbone","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://bb641000.com:8989/","date":"2026-03-03T22:31:47.617Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.pham.xin","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Mon, 02 Feb 2026 00:00:00 GMT","end":"Tue, 02 Feb 2027 23:59:59 GMT"},"fingerprint":{"sha1":"8D:E1:DB:0C:6A:1E:A1:35:4C:A9:36:95:EB:81:E2:4F:E3:B4:B0:F4","sha256":"17:C8:21:E9:B5:4D:A2:16:1A:91:DD:6B:E8:57:BB:1B:57:64:E3:89:CA:6F:EB:3B:04:1B:7A:5E:19:36:49:7D"}}},"request":{"raw":"GET /ftl/commonPage/js/jquery/jquery.super-marquee.js HTTP/1.1\r\nHost: pk7k4q.pham.xin\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bb641000.com:8989/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Fri, 20 Sep 2019 08:35:27 GMT\r\nContent-Encoding: gzip\r\nEtag: W/\"5d848f4f-1151\"\r\nDate: Mon, 09 Feb 2026 07:23:12 GMT\r\nContent-Type: application/javascript; charset=utf-8\r\nVary: Accept-Encoding\r\nAccess-Control-Allow-Origin: *\r\nX-Frame-Options: SAMEORIGIN\r\nExpires: Thu, 12 Feb 2026 07:23:12 GMT\r\nX-Cache: HIT\r\nuuid: -\r\nout-line: gb-cdn-212\r\nServer: SLT-MID\r\nCache-Control: max-age=259200\r\nAge: 13812\r\nContent-Length: 1421\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 18241856497909126076\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":4433,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (4433), with no line terminators","md5":"f77d83590bc0a69298f2fbcc5d9911cd","sha1":"1d6aa25d7052f53ad0181385e5efe72f224bbdb9","sha256":"1d042b9441e860ddcc01b9e9e5e8d354121ee0e31b47f6e18a321e2e633d22e7","sha512":"a39dc6c01df32c8f72842af346f4d67e1278d37a74a0541537b8274b421bcfbc547a2f4844f3c4b6c5cdda4c78f0a8f41171c87ffd149ab52526a95bc6c5bf61","ssdeep":"96:nwzrUsI9/8w/ISEgOGXFRNcrc8PQjc3Pb:+rUsk88OnJQA3D","tlshash":"2991252d7290f5d559cf3c3be02b0b050c785123a54e00927a65def279ba379a607e1f","first_seen":"2023-03-07T01:14:38Z","last_seen":"2026-06-08T03:51:22.3474Z","times_seen":17508,"resource_available":true,"data":null}},"time_used":2390,"timings":{"blocked":2097,"dns":0,"connect":0,"send":0,"wait":293,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Bet365","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Bet365 phishing","tags":["bet365","gambling","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"pk7k4q.pham.xin/ftl/commonPage/themes/images/layer-dialog/gui-layer-close-bg.png","fqdn":"pk7k4q.pham.xin","domain":"pham.xin","tld":"xin"},"ip":{"addr":"60.13.97.57","port":443,"asn":4837,"as":"CHINA UNICOM China169 Backbone","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://bb641000.com:8989/","date":"2026-03-03T22:31:51.776Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.pham.xin","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Mon, 02 Feb 2026 00:00:00 GMT","end":"Tue, 02 Feb 2027 23:59:59 GMT"},"fingerprint":{"sha1":"8D:E1:DB:0C:6A:1E:A1:35:4C:A9:36:95:EB:81:E2:4F:E3:B4:B0:F4","sha256":"17:C8:21:E9:B5:4D:A2:16:1A:91:DD:6B:E8:57:BB:1B:57:64:E3:89:CA:6F:EB:3B:04:1B:7A:5E:19:36:49:7D"}}},"request":{"raw":"GET /ftl/commonPage/themes/images/layer-dialog/gui-layer-close-bg.png HTTP/1.1\r\nHost: pk7k4q.pham.xin\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pk7k4q.pham.xin/ftl/commonPage/themes/gui-layer.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Fri, 20 Sep 2019 08:35:27 GMT\r\nEtag: \"5d848f4f-529\"\r\nDate: Tue, 03 Feb 2026 09:40:37 GMT\r\nContent-Type: image/png\r\nAccess-Control-Allow-Origin: *\r\nX-Frame-Options: SAMEORIGIN\r\nExpires: Fri, 06 Feb 2026 09:40:37 GMT\r\nX-Cache: HIT\r\nuuid: -\r\nout-line: gb-cdn-211\r\nServer: SLT-MID\r\nCache-Control: max-age=259200\r\nAge: 8055\r\nContent-Length: 1321\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 10563179915425526709\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1321,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 34 x 34, 8-bit/color RGBA, non-interlaced","md5":"a2e938202c0287b9c82461a6fd94dee9","sha1":"b5e2adc7cb07c18a70a88af314e56b946ec1a1b6","sha256":"df9ce20db277ad8302c704a73aff5024683a0d38aff0d3e7e884a67a24439936","sha512":"2c035017e6ef6d6be24cf26972434ff7b16760ac6f5418d83652e745007a117cb79f4f9fa542cf4098b9141d4851f748c5151cb1055ea2b1f42eb70eb72a809f","ssdeep":"","tlshash":"1321830eea4368009648bdc114f3a457f7165f80acd8e2f46e8aac5d2d103f96abd6d7","first_seen":"2023-04-30T20:28:22Z","last_seen":"2026-06-07T07:30:11.522472Z","times_seen":16458,"resource_available":false,"data":null}},"time_used":256,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":256,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Bet365","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Bet365 phishing","tags":["bet365","gambling","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"pk7k4q.pham.xin/ftl/bet365-1359/themes/images/rdao-l-1.png?wsSecret=f87db067e8fa969eb97d12f80c2da6dc\u0026wsTime=1772577110","fqdn":"pk7k4q.pham.xin","domain":"pham.xin","tld":"xin"},"ip":{"addr":"116.153.4.244","port":443,"asn":4837,"as":"CHINA UNICOM China169 Backbone","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://bb641000.com:8989/","date":"2026-03-03T22:31:51.848Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.pham.xin","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Mon, 02 Feb 2026 00:00:00 GMT","end":"Tue, 02 Feb 2027 23:59:59 GMT"},"fingerprint":{"sha1":"8D:E1:DB:0C:6A:1E:A1:35:4C:A9:36:95:EB:81:E2:4F:E3:B4:B0:F4","sha256":"17:C8:21:E9:B5:4D:A2:16:1A:91:DD:6B:E8:57:BB:1B:57:64:E3:89:CA:6F:EB:3B:04:1B:7A:5E:19:36:49:7D"}}},"request":{"raw":"GET /ftl/bet365-1359/themes/images/rdao-l-1.png?wsSecret=f87db067e8fa969eb97d12f80c2da6dc\u0026wsTime=1772577110 HTTP/1.1\r\nHost: pk7k4q.pham.xin\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bb641000.com:8989/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Tue, 03 Mar 2026 22:31:52 GMT\r\nContent-Type: image/png\r\nETag: \"613c72a8-24d3\"\r\nAccess-Control-Allow-Origin: *\r\nX-Frame-Options: SAMEORIGIN\r\nExpires: Fri, 06 Mar 2026 22:31:52 GMT\r\nX-Cache: MISS\r\nuuid: -\r\nout-line: gb-cdn-211\r\nServer: SLT-MID\r\nLast-Modified: Sat, 11 Sep 2021 09:11:04 GMT\r\nCache-Control: max-age=259200\r\nAge: 0\r\nContent-Length: 9427\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 16162463105449240214\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Miss, Cache Miss\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":9427,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 147 x 51, 8-bit/color RGB, non-interlaced","md5":"f3427cdef3e73f6a410bb3caaa15e5bf","sha1":"87aee39268e60a3f9bef90e3629213e00c4ca3b1","sha256":"9c8946d53d9bd3e9057491cc4e9ec38d1e0c06a15a8d350f9ee15738afc45b19","sha512":"fe65baf0e11f284911ffe2ef4115e53648c7e8150635a5125dcf0218f690822dba567ecfbcac482d98ef3aee17e81c6d6aa32b52484e0b8e919d0fbf5061e205","ssdeep":"192:KGMKZeO9C+EyysKTQDTplPAdby4hAPBTyunHmfhJFqIrZulv28gsz4J:1194JsKUBUbylZy0G3FpZuE0z+","tlshash":"f712bf9aee98008117c0a13478f2180629d0c1d9da6bd5337ecfd9d92e137f646d4edb","first_seen":"2023-05-01T02:34:20Z","last_seen":"2026-06-08T02:15:46.447186Z","times_seen":996,"resource_available":false,"data":null}},"time_used":1182,"timings":{"blocked":731,"dns":0,"connect":0,"send":0,"wait":450,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Bet365","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Bet365 phishing","tags":["bet365","gambling","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"pk7k4q.pham.xin/ftl/commonPage/themes/hongbao.css","fqdn":"pk7k4q.pham.xin","domain":"pham.xin","tld":"xin"},"ip":{"addr":"60.13.97.57","port":443,"asn":4837,"as":"CHINA UNICOM China169 Backbone","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://bb641000.com:8989/","date":"2026-03-03T22:31:49.465Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.pham.xin","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Mon, 02 Feb 2026 00:00:00 GMT","end":"Tue, 02 Feb 2027 23:59:59 GMT"},"fingerprint":{"sha1":"8D:E1:DB:0C:6A:1E:A1:35:4C:A9:36:95:EB:81:E2:4F:E3:B4:B0:F4","sha256":"17:C8:21:E9:B5:4D:A2:16:1A:91:DD:6B:E8:57:BB:1B:57:64:E3:89:CA:6F:EB:3B:04:1B:7A:5E:19:36:49:7D"}}},"request":{"raw":"GET /ftl/commonPage/themes/hongbao.css HTTP/1.1\r\nHost: pk7k4q.pham.xin\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pk7k4q.pham.xin/ftl/commonPage/themes/gui-base.css\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Thu, 30 Mar 2023 06:38:07 GMT\r\nContent-Encoding: gzip\r\nEtag: W/\"64252e4f-d530\"\r\nDate: Wed, 25 Feb 2026 07:52:35 GMT\r\nContent-Type: text/css\r\nVary: Accept-Encoding\r\nAccess-Control-Allow-Origin: *\r\nX-Frame-Options: SAMEORIGIN\r\nExpires: Sat, 28 Feb 2026 07:52:35 GMT\r\nX-Cache: HIT\r\nuuid: -\r\nout-line: gb-cdn-211\r\nServer: SLT-MID\r\nCache-Control: max-age=259200\r\nAge: 10067\r\nContent-Length: 5666\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 13482973147846024946\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":54576,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with very long lines (336), with LF, NEL line terminators","md5":"a212ec8d2af1172e5fe97229a8cdd470","sha1":"676b870b21e2b4f18dd23dd24baa8a30955b8362","sha256":"910aca19fa0a1df0c76607fdde36968687403343a50022bed3693011abee9fc8","sha512":"6f8ef1e9c22978fe39412ca413b132e9ae54d5b84c1b95b6f40b5c7bd44e726212ca20b731de29294e77fadf0651f3cbc8bfad1d6a4ec6b808064faa4aa3811b","ssdeep":"1536:qsgR4FlccsG7TCbzG3ArEDTgkvudNssvmp13ZUcPGZ10iS9EvlBcovGF5XAso/GQ:qiu","tlshash":"78336d05e241abab21dad174230bca3bcdd81485fea4dfb7223971f4cba55e5b03625c","first_seen":"2025-04-07T03:18:03.889172Z","last_seen":"2026-06-07T07:30:11.560478Z","times_seen":10722,"resource_available":false,"data":null}},"time_used":257,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":256,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pk7k4q.pham.xin/061410/rcenter/common/js/jquery/plugins/jquery.validate/jquery.validate.js","fqdn":"pk7k4q.pham.xin","domain":"pham.xin","tld":"xin"},"ip":{"addr":"60.13.97.57","port":443,"asn":4837,"as":"CHINA UNICOM China169 Backbone","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://bb641000.com:8989/","date":"2026-03-03T22:31:47.620Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.pham.xin","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Mon, 02 Feb 2026 00:00:00 GMT","end":"Tue, 02 Feb 2027 23:59:59 GMT"},"fingerprint":{"sha1":"8D:E1:DB:0C:6A:1E:A1:35:4C:A9:36:95:EB:81:E2:4F:E3:B4:B0:F4","sha256":"17:C8:21:E9:B5:4D:A2:16:1A:91:DD:6B:E8:57:BB:1B:57:64:E3:89:CA:6F:EB:3B:04:1B:7A:5E:19:36:49:7D"}}},"request":{"raw":"GET /061410/rcenter/common/js/jquery/plugins/jquery.validate/jquery.validate.js HTTP/1.1\r\nHost: pk7k4q.pham.xin\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bb641000.com:8989/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Tue, 27 Aug 2024 03:30:00 GMT\r\nContent-Encoding: gzip\r\nEtag: W/\"66cd4838-6caf\"\r\nDate: Thu, 19 Feb 2026 02:23:18 GMT\r\nContent-Type: application/javascript; charset=utf-8\r\nVary: Accept-Encoding\r\nAccess-Control-Allow-Origin: *\r\nX-Frame-Options: SAMEORIGIN\r\nExpires: Sun, 22 Feb 2026 02:23:18 GMT\r\nX-Cache: HIT\r\nuuid: -\r\nout-line: gb-cdn-211\r\nServer: SLT-MID\r\nCache-Control: max-age=259200\r\nAge: 10112\r\nContent-Length: 7746\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 8646165653209296789\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":27823,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (27668)","md5":"9c41709c2b64126b909c101a27f39153","sha1":"4ab666b36c092577acb41390ad90e96d5fea7711","sha256":"c1963697eeafb63b6c29e95da2d38d91dd907ab656e130e6e1c34d1dcd149f60","sha512":"f235dccead15199e58495c6faee849c50252b9beed29a04ae46a7a9bdbccfd569a8ab452e7fcf923b7048dfda0c3d7bd51261874642d40e994d1640ca89e330e","ssdeep":"768:u4ygd0iB6d9zYDO5qYT8fwTW3Jny+XiKZNtrt2tG:NB0iB6d9zYDO5qYTMwTW3Jny+jrP","tlshash":"e6c2b7093585102f4ecf30fbb897524f72ba95a45019a069b5fca4d1bef9f8530a6f38","first_seen":"2023-04-05T18:30:47Z","last_seen":"2026-06-08T03:51:22.340504Z","times_seen":17430,"resource_available":true,"data":null}},"time_used":2412,"timings":{"blocked":2122,"dns":0,"connect":0,"send":0,"wait":276,"receive":14,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bb641000.com:8989/index/getUserTimeZoneDate.html?t=mmb6n8pu","fqdn":"bb641000.com","domain":"bb641000.com","tld":"com"},"ip":{"addr":"20.255.104.129","port":8989,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://bb641000.com:8989/","date":"2026-03-03T22:31:51.527Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bb641000.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 10 Jan 2026 17:12:31 GMT","end":"Fri, 10 Apr 2026 17:12:30 GMT"},"fingerprint":{"sha1":"55:DC:78:0C:62:CD:E0:5C:FD:08:79:7D:93:4E:7F:F0:5E:52:AA:66","sha256":"A6:CE:85:47:A8:24:C0:29:0B:C9:CA:62:E8:28:90:69:36:E2:81:DE:59:28:EA:9A:75:5C:E2:6F:53:74:50:11"}}},"request":{"raw":"GET /index/getUserTimeZoneDate.html?t=mmb6n8pu HTTP/1.1\r\nHost: bb641000.com:8989\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/javascript, */*; q=0.01\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Requested-With: XMLHttpRequest\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bb641000.com:8989/\r\nCookie: sticket=XhNV010TkRBeE1DMW; route=31b5452c7ebd24ef97de659f4fb68f7c\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncachettl: 3\r\ncontent-disposition: inline;filename=f.txt\r\ncontent-encoding: br\r\ncontent-type: text/html;charset=utf-8\r\ndate: Tue, 03 Mar 2026 22:31:51 GMT\r\nout-line: gb-cdn-801\r\nsub-sys: msite\r\nuuid: 01359-01-00000000-1772577111412b\r\nvary: Accept-Encoding\r\nx-frame-options: SAMEORIGIN\r\ncontent-length: 100\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":121,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"JSON text data","md5":"fb90223f1b1aada98fd4c5a00deb7f53","sha1":"62d965a01c76ef0c26f343f285a74997e6f71944","sha256":"4d04e17f000467bc90f75b635847ff17d2ced757e06f354fdb701b06021b6e58","sha512":"285ef2866753df373bd8430fcbe30965037702a4fbe88ce54ab18d52f5a08f151a215db8f9539958eeacceb9576c0c921b516727f61bbf0509e7f97abf069edb","ssdeep":"","tlshash":"3fb09b1504951d5e0d64d5e09109b8dd591d511b89c1c5550552ec9d685cc986418112","first_seen":"2026-03-03T22:32:15.056634Z","last_seen":"2026-03-03T22:32:15.056634Z","times_seen":1,"resource_available":false,"data":null}},"time_used":235,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":235,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-03","alert":"Sinkholed","trigger":"bb641000.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pk7k4q.pham.xin/ftl/bet365-1359/themes/images/rdao-r-title.png?wsSecret=5018d575563064c1af90d6d674e6845e\u0026wsTime=1772577110","fqdn":"pk7k4q.pham.xin","domain":"pham.xin","tld":"xin"},"ip":{"addr":"116.153.4.244","port":443,"asn":4837,"as":"CHINA UNICOM China169 Backbone","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://bb641000.com:8989/","date":"2026-03-03T22:31:51.852Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.pham.xin","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Mon, 02 Feb 2026 00:00:00 GMT","end":"Tue, 02 Feb 2027 23:59:59 GMT"},"fingerprint":{"sha1":"8D:E1:DB:0C:6A:1E:A1:35:4C:A9:36:95:EB:81:E2:4F:E3:B4:B0:F4","sha256":"17:C8:21:E9:B5:4D:A2:16:1A:91:DD:6B:E8:57:BB:1B:57:64:E3:89:CA:6F:EB:3B:04:1B:7A:5E:19:36:49:7D"}}},"request":{"raw":"GET /ftl/bet365-1359/themes/images/rdao-r-title.png?wsSecret=5018d575563064c1af90d6d674e6845e\u0026wsTime=1772577110 HTTP/1.1\r\nHost: pk7k4q.pham.xin\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bb641000.com:8989/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Tue, 03 Mar 2026 22:31:52 GMT\r\nContent-Type: image/png\r\nETag: \"613c72a8-2eb9\"\r\nAccess-Control-Allow-Origin: *\r\nX-Frame-Options: SAMEORIGIN\r\nExpires: Fri, 06 Mar 2026 22:31:52 GMT\r\nX-Cache: MISS\r\nuuid: -\r\nout-line: gb-cdn-212\r\nServer: SLT-MID\r\nLast-Modified: Sat, 11 Sep 2021 09:11:04 GMT\r\nCache-Control: max-age=259200\r\nAge: 0\r\nContent-Length: 11961\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 18244150384221607847\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Miss, Cache Miss\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":11961,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 50 x 247, 8-bit/color RGBA, non-interlaced","md5":"d19d26603d7bc87f4ba30563933485fa","sha1":"0c7b22b5556d0c46b38beca88746d56328c130a3","sha256":"cb9ffb5ca1354d23da49d7a184c1ad12cce4013edb703bbf7e7c719484e0d82d","sha512":"bc7ac0329ca6b9a9176d9c6eed115de425d6699bb47f1feaf9a9f2560242de728e5b8fec9909b95dec71e7278dde70ae8850ee1d8f8cdb67e693d76a8aed7025","ssdeep":"192:w7Sykkn+HgBtE2HgzFjPOpYHgs6ezXu8g2Vlx+D4H7DUMq7vImLhRr3bgAQkY8eP:ten+4E2HaFjVA9ea8DllH7QNQmtRr3bw","tlshash":"f932bf41fe506a8c5139b5a3fdfc82271e13dc6a0563d0ff9cd9788258b81a0dac99d9","first_seen":"2023-05-01T02:34:20Z","last_seen":"2026-06-08T02:15:46.441732Z","times_seen":1012,"resource_available":false,"data":null}},"time_used":1207,"timings":{"blocked":671,"dns":0,"connect":0,"send":0,"wait":535,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Bet365","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Bet365 phishing","tags":["bet365","gambling","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"pk7k4q.pham.xin/fserver/files/gb/1359/carousel/10016/1753614541450.jpg?wsSecret=92b8d0eea40d02fd956402c577832abe\u0026wsTime=1772577110","fqdn":"pk7k4q.pham.xin","domain":"pham.xin","tld":"xin"},"ip":{"addr":"60.13.97.57","port":443,"asn":4837,"as":"CHINA UNICOM China169 Backbone","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://bb641000.com:8989/","date":"2026-03-03T22:31:54.028Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.pham.xin","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Mon, 02 Feb 2026 00:00:00 GMT","end":"Tue, 02 Feb 2027 23:59:59 GMT"},"fingerprint":{"sha1":"8D:E1:DB:0C:6A:1E:A1:35:4C:A9:36:95:EB:81:E2:4F:E3:B4:B0:F4","sha256":"17:C8:21:E9:B5:4D:A2:16:1A:91:DD:6B:E8:57:BB:1B:57:64:E3:89:CA:6F:EB:3B:04:1B:7A:5E:19:36:49:7D"}}},"request":{"raw":"GET /fserver/files/gb/1359/carousel/10016/1753614541450.jpg?wsSecret=92b8d0eea40d02fd956402c577832abe\u0026wsTime=1772577110 HTTP/1.1\r\nHost: pk7k4q.pham.xin\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bb641000.com:8989/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Tue, 03 Mar 2026 22:31:54 GMT\r\nContent-Type: image/jpeg\r\nVary: Accept-Encoding\r\nETag: \"688608cd-256cb\"\r\nExpires: Fri, 06 Mar 2026 22:31:54 GMT\r\nAccess-Control-Allow-Origin: *\r\nX-Frame-Options: SAMEORIGIN\r\nX-Cache: MISS\r\nuuid: -\r\nout-line: gb-cdn-212\r\nServer: SLT-MID\r\nLast-Modified: Sun, 27 Jul 2025 11:09:01 GMT\r\nCache-Control: max-age=259200\r\nAge: 0\r\nContent-Length: 153291\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 10544267800188592170\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Miss, Cache Miss\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":153291,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 850x211, components 3","md5":"428e8d814b31a144e7edd0b7e347274c","sha1":"39f2f7fe7111ead74129b18ad2a8c33c1c206518","sha256":"a3fc15e470ec5f8250c1bd7a230c423a7cd6121cfd3bf6002ba4e7e9a83e64c8","sha512":"b910fc566d56d68418cbbdb93aee7eb9b4f79e54db86cdab6136cd2243ea521ed4606fb1a1cbc33b74e4f014816380d13eac03b40cc4ba03f70d2692a643027c","ssdeep":"3072:Sq4tOMP5Crogd6kUYzr4yUQNUOmtXjRB8vVx3/li2EqDZZZZZulY0HE:At5zgd6wzrrUttT8Ri2Fuc","tlshash":"71e31264ed5abc024e05e0339a9ab37d5c3a4b72ed47906d862bc8edd0f0a175b1cf91","first_seen":"2025-08-06T11:29:28.16491Z","last_seen":"2026-05-05T00:00:21.138595Z","times_seen":60,"resource_available":false,"data":null}},"time_used":913,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":574,"receive":339,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}