Report - bb654995.com/

Report Overview

Submitted URL
bb654995.com/
IP
20.239.17.84
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK
Submitted
2024-05-03 23:36:02
Access
public
Website Title
...
Final URL
bb654995.com:8989/
Tags
bet365 gambling phishing
urlquery detections
Phishing - Bet365

Detections

urlquery
45
Network Intrusion Detection
0
Threat Detection Systems
0

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
bb654995.com	unknown	2023-10-04	2024-01-26	2024-01-26	467 B	248 B	20.239.17.84
	unknown				7.8 kB	747 kB	20.239.17.84
js.users.51.la	53024	2005-01-17	2012-05-30	2024-04-29	402 B	5.5 kB	47.246.44.241
4v2fdj.gaokejd.xyz	unknown	2019-07-19	2023-10-13	2024-02-29	25 kB	1.5 MB	103.198.200.1
ia.51.la	59607	2005-01-17	2017-10-31	2024-05-02	597 B	302 B	203.107.86.226

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (42)

	URL	Size	First Seen	Last Seen
	bb654995.com:8989/	29 B	2023-03-07	2024-05-17
Pretty URL bb654995.com:8989/ IP 20.239.17.84 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:14:38 Last Seen2024-05-17 20:22:25 Times Seen1886 Hash 9846b4b0c961f85e4c150bd29f4b86e1 adf30369fc215e80b26536f1e24a1824ad3b81d5 163a003d567f6d41f861d978c558eced69ed2b25c863055ed8171eefa350784b Loading...

	bb654995.com:8989/	48 B	2023-03-07	2024-05-17
Pretty URL bb654995.com:8989/ IP 20.239.17.84 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:14:38 Last Seen2024-05-17 21:06:18 Times Seen6572 Hash 37f0336a6fe3f56c661b149ecf659efe 9aff4163d5da3b8d760f0593c583dd8d1f6dfc14 f33f7afadc5c318efdd57d35da2dc2aebe39fd166a61905ce37b9f7363f51c2f Loading...

	bb654995.com:8989/	1.1 kB	2024-04-11	2024-05-04
Pretty URL bb654995.com:8989/ IP 20.239.17.84 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-11 17:47:49 Last Seen2024-05-04 01:36:06 Times Seen230 Hash f430889e57d1f366b5b08cb58a3b8942 439179f3b673eecadb0a551dfa953eaf649be8a8 c950dc3e3086e6f4fe3c32a2464ef623d8cf324b928a0d3818fa7f97f9fb3d11 Loading...

	4v2fdj.gaokejd.xyz/ftl/commonPage/js/websocket/CometMarathon.js	12 kB	2023-04-05	2024-05-17
Pretty URL 4v2fdj.gaokejd.xyz/ftl/commonPage/js/websocket/CometMarathon.js IP 103.198.200.1 ASN #138915 Kaopu Cloud HK Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-05 18:30:47 Last Seen2024-05-17 21:06:19 Times Seen6577 Hash 466a7ed7d00986d45375c0cbffb5233c 68845ead668e9abd29c24b491dbf97b219226c08 7ddafae5a0a552d2d56101cdc8306403e8fb9570759d66c48b25893b409f0123 Loading...

	4v2fdj.gaokejd.xyz/ftl/commonPage/js/moment.js	117 kB	2023-07-29	2024-05-17
Pretty URL 4v2fdj.gaokejd.xyz/ftl/commonPage/js/moment.js IP 103.198.200.1 ASN #138915 Kaopu Cloud HK Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-07-29 10:21:40 Last Seen2024-05-17 21:06:19 Times Seen9091 Hash 36c8f828395a9395549bd6e7307cb7e9 f30a4961558e2d3d4405e7d93aa28fdb63245e78 5d5e32fa1e06a0bc9396f349d142ad248e82086543e438c890e43f41e692db33 Loading...

	bb654995.com:8989/	710 B	2023-10-13	2024-05-04
Pretty URL bb654995.com:8989/ IP 20.239.17.84 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML true Observations First Seen2023-10-13 21:11:26 Last Seen2024-05-04 01:36:06 Times Seen47 Hash 1f4788fec96d0eef9fec974a7b107f73 2933716b01d9c6758146ce9ef72e93e6b1d03df1 ce2ab94403f238f47b2fdca4d6eb8c445653c470cdb01522a96db7196630ab4a Loading...

	bb654995.com:8989/	29 kB	2024-05-01	2024-05-04
Pretty URL bb654995.com:8989/ IP 20.239.17.84 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-01 19:24:02 Last Seen2024-05-04 01:36:06 Times Seen6 Hash 3b47ccc2e6b4dbfe4e9d7f7a249fbfe2 3e0433474ead382ed00e10dd333f9681d39d950b cc9182948c6e93169fdb22a11dd22db60d45f36663611fb2e8410888a31f690b Loading...

	bb654995.com:8989/	13 kB	2023-04-05	2024-05-17
Pretty URL bb654995.com:8989/ IP 20.239.17.84 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML true Observations First Seen2023-04-05 18:30:47 Last Seen2024-05-17 21:06:18 Times Seen6577 Hash 109d40ff6f9b3510b169fac4b8e845ce 4ce0fc768718f555487159ddd745e728a0c74c64 7b782f2e9589aa72ddadf4546c0f09709c73bea1339cd0ce893dfc40f6252949 Loading...

	bb654995.com:8989/	11 kB	2023-04-05	2024-05-17
Pretty URL bb654995.com:8989/ IP 20.239.17.84 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML true Observations First Seen2023-04-05 18:30:47 Last Seen2024-05-17 21:06:18 Times Seen6551 Hash 6681856885ee92601b7711c11d19553f 95ab4437869df8c790cad28e0753a4c9ea362e73 ce52fd46b2a5cfd741a2f0c39bc2d5218271b5690bdf8ec33af94f1062e98d23 Loading...

	bb654995.com:8989/	3.6 kB	2023-04-05	2024-05-17
Pretty URL bb654995.com:8989/ IP 20.239.17.84 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML true Observations First Seen2023-04-05 18:30:47 Last Seen2024-05-17 21:06:18 Times Seen6549 Hash d15a9b513acdcf3e9b08901384511565 f1fe72392137895e4952f835c0330f76aacfecdf 9fa644edfd9af9be6b244016e8f4f0eaee414732edc6ba3641e8647253359995 Loading...

	unknown	278 B	2023-04-14	2024-05-17
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-14 20:29:13 Last Seen2024-05-17 21:06:19 Times Seen5745 Hash cf0aad09d2e7287c48d72501c4ed8cbd 7950b8c00d5a278b662dbccd11af31398a408e51 72512199b29d971b5fe854b1f610604dcbdec2c38666c106f1d15863e0df32db Loading...

	bb654995.com:8989/	31 kB	2024-05-01	2024-05-04
Pretty URL bb654995.com:8989/ IP 20.239.17.84 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-01 19:24:02 Last Seen2024-05-04 01:36:06 Times Seen6 Hash 4635758227419ca1099c27efd7eca273 491ba8a521397933904e2b3a12952602452a7f97 1cdc7f69433f232c2d738eadbc0366b5bb64960b376010a9fec86ce7538a19b3 Loading...

	4v2fdj.gaokejd.xyz/ftl/commonPage/js/bootstrap-dialog.min.js	20 kB	2023-03-07	2024-05-17
Pretty URL 4v2fdj.gaokejd.xyz/ftl/commonPage/js/bootstrap-dialog.min.js IP 103.198.200.1 ASN #138915 Kaopu Cloud HK Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:14:38 Last Seen2024-05-17 21:06:19 Times Seen13207 Hash 5ce8851dc823429a42ab6147554403cc 28f381f0e0aa4f5d56690e65723bd97fb59a38e6 dd1edf5e54071903c4c1e81e33636444899d645df6b18bad22249da07f91c811 Loading...

	4v2fdj.gaokejd.xyz/ftl/commonPage/js/jquery/jquery.nicescroll.min.js	65 kB	2023-03-07	2024-05-17
Pretty URL 4v2fdj.gaokejd.xyz/ftl/commonPage/js/jquery/jquery.nicescroll.min.js IP 103.155.16.137 ASN #138915 Kaopu Cloud HK Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:14:38 Last Seen2024-05-17 21:06:19 Times Seen13419 Hash b5bc8cd626b389bde727a91e6ce79436 3df6c39300ac286cf596b3bda273cb39ff825429 a1eb48eeb3b3f2ba41940d3041464f0b386b7a7c4a8acb42f3017e691f4b116e Loading...

	bb654995.com:8989/	20 kB	2023-04-05	2024-05-17
Pretty URL bb654995.com:8989/ IP 20.239.17.84 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML true Observations First Seen2023-04-05 18:30:47 Last Seen2024-05-17 21:06:18 Times Seen6545 Hash 9f5bce1aa50f72fd0834901c70db4f43 41771079bee5eb45539e694a5eff580732ab26b0 a50724b65a2657f6e67adbf98a3dd135de52b4786350f0b1bd142adff38c7ffd Loading...

	4v2fdj.gaokejd.xyz/ftl/commonPage/js/lazyload.js	12 kB	2023-08-15	2024-05-17
Pretty URL 4v2fdj.gaokejd.xyz/ftl/commonPage/js/lazyload.js IP 103.198.200.1 ASN #138915 Kaopu Cloud HK Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-15 12:01:05 Last Seen2024-05-17 21:06:19 Times Seen4065 Hash d87854586672bff7f886a47da85da5ed 8d0537030dc7a81ade87a41a75fd5a75e4e33da1 17859187f895c27de8869fb6bfec579fd68c4588d0af71d08d334be92d144ada Loading...

	bb654995.com:8989/	6 B	2023-03-07	2024-05-17
Pretty URL bb654995.com:8989/ IP 20.239.17.84 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:14:38 Last Seen2024-05-17 21:06:19 Times Seen7487 Hash edaddb8132e9e0880252c5b6c47bf1c1 dc08b5b6ca432b46cca94f1f297491e1b08736ea b98809417c0240085bf70f2a1127f0b622c1514651737e7e4ffac4b39e4da17e Loading...

	4v2fdj.gaokejd.xyz/061410/rcenter/common/static/js/gb.validation.min.js?v=1713951947790	33 kB	2023-04-05	2024-05-17
Pretty URL 4v2fdj.gaokejd.xyz/061410/rcenter/common/static/js/gb.validation.min.js?v=1713951947790 IP 103.198.200.1 ASN #138915 Kaopu Cloud HK Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-05 18:30:47 Last Seen2024-05-17 21:06:18 Times Seen6679 Hash a55780dc13cbf1a8d375f14ebb659cf2 9548cc269bcde0dc48e166fa6bab37af8a649e57 35d147a863ab8828e073ca1ae89d476a9cede797c410ac555597c1f442452cc8 Loading...

	js.users.51.la/21020807.js	4.9 kB	2023-05-17	2024-05-04
Pretty URL js.users.51.la/21020807.js IP 47.246.44.241 ASN #24429 Zhejiang Taobao Network Co.,Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-17 05:31:07 Last Seen2024-05-04 01:36:07 Times Seen166 Hash 7ab31b1f3d40b6f89974d13251b0fe82 fdffc719797a25007a206d30bc95275718c55df9 e5817d86b4ee0af0483d1cc0528c25a472e7c7ab31608106137309a7316c4468 Loading...

	bb654995.com:8989/	1.8 kB	2023-04-05	2024-05-17
Pretty URL bb654995.com:8989/ IP 20.239.17.84 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML true Observations First Seen2023-04-05 18:30:47 Last Seen2024-05-17 21:06:19 Times Seen6541 Hash 9f1681b5a72417b33c2869aab85af152 b40a6d9c6d058c2bd6e126a1b0191182926b9d04 eabdfd0c5237f406e0acbef879968e72e5e3d62dd8e8b6bcee48e5ab7f4d0154 Loading...

	bb654995.com:8989/	2.6 kB	2023-11-23	2024-05-17
Pretty URL bb654995.com:8989/ IP 20.239.17.84 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML true Observations First Seen2023-11-23 15:36:17 Last Seen2024-05-17 21:06:19 Times Seen2239 Hash 9c3f7d9e5de3b764c32a679ad06ae3db 9ab260e36b46c6ca6f58066ee914f3826d86a37f fefe9a763127c0f92edfe95be1000aeed2eda7690482769c90dc9488dbe5d33a Loading...

	4v2fdj.gaokejd.xyz/ftl/commonPage/js/gui-base.js	61 kB	2023-08-26	2024-05-17
Pretty URL 4v2fdj.gaokejd.xyz/ftl/commonPage/js/gui-base.js IP 103.198.200.1 ASN #138915 Kaopu Cloud HK Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-26 00:19:56 Last Seen2024-05-17 21:06:19 Times Seen3532 Hash e6ce47d880d7a50ddf91b074c8572edf 6a3657c67209136e5b544859daecf16f2d153b72 c49e04c7ecfd07c74b58cf161ef2b58f2bc837a9091ed1ae090a33734cdaa734 Loading...

	bb654995.com:8989/	128 kB	2024-05-01	2024-05-04
Pretty URL bb654995.com:8989/ IP 20.239.17.84 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-01 19:24:02 Last Seen2024-05-04 01:36:07 Times Seen6 Hash 0e793332cff674b7ec7957d67ed05058 33bdf89725de8941ecf365cd92c820b728a815e7 613d128660a2ff4a76422fbfc92429f27d42c7220ae0d853377af932d8f13fd4 Loading...

	bb654995.com:8989/	1.4 kB	2023-08-21	2024-05-17
Pretty URL bb654995.com:8989/ IP 20.239.17.84 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML true Observations First Seen2023-08-21 11:10:45 Last Seen2024-05-17 21:06:19 Times Seen3924 Hash 479c01001c455527cf2aafec087accad 230c5d853a00977d890c25cb56b5a07c5e0acd0e 0ad2a7081ff475ce3a2068fe69547248166c0fd39f26fbf03f2ac5db073a16cf Loading...

	4v2fdj.gaokejd.xyz/ftl/commonPage/js/idangerous.swiper.min.js	45 kB	2023-08-15	2024-05-17
Pretty URL 4v2fdj.gaokejd.xyz/ftl/commonPage/js/idangerous.swiper.min.js IP 103.198.200.1 ASN #138915 Kaopu Cloud HK Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-15 12:01:05 Last Seen2024-05-17 21:06:19 Times Seen8145 Hash f15409fb02c527ce1f66a2fd3c4aa0e9 1e1e1bcc0f49e99e14ba34991cffe0745178d302 1a1b5d3d6fbfc28abe37a668abd59494208c63c5f0b5d040cf4bbbd137f87c27 Loading...

	4v2fdj.gaokejd.xyz/ftl/commonPage/js/jquery/jquery.super-marquee.js	4.4 kB	2023-03-07	2024-05-17
Pretty URL 4v2fdj.gaokejd.xyz/ftl/commonPage/js/jquery/jquery.super-marquee.js IP 103.198.200.1 ASN #138915 Kaopu Cloud HK Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:14:38 Last Seen2024-05-17 21:06:19 Times Seen13181 Hash f77d83590bc0a69298f2fbcc5d9911cd 1d6aa25d7052f53ad0181385e5efe72f224bbdb9 1d042b9441e860ddcc01b9e9e5e8d354121ee0e31b47f6e18a321e2e633d22e7 Loading...

	bb654995.com:8989/commonPage/lan/i18n.js?t=1714779334.751	1.3 kB	2024-05-04	2024-05-04
Pretty URL bb654995.com:8989/commonPage/lan/i18n.js?t=1714779334.751 IP 20.239.17.84 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-04 01:36:07 Last Seen2024-05-04 01:36:07 Times Seen2 Hash 60069c6963b305a4dd990d709feb717c 8f11c3055f013c20347db57b153278268f3b653e 599cb0365ed724fd56af5af3f73d107776e9f759b7767e28c69e95277991d853 Loading...

	bb654995.com:8989/	3.5 kB	2023-10-24	2024-05-17
Pretty URL bb654995.com:8989/ IP 20.239.17.84 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML true Observations First Seen2023-10-24 11:42:08 Last Seen2024-05-17 21:06:19 Times Seen3018 Hash 7932637ac9b0a1125acfaeffa837b6af 01107a42cef642f68e70ef30502ecb6c0de6a0d6 f938651bd7efeb3c523dcca3df1c9a0cc63b12f604816c8e49636fda5b1b1c7e Loading...

	4v2fdj.gaokejd.xyz/ftl/commonPage/js/jquery/jquery-1.11.3.min.js	96 kB	2023-03-07	2024-05-17
Pretty URL 4v2fdj.gaokejd.xyz/ftl/commonPage/js/jquery/jquery-1.11.3.min.js IP 103.198.200.1 ASN #138915 Kaopu Cloud HK Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:10:10 Last Seen2024-05-17 21:06:19 Times Seen13814 Hash b091a47f6b91e26c93a848092c6f3788 52918af2d431e73464060b35d364640c8db75606 329ab92b9276ef4e3148f69be6b208969bebdf2db3121a589caa172453fd9f10 Loading...

	4v2fdj.gaokejd.xyz/ftl/commonPage/js/float.js	7.0 kB	2023-03-07	2024-05-17
Pretty URL 4v2fdj.gaokejd.xyz/ftl/commonPage/js/float.js IP 103.198.200.1 ASN #138915 Kaopu Cloud HK Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:14:38 Last Seen2024-05-17 21:06:19 Times Seen13186 Hash 829af863b0cdc4a603919824ae046299 1d417b1553e4ecb7125ebf2005b74255291fbf73 1dbe4afbc9ed220c08b9e95577b56f83e2e8e0f7620c5dc18266bb325e5bb271 Loading...

	4v2fdj.gaokejd.xyz/ftl/commonPage/js/websocket/Comet.js	17 kB	2023-04-05	2024-05-17
Pretty URL 4v2fdj.gaokejd.xyz/ftl/commonPage/js/websocket/Comet.js IP 103.198.200.1 ASN #138915 Kaopu Cloud HK Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-05 18:30:47 Last Seen2024-05-17 21:06:19 Times Seen6583 Hash 1008fe6a5e1a182d7775963b85405bb2 e174a7b08cc3cb5545af1cd33d2814e604119392 7479f6f22194ac37dd6d3f5a579b4682ac8dcb6389fb961cf4140f3fcc707a20 Loading...

	4v2fdj.gaokejd.xyz/ftl/commonPage/js/websocket/PopUp.js	2.1 kB	2023-03-07	2024-05-17
Pretty URL 4v2fdj.gaokejd.xyz/ftl/commonPage/js/websocket/PopUp.js IP 103.198.200.1 ASN #138915 Kaopu Cloud HK Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:14:38 Last Seen2024-05-17 21:06:19 Times Seen13185 Hash 07864ad2e2759d53f8f2f14dd4295bd9 95144219e2eb702c4c4a707c3622b086876cf41c 871bf30791bb89605b61cea815c3786246274b65ede3b8a8b8c2dd9244cfa89d Loading...

	bb654995.com:8989/	2.0 kB	2023-11-22	2024-05-17
Pretty URL bb654995.com:8989/ IP 20.239.17.84 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML true Observations First Seen2023-11-22 16:18:01 Last Seen2024-05-17 21:06:19 Times Seen2247 Hash dd4934ec50598a49950c57836d268ba9 9830d9f40b0baf411ea1e7b7a4b65675cf35ae04 89e8ae92a48e530a676704a7858edcc65fdd1488e39280ba8da4cb80dc5729d5 Loading...

	bb654995.com:8989/message_zh_CN.js?v=1713951947790	32 kB	2023-12-07	2024-05-17
Pretty URL bb654995.com:8989/message_zh_CN.js?v=1713951947790 IP 20.239.17.84 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-07 04:18:39 Last Seen2024-05-17 21:06:19 Times Seen1834 Hash 879e0d38aaa72a30c1987722f24ef0ff a71947b06e5ff779946d15db8877a103a5432036 fd47dca609ede55de5f51d756c967b63f0d223330e6eef19df0c3659e1bd9a55 Loading...

	4v2fdj.gaokejd.xyz/061410/rcenter/common/js/gamebox/common/jquery.validate.extend.msites.js	15 kB	2023-03-07	2024-05-17
Pretty URL 4v2fdj.gaokejd.xyz/061410/rcenter/common/js/gamebox/common/jquery.validate.extend.msites.js IP 103.198.200.1 ASN #138915 Kaopu Cloud HK Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:14:38 Last Seen2024-05-17 21:06:19 Times Seen13179 Hash 4fe7dadf050dad2dcfd386d21b880281 07e7feb8dc9309fe66d86d7a9e27f8efd32ab0bd aa891aafe8e98e1e15d81b2b116e6c3808d0bbbec56cd24818e2e7ac911877c9 Loading...

	bb654995.com:8989/	6.0 kB	2023-08-02	2024-05-17
Pretty URL bb654995.com:8989/ IP 20.239.17.84 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML true Observations First Seen2023-08-02 04:42:13 Last Seen2024-05-17 21:06:19 Times Seen4436 Hash e6ea297058f6d52d83390d9ea7f914aa 349df987c3c4c50687d993b31f83cfea7f796730 2f21ca2376a9112f70c12ecc46d75ff792b067f5edceae5ea06011c13cf14e56 Loading...

	bb654995.com:8989/	390 B	2023-04-05	2024-05-17
Pretty URL bb654995.com:8989/ IP 20.239.17.84 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML true Observations First Seen2023-04-05 18:30:47 Last Seen2024-05-17 21:06:19 Times Seen6481 Hash 4e6bbb84979a27014e74be230fe8440f aafe0c1dba07e91354abfb25d154c0acbed24d61 03e9af072f4db23c6c6cd74a89c796a3c764731da4734682f3ccfc07e0e54e74 Loading...

	bb654995.com:8989/	4.1 kB	2023-04-19	2024-05-09
Pretty URL bb654995.com:8989/ IP 20.239.17.84 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML true Observations First Seen2023-04-19 10:42:24 Last Seen2024-05-09 05:37:40 Times Seen192 Hash 8d24a27b56a588bcb83462bf72dfe16a 5a3a122a406ad4445c3b78f44ec4c32b7a13f7a0 56287f4aa127f4034565f096be5459fa251e64215fa4e2c3979e5b7f2399d526 Loading...

	4v2fdj.gaokejd.xyz/ftl/commonPage/js/layer.js	22 kB	2023-04-05	2024-05-17
Pretty URL 4v2fdj.gaokejd.xyz/ftl/commonPage/js/layer.js IP 103.198.200.1 ASN #138915 Kaopu Cloud HK Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-05 18:30:47 Last Seen2024-05-17 21:06:19 Times Seen6566 Hash cb96339625e9d456e32f86cdb3c7a7a1 1301165c58bbb13c542cba493b7ab5774e87e31f 17fb047ba6828fcbdf2ca226fa4594cfded2b2fdfeaff89a5bd81c7cf0359919 Loading...

	4v2fdj.gaokejd.xyz/061410/rcenter/common/js/jquery/plugins/jquery.validate/jquery.validate.js	28 kB	2023-04-05	2024-05-17
Pretty URL 4v2fdj.gaokejd.xyz/061410/rcenter/common/js/jquery/plugins/jquery.validate/jquery.validate.js IP 103.155.16.137 ASN #138915 Kaopu Cloud HK Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-05 18:30:47 Last Seen2024-05-17 21:06:18 Times Seen6567 Hash 9c41709c2b64126b909c101a27f39153 4ab666b36c092577acb41390ad90e96d5fea7711 c1963697eeafb63b6c29e95da2d38d91dd907ab656e130e6e1c34d1dcd149f60 Loading...

	bb654995.com:8989/	4.4 kB	2023-04-19	2024-05-04
Pretty URL bb654995.com:8989/ IP 20.239.17.84 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML true Observations First Seen2023-04-19 10:42:24 Last Seen2024-05-04 01:36:07 Times Seen131 Hash dfad0b85340890d759c51064e5e64f49 a9cb1fa0918953b54beda8a5d738fea441d48744 301acadb0c6093aa419cd1ce2f509e052f5e97da0328ff092d09b9dc980f0f9c Loading...

	bb654995.com:8989/	107 kB	2023-04-19	2024-05-04
Pretty URL bb654995.com:8989/ IP 20.239.17.84 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML true Observations First Seen2023-04-19 10:42:24 Last Seen2024-05-04 01:36:07 Times Seen130 Hash 8660aed96cd6ce54c5d3957331366c3e 6991ff5972df9f73babd4264922a2363d3deba01 02c87cd56d1bc50132f372ef0c12981f84ac487bcd4415e0e7b4e17623e22694 Loading...

HTTP Transactions (67)

URL IP Response Size

bb654995.com/

20.239.17.84

307 Temporary Redirect

62 B

URL User Request GET HTTP/2
bb654995.com/
IP
20.239.17.84:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Certificate
IssuerLet's Encrypt
Subjectbb654995.com
Fingerprint64:1C:ED:11:AE:F5:E9:DA:7F:DE:B7:7D:F5:28:07:5A:DB:13:53:35
ValiditySun, 14 Apr 2024 17:03:00 GMT - Sat, 13 Jul 2024 17:02:59 GMT

File type
HTML document, ASCII text
Size
62 B (62 bytes)
Hash
13df32337f7457a1dddd9cdc5d2e4a9a
7ec98b15545f90d19d8fbd41026f04075d4c4349
61a8553b6057810a11e3ae6d5d7dbaee5d5c7723f1cb60bd95ebc42e1d8467b3

HTTP Headers

GET / HTTP/1.1
Host: bb654995.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 307 Temporary Redirect
content-type: text/html; charset=utf-8
location: https://bb654995.com:8989/
content-length: 62
date: Fri, 03 May 2024 23:35:34 GMT
X-Firefox-Spdy: h2

bb654995.com:8989/commonPage/lan/i18n.js?t=1714779334.751

20.239.17.84

200 OK

810 B

URL GET HTTP/2
bb654995.com:8989/commonPage/lan/i18n.js?t=1714779334.751
IP
20.239.17.84:8989
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://bb654995.com:8989/
Certificate
IssuerLet's Encrypt
Subjectbb654995.com
Fingerprint64:1C:ED:11:AE:F5:E9:DA:7F:DE:B7:7D:F5:28:07:5A:DB:13:53:35
ValiditySun, 14 Apr 2024 17:03:00 GMT - Sat, 13 Jul 2024 17:02:59 GMT

File type
ASCII text, with very long lines (1217)
Size
810 B (810 bytes)
Hash
60069c6963b305a4dd990d709feb717c
8f11c3055f013c20347db57b153278268f3b653e
599cb0365ed724fd56af5af3f73d107776e9f759b7767e28c69e95277991d853

HTTP Headers

GET /commonPage/lan/i18n.js?t=1714779334.751 HTTP/1.1
Host: bb654995.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bb654995.com:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: *
content-encoding: gzip
content-type: application/javascript; charset=utf-8
date: Fri, 03 May 2024 23:35:35 GMT
out-line: gb-cdn-167
uuid: 01359-01-00000000-171477933578e4
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-length: 810
X-Firefox-Spdy: h2

js.users.51.la/21020807.js

47.246.44.241

200 OK

4.9 kB

URL GET HTTP/1.1
js.users.51.la/21020807.js
IP
47.246.44.241:443
ASN
#24429 Zhejiang Taobao Network Co.,Ltd

Requested by
https://bb654995.com:8989/
Certificate
IssuerGlobalSign nv-sa
Subject*.users.51.la
Fingerprint8E:9F:59:98:28:F2:49:A9:E1:19:45:C2:49:ED:B2:F6:B8:E1:C6:39
ValidityFri, 14 Apr 2023 03:17:41 GMT - Wed, 15 May 2024 03:17:40 GMT

File type
JavaScript source, ASCII text, with very long lines (4898), with no line terminators
Size
4.9 kB (4898 bytes)
Hash
7ab31b1f3d40b6f89974d13251b0fe82
fdffc719797a25007a206d30bc95275718c55df9
e5817d86b4ee0af0483d1cc0528c25a472e7c7ab31608106137309a7316c4468

HTTP Headers

GET /21020807.js HTTP/1.1
Host: js.users.51.la
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bb654995.com:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Date: Fri, 03 May 2024 23:35:36 GMT
Access-Control-Allow-Headers: Content-Type
Access-Control-Allow-Origin: *
Cache-Control: no-store
Access-Control-Allow-Credentials: true
Ali-Swift-Global-Savetime: 1714779336
Via: cache4.l2de2[176,175,200-0,M], cache12.l2de2[177,0], ens-cache20.se2[200,199,200-0,M], ens-cache3.se2[200,0]
X-Cache: MISS TCP_MISS dirn:-2:-2
X-Swift-SaveTime: Fri, 03 May 2024 23:35:36 GMT
X-Swift-CacheTime: 0
Timing-Allow-Origin: *
EagleId: 2ff62c9717147793360138694e

4v2fdj.gaokejd.xyz/ftl/commonPage/themes/gui-skin-default.css

103.198.200.1

200 OK

6.3 kB

URL GET HTTP/1.1
4v2fdj.gaokejd.xyz/ftl/commonPage/themes/gui-skin-default.css
IP
103.198.200.1:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://bb654995.com:8989/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.gaokejd.xyz
Fingerprint0C:64:1D:5D:7A:1C:81:05:EF:CD:74:CC:64:84:BF:1B:CB:80:25:BA
ValidityThu, 30 Nov 2023 01:16:02 GMT - Fri, 29 Nov 2024 01:16:01 GMT

File type
Unicode text, UTF-8 (with BOM) text, with very long lines (7014)
Size
6.3 kB (6253 bytes)
Hash
4f6eba52b6bdba2bd8154d39c61fcaab
11a91e977ab64175dc2ec233d45c6cf9d34798b0
b4ae8f84403e1e8ea7f75cac8491e461ac6e5524260a04d772d53dd912f8e53a

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/commonPage/themes/gui-skin-default.css HTTP/1.1
Host: 4v2fdj.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bb654995.com:8989/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 6253
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-01
ETag: W/"64ad1569-7b6e"
Date: Tue, 16 Apr 2024 10:12:21 GMT
Last-Modified: Tue, 11 Jul 2023 08:40:09 GMT
Expires: Thu, 16 May 2024 10:12:21 GMT
Age: 1516995
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-01, HIT from KS-CLOUD-XG-FOREIGN-21-05
X-Cdn-Request-ID: 5f969fd7cef9c0a47325217435e92a41

4v2fdj.gaokejd.xyz/ftl/commonPage/themes/gui-base.css

103.198.200.1

200 OK

17 kB

URL GET HTTP/1.1
4v2fdj.gaokejd.xyz/ftl/commonPage/themes/gui-base.css
IP
103.198.200.1:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://bb654995.com:8989/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.gaokejd.xyz
Fingerprint0C:64:1D:5D:7A:1C:81:05:EF:CD:74:CC:64:84:BF:1B:CB:80:25:BA
ValidityThu, 30 Nov 2023 01:16:02 GMT - Fri, 29 Nov 2024 01:16:01 GMT

File type
Unicode text, UTF-8 text, with very long lines (12023)
Size
17 kB (17118 bytes)
Hash
d01c79296c69daae2357744b28ad3a08
6979c86432a04a8cc22818055bd599e10d13892e
03bae6f265bda27347f4697d37ddb03335678cf0a76d5a246ee1b02463294599

HTTP Headers

GET /ftl/commonPage/themes/gui-base.css HTTP/1.1
Host: 4v2fdj.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bb654995.com:8989/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 17118
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-03
ETag: W/"661623eb-14596"
Date: Tue, 16 Apr 2024 10:12:20 GMT
Last-Modified: Wed, 10 Apr 2024 05:30:19 GMT
Expires: Thu, 16 May 2024 10:12:20 GMT
Age: 1516996
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-206
x-link-via: xg21:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-03, HIT from KS-CLOUD-XG-FOREIGN-21-02
X-Cdn-Request-ID: 0a51d3bdefcf2ec6ba2f69528c0c3886

4v2fdj.gaokejd.xyz/ftl/commonPage/js/float.js

103.198.200.1

200 OK

1.9 kB

URL GET HTTP/1.1
4v2fdj.gaokejd.xyz/ftl/commonPage/js/float.js
IP
103.198.200.1:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://bb654995.com:8989/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.gaokejd.xyz
Fingerprint0C:64:1D:5D:7A:1C:81:05:EF:CD:74:CC:64:84:BF:1B:CB:80:25:BA
ValidityThu, 30 Nov 2023 01:16:02 GMT - Fri, 29 Nov 2024 01:16:01 GMT

File type
JavaScript source, Unicode text, UTF-8 text
Size
1.9 kB (1929 bytes)
Hash
829af863b0cdc4a603919824ae046299
1d417b1553e4ecb7125ebf2005b74255291fbf73
1dbe4afbc9ed220c08b9e95577b56f83e2e8e0f7620c5dc18266bb325e5bb271

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/commonPage/js/float.js HTTP/1.1
Host: 4v2fdj.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bb654995.com:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 1929
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-02
ETag: W/"612747ba-1b2f"
Date: Tue, 16 Apr 2024 10:12:20 GMT
Last-Modified: Thu, 26 Aug 2021 07:50:18 GMT
Expires: Thu, 16 May 2024 10:12:20 GMT
Age: 1516996
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-02, HIT from KS-CLOUD-XG-FOREIGN-21-07
X-Cdn-Request-ID: ddd53ea3b4db93d4b6820b324f2bfa62

4v2fdj.gaokejd.xyz/ftl/bet365-1359/themes/style/common.css

103.198.200.1

200 OK

13 kB

URL GET HTTP/1.1
4v2fdj.gaokejd.xyz/ftl/bet365-1359/themes/style/common.css
IP
103.198.200.1:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://bb654995.com:8989/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.gaokejd.xyz
Fingerprint0C:64:1D:5D:7A:1C:81:05:EF:CD:74:CC:64:84:BF:1B:CB:80:25:BA
ValidityThu, 30 Nov 2023 01:16:02 GMT - Fri, 29 Nov 2024 01:16:01 GMT

File type
assembler source, Unicode text, UTF-8 (with BOM) text, with very long lines (1682)
Size
13 kB (13048 bytes)
Hash
ddf4ad28b970605bf97edab93905f285
ef11c23463956063829eb3e7a76fa9cb847174d8
2263562b60ca36beb896adb13859185b52f7c39430eb11ef13941237faa957b7

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/bet365-1359/themes/style/common.css HTTP/1.1
Host: 4v2fdj.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bb654995.com:8989/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 13048
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-04
ETag: W/"61b94b15-d023"
Date: Tue, 16 Apr 2024 10:12:21 GMT
Last-Modified: Wed, 15 Dec 2021 01:55:33 GMT
Expires: Thu, 16 May 2024 10:12:21 GMT
Age: 1516995
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xg21:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-04, HIT from KS-CLOUD-XG-FOREIGN-21-11
X-Cdn-Request-ID: c7c7822eba0786388f47887b268e9d22

4v2fdj.gaokejd.xyz/ftl/bet365-1359/themes/style/bootstrap-dialog.min.css

103.198.200.1

200 OK

630 B

URL GET HTTP/1.1
4v2fdj.gaokejd.xyz/ftl/bet365-1359/themes/style/bootstrap-dialog.min.css
IP
103.198.200.1:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://bb654995.com:8989/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.gaokejd.xyz
Fingerprint0C:64:1D:5D:7A:1C:81:05:EF:CD:74:CC:64:84:BF:1B:CB:80:25:BA
ValidityThu, 30 Nov 2023 01:16:02 GMT - Fri, 29 Nov 2024 01:16:01 GMT

File type
ASCII text
Size
630 B (630 bytes)
Hash
304eb84809c6637b7cdd0dc6225c5761
e724aff10b16dc82bf1086cd3b70d8396f630d64
cb1d0b332c0218bbb360fd25d693f88293b54389caf88c36ffcfd8adc948d0e4

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/bet365-1359/themes/style/bootstrap-dialog.min.css HTTP/1.1
Host: 4v2fdj.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bb654995.com:8989/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 630
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-06
ETag: W/"61555134-adc"
Date: Tue, 16 Apr 2024 10:12:21 GMT
Last-Modified: Thu, 30 Sep 2021 05:55:00 GMT
Expires: Thu, 16 May 2024 10:12:21 GMT
Age: 1516995
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-06, HIT from KS-CLOUD-XG-FOREIGN-21-12
X-Cdn-Request-ID: 7de4d450bdf87dfc3c5b94c29057aae7

4v2fdj.gaokejd.xyz/ftl/commonPage/js/idangerous.swiper.min.js

103.198.200.1

200 OK

12 kB

URL GET HTTP/1.1
4v2fdj.gaokejd.xyz/ftl/commonPage/js/idangerous.swiper.min.js
IP
103.198.200.1:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://bb654995.com:8989/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.gaokejd.xyz
Fingerprint0C:64:1D:5D:7A:1C:81:05:EF:CD:74:CC:64:84:BF:1B:CB:80:25:BA
ValidityThu, 30 Nov 2023 01:16:02 GMT - Fri, 29 Nov 2024 01:16:01 GMT

File type
JavaScript source, ASCII text, with very long lines (32034)
Size
12 kB (11957 bytes)
Hash
f15409fb02c527ce1f66a2fd3c4aa0e9
1e1e1bcc0f49e99e14ba34991cffe0745178d302
1a1b5d3d6fbfc28abe37a668abd59494208c63c5f0b5d040cf4bbbd137f87c27

HTTP Headers

GET /ftl/commonPage/js/idangerous.swiper.min.js HTTP/1.1
Host: 4v2fdj.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bb654995.com:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 11957
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-03
ETag: W/"64d5b951-b083"
Date: Tue, 16 Apr 2024 10:12:20 GMT
Last-Modified: Fri, 11 Aug 2023 04:30:09 GMT
Expires: Thu, 16 May 2024 10:12:20 GMT
Age: 1516996
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-03, HIT from KS-CLOUD-XG-FOREIGN-21-06
X-Cdn-Request-ID: 5de49591e82aac412889e23ebebe0644

4v2fdj.gaokejd.xyz/ftl/commonPage/js/websocket/Comet.js

103.198.200.1

200 OK

4.0 kB

URL GET HTTP/1.1
4v2fdj.gaokejd.xyz/ftl/commonPage/js/websocket/Comet.js
IP
103.198.200.1:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://bb654995.com:8989/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.gaokejd.xyz
Fingerprint0C:64:1D:5D:7A:1C:81:05:EF:CD:74:CC:64:84:BF:1B:CB:80:25:BA
ValidityThu, 30 Nov 2023 01:16:02 GMT - Fri, 29 Nov 2024 01:16:01 GMT

File type
JavaScript source, Unicode text, UTF-8 text
Size
4.0 kB (4031 bytes)
Hash
4de3e8bcf2f02d60519ca0d3584d3b8e
6323c2bf18b1bbf968e164bdf2e58d7677f67f8a
6cf6e96f51f13834e233bee9a9040f6eff70601dc0b755e60885b20550b35a9f

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/commonPage/js/websocket/Comet.js HTTP/1.1
Host: 4v2fdj.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bb654995.com:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 4031
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-01
ETag: W/"60f60fb5-43bc"
Date: Tue, 16 Apr 2024 10:12:21 GMT
Last-Modified: Mon, 19 Jul 2021 23:50:13 GMT
Expires: Thu, 16 May 2024 10:12:21 GMT
Age: 1516996
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-01, HIT from KS-CLOUD-XG-FOREIGN-21-01
X-Cdn-Request-ID: 9acd09f18634fb1baee73733782a9a55

4v2fdj.gaokejd.xyz/ftl/commonPage/js/websocket/PopUp.js

103.198.200.1

200 OK

797 B

URL GET HTTP/1.1
4v2fdj.gaokejd.xyz/ftl/commonPage/js/websocket/PopUp.js
IP
103.198.200.1:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://bb654995.com:8989/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.gaokejd.xyz
Fingerprint0C:64:1D:5D:7A:1C:81:05:EF:CD:74:CC:64:84:BF:1B:CB:80:25:BA
ValidityThu, 30 Nov 2023 01:16:02 GMT - Fri, 29 Nov 2024 01:16:01 GMT

File type
Unicode text, UTF-8 text
Size
797 B (797 bytes)
Hash
07864ad2e2759d53f8f2f14dd4295bd9
95144219e2eb702c4c4a707c3622b086876cf41c
871bf30791bb89605b61cea815c3786246274b65ede3b8a8b8c2dd9244cfa89d

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/commonPage/js/websocket/PopUp.js HTTP/1.1
Host: 4v2fdj.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bb654995.com:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 797
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-01
ETag: W/"6260ddd4-828"
Date: Tue, 16 Apr 2024 10:12:21 GMT
Last-Modified: Thu, 21 Apr 2022 04:30:12 GMT
Expires: Thu, 16 May 2024 10:12:21 GMT
Age: 1516995
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-01, HIT from KS-CLOUD-XG-FOREIGN-21-05
X-Cdn-Request-ID: 30326532a477f867dda475402b615fd3

4v2fdj.gaokejd.xyz/ftl/commonPage/js/websocket/CometMarathon.js

103.198.200.1

200 OK

3.3 kB

URL GET HTTP/1.1
4v2fdj.gaokejd.xyz/ftl/commonPage/js/websocket/CometMarathon.js
IP
103.198.200.1:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://bb654995.com:8989/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.gaokejd.xyz
Fingerprint0C:64:1D:5D:7A:1C:81:05:EF:CD:74:CC:64:84:BF:1B:CB:80:25:BA
ValidityThu, 30 Nov 2023 01:16:02 GMT - Fri, 29 Nov 2024 01:16:01 GMT

File type
JavaScript source, Unicode text, UTF-8 text
Size
3.3 kB (3316 bytes)
Hash
3b4680db1e065116488f065419ca9f58
6c646601c5656ff6cb1fdf9d5b95823f41e9bcfa
e2bfb9fc21f2a1a6e33c7c5ed20de13ef2ef4bcf266aa4b2e6f2fee06f8f4eaf

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/commonPage/js/websocket/CometMarathon.js HTTP/1.1
Host: 4v2fdj.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bb654995.com:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 3316
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-06
ETag: W/"6260ddd4-2f13"
Date: Tue, 16 Apr 2024 10:12:21 GMT
Last-Modified: Thu, 21 Apr 2022 04:30:12 GMT
Expires: Thu, 16 May 2024 10:12:21 GMT
Age: 1516995
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-06, HIT from KS-CLOUD-XG-FOREIGN-21-12
X-Cdn-Request-ID: 6fb06ac89a2847d060860fe63be61c13

4v2fdj.gaokejd.xyz/ftl/commonPage/js/lazyload.js

103.198.200.1

200 OK

2.7 kB

URL GET HTTP/1.1
4v2fdj.gaokejd.xyz/ftl/commonPage/js/lazyload.js
IP
103.198.200.1:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://bb654995.com:8989/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.gaokejd.xyz
Fingerprint0C:64:1D:5D:7A:1C:81:05:EF:CD:74:CC:64:84:BF:1B:CB:80:25:BA
ValidityThu, 30 Nov 2023 01:16:02 GMT - Fri, 29 Nov 2024 01:16:01 GMT

File type
JavaScript source, Unicode text, UTF-8 text
Size
2.7 kB (2731 bytes)
Hash
58f1a7fa1a19b0e5ad0a5bad974b98cf
6963ce7378e6c992de06e7e77d79432a0d38f54d
fb513dceb383ebeda507b1e1cc89ab4d73de071d8aa4fc78bc22f66e7fc5a7e4

HTTP Headers

GET /ftl/commonPage/js/lazyload.js HTTP/1.1
Host: 4v2fdj.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bb654995.com:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 2731
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-06
ETag: W/"64d05f66-2f79"
Date: Tue, 16 Apr 2024 10:12:22 GMT
Last-Modified: Mon, 07 Aug 2023 03:05:10 GMT
Expires: Thu, 16 May 2024 10:12:22 GMT
Age: 1516994
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-06, HIT from KS-CLOUD-XG-FOREIGN-21-08
X-Cdn-Request-ID: d984726f2f2ca3499b53344b0cb95217

4v2fdj.gaokejd.xyz/ftl/commonPage/js/jquery/jquery-1.11.3.min.js

103.198.200.1

200 OK

34 kB

URL GET HTTP/1.1
4v2fdj.gaokejd.xyz/ftl/commonPage/js/jquery/jquery-1.11.3.min.js
IP
103.198.200.1:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://bb654995.com:8989/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.gaokejd.xyz
Fingerprint0C:64:1D:5D:7A:1C:81:05:EF:CD:74:CC:64:84:BF:1B:CB:80:25:BA
ValidityThu, 30 Nov 2023 01:16:02 GMT - Fri, 29 Nov 2024 01:16:01 GMT

File type
JavaScript source, ASCII text, with very long lines (32038)
Size
34 kB (33545 bytes)
Hash
b091a47f6b91e26c93a848092c6f3788
52918af2d431e73464060b35d364640c8db75606
329ab92b9276ef4e3148f69be6b208969bebdf2db3121a589caa172453fd9f10

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/commonPage/js/jquery/jquery-1.11.3.min.js HTTP/1.1
Host: 4v2fdj.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bb654995.com:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 33545
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-05
ETag: W/"5d848f4f-176d4"
Date: Tue, 16 Apr 2024 10:12:22 GMT
Last-Modified: Fri, 20 Sep 2019 08:35:27 GMT
Expires: Thu, 16 May 2024 10:12:22 GMT
Age: 1516994
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-05, HIT from KS-CLOUD-XG-FOREIGN-21-08
X-Cdn-Request-ID: 911b2825e10f63d90e8d4084c5c1953c

4v2fdj.gaokejd.xyz/ftl/commonPage/themes/hongbao.css

103.155.16.137

200 OK

5.7 kB

URL GET HTTP/1.1
4v2fdj.gaokejd.xyz/ftl/commonPage/themes/hongbao.css
IP
103.155.16.137:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://bb654995.com:8989/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.gaokejd.xyz
Fingerprint0C:64:1D:5D:7A:1C:81:05:EF:CD:74:CC:64:84:BF:1B:CB:80:25:BA
ValidityThu, 30 Nov 2023 01:16:02 GMT - Fri, 29 Nov 2024 01:16:01 GMT

File type
Unicode text, UTF-8 text, with very long lines (336)
Size
5.7 kB (5666 bytes)
Hash
499a3a64bcf22609681f5337a6360c80
fc05a8a391c8375ea4e47183eca56a18bed8fca7
5339bf22971b6400e64154decc06b84fd4be337c2758cc7ca565756c92c97894

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/commonPage/themes/hongbao.css HTTP/1.1
Host: 4v2fdj.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://4v2fdj.gaokejd.xyz/ftl/commonPage/themes/gui-base.css
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 5666
Connection: keep-alive
Server: Default-server-KS-CLOUD-XJP-FOREIGN-12-06
ETag: W/"64252e4f-d530"
Date: Tue, 16 Apr 2024 10:37:40 GMT
Last-Modified: Thu, 30 Mar 2023 06:38:07 GMT
Expires: Thu, 16 May 2024 10:37:40 GMT
Age: 1515476
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xjp21:443;xjp12:80;
X-Cache-Status: HIT from KS-CLOUD-XJP-FOREIGN-12-06, HIT from KS-CLOUD-XJP-FOREIGN-21-20
X-Cdn-Request-ID: 26a1879795c25ee6a817d82b27595835

4v2fdj.gaokejd.xyz/ftl/commonPage/themes/gui-layer.css

103.155.16.137

200 OK

6.9 kB

URL GET HTTP/1.1
4v2fdj.gaokejd.xyz/ftl/commonPage/themes/gui-layer.css
IP
103.155.16.137:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://bb654995.com:8989/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.gaokejd.xyz
Fingerprint0C:64:1D:5D:7A:1C:81:05:EF:CD:74:CC:64:84:BF:1B:CB:80:25:BA
ValidityThu, 30 Nov 2023 01:16:02 GMT - Fri, 29 Nov 2024 01:16:01 GMT

File type
Unicode text, UTF-8 text, with very long lines (489)
Size
6.9 kB (6923 bytes)
Hash
858eefc3fa70af7d0115c901908471f5
29c181bbbc09a424f7de7cb57629bd8a9e3c679a
9f6a77c93f998e065f1ed52eb9943a3c560a50366bba2c8a34a4a1223c793caf

HTTP Headers

GET /ftl/commonPage/themes/gui-layer.css HTTP/1.1
Host: 4v2fdj.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://4v2fdj.gaokejd.xyz/ftl/commonPage/themes/gui-base.css
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 6923
Connection: keep-alive
Server: Default-server-KS-CLOUD-XJP-FOREIGN-12-06
ETag: W/"64ddd5e1-c760"
Date: Tue, 16 Apr 2024 10:37:40 GMT
Last-Modified: Thu, 17 Aug 2023 08:10:09 GMT
Expires: Thu, 16 May 2024 10:37:40 GMT
Age: 1515477
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xjp21:443;xjp12:80;
X-Cache-Status: HIT from KS-CLOUD-XJP-FOREIGN-12-06, HIT from KS-CLOUD-XJP-FOREIGN-21-03
X-Cdn-Request-ID: 52bd9e92f1483ddc3ae603323db30387

4v2fdj.gaokejd.xyz/ftl/commonPage/js/gui-base.js

103.198.200.1

200 OK

16 kB

URL GET HTTP/1.1
4v2fdj.gaokejd.xyz/ftl/commonPage/js/gui-base.js
IP
103.198.200.1:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://bb654995.com:8989/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.gaokejd.xyz
Fingerprint0C:64:1D:5D:7A:1C:81:05:EF:CD:74:CC:64:84:BF:1B:CB:80:25:BA
ValidityThu, 30 Nov 2023 01:16:02 GMT - Fri, 29 Nov 2024 01:16:01 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (11056)
Size
16 kB (15779 bytes)
Hash
4007cfe0a95df1d6a9f4252e636f995f
b0f9a2ad5c49b9b50ac5d025c8e9ce803eb5d7a8
4370313fa317e44140f85bba141ec24c2c9ef674593779d3349d2a44001699d0

HTTP Headers

GET /ftl/commonPage/js/gui-base.js HTTP/1.1
Host: 4v2fdj.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bb654995.com:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 15779
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-05
ETag: W/"64ddbaed-ee5c"
Date: Tue, 16 Apr 2024 10:12:21 GMT
Last-Modified: Thu, 17 Aug 2023 06:15:09 GMT
Expires: Thu, 16 May 2024 10:12:21 GMT
Age: 1516996
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-05, HIT from KS-CLOUD-XG-FOREIGN-21-13
X-Cdn-Request-ID: 614379e173b752765876007845d85756

4v2fdj.gaokejd.xyz/ftl/commonPage/js/layer.js

103.198.200.1

200 OK

7.6 kB

URL GET HTTP/1.1
4v2fdj.gaokejd.xyz/ftl/commonPage/js/layer.js
IP
103.198.200.1:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://bb654995.com:8989/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.gaokejd.xyz
Fingerprint0C:64:1D:5D:7A:1C:81:05:EF:CD:74:CC:64:84:BF:1B:CB:80:25:BA
ValidityThu, 30 Nov 2023 01:16:02 GMT - Fri, 29 Nov 2024 01:16:01 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (21922)
Size
7.6 kB (7599 bytes)
Hash
c42797aecccd5494e2b747cedf1a890b
b9e06a6d245b6a3c87f2753db0c9c9aa020640b2
56feab66e10b4718de666fc63941b4f36a5e553e8887d663e137e635add8beb3

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/commonPage/js/layer.js HTTP/1.1
Host: 4v2fdj.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bb654995.com:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 7599
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-02
ETag: W/"5d848f4f-55f6"
Date: Tue, 16 Apr 2024 10:12:21 GMT
Last-Modified: Fri, 20 Sep 2019 08:35:27 GMT
Expires: Thu, 16 May 2024 10:12:21 GMT
Age: 1516996
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-02, HIT from KS-CLOUD-XG-FOREIGN-21-11
X-Cdn-Request-ID: f34491a703e796b5df9f2a85d0d2c250

4v2fdj.gaokejd.xyz/ftl/commonPage/js/bootstrap-dialog.min.js

103.198.200.1

200 OK

5.0 kB

URL GET HTTP/1.1
4v2fdj.gaokejd.xyz/ftl/commonPage/js/bootstrap-dialog.min.js
IP
103.198.200.1:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://bb654995.com:8989/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.gaokejd.xyz
Fingerprint0C:64:1D:5D:7A:1C:81:05:EF:CD:74:CC:64:84:BF:1B:CB:80:25:BA
ValidityThu, 30 Nov 2023 01:16:02 GMT - Fri, 29 Nov 2024 01:16:01 GMT

File type
JavaScript source, ASCII text, with very long lines (20132), with no line terminators
Size
5.0 kB (5007 bytes)
Hash
5ce8851dc823429a42ab6147554403cc
28f381f0e0aa4f5d56690e65723bd97fb59a38e6
dd1edf5e54071903c4c1e81e33636444899d645df6b18bad22249da07f91c811

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/commonPage/js/bootstrap-dialog.min.js HTTP/1.1
Host: 4v2fdj.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bb654995.com:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 5007
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-03
ETag: W/"5d848f4f-4ea4"
Date: Tue, 16 Apr 2024 10:12:21 GMT
Last-Modified: Fri, 20 Sep 2019 08:35:27 GMT
Expires: Thu, 16 May 2024 10:12:21 GMT
Age: 1516995
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-03, HIT from KS-CLOUD-XG-FOREIGN-21-05
X-Cdn-Request-ID: 619e07b3e89f1d62437a84293dc15075

4v2fdj.gaokejd.xyz/ftl/commonPage/js/jquery/jquery.super-marquee.js

103.198.200.1

200 OK

1.4 kB

URL GET HTTP/1.1
4v2fdj.gaokejd.xyz/ftl/commonPage/js/jquery/jquery.super-marquee.js
IP
103.198.200.1:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://bb654995.com:8989/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.gaokejd.xyz
Fingerprint0C:64:1D:5D:7A:1C:81:05:EF:CD:74:CC:64:84:BF:1B:CB:80:25:BA
ValidityThu, 30 Nov 2023 01:16:02 GMT - Fri, 29 Nov 2024 01:16:01 GMT

File type
JavaScript source, ASCII text, with very long lines (4433), with no line terminators
Size
1.4 kB (1421 bytes)
Hash
f77d83590bc0a69298f2fbcc5d9911cd
1d6aa25d7052f53ad0181385e5efe72f224bbdb9
1d042b9441e860ddcc01b9e9e5e8d354121ee0e31b47f6e18a321e2e633d22e7

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/commonPage/js/jquery/jquery.super-marquee.js HTTP/1.1
Host: 4v2fdj.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bb654995.com:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 1421
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-02
ETag: W/"5d848f4f-1151"
Date: Tue, 16 Apr 2024 10:12:22 GMT
Last-Modified: Fri, 20 Sep 2019 08:35:27 GMT
Expires: Thu, 16 May 2024 10:12:22 GMT
Age: 1516995
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-02, HIT from KS-CLOUD-XG-FOREIGN-21-04
X-Cdn-Request-ID: 7ae1d197e5de8c12297cc7c826db8358

4v2fdj.gaokejd.xyz/ftl/commonPage/js/jquery/jquery.nicescroll.min.js

103.155.16.137

200 OK

17 kB

URL GET HTTP/1.1
4v2fdj.gaokejd.xyz/ftl/commonPage/js/jquery/jquery.nicescroll.min.js
IP
103.155.16.137:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://bb654995.com:8989/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.gaokejd.xyz
Fingerprint0C:64:1D:5D:7A:1C:81:05:EF:CD:74:CC:64:84:BF:1B:CB:80:25:BA
ValidityThu, 30 Nov 2023 01:16:02 GMT - Fri, 29 Nov 2024 01:16:01 GMT

File type
JavaScript source, ASCII text, with very long lines (64577)
Size
17 kB (17446 bytes)
Hash
b5bc8cd626b389bde727a91e6ce79436
3df6c39300ac286cf596b3bda273cb39ff825429
a1eb48eeb3b3f2ba41940d3041464f0b386b7a7c4a8acb42f3017e691f4b116e

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/commonPage/js/jquery/jquery.nicescroll.min.js HTTP/1.1
Host: 4v2fdj.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bb654995.com:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 17446
Connection: keep-alive
Server: Default-server-KS-CLOUD-XJP-12-09
ETag: W/"5d848f4f-fc8b"
Date: Tue, 16 Apr 2024 10:37:42 GMT
Last-Modified: Fri, 20 Sep 2019 08:35:27 GMT
Expires: Thu, 16 May 2024 10:37:42 GMT
Age: 1515475
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xjp21:443;xjp12:80;
X-Cache-Status: HIT from KS-CLOUD-XJP-12-09, HIT from KS-CLOUD-XJP-FOREIGN-21-02
X-Cdn-Request-ID: ed2431feabd3554f13da1cd25db30110

4v2fdj.gaokejd.xyz/061410/rcenter/common/js/jquery/plugins/jquery.validate/jquery.validate.js

103.155.16.137

200 OK

7.7 kB

URL GET HTTP/1.1
4v2fdj.gaokejd.xyz/061410/rcenter/common/js/jquery/plugins/jquery.validate/jquery.validate.js
IP
103.155.16.137:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://bb654995.com:8989/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.gaokejd.xyz
Fingerprint0C:64:1D:5D:7A:1C:81:05:EF:CD:74:CC:64:84:BF:1B:CB:80:25:BA
ValidityThu, 30 Nov 2023 01:16:02 GMT - Fri, 29 Nov 2024 01:16:01 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (27669)
Size
7.7 kB (7746 bytes)
Hash
f8c2b37c1dc626eede6a2e3e37aa4504
d4e8419497caa64c8a850ac4808dddb89b5eeb3f
728d63b799ab3d9bee5e987ad13f71aeb9d30ff78ed552c7edc425531c9c0f2a

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /061410/rcenter/common/js/jquery/plugins/jquery.validate/jquery.validate.js HTTP/1.1
Host: 4v2fdj.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bb654995.com:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 7746
Connection: keep-alive
Server: Default-server-KS-CLOUD-XJP-12-08
ETag: W/"655579ca-6caf"
Date: Mon, 15 Apr 2024 10:42:41 GMT
Last-Modified: Thu, 16 Nov 2023 02:09:14 GMT
Expires: Wed, 15 May 2024 10:42:41 GMT
Age: 1601576
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-204
x-link-via: xjp21:443;xjp12:80;
X-Cache-Status: HIT from KS-CLOUD-XJP-12-08, HIT from KS-CLOUD-XJP-FOREIGN-21-03
X-Cdn-Request-ID: aead798a7ba4888cadd8071d02a07519

4v2fdj.gaokejd.xyz/061410/rcenter/common/js/gamebox/common/jquery.validate.extend.msites.js

103.198.200.1

200 OK

4.1 kB

URL GET HTTP/1.1
4v2fdj.gaokejd.xyz/061410/rcenter/common/js/gamebox/common/jquery.validate.extend.msites.js
IP
103.198.200.1:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://bb654995.com:8989/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.gaokejd.xyz
Fingerprint0C:64:1D:5D:7A:1C:81:05:EF:CD:74:CC:64:84:BF:1B:CB:80:25:BA
ValidityThu, 30 Nov 2023 01:16:02 GMT - Fri, 29 Nov 2024 01:16:01 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (14855), with no line terminators
Size
4.1 kB (4126 bytes)
Hash
4fe7dadf050dad2dcfd386d21b880281
07e7feb8dc9309fe66d86d7a9e27f8efd32ab0bd
aa891aafe8e98e1e15d81b2b116e6c3808d0bbbec56cd24818e2e7ac911877c9

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /061410/rcenter/common/js/gamebox/common/jquery.validate.extend.msites.js HTTP/1.1
Host: 4v2fdj.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bb654995.com:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 4126
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-06
ETag: W/"655579ca-3a09"
Date: Fri, 12 Apr 2024 07:04:38 GMT
Last-Modified: Thu, 16 Nov 2023 02:09:14 GMT
Expires: Sun, 12 May 2024 07:04:38 GMT
Age: 1873859
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-06, HIT from KS-CLOUD-XG-FOREIGN-21-10
X-Cdn-Request-ID: 4ef223208b165b5f549113fff3903d8b

4v2fdj.gaokejd.xyz/ftl/commonPage/themes/hb/css/pc.css

103.198.200.1

200 OK

911 B

URL GET HTTP/1.1
4v2fdj.gaokejd.xyz/ftl/commonPage/themes/hb/css/pc.css
IP
103.198.200.1:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://bb654995.com:8989/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.gaokejd.xyz
Fingerprint0C:64:1D:5D:7A:1C:81:05:EF:CD:74:CC:64:84:BF:1B:CB:80:25:BA
ValidityThu, 30 Nov 2023 01:16:02 GMT - Fri, 29 Nov 2024 01:16:01 GMT

File type
ASCII text
Size
911 B (911 bytes)
Hash
1da71520b7a0a61526a8fa8d0feb40d1
ba1bf69dad8783563328054cae58ccabf1b00829
5eb4d895bcb33061cda238c8ff4985ede69a866819b980c732cf3802ec101e8d

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/commonPage/themes/hb/css/pc.css HTTP/1.1
Host: 4v2fdj.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bb654995.com:8989/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 911
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-04
ETag: W/"5d848f4f-b5d"
Date: Tue, 16 Apr 2024 10:12:21 GMT
Last-Modified: Fri, 20 Sep 2019 08:35:27 GMT
Expires: Thu, 16 May 2024 10:12:21 GMT
Age: 1516996
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-04, HIT from KS-CLOUD-XG-FOREIGN-21-07
X-Cdn-Request-ID: 1aa17aeb4b1cb60534d354f33b6f5b50

4v2fdj.gaokejd.xyz/ftl/commonPage/js/moment.js

103.198.200.1

200 OK

27 kB

URL GET HTTP/1.1
4v2fdj.gaokejd.xyz/ftl/commonPage/js/moment.js
IP
103.198.200.1:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://bb654995.com:8989/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.gaokejd.xyz
Fingerprint0C:64:1D:5D:7A:1C:81:05:EF:CD:74:CC:64:84:BF:1B:CB:80:25:BA
ValidityThu, 30 Nov 2023 01:16:02 GMT - Fri, 29 Nov 2024 01:16:01 GMT

File type
JavaScript source, Unicode text, UTF-8 text
Size
27 kB (26968 bytes)
Hash
36c8f828395a9395549bd6e7307cb7e9
f30a4961558e2d3d4405e7d93aa28fdb63245e78
5d5e32fa1e06a0bc9396f349d142ad248e82086543e438c890e43f41e692db33

HTTP Headers

GET /ftl/commonPage/js/moment.js HTTP/1.1
Host: 4v2fdj.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bb654995.com:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 26968
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-04
ETag: W/"64b633ca-1cab9"
Date: Tue, 16 Apr 2024 10:12:22 GMT
Last-Modified: Tue, 18 Jul 2023 06:40:10 GMT
Expires: Thu, 16 May 2024 10:12:22 GMT
Age: 1516995
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-04, HIT from KS-CLOUD-XG-FOREIGN-21-05
X-Cdn-Request-ID: 001bc5e820f32ff60caa049f1d61ad4f

4v2fdj.gaokejd.xyz/061410/rcenter/common/static/js/gb.validation.min.js?v=1713951947790

103.198.200.1

200 OK

5.2 kB

URL GET HTTP/1.1
4v2fdj.gaokejd.xyz/061410/rcenter/common/static/js/gb.validation.min.js?v=1713951947790
IP
103.198.200.1:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://bb654995.com:8989/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.gaokejd.xyz
Fingerprint0C:64:1D:5D:7A:1C:81:05:EF:CD:74:CC:64:84:BF:1B:CB:80:25:BA
ValidityThu, 30 Nov 2023 01:16:02 GMT - Fri, 29 Nov 2024 01:16:01 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (801)
Size
5.2 kB (5207 bytes)
Hash
30be40425b37bee4158676082cef1f4d
b41ed46721936872d5d7eadf303ce22938240d2a
f5ca5f543161a6b37ca2bf26c4f3c630fe08323108c77dac1fba6ce755ce6f47

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /061410/rcenter/common/static/js/gb.validation.min.js?v=1713951947790 HTTP/1.1
Host: 4v2fdj.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bb654995.com:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 5207
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-05
ETag: W/"633d510e-7fd7"
Date: Fri, 12 Apr 2024 07:02:17 GMT
Last-Modified: Wed, 05 Oct 2022 09:40:30 GMT
Expires: Sun, 12 May 2024 07:02:17 GMT
Age: 1874000
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-05, HIT from KS-CLOUD-XG-FOREIGN-21-06
X-Cdn-Request-ID: 76ff261f8769b303b74c6f052c78d29a

4v2fdj.gaokejd.xyz/ftl/commonPage/js/theme/default/layer.css?v=3.1.0

103.198.200.1

200 OK

3.1 kB

URL GET HTTP/1.1
4v2fdj.gaokejd.xyz/ftl/commonPage/js/theme/default/layer.css?v=3.1.0
IP
103.198.200.1:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://bb654995.com:8989/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.gaokejd.xyz
Fingerprint0C:64:1D:5D:7A:1C:81:05:EF:CD:74:CC:64:84:BF:1B:CB:80:25:BA
ValidityThu, 30 Nov 2023 01:16:02 GMT - Fri, 29 Nov 2024 01:16:01 GMT

File type
ASCII text
Size
3.1 kB (3111 bytes)
Hash
5cf9259b7dd27aacd46161ec23d261cf
ba0c399616a5ae9cdd8aec5b76ba4aae4822367c
7f73a66b3a9a38576d124b6243a8984d795028e3493b8fa3f688d8dbe10cbccc

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/commonPage/js/theme/default/layer.css?v=3.1.0 HTTP/1.1
Host: 4v2fdj.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bb654995.com:8989/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 3111
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-02
ETag: W/"6131d862-48e4"
Date: Tue, 16 Apr 2024 10:12:22 GMT
Last-Modified: Fri, 03 Sep 2021 08:10:10 GMT
Expires: Thu, 16 May 2024 10:12:22 GMT
Age: 1516995
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-02, HIT from KS-CLOUD-XG-FOREIGN-21-10
X-Cdn-Request-ID: 6cf2915fc1c63f7eff3631047809c57e

4v2fdj.gaokejd.xyz/061410/rcenter/common/static/css/gb.validation.min.css

103.155.16.137

200 OK

3.8 kB

URL GET HTTP/1.1
4v2fdj.gaokejd.xyz/061410/rcenter/common/static/css/gb.validation.min.css
IP
103.155.16.137:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://bb654995.com:8989/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.gaokejd.xyz
Fingerprint0C:64:1D:5D:7A:1C:81:05:EF:CD:74:CC:64:84:BF:1B:CB:80:25:BA
ValidityThu, 30 Nov 2023 01:16:02 GMT - Fri, 29 Nov 2024 01:16:01 GMT

File type
Unicode text, UTF-8 text, with very long lines (2295)
Size
3.8 kB (3788 bytes)
Hash
f00ce0554efc5adea6a8e02d5e501cad
388840e376568b37ac0103aa5c87a268778db67a
3043f42fdd97ec607648da79c3abfa6f364404c7594143227c2541d1f0ac6069

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /061410/rcenter/common/static/css/gb.validation.min.css HTTP/1.1
Host: 4v2fdj.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bb654995.com:8989/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 3788
Connection: keep-alive
Server: Default-server-KS-CLOUD-XJP-12-04
ETag: W/"633d510e-2d52"
Date: Tue, 30 Apr 2024 13:57:08 GMT
Last-Modified: Wed, 05 Oct 2022 09:40:30 GMT
Expires: Thu, 30 May 2024 13:57:08 GMT
Age: 293909
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xjp21:443;xjp12:80;
X-Cache-Status: HIT from KS-CLOUD-XJP-12-04, HIT from KS-CLOUD-XJP-FOREIGN-21-08
X-Cdn-Request-ID: f533ab8f63fdbe0a7a9c993c733b9160

bb654995.com:8989/mobile-api/v5/origin/getFloat.html

20.239.17.84

200 OK

106 B

URL POST HTTP/2
bb654995.com:8989/mobile-api/v5/origin/getFloat.html
IP
20.239.17.84:8989
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://bb654995.com:8989/
Certificate
IssuerLet's Encrypt
Subjectbb654995.com
Fingerprint64:1C:ED:11:AE:F5:E9:DA:7F:DE:B7:7D:F5:28:07:5A:DB:13:53:35
ValiditySun, 14 Apr 2024 17:03:00 GMT - Sat, 13 Jul 2024 17:02:59 GMT

File type
JSON text data
Size
106 B (106 bytes)
Hash
18da76ef30828950957abc98b28e7327
dc5c652bbb18e3bf5d2f14776ce2e10710e0decb
45c7e7ed630f2a5c7a48a85a78bf558f3a831d66085669a7953dfb0ea646fa54

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

POST /mobile-api/v5/origin/getFloat.html HTTP/1.1
Host: bb654995.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 68
Origin: https://bb654995.com:8989
DNT: 1
Connection: keep-alive
Referer: https://bb654995.com:8989/
Cookie: sticket=RFdU9UQXVOREl1TVR
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
access-control-allow-headers: Content-Type,Access-Token,X-Requested-With
access-control-allow-methods: *
access-control-allow-origin: https://bb654995.com:8989
access-control-max-age: 3600
content-disposition: inline;filename=f.txt
content-encoding: br
content-type: text/html;charset=utf-8
date: Fri, 03 May 2024 23:35:38 GMT
out-line: gb-cdn-167
set-cookie: route=66776b881a59021b52807ef9298664ac; Path=/
sub-sys: mobile
uuid: 01359-01-00000000-17147793381663
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-length: 106
X-Firefox-Spdy: h2

4v2fdj.gaokejd.xyz/ftl/commonPage/zh_CN/mobileTopic/images/special_3.jpg

103.198.200.1

200 OK

6.9 kB

URL GET HTTP/1.1
4v2fdj.gaokejd.xyz/ftl/commonPage/zh_CN/mobileTopic/images/special_3.jpg
IP
103.198.200.1:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://bb654995.com:8989/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.gaokejd.xyz
Fingerprint0C:64:1D:5D:7A:1C:81:05:EF:CD:74:CC:64:84:BF:1B:CB:80:25:BA
ValidityThu, 30 Nov 2023 01:16:02 GMT - Fri, 29 Nov 2024 01:16:01 GMT

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 168x168, components 3
Size
6.9 kB (6871 bytes)
Hash
99be4bfe275809d4e436b77c991b1381
54eadee77394eb62ccf377ae68d9f49acb5b6785
4ca35131972acdf420b94f0d64a5a0f504eb5a7b0e6fb7b8b467916a12aae37d

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/commonPage/zh_CN/mobileTopic/images/special_3.jpg HTTP/1.1
Host: 4v2fdj.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bb654995.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 6871
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-05
ETag: "5d848f4f-1ad7"
Date: Tue, 16 Apr 2024 10:12:22 GMT
Last-Modified: Fri, 20 Sep 2019 08:35:27 GMT
Expires: Thu, 16 May 2024 10:12:22 GMT
Age: 1516996
Cache-Control: max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-05, HIT from KS-CLOUD-XG-FOREIGN-21-13
X-Cdn-Request-ID: 94448ce275f3f13ddc4ca21c5135ae74

bb654995.com:8989/index/getAppsUrl.html?device=android&fPixelId=&accessToken=&apiVersion=

20.239.17.84

200 OK

902 B

URL GET HTTP/2
bb654995.com:8989/index/getAppsUrl.html?device=android&fPixelId=&accessToken=&apiVersion=
IP
20.239.17.84:8989
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://bb654995.com:8989/
Certificate
IssuerLet's Encrypt
Subjectbb654995.com
Fingerprint64:1C:ED:11:AE:F5:E9:DA:7F:DE:B7:7D:F5:28:07:5A:DB:13:53:35
ValiditySun, 14 Apr 2024 17:03:00 GMT - Sat, 13 Jul 2024 17:02:59 GMT

File type
JSON text data
Size
902 B (902 bytes)
Hash
2c5a3d02fe2b86c12c8445b834107286
a82fbe5a62e6e61ef6b9fd78b78ba4e9f28562fd
2fa87ff6d0c04a447dd5b82566385966c2e6a2d55fce00ee2c2c4a11cad08748

HTTP Headers

GET /index/getAppsUrl.html?device=android&fPixelId=&accessToken=&apiVersion= HTTP/1.1
Host: bb654995.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://bb654995.com:8989/
Cookie: sticket=RFdU9UQXVOREl1TVR
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-disposition: inline;filename=f.txt
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Fri, 03 May 2024 23:35:38 GMT
out-line: gb-cdn-167
set-cookie: route=29c626d4e884fe4301eb6b56b4d56981; Path=/
sub-sys: msite
uuid: 01359-01-00000000-1714779338e88b
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-length: 902
X-Firefox-Spdy: h2

bb654995.com:8989/index/getUserTimeZoneDate.html?t=lvrbcdq6

20.239.17.84

200 OK

100 B

URL GET HTTP/2
bb654995.com:8989/index/getUserTimeZoneDate.html?t=lvrbcdq6
IP
20.239.17.84:8989
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://bb654995.com:8989/
Certificate
IssuerLet's Encrypt
Subjectbb654995.com
Fingerprint64:1C:ED:11:AE:F5:E9:DA:7F:DE:B7:7D:F5:28:07:5A:DB:13:53:35
ValiditySun, 14 Apr 2024 17:03:00 GMT - Sat, 13 Jul 2024 17:02:59 GMT

File type
JSON text data
Size
100 B (100 bytes)
Hash
778f964434edfa4171d81dc0ccb775c6
a5a23add9fc351128c9f3995f050a5c98a518388
979184916ca11ad8c5cdabe44d7dc1d9f53cb178b8166140e3ba01bc24486fc8

HTTP Headers

GET /index/getUserTimeZoneDate.html?t=lvrbcdq6 HTTP/1.1
Host: bb654995.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://bb654995.com:8989/
Cookie: sticket=RFdU9UQXVOREl1TVR; route=29c626d4e884fe4301eb6b56b4d56981; __tins__21020807=%7B%22sid%22%3A%201714779338581%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201714781138581%7D; __51cke__=; __51laig__=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cachettl: 3
content-disposition: inline;filename=f.txt
content-encoding: br
content-type: text/html; charset=utf-8
date: Fri, 03 May 2024 23:35:38 GMT
out-line: gb-cdn-167
sub-sys: msite
uuid: 01359-01-00000000-1714779338ed56
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-length: 100
X-Firefox-Spdy: h2

bb654995.com:8989/headerInfo.html?t=lvrbcdxq

20.239.17.84

200 OK

117 B

URL GET HTTP/2
bb654995.com:8989/headerInfo.html?t=lvrbcdxq
IP
20.239.17.84:8989
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://bb654995.com:8989/
Certificate
IssuerLet's Encrypt
Subjectbb654995.com
Fingerprint64:1C:ED:11:AE:F5:E9:DA:7F:DE:B7:7D:F5:28:07:5A:DB:13:53:35
ValiditySun, 14 Apr 2024 17:03:00 GMT - Sat, 13 Jul 2024 17:02:59 GMT

File type
JSON text data
Size
117 B (117 bytes)
Hash
9341574380651dda0019344751f7f950
388bae3df68ef5fd074c3603c6b36cfed8afb93e
6ef914354d2c9a59717c256606cfbae35673910a1fad50e34c3f82c32d942967

HTTP Headers

GET /headerInfo.html?t=lvrbcdxq HTTP/1.1
Host: bb654995.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://bb654995.com:8989/
Cookie: sticket=RFdU9UQXVOREl1TVR; route=29c626d4e884fe4301eb6b56b4d56981; __tins__21020807=%7B%22sid%22%3A%201714779338581%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201714781138581%7D; __51cke__=; __51laig__=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-disposition: inline;filename=f.txt
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Fri, 03 May 2024 23:35:39 GMT
out-line: gb-cdn-167
sub-sys: msite
uuid: 01359-01-00000000-1714779339d8a6
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-length: 117
X-Firefox-Spdy: h2

bb654995.com:8989/mobile-api/v5/chess/getActivityMsg.html?function=sign

20.239.17.84

200 OK

104 B

URL GET HTTP/2
bb654995.com:8989/mobile-api/v5/chess/getActivityMsg.html?function=sign
IP
20.239.17.84:8989
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://bb654995.com:8989/
Certificate
IssuerLet's Encrypt
Subjectbb654995.com
Fingerprint64:1C:ED:11:AE:F5:E9:DA:7F:DE:B7:7D:F5:28:07:5A:DB:13:53:35
ValiditySun, 14 Apr 2024 17:03:00 GMT - Sat, 13 Jul 2024 17:02:59 GMT

File type
JSON text data
Size
104 B (104 bytes)
Hash
61d6e435e18e1e92ba599e851618d1ba
163826036880ee85449ea0e85757f67d6a1a8352
f503b97e4889c00a9fa0522c8b9ffb2f8dcfe6c4a1249340c0b0ab8e58240e04

HTTP Headers

GET /mobile-api/v5/chess/getActivityMsg.html?function=sign HTTP/1.1
Host: bb654995.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://bb654995.com:8989/
Cookie: sticket=RFdU9UQXVOREl1TVR; route=29c626d4e884fe4301eb6b56b4d56981; __tins__21020807=%7B%22sid%22%3A%201714779338581%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201714781138581%7D; __51cke__=; __51laig__=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
access-control-allow-headers: Content-Type,Access-Token,X-Requested-With
access-control-allow-methods: *
access-control-max-age: 3600
content-disposition: inline;filename=f.txt
content-encoding: br
content-type: text/html;charset=utf-8
date: Fri, 03 May 2024 23:35:39 GMT
out-line: gb-cdn-167
set-cookie: route=1bd47f3fb2de4e856ef59c7ef0cfd5c8; Path=/
sub-sys: mobile
uuid: 01359-01-00000000-17147793390e66
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-length: 104
X-Firefox-Spdy: h2

bb654995.com:8989/captcha/loginTop.html?t=lvrbce5f

20.239.17.84

200 OK

1.2 kB

URL GET HTTP/2
bb654995.com:8989/captcha/loginTop.html?t=lvrbce5f
IP
20.239.17.84:8989
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://bb654995.com:8989/
Certificate
IssuerLet's Encrypt
Subjectbb654995.com
Fingerprint64:1C:ED:11:AE:F5:E9:DA:7F:DE:B7:7D:F5:28:07:5A:DB:13:53:35
ValiditySun, 14 Apr 2024 17:03:00 GMT - Sat, 13 Jul 2024 17:02:59 GMT

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 120x40, components 3
Size
1.2 kB (1152 bytes)
Hash
148bf9e3d1b2b2d76d72b92d811eb369
4f3ca938ec4e8c1c4b671e3b998ea068e9083630
aca1fd45d55550c73822fb005083eab8bb3ee29af963a881920528cc7c5775a5

HTTP Headers

GET /captcha/loginTop.html?t=lvrbce5f HTTP/1.1
Host: bb654995.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bb654995.com:8989/
Cookie: sticket=RFdU9UQXVOREl1TVR; route=29c626d4e884fe4301eb6b56b4d56981; __tins__21020807=%7B%22sid%22%3A%201714779338581%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201714781138581%7D; __51cke__=; __51laig__=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Fri, 03 May 2024 23:35:39 GMT
expires: Thu, 01 Jan 1970 00:00:00 GMT
out-line: gb-cdn-167
pragma: no-cache
set-cookie: SID=Y71/gtc+IYuOC5AMCgAwCrhZNwKOMXsedPkU9+zTehix+p3602Er0XLvAclH7+aX5nxCfuXNTnkhkGmmnN4seXdiomEaG48rxOD6cTv4LvglIqNVTVE=; Domain=.bb654995.com; Path=/; HttpOnly
sub-sys: msite
tempsid: Y71/gtc+IYuOC5AMCgAwCrhZNwKOMXsedPkU9+zTehix+p3602Er0XLvAclH7+aX5nxCfuXNTnkhkGmmnN4seXdiomEaG48rxOD6cTv4LvglIqNVTVE=
uuid: 01359-01-00000000-1714779339492e
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-length: 1152
X-Firefox-Spdy: h2

bb654995.com:8989/mobile-api/v5/origin/loginSwitchCheck.html

20.239.17.84

200 OK

100 B

URL GET HTTP/2
bb654995.com:8989/mobile-api/v5/origin/loginSwitchCheck.html
IP
20.239.17.84:8989
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://bb654995.com:8989/
Certificate
IssuerLet's Encrypt
Subjectbb654995.com
Fingerprint64:1C:ED:11:AE:F5:E9:DA:7F:DE:B7:7D:F5:28:07:5A:DB:13:53:35
ValiditySun, 14 Apr 2024 17:03:00 GMT - Sat, 13 Jul 2024 17:02:59 GMT

File type
JSON text data
Size
100 B (100 bytes)
Hash
fd35a3411a4e42611886a9fe13bf3536
b600fd1c3a5d8ddb84fceaac27089c3134b514da
bf97accf9ae0af7dd79f1aaf9e4d0a08e079e88704a776c89f242480e9022865

HTTP Headers

GET /mobile-api/v5/origin/loginSwitchCheck.html HTTP/1.1
Host: bb654995.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://bb654995.com:8989/
Cookie: sticket=RFdU9UQXVOREl1TVR; route=29c626d4e884fe4301eb6b56b4d56981; __tins__21020807=%7B%22sid%22%3A%201714779338581%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201714781138581%7D; __51cke__=; __51laig__=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
access-control-allow-headers: Content-Type,Access-Token,X-Requested-With
access-control-allow-methods: *
access-control-max-age: 3600
content-disposition: inline;filename=f.txt
content-encoding: br
content-type: text/html;charset=utf-8
date: Fri, 03 May 2024 23:35:39 GMT
out-line: gb-cdn-167
set-cookie: route=181dd5ae39c7acd81ad5ca039c14a954; Path=/
sub-sys: mobile
uuid: 01359-01-00000000-171477933902e7
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-length: 100
X-Firefox-Spdy: h2

bb654995.com:8989/index/getUserTimeZoneDate.html?t=lvrbce8i

20.239.17.84

200 OK

99 B

URL GET HTTP/2
bb654995.com:8989/index/getUserTimeZoneDate.html?t=lvrbce8i
IP
20.239.17.84:8989
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://bb654995.com:8989/
Certificate
IssuerLet's Encrypt
Subjectbb654995.com
Fingerprint64:1C:ED:11:AE:F5:E9:DA:7F:DE:B7:7D:F5:28:07:5A:DB:13:53:35
ValiditySun, 14 Apr 2024 17:03:00 GMT - Sat, 13 Jul 2024 17:02:59 GMT

File type
JSON text data
Size
99 B (99 bytes)
Hash
a0e0fadb5b52f006821749c8554539fb
001ff7dc9d1af8e973c49a680a44cbb00adce9ce
d9f5b7dc064964725f8787a14b0407369d355cb02c8e1a204ab52dec21c556e0

HTTP Headers

GET /index/getUserTimeZoneDate.html?t=lvrbce8i HTTP/1.1
Host: bb654995.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://bb654995.com:8989/
Cookie: sticket=RFdU9UQXVOREl1TVR; route=29c626d4e884fe4301eb6b56b4d56981; __tins__21020807=%7B%22sid%22%3A%201714779338581%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201714781138581%7D; __51cke__=; __51laig__=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cachettl: 3
content-disposition: inline;filename=f.txt
content-encoding: br
content-type: text/html; charset=utf-8
date: Fri, 03 May 2024 23:35:39 GMT
out-line: gb-cdn-167
sub-sys: msite
uuid: 01359-01-00000000-1714779339f4c6
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-length: 99
X-Firefox-Spdy: h2

bb654995.com:8989/mobile-api/v5/origin/getThirdParam.html

20.239.17.84

200 OK

74 B

URL GET HTTP/2
bb654995.com:8989/mobile-api/v5/origin/getThirdParam.html
IP
20.239.17.84:8989
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://bb654995.com:8989/
Certificate
IssuerLet's Encrypt
Subjectbb654995.com
Fingerprint64:1C:ED:11:AE:F5:E9:DA:7F:DE:B7:7D:F5:28:07:5A:DB:13:53:35
ValiditySun, 14 Apr 2024 17:03:00 GMT - Sat, 13 Jul 2024 17:02:59 GMT

File type
JSON text data
Size
74 B (74 bytes)
Hash
fac6ab3260d2e6bc56c9325f53be686b
f2e37dee0780449943e4f1d04031531fa00a1bcd
3e2bbee2fbffb2a20ff47141ca28039a92b3ceddf964dc1d6f7a800a9e2fd6d9

HTTP Headers

GET /mobile-api/v5/origin/getThirdParam.html HTTP/1.1
Host: bb654995.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://bb654995.com:8989/
Cookie: sticket=RFdU9UQXVOREl1TVR; route=181dd5ae39c7acd81ad5ca039c14a954; __tins__21020807=%7B%22sid%22%3A%201714779338581%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201714781138581%7D; __51cke__=; __51laig__=1; SID=Y71/gtc+IYuOC5AMCgAwCrhZNwKOMXsedPkU9+zTehix+p3602Er0XLvAclH7+aX5nxCfuXNTnkhkGmmnN4seXdiomEaG48rxOD6cTv4LvglIqNVTVE=
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
access-control-allow-headers: Content-Type,Access-Token,X-Requested-With
access-control-allow-methods: *
access-control-max-age: 3600
content-disposition: inline;filename=f.txt
content-encoding: br
content-type: text/html;charset=utf-8
date: Fri, 03 May 2024 23:35:39 GMT
out-line: gb-cdn-167
sub-sys: mobile
uuid: 01359-01-00000000-17147793396918
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-length: 74
X-Firefox-Spdy: h2

4v2fdj.gaokejd.xyz/ftl/bet365-1359/images/logo.svg?wsSecret=ca1fc807fce122015b99a586dcbfd2c6&wsTime=1714779338

103.198.200.1

200 OK

3.0 kB

URL GET HTTP/1.1
4v2fdj.gaokejd.xyz/ftl/bet365-1359/images/logo.svg?wsSecret=ca1fc807fce122015b99a586dcbfd2c6&wsTime=1714779338
IP
103.198.200.1:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://bb654995.com:8989/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.gaokejd.xyz
Fingerprint0C:64:1D:5D:7A:1C:81:05:EF:CD:74:CC:64:84:BF:1B:CB:80:25:BA
ValidityThu, 30 Nov 2023 01:16:02 GMT - Fri, 29 Nov 2024 01:16:01 GMT

File type
SVG Scalable Vector Graphics image
Size
3.0 kB (3032 bytes)
Hash
de19000e3dff9d3a775668ae7e849a0f
a775c6cad039b8016263db1d9ac92379296ba174
e86e3afd834a8412cae16da4bbeb2b04eea33a3ab4d7508a26d3063157c76212

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/bet365-1359/images/logo.svg?wsSecret=ca1fc807fce122015b99a586dcbfd2c6&wsTime=1714779338 HTTP/1.1
Host: 4v2fdj.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bb654995.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/svg+xml
Content-Length: 3032
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-01
ETag: "613c72a8-bd8"
Date: Tue, 16 Apr 2024 10:33:20 GMT
Last-Modified: Sat, 11 Sep 2021 09:11:04 GMT
Expires: Thu, 16 May 2024 10:33:20 GMT
Age: 1515739
Cache-Control: max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-01, HIT from KS-CLOUD-XG-FOREIGN-21-04
X-Cdn-Request-ID: c1c7e62a18deedda93617b711cf6099a

4v2fdj.gaokejd.xyz/ftl/commonPage/themes/images/layer-dialog/gui-layer-close-bg.png

103.155.16.137

200 OK

1.3 kB

URL GET HTTP/1.1
4v2fdj.gaokejd.xyz/ftl/commonPage/themes/images/layer-dialog/gui-layer-close-bg.png
IP
103.155.16.137:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://bb654995.com:8989/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.gaokejd.xyz
Fingerprint0C:64:1D:5D:7A:1C:81:05:EF:CD:74:CC:64:84:BF:1B:CB:80:25:BA
ValidityThu, 30 Nov 2023 01:16:02 GMT - Fri, 29 Nov 2024 01:16:01 GMT

File type
PNG image data, 34 x 34, 8-bit/color RGBA, non-interlaced
Size
1.3 kB (1321 bytes)
Hash
a2e938202c0287b9c82461a6fd94dee9
b5e2adc7cb07c18a70a88af314e56b946ec1a1b6
df9ce20db277ad8302c704a73aff5024683a0d38aff0d3e7e884a67a24439936

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/commonPage/themes/images/layer-dialog/gui-layer-close-bg.png HTTP/1.1
Host: 4v2fdj.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://4v2fdj.gaokejd.xyz/ftl/commonPage/themes/gui-layer.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 1321
Connection: keep-alive
Server: Default-server-KS-CLOUD-XJP-12-04
ETag: "5d848f4f-529"
Date: Sat, 20 Apr 2024 04:19:07 GMT
Last-Modified: Fri, 20 Sep 2019 08:35:27 GMT
Expires: Mon, 20 May 2024 04:19:07 GMT
Age: 1192592
Cache-Control: max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xjp21:443;xjp12:80;
X-Cache-Status: HIT from KS-CLOUD-XJP-12-04, HIT from KS-CLOUD-XJP-FOREIGN-21-13
X-Cdn-Request-ID: f8078033193cda316c14ea40bb6b1733

4v2fdj.gaokejd.xyz/ftl/commonPage/themes/fonts/gui-fonts/gui.ttf

103.198.200.1

200 OK

422 kB

URL GET HTTP/1.1
4v2fdj.gaokejd.xyz/ftl/commonPage/themes/fonts/gui-fonts/gui.ttf
IP
103.198.200.1:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://bb654995.com:8989/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.gaokejd.xyz
Fingerprint0C:64:1D:5D:7A:1C:81:05:EF:CD:74:CC:64:84:BF:1B:CB:80:25:BA
ValidityThu, 30 Nov 2023 01:16:02 GMT - Fri, 29 Nov 2024 01:16:01 GMT

File type
TrueType Font data, 11 tables, 1st "OS/2", 14 names, Macintosh, type 1 string, icomoon
Size
422 kB (422364 bytes)
Hash
e107469ba07f37a8825e8bd660beade8
13eccefb6250f6e5bb149f835e88b55c44fa07f1
cad7e549ef2e5fda70e63870c4f0d9ca27fdbd2813e1229dd07bdbe271c615a1

HTTP Headers

GET /ftl/commonPage/themes/fonts/gui-fonts/gui.ttf HTTP/1.1
Host: 4v2fdj.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bb654995.com:8989
DNT: 1
Connection: keep-alive
Referer: https://4v2fdj.gaokejd.xyz/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/octet-stream
Content-Length: 422364
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-06
ETag: "661623eb-671dc"
Date: Tue, 16 Apr 2024 10:16:12 GMT
Last-Modified: Wed, 10 Apr 2024 05:30:19 GMT
Expires: Thu, 16 May 2024 10:16:12 GMT
Age: 1516766
Cache-Control: max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-06, HIT from KS-CLOUD-XG-FOREIGN-21-11
X-Cdn-Request-ID: bd24e106baeb04a4edebdb5f4a187ba0

4v2fdj.gaokejd.xyz/ftl/bet365-1359/themes/images/body-bg.gif?wsSecret=a930195fa7c65f564e427969188ee056&wsTime=1714779338

103.198.200.1

200 OK

758 B

URL GET HTTP/1.1
4v2fdj.gaokejd.xyz/ftl/bet365-1359/themes/images/body-bg.gif?wsSecret=a930195fa7c65f564e427969188ee056&wsTime=1714779338
IP
103.198.200.1:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://bb654995.com:8989/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.gaokejd.xyz
Fingerprint0C:64:1D:5D:7A:1C:81:05:EF:CD:74:CC:64:84:BF:1B:CB:80:25:BA
ValidityThu, 30 Nov 2023 01:16:02 GMT - Fri, 29 Nov 2024 01:16:01 GMT

File type
GIF image data, version 89a, 1 x 500
Size
758 B (758 bytes)
Hash
41a9eebb99ba7c3b2a905aaa45726923
abf17115c33bdea05313ce6bcebe3fe4d7da935a
f9b50670a93fcef81c4f838f7da60d397994bea07f83af0f51ae89d670f1189c

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/bet365-1359/themes/images/body-bg.gif?wsSecret=a930195fa7c65f564e427969188ee056&wsTime=1714779338 HTTP/1.1
Host: 4v2fdj.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bb654995.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/gif
Content-Length: 758
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-06
ETag: "613c72a8-2f6"
Date: Tue, 16 Apr 2024 10:36:36 GMT
Last-Modified: Sat, 11 Sep 2021 09:11:04 GMT
Expires: Thu, 16 May 2024 10:36:36 GMT
Age: 1515543
Cache-Control: max-age=86400
Accept-Ranges: bytes
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-06, HIT from KS-CLOUD-XG-FOREIGN-21-10
X-Cdn-Request-ID: 02a7e18a58946acd525c44f8f5952879

4v2fdj.gaokejd.xyz/ftl/bet365-1359/images/index-game.jpg?wsSecret=dacf711810148a135952163fac5f016b&wsTime=1714779338

103.155.16.137

200 OK

32 kB

URL GET HTTP/1.1
4v2fdj.gaokejd.xyz/ftl/bet365-1359/images/index-game.jpg?wsSecret=dacf711810148a135952163fac5f016b&wsTime=1714779338
IP
103.155.16.137:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://bb654995.com:8989/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.gaokejd.xyz
Fingerprint0C:64:1D:5D:7A:1C:81:05:EF:CD:74:CC:64:84:BF:1B:CB:80:25:BA
ValidityThu, 30 Nov 2023 01:16:02 GMT - Fri, 29 Nov 2024 01:16:01 GMT

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=81, bps=0, PhotometricInterpretation=RGB, orientation=upper-left, width=271], progressive, precision 8, 270x81, components 3
Size
32 kB (32135 bytes)
Hash
3952e090ab928f5bc36747b275645f3c
37d155d25da1ece2eaa2adc5de9bccb2a524985b
dbddab3a290b16fc7b43e0a1093ffdec6a2ff91c104f9eff21df181a5336118c

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/bet365-1359/images/index-game.jpg?wsSecret=dacf711810148a135952163fac5f016b&wsTime=1714779338 HTTP/1.1
Host: 4v2fdj.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bb654995.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 32135
Connection: keep-alive
Server: Default-server-KS-CLOUD-XJP-FOREIGN-12-06
ETag: "613c72a8-7d87"
Date: Sat, 20 Apr 2024 04:19:07 GMT
Last-Modified: Sat, 11 Sep 2021 09:11:04 GMT
Expires: Mon, 20 May 2024 04:19:07 GMT
Age: 1192592
Cache-Control: max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xjp21:443;xjp12:80;
X-Cache-Status: HIT from KS-CLOUD-XJP-FOREIGN-12-06, HIT from KS-CLOUD-XJP-FOREIGN-21-21
X-Cdn-Request-ID: 668d879e273530bcdbbc504802fbde1c

4v2fdj.gaokejd.xyz/ftl/bet365-1359/images/index-chess.jpg?wsSecret=122662d4b6676a4ffcd39d66e35a9b33&wsTime=1714779338

103.198.200.1

200 OK

12 kB

URL GET HTTP/1.1
4v2fdj.gaokejd.xyz/ftl/bet365-1359/images/index-chess.jpg?wsSecret=122662d4b6676a4ffcd39d66e35a9b33&wsTime=1714779338
IP
103.198.200.1:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://bb654995.com:8989/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.gaokejd.xyz
Fingerprint0C:64:1D:5D:7A:1C:81:05:EF:CD:74:CC:64:84:BF:1B:CB:80:25:BA
ValidityThu, 30 Nov 2023 01:16:02 GMT - Fri, 29 Nov 2024 01:16:01 GMT

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 270x81, components 3
Size
12 kB (11922 bytes)
Hash
ed93aae29ca896964a86103b00f80f99
1880c553dc77b4effbb5d28ad72f93de1e550ec5
496f6b90ab41e0578054f60089032a0483247165dce969a83d70f4842496608a

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/bet365-1359/images/index-chess.jpg?wsSecret=122662d4b6676a4ffcd39d66e35a9b33&wsTime=1714779338 HTTP/1.1
Host: 4v2fdj.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bb654995.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 11922
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-01
ETag: "613c72a8-2e92"
Date: Tue, 16 Apr 2024 10:36:35 GMT
Last-Modified: Sat, 11 Sep 2021 09:11:04 GMT
Expires: Thu, 16 May 2024 10:36:35 GMT
Age: 1515544
Cache-Control: max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-01, HIT from KS-CLOUD-XG-FOREIGN-21-06
X-Cdn-Request-ID: 8eeb2b6fb64bb006dcebcc8003bb5e20

4v2fdj.gaokejd.xyz/ftl/bet365-1359/themes/images/sec-nav-bg-grad.gif?wsSecret=051c7bb71555d8f8208653e650881cec&wsTime=1714779338

103.155.16.137

200 OK

376 B

URL GET HTTP/1.1
4v2fdj.gaokejd.xyz/ftl/bet365-1359/themes/images/sec-nav-bg-grad.gif?wsSecret=051c7bb71555d8f8208653e650881cec&wsTime=1714779338
IP
103.155.16.137:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://bb654995.com:8989/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.gaokejd.xyz
Fingerprint0C:64:1D:5D:7A:1C:81:05:EF:CD:74:CC:64:84:BF:1B:CB:80:25:BA
ValidityThu, 30 Nov 2023 01:16:02 GMT - Fri, 29 Nov 2024 01:16:01 GMT

File type
GIF image data, version 89a, 1 x 594
Size
376 B (376 bytes)
Hash
355b2cb853d78ae262c093065eaa6e70
3e8d2a456204e635cfe5bd959cff47faf63023fc
cd58d657e3d79583a5722257d8770e3b5f620f1d58e392f1d9460cc89ac485fa

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/bet365-1359/themes/images/sec-nav-bg-grad.gif?wsSecret=051c7bb71555d8f8208653e650881cec&wsTime=1714779338 HTTP/1.1
Host: 4v2fdj.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bb654995.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/gif
Content-Length: 376
Connection: keep-alive
Server: Default-server-KS-CLOUD-XJP-FOREIGN-12-06
ETag: "613c72a8-178"
Date: Sat, 20 Apr 2024 04:19:07 GMT
Last-Modified: Sat, 11 Sep 2021 09:11:04 GMT
Expires: Mon, 20 May 2024 04:19:07 GMT
Age: 1192592
Cache-Control: max-age=86400
Accept-Ranges: bytes
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xjp21:443;xjp12:80;
X-Cache-Status: HIT from KS-CLOUD-XJP-FOREIGN-12-06, HIT from KS-CLOUD-XJP-FOREIGN-21-03
X-Cdn-Request-ID: e743a03f81bcb7cb634c2537d2635843

4v2fdj.gaokejd.xyz/ftl/bet365-1359/themes/images/sports-infos-bg.png?wsSecret=1a8513a629794800349cb33b41d4698e&wsTime=1714779338

103.155.16.137

200 OK

4.3 kB

URL GET HTTP/1.1
4v2fdj.gaokejd.xyz/ftl/bet365-1359/themes/images/sports-infos-bg.png?wsSecret=1a8513a629794800349cb33b41d4698e&wsTime=1714779338
IP
103.155.16.137:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://bb654995.com:8989/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.gaokejd.xyz
Fingerprint0C:64:1D:5D:7A:1C:81:05:EF:CD:74:CC:64:84:BF:1B:CB:80:25:BA
ValidityThu, 30 Nov 2023 01:16:02 GMT - Fri, 29 Nov 2024 01:16:01 GMT

File type
PNG image data, 414 x 204, 8-bit/color RGB, non-interlaced
Size
4.3 kB (4311 bytes)
Hash
69957649d4c70d7b7cc0c1aa434c462f
9070128b8ee6a699818e5deb33c926581d5b0b6f
6cff75537c35a2a855cafaf1d2d45767867dbc28774da40ed8c4fd4f4f74a813

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/bet365-1359/themes/images/sports-infos-bg.png?wsSecret=1a8513a629794800349cb33b41d4698e&wsTime=1714779338 HTTP/1.1
Host: 4v2fdj.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bb654995.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 4311
Connection: keep-alive
Server: Default-server-KS-CLOUD-XJP-FOREIGN-12-01
ETag: "613c72a8-10d7"
Date: Sat, 20 Apr 2024 04:19:07 GMT
Last-Modified: Sat, 11 Sep 2021 09:11:04 GMT
Expires: Mon, 20 May 2024 04:19:07 GMT
Age: 1192592
Cache-Control: max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xjp21:443;xjp12:80;
X-Cache-Status: HIT from KS-CLOUD-XJP-FOREIGN-12-01, HIT from KS-CLOUD-XJP-FOREIGN-21-16
X-Cdn-Request-ID: 51db6b6f8893152071bbdd13e477ef58

4v2fdj.gaokejd.xyz/ftl/bet365-1359/themes/images/play.png?wsSecret=c81b7fb57ab544159f5d4ab5225aeaa4&wsTime=1714779338

103.155.16.137

200 OK

260 B

URL GET HTTP/1.1
4v2fdj.gaokejd.xyz/ftl/bet365-1359/themes/images/play.png?wsSecret=c81b7fb57ab544159f5d4ab5225aeaa4&wsTime=1714779338
IP
103.155.16.137:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://bb654995.com:8989/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.gaokejd.xyz
Fingerprint0C:64:1D:5D:7A:1C:81:05:EF:CD:74:CC:64:84:BF:1B:CB:80:25:BA
ValidityThu, 30 Nov 2023 01:16:02 GMT - Fri, 29 Nov 2024 01:16:01 GMT

File type
PNG image data, 10 x 14, 8-bit colormap, non-interlaced
Size
260 B (260 bytes)
Hash
e602938a99acc154421381f39d5652d8
e12cb203b3e61b0cae31ad5cb3241555caba6c10
73500ead881aa273814d982b0a0e78dc29ebf04f37b5932667785f6f7c45a664

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/bet365-1359/themes/images/play.png?wsSecret=c81b7fb57ab544159f5d4ab5225aeaa4&wsTime=1714779338 HTTP/1.1
Host: 4v2fdj.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bb654995.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 260
Connection: keep-alive
Server: Default-server-KS-CLOUD-XJP-FOREIGN-12-01
ETag: "617a3a4e-104"
Date: Sat, 20 Apr 2024 04:19:07 GMT
Last-Modified: Thu, 28 Oct 2021 05:51:10 GMT
Expires: Mon, 20 May 2024 04:19:07 GMT
Age: 1192592
Cache-Control: max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xjp21:443;xjp12:80;
X-Cache-Status: HIT from KS-CLOUD-XJP-FOREIGN-12-01, HIT from KS-CLOUD-XJP-FOREIGN-21-13
X-Cdn-Request-ID: a477c6a1b38ea3c074dfc390ce21313f

4v2fdj.gaokejd.xyz/ftl/bet365-1359/themes/images/bg-products.gif?wsSecret=ee841d03d9d62618b4824403ca4affb8&wsTime=1714779338

103.155.16.137

200 OK

21 kB

URL GET HTTP/1.1
4v2fdj.gaokejd.xyz/ftl/bet365-1359/themes/images/bg-products.gif?wsSecret=ee841d03d9d62618b4824403ca4affb8&wsTime=1714779338
IP
103.155.16.137:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://bb654995.com:8989/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.gaokejd.xyz
Fingerprint0C:64:1D:5D:7A:1C:81:05:EF:CD:74:CC:64:84:BF:1B:CB:80:25:BA
ValidityThu, 30 Nov 2023 01:16:02 GMT - Fri, 29 Nov 2024 01:16:01 GMT

File type
GIF image data, version 89a, 271 x 302
Size
21 kB (21028 bytes)
Hash
e6c33fd46eacf329da3565adb295287a
79b107df875842fd4e22809f21b60c322d128cce
1694db51d04b5d207f7bc4ca11a7fcd2ca171b2f4c2c2b12d1c75e5cb3dbe20f

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/bet365-1359/themes/images/bg-products.gif?wsSecret=ee841d03d9d62618b4824403ca4affb8&wsTime=1714779338 HTTP/1.1
Host: 4v2fdj.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bb654995.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/gif
Content-Length: 21028
Connection: keep-alive
Server: Default-server-KS-CLOUD-XJP-FOREIGN-12-05
ETag: "613c72a8-5224"
Date: Sat, 20 Apr 2024 04:19:08 GMT
Last-Modified: Sat, 11 Sep 2021 09:11:04 GMT
Expires: Mon, 20 May 2024 04:19:08 GMT
Age: 1192590
Cache-Control: max-age=86400
Accept-Ranges: bytes
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xjp21:443;xjp12:80;
X-Cache-Status: HIT from KS-CLOUD-XJP-FOREIGN-12-05, HIT from KS-CLOUD-XJP-FOREIGN-21-04
X-Cdn-Request-ID: a35023c05251aa952ded48c01f3ea293

4v2fdj.gaokejd.xyz/ftl/bet365-1359/images/index-casino.jpg?wsSecret=ff7155c3985957373de0a39254dd2e55&wsTime=1714779338

103.198.200.1

200 OK

39 kB

URL GET HTTP/1.1
4v2fdj.gaokejd.xyz/ftl/bet365-1359/images/index-casino.jpg?wsSecret=ff7155c3985957373de0a39254dd2e55&wsTime=1714779338
IP
103.198.200.1:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://bb654995.com:8989/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.gaokejd.xyz
Fingerprint0C:64:1D:5D:7A:1C:81:05:EF:CD:74:CC:64:84:BF:1B:CB:80:25:BA
ValidityThu, 30 Nov 2023 01:16:02 GMT - Fri, 29 Nov 2024 01:16:01 GMT

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=81, bps=0, PhotometricInterpretation=RGB, orientation=upper-left, width=271], baseline, precision 8, 270x81, components 3
Size
39 kB (39271 bytes)
Hash
abf180088cd18dbb8b8a87e947aa4285
b511424b6a88d4faf129e526340ac617caaeb11a
b136864ffef1cf1bca9a4106031e7f247fb62bb717db1a495c96c7d8b5b77da3

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/bet365-1359/images/index-casino.jpg?wsSecret=ff7155c3985957373de0a39254dd2e55&wsTime=1714779338 HTTP/1.1
Host: 4v2fdj.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bb654995.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 39271
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-02
ETag: "613c72a8-9967"
Date: Tue, 16 Apr 2024 10:36:36 GMT
Last-Modified: Sat, 11 Sep 2021 09:11:04 GMT
Expires: Thu, 16 May 2024 10:36:36 GMT
Age: 1515543
Cache-Control: max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-02, HIT from KS-CLOUD-XG-FOREIGN-21-04
X-Cdn-Request-ID: 81411efc9e224c92b3d0c76d36be475e

4v2fdj.gaokejd.xyz/fserver/files/gb/1359/carousel/10023/1705221072695.jpg?wsSecret=0e0d1242324bdbd07ac7a8729f02ac3f&wsTime=1714779338

103.198.200.1

200 OK

202 kB

URL GET HTTP/1.1
4v2fdj.gaokejd.xyz/fserver/files/gb/1359/carousel/10023/1705221072695.jpg?wsSecret=0e0d1242324bdbd07ac7a8729f02ac3f&wsTime=1714779338
IP
103.198.200.1:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://bb654995.com:8989/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.gaokejd.xyz
Fingerprint0C:64:1D:5D:7A:1C:81:05:EF:CD:74:CC:64:84:BF:1B:CB:80:25:BA
ValidityThu, 30 Nov 2023 01:16:02 GMT - Fri, 29 Nov 2024 01:16:01 GMT

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 850x214, components 3
Size
202 kB (202178 bytes)
Hash
bcb73934186e54a4b3460679802eef78
142ce5339eccb058ee6245bf98f6932256c72527
69181e307e1c09dc196189af31c586d806d750f570f3deeb3a16e731021b3017

HTTP Headers

GET /fserver/files/gb/1359/carousel/10023/1705221072695.jpg?wsSecret=0e0d1242324bdbd07ac7a8729f02ac3f&wsTime=1714779338 HTTP/1.1
Host: 4v2fdj.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bb654995.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 202178
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-01
ETag: "65a39bd0-315c2"
Date: Sat, 13 Apr 2024 09:26:25 GMT
Last-Modified: Sun, 14 Jan 2024 08:31:12 GMT
Expires: Mon, 13 May 2024 09:26:25 GMT
Age: 1778954
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xg21:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-01, HIT from KS-CLOUD-XG-FOREIGN-21-02
X-Cdn-Request-ID: 708061e80fd9b28f36b1ddb791a37d09

4v2fdj.gaokejd.xyz/ftl/bet365-1359/themes/images/rdao-l-title.png?wsSecret=3486bd0c946e693d8d328b81db01e3c8&wsTime=1714779338

103.155.16.137

200 OK

14 kB

URL GET HTTP/1.1
4v2fdj.gaokejd.xyz/ftl/bet365-1359/themes/images/rdao-l-title.png?wsSecret=3486bd0c946e693d8d328b81db01e3c8&wsTime=1714779338
IP
103.155.16.137:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://bb654995.com:8989/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.gaokejd.xyz
Fingerprint0C:64:1D:5D:7A:1C:81:05:EF:CD:74:CC:64:84:BF:1B:CB:80:25:BA
ValidityThu, 30 Nov 2023 01:16:02 GMT - Fri, 29 Nov 2024 01:16:01 GMT

File type
PNG image data, 50 x 247, 8-bit/color RGBA, non-interlaced
Size
14 kB (14017 bytes)
Hash
a9bc5bbecc55ef7980fc3cfd6c338657
7bddde2e742e74809dd2462c9e12f5748f4f22e6
968753c19b6dcbfd000fdfc85ab7a54aea63164a51f993583683e7eb6ec7a82b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/bet365-1359/themes/images/rdao-l-title.png?wsSecret=3486bd0c946e693d8d328b81db01e3c8&wsTime=1714779338 HTTP/1.1
Host: 4v2fdj.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bb654995.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 14017
Connection: keep-alive
Server: Default-server-KS-CLOUD-XJP-12-04
ETag: "613c72a8-36c1"
Date: Sat, 20 Apr 2024 04:19:06 GMT
Last-Modified: Sat, 11 Sep 2021 09:11:04 GMT
Expires: Mon, 20 May 2024 04:19:06 GMT
Age: 1192593
Cache-Control: max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xjp21:443;xjp12:80;
X-Cache-Status: HIT from KS-CLOUD-XJP-12-04, HIT from KS-CLOUD-XJP-FOREIGN-21-13
X-Cdn-Request-ID: e7d9961823d6701d5b06644afff0596b

4v2fdj.gaokejd.xyz/ftl/bet365-1359/themes/images/rdaobg.png?wsSecret=3e6836ee84b524859f1541a96bc5ec7e&wsTime=1714779338

103.155.16.137

200 OK

23 kB

URL GET HTTP/1.1
4v2fdj.gaokejd.xyz/ftl/bet365-1359/themes/images/rdaobg.png?wsSecret=3e6836ee84b524859f1541a96bc5ec7e&wsTime=1714779338
IP
103.155.16.137:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://bb654995.com:8989/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.gaokejd.xyz
Fingerprint0C:64:1D:5D:7A:1C:81:05:EF:CD:74:CC:64:84:BF:1B:CB:80:25:BA
ValidityThu, 30 Nov 2023 01:16:02 GMT - Fri, 29 Nov 2024 01:16:01 GMT

File type
PNG image data, 175 x 369, 8-bit/color RGBA, interlaced
Size
23 kB (23052 bytes)
Hash
f27cb3aa610d5d073308ee4066a3a726
62504a85e14b7ec505899645378a9abf9f3f6954
0e2e11002eb67d3b6eec134eecfec90b787ed55a128b7e5adc159da22b2a252f

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/bet365-1359/themes/images/rdaobg.png?wsSecret=3e6836ee84b524859f1541a96bc5ec7e&wsTime=1714779338 HTTP/1.1
Host: 4v2fdj.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bb654995.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 23052
Connection: keep-alive
Server: Default-server-KS-CLOUD-XJP-12-02
ETag: "613c72a8-5a0c"
Date: Sat, 20 Apr 2024 04:19:07 GMT
Last-Modified: Sat, 11 Sep 2021 09:11:04 GMT
Expires: Mon, 20 May 2024 04:19:07 GMT
Age: 1192592
Cache-Control: max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xjp21:443;xjp12:80;
X-Cache-Status: HIT from KS-CLOUD-XJP-12-02, HIT from KS-CLOUD-XJP-FOREIGN-21-05
X-Cdn-Request-ID: 7c58276f95f657552a5f645394dfdf04

4v2fdj.gaokejd.xyz/ftl/bet365-1359/themes/images/rdao-r-title.png?wsSecret=52e7f968c48a5335c820c71c6bed64d0&wsTime=1714779338

103.155.16.137

200 OK

12 kB

URL GET HTTP/1.1
4v2fdj.gaokejd.xyz/ftl/bet365-1359/themes/images/rdao-r-title.png?wsSecret=52e7f968c48a5335c820c71c6bed64d0&wsTime=1714779338
IP
103.155.16.137:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://bb654995.com:8989/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.gaokejd.xyz
Fingerprint0C:64:1D:5D:7A:1C:81:05:EF:CD:74:CC:64:84:BF:1B:CB:80:25:BA
ValidityThu, 30 Nov 2023 01:16:02 GMT - Fri, 29 Nov 2024 01:16:01 GMT

File type
PNG image data, 50 x 247, 8-bit/color RGBA, non-interlaced
Size
12 kB (11961 bytes)
Hash
d19d26603d7bc87f4ba30563933485fa
0c7b22b5556d0c46b38beca88746d56328c130a3
cb9ffb5ca1354d23da49d7a184c1ad12cce4013edb703bbf7e7c719484e0d82d

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/bet365-1359/themes/images/rdao-r-title.png?wsSecret=52e7f968c48a5335c820c71c6bed64d0&wsTime=1714779338 HTTP/1.1
Host: 4v2fdj.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bb654995.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 11961
Connection: keep-alive
Server: Default-server-KS-CLOUD-XJP-12-07
ETag: "613c72a8-2eb9"
Date: Sat, 20 Apr 2024 04:19:07 GMT
Last-Modified: Sat, 11 Sep 2021 09:11:04 GMT
Expires: Mon, 20 May 2024 04:19:07 GMT
Age: 1192592
Cache-Control: max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xjp21:443;xjp12:80;
X-Cache-Status: HIT from KS-CLOUD-XJP-12-07, HIT from KS-CLOUD-XJP-FOREIGN-21-08
X-Cdn-Request-ID: 4ecb409dfdccbae38f04926f30cf8baa

4v2fdj.gaokejd.xyz/ftl/bet365-1359/themes/images/rdao-l-1.png?wsSecret=1ec64f300f682595e3331a5428c70073&wsTime=1714779338

103.198.200.1

200 OK

9.4 kB

URL GET HTTP/1.1
4v2fdj.gaokejd.xyz/ftl/bet365-1359/themes/images/rdao-l-1.png?wsSecret=1ec64f300f682595e3331a5428c70073&wsTime=1714779338
IP
103.198.200.1:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://bb654995.com:8989/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.gaokejd.xyz
Fingerprint0C:64:1D:5D:7A:1C:81:05:EF:CD:74:CC:64:84:BF:1B:CB:80:25:BA
ValidityThu, 30 Nov 2023 01:16:02 GMT - Fri, 29 Nov 2024 01:16:01 GMT

File type
PNG image data, 147 x 51, 8-bit/color RGB, non-interlaced
Size
9.4 kB (9427 bytes)
Hash
f3427cdef3e73f6a410bb3caaa15e5bf
87aee39268e60a3f9bef90e3629213e00c4ca3b1
9c8946d53d9bd3e9057491cc4e9ec38d1e0c06a15a8d350f9ee15738afc45b19

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/bet365-1359/themes/images/rdao-l-1.png?wsSecret=1ec64f300f682595e3331a5428c70073&wsTime=1714779338 HTTP/1.1
Host: 4v2fdj.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bb654995.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 9427
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-02
ETag: "613c72a8-24d3"
Date: Tue, 16 Apr 2024 10:36:37 GMT
Last-Modified: Sat, 11 Sep 2021 09:11:04 GMT
Expires: Thu, 16 May 2024 10:36:37 GMT
Age: 1515543
Cache-Control: max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-02, HIT from KS-CLOUD-XG-FOREIGN-21-11
X-Cdn-Request-ID: 60f19e8716e50e11bf2efeebdb374141

4v2fdj.gaokejd.xyz/ftl/bet365-1359/themes/images/rdao-l-2.png?wsSecret=5ea9b1a2d459922dac50861b6a7abae3&wsTime=1714779338

103.198.200.1

200 OK

13 kB

URL GET HTTP/1.1
4v2fdj.gaokejd.xyz/ftl/bet365-1359/themes/images/rdao-l-2.png?wsSecret=5ea9b1a2d459922dac50861b6a7abae3&wsTime=1714779338
IP
103.198.200.1:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://bb654995.com:8989/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.gaokejd.xyz
Fingerprint0C:64:1D:5D:7A:1C:81:05:EF:CD:74:CC:64:84:BF:1B:CB:80:25:BA
ValidityThu, 30 Nov 2023 01:16:02 GMT - Fri, 29 Nov 2024 01:16:01 GMT

File type
PNG image data, 147 x 57, 8-bit/color RGB, non-interlaced
Size
13 kB (13091 bytes)
Hash
75441b34f2b090890fb8271d36703609
9e2ecd7b86efc2ec2dd1a899344d7bb2e0a733f3
04fe7cf05d017591f89db653cd7b0326f1c4d81d578529c50791343d460169f1

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/bet365-1359/themes/images/rdao-l-2.png?wsSecret=5ea9b1a2d459922dac50861b6a7abae3&wsTime=1714779338 HTTP/1.1
Host: 4v2fdj.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bb654995.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 13091
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-03
ETag: "613c72a8-3323"
Date: Tue, 16 Apr 2024 10:36:36 GMT
Last-Modified: Sat, 11 Sep 2021 09:11:04 GMT
Expires: Thu, 16 May 2024 10:36:36 GMT
Age: 1515544
Cache-Control: max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-03, HIT from KS-CLOUD-XG-FOREIGN-21-09
X-Cdn-Request-ID: 4755259eedde2921f2dda05f88563775

4v2fdj.gaokejd.xyz/ftl/bet365-1359/themes/images/rdao-l-3.png?wsSecret=35563132375a7708eb3fa06f9b4b2bee&wsTime=1714779338

103.155.16.137

200 OK

13 kB

URL GET HTTP/1.1
4v2fdj.gaokejd.xyz/ftl/bet365-1359/themes/images/rdao-l-3.png?wsSecret=35563132375a7708eb3fa06f9b4b2bee&wsTime=1714779338
IP
103.155.16.137:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://bb654995.com:8989/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.gaokejd.xyz
Fingerprint0C:64:1D:5D:7A:1C:81:05:EF:CD:74:CC:64:84:BF:1B:CB:80:25:BA
ValidityThu, 30 Nov 2023 01:16:02 GMT - Fri, 29 Nov 2024 01:16:01 GMT

File type
PNG image data, 147 x 57, 8-bit/color RGB, non-interlaced
Size
13 kB (12576 bytes)
Hash
2d59ff3b03c35665687729fb98ed5478
c4c4b17fbfb5849c5c95f063b87b6bf322a1b5ea
32f2a358d3f2a798ddf394ac652c3998349c366dd467df5234071c0548398770

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/bet365-1359/themes/images/rdao-l-3.png?wsSecret=35563132375a7708eb3fa06f9b4b2bee&wsTime=1714779338 HTTP/1.1
Host: 4v2fdj.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bb654995.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 12576
Connection: keep-alive
Server: Default-server-KS-CLOUD-XJP-FOREIGN-12-06
ETag: "613c72a8-3120"
Date: Sat, 20 Apr 2024 04:19:07 GMT
Last-Modified: Sat, 11 Sep 2021 09:11:04 GMT
Expires: Mon, 20 May 2024 04:19:07 GMT
Age: 1192593
Cache-Control: max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xjp21:443;xjp12:80;
X-Cache-Status: HIT from KS-CLOUD-XJP-FOREIGN-12-06, HIT from KS-CLOUD-XJP-FOREIGN-21-21
X-Cdn-Request-ID: a34a2183770eb1680dc774af18addd90

4v2fdj.gaokejd.xyz/ftl/bet365-1359/themes/images/rdao-l-4.png?wsSecret=2c679afeeccbaaea5db73fbded85bf6e&wsTime=1714779338

103.155.16.137

200 OK

14 kB

URL GET HTTP/1.1
4v2fdj.gaokejd.xyz/ftl/bet365-1359/themes/images/rdao-l-4.png?wsSecret=2c679afeeccbaaea5db73fbded85bf6e&wsTime=1714779338
IP
103.155.16.137:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://bb654995.com:8989/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.gaokejd.xyz
Fingerprint0C:64:1D:5D:7A:1C:81:05:EF:CD:74:CC:64:84:BF:1B:CB:80:25:BA
ValidityThu, 30 Nov 2023 01:16:02 GMT - Fri, 29 Nov 2024 01:16:01 GMT

File type
PNG image data, 147 x 70, 8-bit/color RGB, non-interlaced
Size
14 kB (14157 bytes)
Hash
408a47dbec9333221ee9937cf6513a0c
b87f2425f70c7d0f8af2c41a0d3db5b4ef96a146
a359740e674cfee1c6697c6cf4b6e1cc86de89d856d5601652aa5ce7c4b48203

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/bet365-1359/themes/images/rdao-l-4.png?wsSecret=2c679afeeccbaaea5db73fbded85bf6e&wsTime=1714779338 HTTP/1.1
Host: 4v2fdj.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bb654995.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 14157
Connection: keep-alive
Server: Default-server-KS-CLOUD-XJP-FOREIGN-12-01
ETag: "613c72a8-374d"
Date: Sat, 20 Apr 2024 04:19:09 GMT
Last-Modified: Sat, 11 Sep 2021 09:11:04 GMT
Expires: Mon, 20 May 2024 04:19:09 GMT
Age: 1192590
Cache-Control: max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xjp21:443;xjp12:80;
X-Cache-Status: HIT from KS-CLOUD-XJP-FOREIGN-12-01, HIT from KS-CLOUD-XJP-FOREIGN-21-06
X-Cdn-Request-ID: 102ff8f95f667aaad9c5e717b9eb6bcf

4v2fdj.gaokejd.xyz/ftl/bet365-1359/themes/images/rdao-r-1.png?wsSecret=7d77dc384998de036333cac8878c946a&wsTime=1714779338

103.155.16.137

200 OK

12 kB

URL GET HTTP/1.1
4v2fdj.gaokejd.xyz/ftl/bet365-1359/themes/images/rdao-r-1.png?wsSecret=7d77dc384998de036333cac8878c946a&wsTime=1714779338
IP
103.155.16.137:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://bb654995.com:8989/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.gaokejd.xyz
Fingerprint0C:64:1D:5D:7A:1C:81:05:EF:CD:74:CC:64:84:BF:1B:CB:80:25:BA
ValidityThu, 30 Nov 2023 01:16:02 GMT - Fri, 29 Nov 2024 01:16:01 GMT

File type
PNG image data, 147 x 57, 8-bit/color RGB, non-interlaced
Size
12 kB (12290 bytes)
Hash
e2385d2a0d7c043e90ec1e1e3bf6a1e4
1be4ba4215520c1e884c27991984e185e2848283
c578480a5ddbede9c417bd3e3a85d752b13d61e4e8127e4d1868b708807b562e

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/bet365-1359/themes/images/rdao-r-1.png?wsSecret=7d77dc384998de036333cac8878c946a&wsTime=1714779338 HTTP/1.1
Host: 4v2fdj.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bb654995.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 12290
Connection: keep-alive
Server: Default-server-KS-CLOUD-XJP-12-07
ETag: "613c72a8-3002"
Date: Sat, 20 Apr 2024 04:19:07 GMT
Last-Modified: Sat, 11 Sep 2021 09:11:04 GMT
Expires: Mon, 20 May 2024 04:19:07 GMT
Age: 1192593
Cache-Control: max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-206
x-link-via: xjp21:443;xjp12:80;
X-Cache-Status: HIT from KS-CLOUD-XJP-12-07, HIT from KS-CLOUD-XJP-FOREIGN-21-16
X-Cdn-Request-ID: ed5fd36423c03478b0f038ba219101a6

4v2fdj.gaokejd.xyz/fserver/files/gb/1359/carousel/10025/1706849124013.jpg?wsSecret=887268f280920017b53c76c62f93aa8e&wsTime=1714779338

103.198.200.1

200 OK

312 kB

URL GET HTTP/1.1
4v2fdj.gaokejd.xyz/fserver/files/gb/1359/carousel/10025/1706849124013.jpg?wsSecret=887268f280920017b53c76c62f93aa8e&wsTime=1714779338
IP
103.198.200.1:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://bb654995.com:8989/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.gaokejd.xyz
Fingerprint0C:64:1D:5D:7A:1C:81:05:EF:CD:74:CC:64:84:BF:1B:CB:80:25:BA
ValidityThu, 30 Nov 2023 01:16:02 GMT - Fri, 29 Nov 2024 01:16:01 GMT

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=12, height=540, bps=158, PhotometricInterpretation=RGB, orientation=upper-left, width=700], progressive, precision 8, 700x460, components 3
Size
312 kB (312341 bytes)
Hash
dd23d4dc26253573190c276dc00fcfec
b83403d7c2d3f50b58f180f95f37a572122db713
8f4185d3d535b9a1c214e369e6e4bed31db580d5b9abf81383722210d2a64a6d

HTTP Headers

GET /fserver/files/gb/1359/carousel/10025/1706849124013.jpg?wsSecret=887268f280920017b53c76c62f93aa8e&wsTime=1714779338 HTTP/1.1
Host: 4v2fdj.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bb654995.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 312341
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-01
ETag: "65bc7364-4c415"
Date: Thu, 02 May 2024 06:25:08 GMT
Last-Modified: Fri, 02 Feb 2024 04:45:24 GMT
Expires: Sat, 01 Jun 2024 06:25:08 GMT
Age: 148230
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-01, HIT from KS-CLOUD-XG-FOREIGN-21-08
X-Cdn-Request-ID: 7b0ab61afe899b375e2a730ed3821e62

4v2fdj.gaokejd.xyz/ftl/bet365-1359/themes/images/rdao-r-2.png?wsSecret=dd6f53fa529bdb56539defd9d5190464&wsTime=1714779338

103.198.200.1

200 OK

12 kB

URL GET HTTP/1.1
4v2fdj.gaokejd.xyz/ftl/bet365-1359/themes/images/rdao-r-2.png?wsSecret=dd6f53fa529bdb56539defd9d5190464&wsTime=1714779338
IP
103.198.200.1:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://bb654995.com:8989/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.gaokejd.xyz
Fingerprint0C:64:1D:5D:7A:1C:81:05:EF:CD:74:CC:64:84:BF:1B:CB:80:25:BA
ValidityThu, 30 Nov 2023 01:16:02 GMT - Fri, 29 Nov 2024 01:16:01 GMT

File type
PNG image data, 147 x 57, 8-bit/color RGB, non-interlaced
Size
12 kB (12401 bytes)
Hash
b5c72992b0327b36f67ba1f1ddcc9709
4260a70304e373ad0c9dc8945459d132b5ebe38d
90fd92cbe288eeef841ebbb0760c2b041aee0196b4b9a1ad4d47cd3cb344a760

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/bet365-1359/themes/images/rdao-r-2.png?wsSecret=dd6f53fa529bdb56539defd9d5190464&wsTime=1714779338 HTTP/1.1
Host: 4v2fdj.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bb654995.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 12401
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-01
ETag: "613c72a8-3071"
Date: Tue, 16 Apr 2024 10:36:37 GMT
Last-Modified: Sat, 11 Sep 2021 09:11:04 GMT
Expires: Thu, 16 May 2024 10:36:37 GMT
Age: 1515543
Cache-Control: max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-01, HIT from KS-CLOUD-XG-FOREIGN-21-04
X-Cdn-Request-ID: 4460d52f3a26b7d0f2d0be85d7ce15d4

4v2fdj.gaokejd.xyz/ftl/bet365-1359/themes/images/rdao-r-3.png?wsSecret=5c46862906bb3f1053bd1545bce3212d&wsTime=1714779338

103.198.200.1

200 OK

12 kB

URL GET HTTP/1.1
4v2fdj.gaokejd.xyz/ftl/bet365-1359/themes/images/rdao-r-3.png?wsSecret=5c46862906bb3f1053bd1545bce3212d&wsTime=1714779338
IP
103.198.200.1:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://bb654995.com:8989/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.gaokejd.xyz
Fingerprint0C:64:1D:5D:7A:1C:81:05:EF:CD:74:CC:64:84:BF:1B:CB:80:25:BA
ValidityThu, 30 Nov 2023 01:16:02 GMT - Fri, 29 Nov 2024 01:16:01 GMT

File type
PNG image data, 147 x 57, 8-bit/color RGB, non-interlaced
Size
12 kB (12367 bytes)
Hash
98567b2a6024c4e690574cc2f4d8a91f
c75986b57ba3fd98791a1cee632184a2c5a99d0b
2eaddbbc263065a1ab9a7f46309cb8a2f39875a06aef11da4409203216c83834

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/bet365-1359/themes/images/rdao-r-3.png?wsSecret=5c46862906bb3f1053bd1545bce3212d&wsTime=1714779338 HTTP/1.1
Host: 4v2fdj.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bb654995.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 12367
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-02
ETag: "613c72a8-304f"
Date: Tue, 16 Apr 2024 10:36:37 GMT
Last-Modified: Sat, 11 Sep 2021 09:11:04 GMT
Expires: Thu, 16 May 2024 10:36:37 GMT
Age: 1515543
Cache-Control: max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-02, HIT from KS-CLOUD-XG-FOREIGN-21-03
X-Cdn-Request-ID: 321837e2270c1f38973e245af1ac0d38

4v2fdj.gaokejd.xyz/ftl/bet365-1359/themes/images/rdao-r-4.png?wsSecret=cf5a87af39a19fbc3d62e63fc3ba91a1&wsTime=1714779338

103.155.16.137

200 OK

15 kB

URL GET HTTP/1.1
4v2fdj.gaokejd.xyz/ftl/bet365-1359/themes/images/rdao-r-4.png?wsSecret=cf5a87af39a19fbc3d62e63fc3ba91a1&wsTime=1714779338
IP
103.155.16.137:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://bb654995.com:8989/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.gaokejd.xyz
Fingerprint0C:64:1D:5D:7A:1C:81:05:EF:CD:74:CC:64:84:BF:1B:CB:80:25:BA
ValidityThu, 30 Nov 2023 01:16:02 GMT - Fri, 29 Nov 2024 01:16:01 GMT

File type
PNG image data, 147 x 53, 8-bit/color RGB, non-interlaced
Size
15 kB (14626 bytes)
Hash
113d3f2af50abaadad7df566c6c82d22
9ac7ddf5cd311e88709d29b3a69bf209c5ca1e51
a1a9bff1875165cafe5c41941486db0a6b12028b63e6738d1f79980cb2408caf

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/bet365-1359/themes/images/rdao-r-4.png?wsSecret=cf5a87af39a19fbc3d62e63fc3ba91a1&wsTime=1714779338 HTTP/1.1
Host: 4v2fdj.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bb654995.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 14626
Connection: keep-alive
Server: Default-server-KS-CLOUD-XJP-FOREIGN-12-06
ETag: "613c72a8-3922"
Date: Sat, 20 Apr 2024 04:19:06 GMT
Last-Modified: Sat, 11 Sep 2021 09:11:04 GMT
Expires: Mon, 20 May 2024 04:19:06 GMT
Age: 1192593
Cache-Control: max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xjp21:443;xjp12:80;
X-Cache-Status: HIT from KS-CLOUD-XJP-FOREIGN-12-06, HIT from KS-CLOUD-XJP-FOREIGN-21-18
X-Cdn-Request-ID: d078cbff7c12d7993d1b3e33669242d9

4v2fdj.gaokejd.xyz/ftl/commonPage/images/favicon/favicon_1359.png?wsSecret=889fc44c3711ea3425062299ea0a2ab7&wsTime=1714779338

103.198.200.1

200 OK

2.6 kB

URL GET HTTP/1.1
4v2fdj.gaokejd.xyz/ftl/commonPage/images/favicon/favicon_1359.png?wsSecret=889fc44c3711ea3425062299ea0a2ab7&wsTime=1714779338
IP
103.198.200.1:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://bb654995.com:8989/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.gaokejd.xyz
Fingerprint0C:64:1D:5D:7A:1C:81:05:EF:CD:74:CC:64:84:BF:1B:CB:80:25:BA
ValidityThu, 30 Nov 2023 01:16:02 GMT - Fri, 29 Nov 2024 01:16:01 GMT

File type
PNG image data, 64 x 64, 8-bit colormap, non-interlaced
Size
2.6 kB (2556 bytes)
Hash
c17d01def3d99c16179f81f432c5c524
a2e24bf86f2f7567f138fc8dbc22e26faa933a49
46c3b7a56ba9aee50d352dd833f532668ed2d6198562c7cfef856c0da50ea7d0

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/commonPage/images/favicon/favicon_1359.png?wsSecret=889fc44c3711ea3425062299ea0a2ab7&wsTime=1714779338 HTTP/1.1
Host: 4v2fdj.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bb654995.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 2556
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-06
ETag: "6311d300-9fc"
Date: Tue, 16 Apr 2024 10:33:20 GMT
Last-Modified: Fri, 02 Sep 2022 09:55:12 GMT
Expires: Thu, 16 May 2024 10:33:20 GMT
Age: 1515740
Cache-Control: max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-06, HIT from KS-CLOUD-XG-FOREIGN-21-08
X-Cdn-Request-ID: 4197324ae5962f73893daa833fed5cd0

4v2fdj.gaokejd.xyz/fserver/files/gb/1359/carousel/10004/1598244810609.jpg?wsSecret=d1579ce8036354b548475d323890a694&wsTime=1714779338

103.198.200.1

200 OK

85 kB

URL GET HTTP/1.1
4v2fdj.gaokejd.xyz/fserver/files/gb/1359/carousel/10004/1598244810609.jpg?wsSecret=d1579ce8036354b548475d323890a694&wsTime=1714779338
IP
103.198.200.1:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://bb654995.com:8989/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.gaokejd.xyz
Fingerprint0C:64:1D:5D:7A:1C:81:05:EF:CD:74:CC:64:84:BF:1B:CB:80:25:BA
ValidityThu, 30 Nov 2023 01:16:02 GMT - Fri, 29 Nov 2024 01:16:01 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 850x211, components 3
Size
85 kB (85100 bytes)
Hash
78ea7d9f33f0d9259c53d2cd9e43444f
ea38c4597bd8b3eca52609f7650ec7549a2c2a23
a4b5618d092c697388e81f1cfb31dc0a4bdd6a819ba2f4765b4d02292e657b8c

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /fserver/files/gb/1359/carousel/10004/1598244810609.jpg?wsSecret=d1579ce8036354b548475d323890a694&wsTime=1714779338 HTTP/1.1
Host: 4v2fdj.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bb654995.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 85100
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-02
ETag: "6362ce47-14c6c"
Date: Fri, 12 Apr 2024 09:04:09 GMT
Last-Modified: Wed, 02 Nov 2022 20:08:39 GMT
Expires: Sun, 12 May 2024 09:04:09 GMT
Age: 1866692
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-02, HIT from KS-CLOUD-XG-FOREIGN-21-07
X-Cdn-Request-ID: 1f10754e670f5dec302adb97d4125b86

ia.51.la/go1?id=21020807&rt=1714779338581&rl=1280*1024&lang=en-US&ct=unknow&pf=1&ins=1&vd=1&ce=1&cd=24&ds=&ing=1&ekc=&sid=1714779338581&tt=...&kw=&cu=https%253A%252F%252Fbb654995.com%253A8989%252F&pu=

203.107.86.226

200

0 B

URL GET HTTP/1.1
ia.51.la/go1?id=21020807&rt=1714779338581&rl=1280*1024&lang=en-US&ct=unknow&pf=1&ins=1&vd=1&ce=1&cd=24&ds=&ing=1&ekc=&sid=1714779338581&tt=...&kw=&cu=https%253A%252F%252Fbb654995.com%253A8989%252F&pu=
IP
203.107.86.226:443
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

Requested by
https://bb654995.com:8989/
Certificate
IssuerGlobalSign nv-sa
Subject*.51.la
Fingerprint9E:F3:EB:9A:59:E9:6D:6E:48:13:64:78:3C:33:1D:AA:79:52:5B:79
ValidityThu, 20 Apr 2023 01:12:57 GMT - Tue, 21 May 2024 01:12:56 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /go1?id=21020807&rt=1714779338581&rl=1280*1024&lang=en-US&ct=unknow&pf=1&ins=1&vd=1&ce=1&cd=24&ds=&ing=1&ekc=&sid=1714779338581&tt=...&kw=&cu=https%253A%252F%252Fbb654995.com%253A8989%252F&pu= HTTP/1.1
Host: ia.51.la
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bb654995.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Date: Fri, 03 May 2024 23:35:45 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: aliyungf_tc=184d695015dda68ed94e1c2151fc5cce13ec7bc63b4b3a95d32e758c6e111e77; Path=/; HttpOnly
acw_tc=ac11000117147793396434394e8d999021a3af4182d66980bf763b438c1c26;path=/;HttpOnly;Max-Age=1800

bb654995.com:8989/message_zh_CN.js?v=1713951947790

20.239.17.84

200 OK

33 kB

URL GET HTTP/2
bb654995.com:8989/message_zh_CN.js?v=1713951947790
IP
20.239.17.84:8989
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://bb654995.com:8989/
Certificate
IssuerLet's Encrypt
Subjectbb654995.com
Fingerprint64:1C:ED:11:AE:F5:E9:DA:7F:DE:B7:7D:F5:28:07:5A:DB:13:53:35
ValiditySun, 14 Apr 2024 17:03:00 GMT - Sat, 13 Jul 2024 17:02:59 GMT

File type

Size
33 kB (33266 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /message_zh_CN.js?v=1713951947790 HTTP/1.1
Host: bb654995.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bb654995.com:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
cache-control: max-age=86400
content-encoding: gzip
content-type: application/javascript;charset=UTF-8
date: Fri, 03 May 2024 23:35:35 GMT
expires: Sat, 04 May 2024 23:35:35 GMT
out-line: gb-cdn-167
uuid: 01359-01-00000000-1714779335c166
vary: Accept-Encoding
x-cache: HIT
x-frame-options: SAMEORIGIN
X-Firefox-Spdy: h2

bb654995.com:8989/

20.239.17.84

200 OK

705 kB

URL User Request GET HTTP/2
bb654995.com:8989/
IP
20.239.17.84:8989
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Certificate
IssuerLet's Encrypt
Subjectbb654995.com
Fingerprint64:1C:ED:11:AE:F5:E9:DA:7F:DE:B7:7D:F5:28:07:5A:DB:13:53:35
ValiditySun, 14 Apr 2024 17:03:00 GMT - Sat, 13 Jul 2024 17:02:59 GMT

File type

Size
705 kB (705321 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: bb654995.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Fri, 03 May 2024 23:35:34 GMT
out-line: gb-cdn-167
uuid: -
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-html-cache: HIT-3600
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (42)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML