| |  20.239.193.208 | 301 Moved Permanently | 58 B |
URL User Request GET HTTP/1.1IP20.239.193.208:443 ASN#8075 MICROSOFT-CORP-MSN-AS-BLOCK
CertificateIssuerLet's Encrypt Subject64528.com Fingerprint87:D8:18:8F:D3:94:EF:E2:AB:16:29:47:F1:38:F8:03:72:0C:14:F0 ValiditySat, 20 Apr 2024 02:12:39 GMT - Fri, 19 Jul 2024 02:12:38 GMT
File typeHTML document, ASCII text Hash5f66efaa301b21e4610f50abbe0cbe32 e80d6091549d76cb70cc438d301345ca5704d8b0 8c0c7d0d3b78a90fb41d228da35ffcf4f26ce903ef787e3475b192779a0af1f4
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET / HTTP/1.1
Host: 64528.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=utf-8
Location: https://64528.com:8989/
Date: Thu, 25 Apr 2024 07:47:14 GMT
Content-Length: 58
|
|
| | 20.239.193.208 | 200 OK | 82 kB |
URL User Request GET HTTP/1.1IP20.239.193.208:8989 ASN#8075 MICROSOFT-CORP-MSN-AS-BLOCK
CertificateIssuerLet's Encrypt Subject64528.com Fingerprint87:D8:18:8F:D3:94:EF:E2:AB:16:29:47:F1:38:F8:03:72:0C:14:F0 ValiditySat, 20 Apr 2024 02:12:39 GMT - Fri, 19 Jul 2024 02:12:38 GMT
File typeHTML document, Unicode text, UTF-8 text Hashb79d57f0e555ddaa4b95353f64f1759b 1c94cca734e445149ac204e9f5690da5356536af a202e15287ad39f2c6dd0e35c8d111ff2021564cc0bd7658d131d72c60bddcd9
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET / HTTP/1.1
Host: 64528.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Encoding: gzip
Content-Type: text/html; charset=utf-8
Date: Thu, 25 Apr 2024 07:47:15 GMT
Out-Line: gb-cdn-129
Uuid: -
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
X-Html-Cache: HIT-3600
Transfer-Encoding: chunked
|
|
| 64528.com:8989/ftl/commonPage/themes/gui-base.css | 20.239.57.18 | 200 OK | 17 kB |
URL GET HTTP/1.164528.com:8989/ftl/commonPage/themes/gui-base.css IP20.239.57.18:8989 ASN#8075 MICROSOFT-CORP-MSN-AS-BLOCK
CertificateIssuerLet's Encrypt Subject64528.com Fingerprint87:D8:18:8F:D3:94:EF:E2:AB:16:29:47:F1:38:F8:03:72:0C:14:F0 ValiditySat, 20 Apr 2024 02:12:39 GMT - Fri, 19 Jul 2024 02:12:38 GMT
File typeUnicode text, UTF-8 text, with very long lines (12023) Hashd01c79296c69daae2357744b28ad3a08 6979c86432a04a8cc22818055bd599e10d13892e 03bae6f265bda27347f4697d37ddb03335678cf0a76d5a246ee1b02463294599
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /ftl/commonPage/themes/gui-base.css HTTP/1.1
Host: 64528.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://64528.com:8989/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
Content-Encoding: gzip
Content-Type: text/css
Date: Thu, 25 Apr 2024 07:47:16 GMT
Etag: W/"661623eb-14596"
Expires: Fri, 26 Apr 2024 07:47:16 GMT
Last-Modified: Wed, 10 Apr 2024 05:30:19 GMT
Out-Line: gb-cdn-129
Uuid: -
Vary: Accept-Encoding
X-Cache: HIT
X-Frame-Options: SAMEORIGIN
Transfer-Encoding: chunked
|
|
| 64528.com:8989/commonPage/lan/i18n.js?t=1714031235.729 | 20.239.193.208 | 200 OK | 815 B |
URL GET HTTP/1.164528.com:8989/commonPage/lan/i18n.js?t=1714031235.729 IP20.239.193.208:8989 ASN#8075 MICROSOFT-CORP-MSN-AS-BLOCK
CertificateIssuerLet's Encrypt Subject64528.com Fingerprint87:D8:18:8F:D3:94:EF:E2:AB:16:29:47:F1:38:F8:03:72:0C:14:F0 ValiditySat, 20 Apr 2024 02:12:39 GMT - Fri, 19 Jul 2024 02:12:38 GMT
File typeASCII text, with very long lines (1217) Hash696bf654af85253c08bb32959a28a580 c2e5d7b2c5a3bfec6abe83aea16f0e463d99f356 ab9078e23caa5c032dceca1fe7fb7485c5f6b29013dc0f2751af8897f65186c1
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /commonPage/lan/i18n.js?t=1714031235.729 HTTP/1.1
Host: 64528.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://64528.com:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Content-Type: application/javascript; charset=utf-8
Date: Thu, 25 Apr 2024 07:47:16 GMT
Out-Line: gb-cdn-129
Uuid: 01733-01-00000000-1714031236c5a5
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
Content-Length: 815
|
|
| 64528.com:8989/message_zh_CN.js?v=1713347147191 | 20.239.57.18 | 200 OK | 9.9 kB |
URL GET HTTP/1.164528.com:8989/message_zh_CN.js?v=1713347147191 IP20.239.57.18:8989 ASN#8075 MICROSOFT-CORP-MSN-AS-BLOCK
CertificateIssuerLet's Encrypt Subject64528.com Fingerprint87:D8:18:8F:D3:94:EF:E2:AB:16:29:47:F1:38:F8:03:72:0C:14:F0 ValiditySat, 20 Apr 2024 02:12:39 GMT - Fri, 19 Jul 2024 02:12:38 GMT
File typeUnicode text, UTF-8 text, with very long lines (18069) Hash8e3a3463437bc8b56e112f0b87b6a0d0 dfaac70f23b58a771856460bb00aebc5fcadb2ce 0aa3002021c50dd94fcd0eb615a6735db1b54723503264f1c24985e0bcdd868b
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /message_zh_CN.js?v=1713347147191 HTTP/1.1
Host: 64528.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://64528.com:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
Content-Encoding: gzip
Content-Type: application/javascript;charset=UTF-8
Date: Thu, 25 Apr 2024 07:47:16 GMT
Expires: Fri, 26 Apr 2024 07:47:16 GMT
Out-Line: gb-cdn-129
Uuid: 01733-01-00000000-171403123624a1
Vary: Accept-Encoding
X-Cache: HIT
X-Frame-Options: SAMEORIGIN
Transfer-Encoding: chunked
|
|
| 64528.com:8989/ftl/commonPage/themes/gui-skin-default.css | 20.239.57.18 | 200 OK | 6.3 kB |
URL GET HTTP/1.164528.com:8989/ftl/commonPage/themes/gui-skin-default.css IP20.239.57.18:8989 ASN#8075 MICROSOFT-CORP-MSN-AS-BLOCK
CertificateIssuerLet's Encrypt Subject64528.com Fingerprint87:D8:18:8F:D3:94:EF:E2:AB:16:29:47:F1:38:F8:03:72:0C:14:F0 ValiditySat, 20 Apr 2024 02:12:39 GMT - Fri, 19 Jul 2024 02:12:38 GMT
File typeUnicode text, UTF-8 (with BOM) text, with very long lines (7014) Hash4f6eba52b6bdba2bd8154d39c61fcaab 11a91e977ab64175dc2ec233d45c6cf9d34798b0 b4ae8f84403e1e8ea7f75cac8491e461ac6e5524260a04d772d53dd912f8e53a
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Bet365 | | Quad9 DNS | malicious | Sinkholed |
GET /ftl/commonPage/themes/gui-skin-default.css HTTP/1.1
Host: 64528.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://64528.com:8989/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
Content-Encoding: gzip
Content-Type: text/css
Date: Thu, 25 Apr 2024 07:47:16 GMT
Etag: W/"64ad1569-7b6e"
Expires: Fri, 26 Apr 2024 07:47:16 GMT
Last-Modified: Tue, 11 Jul 2023 08:40:09 GMT
Out-Line: gb-cdn-129
Uuid: -
Vary: Accept-Encoding
X-Cache: HIT
X-Frame-Options: SAMEORIGIN
Transfer-Encoding: chunked
|
|
| 64528.com:8989/ftl/commonPage/themes/hongbao.css | 20.239.57.18 | 200 OK | 5.7 kB |
URL GET HTTP/1.164528.com:8989/ftl/commonPage/themes/hongbao.css IP20.239.57.18:8989 ASN#8075 MICROSOFT-CORP-MSN-AS-BLOCK
CertificateIssuerLet's Encrypt Subject64528.com Fingerprint87:D8:18:8F:D3:94:EF:E2:AB:16:29:47:F1:38:F8:03:72:0C:14:F0 ValiditySat, 20 Apr 2024 02:12:39 GMT - Fri, 19 Jul 2024 02:12:38 GMT
File typeUnicode text, UTF-8 text, with very long lines (336) Hash499a3a64bcf22609681f5337a6360c80 fc05a8a391c8375ea4e47183eca56a18bed8fca7 5339bf22971b6400e64154decc06b84fd4be337c2758cc7ca565756c92c97894
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Bet365 | | Quad9 DNS | malicious | Sinkholed |
GET /ftl/commonPage/themes/hongbao.css HTTP/1.1
Host: 64528.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://64528.com:8989/ftl/commonPage/themes/gui-base.css
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
Content-Encoding: gzip
Content-Type: text/css
Date: Thu, 25 Apr 2024 07:47:16 GMT
Etag: W/"64252e4f-d530"
Expires: Fri, 26 Apr 2024 07:47:16 GMT
Last-Modified: Thu, 30 Mar 2023 06:38:07 GMT
Out-Line: gb-cdn-129
Uuid: -
Vary: Accept-Encoding
X-Cache: HIT
X-Frame-Options: SAMEORIGIN
Transfer-Encoding: chunked
|
|
| 64528.com:8989/ftl/commonPage/themes/gui-layer.css | 20.239.193.208 | 200 OK | 6.9 kB |
URL GET HTTP/1.164528.com:8989/ftl/commonPage/themes/gui-layer.css IP20.239.193.208:8989 ASN#8075 MICROSOFT-CORP-MSN-AS-BLOCK
CertificateIssuerLet's Encrypt Subject64528.com Fingerprint87:D8:18:8F:D3:94:EF:E2:AB:16:29:47:F1:38:F8:03:72:0C:14:F0 ValiditySat, 20 Apr 2024 02:12:39 GMT - Fri, 19 Jul 2024 02:12:38 GMT
File typeUnicode text, UTF-8 text, with very long lines (489) Hash858eefc3fa70af7d0115c901908471f5 29c181bbbc09a424f7de7cb57629bd8a9e3c679a 9f6a77c93f998e065f1ed52eb9943a3c560a50366bba2c8a34a4a1223c793caf
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /ftl/commonPage/themes/gui-layer.css HTTP/1.1
Host: 64528.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://64528.com:8989/ftl/commonPage/themes/gui-base.css
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
Content-Encoding: gzip
Content-Type: text/css
Date: Thu, 25 Apr 2024 07:47:17 GMT
Etag: W/"64ddd5e1-c760"
Expires: Fri, 26 Apr 2024 07:47:17 GMT
Last-Modified: Thu, 17 Aug 2023 08:10:09 GMT
Out-Line: gb-cdn-129
Uuid: -
Vary: Accept-Encoding
X-Cache: HIT
X-Frame-Options: SAMEORIGIN
Transfer-Encoding: chunked
|
|
| 3rzeeh.lxhhf.com/ftl/bet365-1733/themes/style/common.css |  103.155.16.137 | 200 OK | 14 kB |
URL GET HTTP/1.13rzeeh.lxhhf.com/ftl/bet365-1733/themes/style/common.css IP103.155.16.137:443 ASN#138915 Kaopu Cloud HK Limited
CertificateIssuerUnizeto Technologies S.A. Subject*.lxhhf.com Fingerprint8D:5A:ED:78:BB:FB:17:9F:37:EA:A1:21:80:F7:F6:0A:13:DC:98:38 ValidityTue, 05 Dec 2023 08:15:55 GMT - Wed, 04 Dec 2024 08:15:54 GMT
File typeUnicode text, UTF-8 (with BOM) text, with very long lines (883) Hash086a4214c5e1c1e566877fc2cd26e75f 5fe6121f31ba5a7440cdbc340021d5cca0548b0f 0d9209ff9f459fddc33227046b5a9e9d4d2e6554d08442cd6ae29971542c64ff
GET /ftl/bet365-1733/themes/style/common.css HTTP/1.1
Host: 3rzeeh.lxhhf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://64528.com:8989/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 14352
Connection: keep-alive
Server: Default-server-KS-CLOUD-XJP-12-07
ETag: W/"646ade39-ebf6"
Date: Tue, 16 Apr 2024 22:55:04 GMT
Last-Modified: Mon, 22 May 2023 03:15:05 GMT
Expires: Thu, 16 May 2024 22:55:04 GMT
Age: 723133
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xjp21:443;xjp12:80;
X-Cache-Status: HIT from KS-CLOUD-XJP-12-07, HIT from KS-CLOUD-XJP-FOREIGN-21-21
X-Cdn-Request-ID: 6ea202ca465650d7f0eeaf1ac93df07b
|
|
| 3rzeeh.lxhhf.com/ftl/commonPage/js/float.js | 103.155.16.137 | 200 OK | 1.9 kB |
URL GET HTTP/1.13rzeeh.lxhhf.com/ftl/commonPage/js/float.js IP103.155.16.137:443 ASN#138915 Kaopu Cloud HK Limited
CertificateIssuerUnizeto Technologies S.A. Subject*.lxhhf.com Fingerprint8D:5A:ED:78:BB:FB:17:9F:37:EA:A1:21:80:F7:F6:0A:13:DC:98:38 ValidityTue, 05 Dec 2023 08:15:55 GMT - Wed, 04 Dec 2024 08:15:54 GMT
File typeJavaScript source, Unicode text, UTF-8 text Hash829af863b0cdc4a603919824ae046299 1d417b1553e4ecb7125ebf2005b74255291fbf73 1dbe4afbc9ed220c08b9e95577b56f83e2e8e0f7620c5dc18266bb325e5bb271
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Bet365 |
GET /ftl/commonPage/js/float.js HTTP/1.1
Host: 3rzeeh.lxhhf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://64528.com:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 1929
Connection: keep-alive
Server: Default-server-KS-CLOUD-XJP-12-03
ETag: W/"612747ba-1b2f"
Date: Thu, 28 Mar 2024 06:35:51 GMT
Last-Modified: Thu, 26 Aug 2021 07:50:18 GMT
Expires: Sat, 27 Apr 2024 06:35:51 GMT
Age: 2423487
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xjp21:443;xjp12:80;
X-Cache-Status: HIT from KS-CLOUD-XJP-12-03, HIT from KS-CLOUD-XJP-FOREIGN-21-09
X-Cdn-Request-ID: ed795e0b8ba2749d21ef64c28acdeb48
|
|
| 3rzeeh.lxhhf.com/ftl/commonPage/js/websocket/Comet.js | 103.155.16.137 | 200 OK | 4.0 kB |
URL GET HTTP/1.13rzeeh.lxhhf.com/ftl/commonPage/js/websocket/Comet.js IP103.155.16.137:443 ASN#138915 Kaopu Cloud HK Limited
CertificateIssuerUnizeto Technologies S.A. Subject*.lxhhf.com Fingerprint8D:5A:ED:78:BB:FB:17:9F:37:EA:A1:21:80:F7:F6:0A:13:DC:98:38 ValidityTue, 05 Dec 2023 08:15:55 GMT - Wed, 04 Dec 2024 08:15:54 GMT
File typeJavaScript source, Unicode text, UTF-8 text Hash4de3e8bcf2f02d60519ca0d3584d3b8e 6323c2bf18b1bbf968e164bdf2e58d7677f67f8a 6cf6e96f51f13834e233bee9a9040f6eff70601dc0b755e60885b20550b35a9f
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Bet365 |
GET /ftl/commonPage/js/websocket/Comet.js HTTP/1.1
Host: 3rzeeh.lxhhf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://64528.com:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 4031
Connection: keep-alive
Server: Default-server-KS-CLOUD-XJP-12-02
ETag: W/"60f60fb5-43bc"
Date: Tue, 16 Apr 2024 21:54:26 GMT
Last-Modified: Mon, 19 Jul 2021 23:50:13 GMT
Expires: Thu, 16 May 2024 21:54:26 GMT
Age: 726771
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xjp21:443;xjp12:80;
X-Cache-Status: HIT from KS-CLOUD-XJP-12-02, HIT from KS-CLOUD-XJP-FOREIGN-21-18
X-Cdn-Request-ID: 92a8fd903be1248d456ca1c8b7cf2933
|
|
| 3rzeeh.lxhhf.com/ftl/bet365-1733/themes/style/bootstrap-dialog.min.css | 103.155.16.137 | 200 OK | 630 B |
URL GET HTTP/1.13rzeeh.lxhhf.com/ftl/bet365-1733/themes/style/bootstrap-dialog.min.css IP103.155.16.137:443 ASN#138915 Kaopu Cloud HK Limited
CertificateIssuerUnizeto Technologies S.A. Subject*.lxhhf.com Fingerprint8D:5A:ED:78:BB:FB:17:9F:37:EA:A1:21:80:F7:F6:0A:13:DC:98:38 ValidityTue, 05 Dec 2023 08:15:55 GMT - Wed, 04 Dec 2024 08:15:54 GMT
Hash304eb84809c6637b7cdd0dc6225c5761 e724aff10b16dc82bf1086cd3b70d8396f630d64 cb1d0b332c0218bbb360fd25d693f88293b54389caf88c36ffcfd8adc948d0e4
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Bet365 |
GET /ftl/bet365-1733/themes/style/bootstrap-dialog.min.css HTTP/1.1
Host: 3rzeeh.lxhhf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://64528.com:8989/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 630
Connection: keep-alive
Server: Default-server-KS-CLOUD-XJP-FOREIGN-12-06
ETag: W/"646ade39-adc"
Date: Tue, 16 Apr 2024 22:55:03 GMT
Last-Modified: Mon, 22 May 2023 03:15:05 GMT
Expires: Thu, 16 May 2024 22:55:03 GMT
Age: 723134
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xjp21:443;xjp12:80;
X-Cache-Status: HIT from KS-CLOUD-XJP-FOREIGN-12-06, HIT from KS-CLOUD-XJP-FOREIGN-21-10
X-Cdn-Request-ID: 2da1869d500d59a749d88489abbf51d4
|
|
| 3rzeeh.lxhhf.com/ftl/commonPage/js/idangerous.swiper.min.js | 103.155.16.137 | 200 OK | 12 kB |
URL GET HTTP/1.13rzeeh.lxhhf.com/ftl/commonPage/js/idangerous.swiper.min.js IP103.155.16.137:443 ASN#138915 Kaopu Cloud HK Limited
CertificateIssuerUnizeto Technologies S.A. Subject*.lxhhf.com Fingerprint8D:5A:ED:78:BB:FB:17:9F:37:EA:A1:21:80:F7:F6:0A:13:DC:98:38 ValidityTue, 05 Dec 2023 08:15:55 GMT - Wed, 04 Dec 2024 08:15:54 GMT
File typeJavaScript source, ASCII text, with very long lines (32034) Hashf15409fb02c527ce1f66a2fd3c4aa0e9 1e1e1bcc0f49e99e14ba34991cffe0745178d302 1a1b5d3d6fbfc28abe37a668abd59494208c63c5f0b5d040cf4bbbd137f87c27
GET /ftl/commonPage/js/idangerous.swiper.min.js HTTP/1.1
Host: 3rzeeh.lxhhf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://64528.com:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 11957
Connection: keep-alive
Server: Default-server-KS-CLOUD-XJP-FOREIGN-12-01
ETag: W/"64d5b951-b083"
Date: Tue, 16 Apr 2024 21:54:26 GMT
Last-Modified: Fri, 11 Aug 2023 04:30:09 GMT
Expires: Thu, 16 May 2024 21:54:26 GMT
Age: 726771
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-204
x-link-via: xjp21:443;xjp12:80;
X-Cache-Status: HIT from KS-CLOUD-XJP-FOREIGN-12-01, HIT from KS-CLOUD-XJP-FOREIGN-21-18
X-Cdn-Request-ID: 0a1919b06ea10f3278e1c808664ae2a9
|
|
| 3rzeeh.lxhhf.com/ftl/commonPage/js/websocket/CometMarathon.js | 103.155.16.137 | 200 OK | 3.3 kB |
URL GET HTTP/1.13rzeeh.lxhhf.com/ftl/commonPage/js/websocket/CometMarathon.js IP103.155.16.137:443 ASN#138915 Kaopu Cloud HK Limited
CertificateIssuerUnizeto Technologies S.A. Subject*.lxhhf.com Fingerprint8D:5A:ED:78:BB:FB:17:9F:37:EA:A1:21:80:F7:F6:0A:13:DC:98:38 ValidityTue, 05 Dec 2023 08:15:55 GMT - Wed, 04 Dec 2024 08:15:54 GMT
File typeJavaScript source, Unicode text, UTF-8 text Hash3b4680db1e065116488f065419ca9f58 6c646601c5656ff6cb1fdf9d5b95823f41e9bcfa e2bfb9fc21f2a1a6e33c7c5ed20de13ef2ef4bcf266aa4b2e6f2fee06f8f4eaf
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Bet365 |
GET /ftl/commonPage/js/websocket/CometMarathon.js HTTP/1.1
Host: 3rzeeh.lxhhf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://64528.com:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 3316
Connection: keep-alive
Server: Default-server-KS-CLOUD-XJP-12-02
ETag: W/"6260ddd4-2f13"
Date: Tue, 16 Apr 2024 21:54:27 GMT
Last-Modified: Thu, 21 Apr 2022 04:30:12 GMT
Expires: Thu, 16 May 2024 21:54:27 GMT
Age: 726770
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-204
x-link-via: xjp21:443;xjp12:80;
X-Cache-Status: HIT from KS-CLOUD-XJP-12-02, HIT from KS-CLOUD-XJP-FOREIGN-21-13
X-Cdn-Request-ID: 71e87266816569e2bd85dbe720bc890f
|
|
| 3rzeeh.lxhhf.com/ftl/commonPage/js/websocket/PopUp.js | 103.155.16.137 | 200 OK | 797 B |
URL GET HTTP/1.13rzeeh.lxhhf.com/ftl/commonPage/js/websocket/PopUp.js IP103.155.16.137:443 ASN#138915 Kaopu Cloud HK Limited
CertificateIssuerUnizeto Technologies S.A. Subject*.lxhhf.com Fingerprint8D:5A:ED:78:BB:FB:17:9F:37:EA:A1:21:80:F7:F6:0A:13:DC:98:38 ValidityTue, 05 Dec 2023 08:15:55 GMT - Wed, 04 Dec 2024 08:15:54 GMT
Hash07864ad2e2759d53f8f2f14dd4295bd9 95144219e2eb702c4c4a707c3622b086876cf41c 871bf30791bb89605b61cea815c3786246274b65ede3b8a8b8c2dd9244cfa89d
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Bet365 |
GET /ftl/commonPage/js/websocket/PopUp.js HTTP/1.1
Host: 3rzeeh.lxhhf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://64528.com:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 797
Connection: keep-alive
Server: Default-server-KS-CLOUD-XJP-12-08
ETag: W/"6260ddd4-828"
Date: Tue, 16 Apr 2024 21:55:35 GMT
Last-Modified: Thu, 21 Apr 2022 04:30:12 GMT
Expires: Thu, 16 May 2024 21:55:35 GMT
Age: 726702
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding, Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
Content-Encoding: gzip
x-link-via: xjp21:443;xjp12:80;
X-Cache-Status: HIT from KS-CLOUD-XJP-12-08, HIT from KS-CLOUD-XJP-FOREIGN-21-05
X-Cdn-Request-ID: 4792c06d826d07344574577da4591d88
|
|
| 3rzeeh.lxhhf.com/ftl/commonPage/js/jquery/jquery-1.11.3.min.js | 103.155.16.137 | 200 OK | 34 kB |
URL GET HTTP/1.13rzeeh.lxhhf.com/ftl/commonPage/js/jquery/jquery-1.11.3.min.js IP103.155.16.137:443 ASN#138915 Kaopu Cloud HK Limited
CertificateIssuerUnizeto Technologies S.A. Subject*.lxhhf.com Fingerprint8D:5A:ED:78:BB:FB:17:9F:37:EA:A1:21:80:F7:F6:0A:13:DC:98:38 ValidityTue, 05 Dec 2023 08:15:55 GMT - Wed, 04 Dec 2024 08:15:54 GMT
File typeJavaScript source, ASCII text, with very long lines (32038) Hashb091a47f6b91e26c93a848092c6f3788 52918af2d431e73464060b35d364640c8db75606 329ab92b9276ef4e3148f69be6b208969bebdf2db3121a589caa172453fd9f10
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Bet365 |
GET /ftl/commonPage/js/jquery/jquery-1.11.3.min.js HTTP/1.1
Host: 3rzeeh.lxhhf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://64528.com:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 33545
Connection: keep-alive
Server: Default-server-KS-CLOUD-XJP-FOREIGN-12-05
ETag: W/"5d848f4f-176d4"
Date: Tue, 16 Apr 2024 21:55:34 GMT
Last-Modified: Fri, 20 Sep 2019 08:35:27 GMT
Expires: Thu, 16 May 2024 21:55:34 GMT
Age: 726704
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xjp21:443;xjp12:80;
X-Cache-Status: HIT from KS-CLOUD-XJP-FOREIGN-12-05, HIT from KS-CLOUD-XJP-FOREIGN-21-17
X-Cdn-Request-ID: 3cfb0f953e8c3206cd0e83548e5508be
|
|
| 3rzeeh.lxhhf.com/ftl/commonPage/js/lazyload.js | 103.155.16.137 | 200 OK | 2.7 kB |
URL GET HTTP/1.13rzeeh.lxhhf.com/ftl/commonPage/js/lazyload.js IP103.155.16.137:443 ASN#138915 Kaopu Cloud HK Limited
CertificateIssuerUnizeto Technologies S.A. Subject*.lxhhf.com Fingerprint8D:5A:ED:78:BB:FB:17:9F:37:EA:A1:21:80:F7:F6:0A:13:DC:98:38 ValidityTue, 05 Dec 2023 08:15:55 GMT - Wed, 04 Dec 2024 08:15:54 GMT
File typeJavaScript source, Unicode text, UTF-8 text Hash58f1a7fa1a19b0e5ad0a5bad974b98cf 6963ce7378e6c992de06e7e77d79432a0d38f54d fb513dceb383ebeda507b1e1cc89ab4d73de071d8aa4fc78bc22f66e7fc5a7e4
GET /ftl/commonPage/js/lazyload.js HTTP/1.1
Host: 3rzeeh.lxhhf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://64528.com:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 2731
Connection: keep-alive
Server: Default-server-KS-CLOUD-XJP-12-02
ETag: W/"64d05f66-2f79"
Date: Tue, 16 Apr 2024 21:55:36 GMT
Last-Modified: Mon, 07 Aug 2023 03:05:10 GMT
Expires: Thu, 16 May 2024 21:55:36 GMT
Age: 726702
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-204
x-link-via: xjp21:443;xjp12:80;
X-Cache-Status: HIT from KS-CLOUD-XJP-12-02, HIT from KS-CLOUD-XJP-FOREIGN-21-09
X-Cdn-Request-ID: 96986ca7ad6c8c2c05f114bde162e91e
|
|
| 3rzeeh.lxhhf.com/ftl/commonPage/js/bootstrap-dialog.min.js | 103.155.16.137 | 200 OK | 5.0 kB |
URL GET HTTP/1.13rzeeh.lxhhf.com/ftl/commonPage/js/bootstrap-dialog.min.js IP103.155.16.137:443 ASN#138915 Kaopu Cloud HK Limited
CertificateIssuerUnizeto Technologies S.A. Subject*.lxhhf.com Fingerprint8D:5A:ED:78:BB:FB:17:9F:37:EA:A1:21:80:F7:F6:0A:13:DC:98:38 ValidityTue, 05 Dec 2023 08:15:55 GMT - Wed, 04 Dec 2024 08:15:54 GMT
File typeJavaScript source, ASCII text, with very long lines (20132), with no line terminators Hash5ce8851dc823429a42ab6147554403cc 28f381f0e0aa4f5d56690e65723bd97fb59a38e6 dd1edf5e54071903c4c1e81e33636444899d645df6b18bad22249da07f91c811
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Bet365 |
GET /ftl/commonPage/js/bootstrap-dialog.min.js HTTP/1.1
Host: 3rzeeh.lxhhf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://64528.com:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 5007
Connection: keep-alive
Server: Default-server-KS-CLOUD-XJP-FOREIGN-12-01
ETag: W/"5d848f4f-4ea4"
Date: Tue, 16 Apr 2024 21:54:26 GMT
Last-Modified: Fri, 20 Sep 2019 08:35:27 GMT
Expires: Thu, 16 May 2024 21:54:26 GMT
Age: 726772
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xjp21:443;xjp12:80;
X-Cache-Status: HIT from KS-CLOUD-XJP-FOREIGN-12-01, HIT from KS-CLOUD-XJP-FOREIGN-21-20
X-Cdn-Request-ID: 0c0f4a470ae9357e8cadf2d29aec6510
|
|
| 3rzeeh.lxhhf.com/ftl/commonPage/js/gui-base.js | 103.155.16.137 | 200 OK | 16 kB |
URL GET HTTP/1.13rzeeh.lxhhf.com/ftl/commonPage/js/gui-base.js IP103.155.16.137:443 ASN#138915 Kaopu Cloud HK Limited
CertificateIssuerUnizeto Technologies S.A. Subject*.lxhhf.com Fingerprint8D:5A:ED:78:BB:FB:17:9F:37:EA:A1:21:80:F7:F6:0A:13:DC:98:38 ValidityTue, 05 Dec 2023 08:15:55 GMT - Wed, 04 Dec 2024 08:15:54 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (11056) Hash4007cfe0a95df1d6a9f4252e636f995f b0f9a2ad5c49b9b50ac5d025c8e9ce803eb5d7a8 4370313fa317e44140f85bba141ec24c2c9ef674593779d3349d2a44001699d0
GET /ftl/commonPage/js/gui-base.js HTTP/1.1
Host: 3rzeeh.lxhhf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://64528.com:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 15779
Connection: keep-alive
Server: Default-server-KS-CLOUD-XJP-12-02
ETag: W/"64ddbaed-ee5c"
Date: Tue, 16 Apr 2024 21:55:36 GMT
Last-Modified: Thu, 17 Aug 2023 06:15:09 GMT
Expires: Thu, 16 May 2024 21:55:36 GMT
Age: 726702
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding, Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-204
Content-Encoding: gzip
x-link-via: xjp21:443;xjp12:80;
X-Cache-Status: HIT from KS-CLOUD-XJP-12-02, HIT from KS-CLOUD-XJP-FOREIGN-21-17
X-Cdn-Request-ID: c0e4cb7091bf24992e948d82196a3235
|
|
| 3rzeeh.lxhhf.com/ftl/commonPage/js/layer.js | 103.155.16.137 | 200 OK | 7.6 kB |
URL GET HTTP/1.13rzeeh.lxhhf.com/ftl/commonPage/js/layer.js IP103.155.16.137:443 ASN#138915 Kaopu Cloud HK Limited
CertificateIssuerUnizeto Technologies S.A. Subject*.lxhhf.com Fingerprint8D:5A:ED:78:BB:FB:17:9F:37:EA:A1:21:80:F7:F6:0A:13:DC:98:38 ValidityTue, 05 Dec 2023 08:15:55 GMT - Wed, 04 Dec 2024 08:15:54 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (21922) Hashc42797aecccd5494e2b747cedf1a890b b9e06a6d245b6a3c87f2753db0c9c9aa020640b2 56feab66e10b4718de666fc63941b4f36a5e553e8887d663e137e635add8beb3
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Bet365 |
GET /ftl/commonPage/js/layer.js HTTP/1.1
Host: 3rzeeh.lxhhf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://64528.com:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 7599
Connection: keep-alive
Server: Default-server-KS-CLOUD-XJP-FOREIGN-12-05
ETag: W/"5d848f4f-55f6"
Date: Tue, 16 Apr 2024 21:55:36 GMT
Last-Modified: Fri, 20 Sep 2019 08:35:27 GMT
Expires: Thu, 16 May 2024 21:55:36 GMT
Age: 726702
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-204
x-link-via: xjp21:443;xjp12:80;
X-Cache-Status: HIT from KS-CLOUD-XJP-FOREIGN-12-05, HIT from KS-CLOUD-XJP-FOREIGN-21-20
X-Cdn-Request-ID: 536682cb6b110744ee1e9086d0169c10
|
|
| 3rzeeh.lxhhf.com/ftl/commonPage/js/jquery/jquery.super-marquee.js | 103.155.16.137 | 200 OK | 1.4 kB |
URL GET HTTP/1.13rzeeh.lxhhf.com/ftl/commonPage/js/jquery/jquery.super-marquee.js IP103.155.16.137:443 ASN#138915 Kaopu Cloud HK Limited
CertificateIssuerUnizeto Technologies S.A. Subject*.lxhhf.com Fingerprint8D:5A:ED:78:BB:FB:17:9F:37:EA:A1:21:80:F7:F6:0A:13:DC:98:38 ValidityTue, 05 Dec 2023 08:15:55 GMT - Wed, 04 Dec 2024 08:15:54 GMT
File typeJavaScript source, ASCII text, with very long lines (4433), with no line terminators Hashf77d83590bc0a69298f2fbcc5d9911cd 1d6aa25d7052f53ad0181385e5efe72f224bbdb9 1d042b9441e860ddcc01b9e9e5e8d354121ee0e31b47f6e18a321e2e633d22e7
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Bet365 |
GET /ftl/commonPage/js/jquery/jquery.super-marquee.js HTTP/1.1
Host: 3rzeeh.lxhhf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://64528.com:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 1421
Connection: keep-alive
Server: Default-server-KS-CLOUD-XJP-12-08
ETag: W/"5d848f4f-1151"
Date: Tue, 16 Apr 2024 21:54:26 GMT
Last-Modified: Fri, 20 Sep 2019 08:35:27 GMT
Expires: Thu, 16 May 2024 21:54:26 GMT
Age: 726772
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-204
x-link-via: xjp21:443;xjp12:80;
X-Cache-Status: HIT from KS-CLOUD-XJP-12-08, HIT from KS-CLOUD-XJP-FOREIGN-21-04
X-Cdn-Request-ID: e29577c5bbb232c2b52789a07c03e6be
|
|
| 3rzeeh.lxhhf.com/ftl/commonPage/js/jquery/jquery.nicescroll.min.js | 103.155.16.137 | 200 OK | 17 kB |
URL GET HTTP/1.13rzeeh.lxhhf.com/ftl/commonPage/js/jquery/jquery.nicescroll.min.js IP103.155.16.137:443 ASN#138915 Kaopu Cloud HK Limited
CertificateIssuerUnizeto Technologies S.A. Subject*.lxhhf.com Fingerprint8D:5A:ED:78:BB:FB:17:9F:37:EA:A1:21:80:F7:F6:0A:13:DC:98:38 ValidityTue, 05 Dec 2023 08:15:55 GMT - Wed, 04 Dec 2024 08:15:54 GMT
File typeJavaScript source, ASCII text, with very long lines (64577) Hashb5bc8cd626b389bde727a91e6ce79436 3df6c39300ac286cf596b3bda273cb39ff825429 a1eb48eeb3b3f2ba41940d3041464f0b386b7a7c4a8acb42f3017e691f4b116e
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Bet365 |
GET /ftl/commonPage/js/jquery/jquery.nicescroll.min.js HTTP/1.1
Host: 3rzeeh.lxhhf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://64528.com:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 17446
Connection: keep-alive
Server: Default-server-KS-CLOUD-XJP-12-08
ETag: W/"5d848f4f-fc8b"
Date: Tue, 16 Apr 2024 21:54:26 GMT
Last-Modified: Fri, 20 Sep 2019 08:35:27 GMT
Expires: Thu, 16 May 2024 21:54:26 GMT
Age: 726772
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-204
x-link-via: xjp21:443;xjp12:80;
X-Cache-Status: HIT from KS-CLOUD-XJP-12-08, HIT from KS-CLOUD-XJP-FOREIGN-21-03
X-Cdn-Request-ID: a314c87441a795bd53a541d90f188bf1
|
|
| 3rzeeh.lxhhf.com/061410/rcenter/common/js/jquery/plugins/jquery.validate/jquery.validate.js | 103.155.16.137 | 200 OK | 7.7 kB |
URL GET HTTP/1.13rzeeh.lxhhf.com/061410/rcenter/common/js/jquery/plugins/jquery.validate/jquery.validate.js IP103.155.16.137:443 ASN#138915 Kaopu Cloud HK Limited
CertificateIssuerUnizeto Technologies S.A. Subject*.lxhhf.com Fingerprint8D:5A:ED:78:BB:FB:17:9F:37:EA:A1:21:80:F7:F6:0A:13:DC:98:38 ValidityTue, 05 Dec 2023 08:15:55 GMT - Wed, 04 Dec 2024 08:15:54 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (27669) Hashf8c2b37c1dc626eede6a2e3e37aa4504 d4e8419497caa64c8a850ac4808dddb89b5eeb3f 728d63b799ab3d9bee5e987ad13f71aeb9d30ff78ed552c7edc425531c9c0f2a
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Bet365 |
GET /061410/rcenter/common/js/jquery/plugins/jquery.validate/jquery.validate.js HTTP/1.1
Host: 3rzeeh.lxhhf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://64528.com:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 7746
Connection: keep-alive
Server: Default-server-KS-CLOUD-XJP-12-09
ETag: W/"655579ca-6caf"
Date: Sun, 14 Apr 2024 22:30:19 GMT
Last-Modified: Thu, 16 Nov 2023 02:09:14 GMT
Expires: Tue, 14 May 2024 22:30:19 GMT
Age: 897419
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding, Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
Content-Encoding: gzip
x-link-via: xjp21:443;xjp12:80;
X-Cache-Status: HIT from KS-CLOUD-XJP-12-09, HIT from KS-CLOUD-XJP-FOREIGN-21-21
X-Cdn-Request-ID: 5043fff98e7798db1eedb236c78d893c
|
|
| 3rzeeh.lxhhf.com/061410/rcenter/common/js/gamebox/common/jquery.validate.extend.msites.js | 103.155.16.137 | 200 OK | 4.1 kB |
URL GET HTTP/1.13rzeeh.lxhhf.com/061410/rcenter/common/js/gamebox/common/jquery.validate.extend.msites.js IP103.155.16.137:443 ASN#138915 Kaopu Cloud HK Limited
CertificateIssuerUnizeto Technologies S.A. Subject*.lxhhf.com Fingerprint8D:5A:ED:78:BB:FB:17:9F:37:EA:A1:21:80:F7:F6:0A:13:DC:98:38 ValidityTue, 05 Dec 2023 08:15:55 GMT - Wed, 04 Dec 2024 08:15:54 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (14855), with no line terminators Hash4fe7dadf050dad2dcfd386d21b880281 07e7feb8dc9309fe66d86d7a9e27f8efd32ab0bd aa891aafe8e98e1e15d81b2b116e6c3808d0bbbec56cd24818e2e7ac911877c9
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Bet365 |
GET /061410/rcenter/common/js/gamebox/common/jquery.validate.extend.msites.js HTTP/1.1
Host: 3rzeeh.lxhhf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://64528.com:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 4126
Connection: keep-alive
Server: Default-server-KS-CLOUD-XJP-12-07
ETag: W/"655579ca-3a09"
Date: Fri, 05 Apr 2024 20:43:55 GMT
Last-Modified: Thu, 16 Nov 2023 02:09:14 GMT
Expires: Sun, 05 May 2024 20:43:55 GMT
Age: 1681403
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-204
x-link-via: xjp21:443;xjp12:80;
X-Cache-Status: HIT from KS-CLOUD-XJP-12-07, HIT from KS-CLOUD-XJP-FOREIGN-21-16
X-Cdn-Request-ID: 86939eee4e6e975993b35cf2d0b1c757
|
|
| 3rzeeh.lxhhf.com/ftl/commonPage/js/moment.js | 103.155.16.137 | 200 OK | 27 kB |
URL GET HTTP/1.13rzeeh.lxhhf.com/ftl/commonPage/js/moment.js IP103.155.16.137:443 ASN#138915 Kaopu Cloud HK Limited
CertificateIssuerUnizeto Technologies S.A. Subject*.lxhhf.com Fingerprint8D:5A:ED:78:BB:FB:17:9F:37:EA:A1:21:80:F7:F6:0A:13:DC:98:38 ValidityTue, 05 Dec 2023 08:15:55 GMT - Wed, 04 Dec 2024 08:15:54 GMT
File typeJavaScript source, Unicode text, UTF-8 text Hash36c8f828395a9395549bd6e7307cb7e9 f30a4961558e2d3d4405e7d93aa28fdb63245e78 5d5e32fa1e06a0bc9396f349d142ad248e82086543e438c890e43f41e692db33
GET /ftl/commonPage/js/moment.js HTTP/1.1
Host: 3rzeeh.lxhhf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://64528.com:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 26968
Connection: keep-alive
Server: Default-server-KS-CLOUD-XJP-FOREIGN-12-01
ETag: W/"64b633ca-1cab9"
Date: Tue, 16 Apr 2024 21:55:36 GMT
Last-Modified: Tue, 18 Jul 2023 06:40:10 GMT
Expires: Thu, 16 May 2024 21:55:36 GMT
Age: 726702
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding, Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-204
Content-Encoding: gzip
x-link-via: xjp21:443;xjp12:80;
X-Cache-Status: HIT from KS-CLOUD-XJP-FOREIGN-12-01, HIT from KS-CLOUD-XJP-FOREIGN-21-10
X-Cdn-Request-ID: 64a3b0d60ec3d49d8f6d4acbe1ef4441
|
|
| 3rzeeh.lxhhf.com/ftl/commonPage/js/theme/default/layer.css?v=3.1.0 | 103.155.16.137 | 200 OK | 3.1 kB |
URL GET HTTP/1.13rzeeh.lxhhf.com/ftl/commonPage/js/theme/default/layer.css?v=3.1.0 IP103.155.16.137:443 ASN#138915 Kaopu Cloud HK Limited
CertificateIssuerUnizeto Technologies S.A. Subject*.lxhhf.com Fingerprint8D:5A:ED:78:BB:FB:17:9F:37:EA:A1:21:80:F7:F6:0A:13:DC:98:38 ValidityTue, 05 Dec 2023 08:15:55 GMT - Wed, 04 Dec 2024 08:15:54 GMT
Hash5cf9259b7dd27aacd46161ec23d261cf ba0c399616a5ae9cdd8aec5b76ba4aae4822367c 7f73a66b3a9a38576d124b6243a8984d795028e3493b8fa3f688d8dbe10cbccc
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Bet365 |
GET /ftl/commonPage/js/theme/default/layer.css?v=3.1.0 HTTP/1.1
Host: 3rzeeh.lxhhf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://64528.com:8989/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 3111
Connection: keep-alive
Server: Default-server-KS-CLOUD-XJP-FOREIGN-12-05
ETag: W/"6131d862-48e4"
Date: Tue, 16 Apr 2024 21:55:36 GMT
Last-Modified: Fri, 03 Sep 2021 08:10:10 GMT
Expires: Thu, 16 May 2024 21:55:36 GMT
Age: 726703
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-204
x-link-via: xjp21:443;xjp12:80;
X-Cache-Status: HIT from KS-CLOUD-XJP-FOREIGN-12-05, HIT from KS-CLOUD-XJP-FOREIGN-21-20
X-Cdn-Request-ID: 148a0674a3cb3c70f90d9342841882cb
|
|
| 3rzeeh.lxhhf.com/061410/rcenter/common/static/js/gb.validation.min.js?v=1713347147191 | 103.155.16.137 | 200 OK | 5.2 kB |
URL GET HTTP/1.13rzeeh.lxhhf.com/061410/rcenter/common/static/js/gb.validation.min.js?v=1713347147191 IP103.155.16.137:443 ASN#138915 Kaopu Cloud HK Limited
CertificateIssuerUnizeto Technologies S.A. Subject*.lxhhf.com Fingerprint8D:5A:ED:78:BB:FB:17:9F:37:EA:A1:21:80:F7:F6:0A:13:DC:98:38 ValidityTue, 05 Dec 2023 08:15:55 GMT - Wed, 04 Dec 2024 08:15:54 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (801) Hash30be40425b37bee4158676082cef1f4d b41ed46721936872d5d7eadf303ce22938240d2a f5ca5f543161a6b37ca2bf26c4f3c630fe08323108c77dac1fba6ce755ce6f47
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Bet365 |
GET /061410/rcenter/common/static/js/gb.validation.min.js?v=1713347147191 HTTP/1.1
Host: 3rzeeh.lxhhf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://64528.com:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 5207
Connection: keep-alive
Server: Default-server-KS-CLOUD-XJP-FOREIGN-12-06
ETag: W/"633d510e-7fd7"
Date: Sun, 14 Apr 2024 22:30:19 GMT
Last-Modified: Wed, 05 Oct 2022 09:40:30 GMT
Expires: Tue, 14 May 2024 22:30:19 GMT
Age: 897419
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xjp21:443;xjp12:80;
X-Cache-Status: HIT from KS-CLOUD-XJP-FOREIGN-12-06, HIT from KS-CLOUD-XJP-FOREIGN-21-16
X-Cdn-Request-ID: 0f3efc8dc7f81613a88ed87e90fc0342
|
|
| 3rzeeh.lxhhf.com/ftl/commonPage/themes/hb/css/pc.css | 103.155.16.137 | 200 OK | 911 B |
URL GET HTTP/1.13rzeeh.lxhhf.com/ftl/commonPage/themes/hb/css/pc.css IP103.155.16.137:443 ASN#138915 Kaopu Cloud HK Limited
CertificateIssuerUnizeto Technologies S.A. Subject*.lxhhf.com Fingerprint8D:5A:ED:78:BB:FB:17:9F:37:EA:A1:21:80:F7:F6:0A:13:DC:98:38 ValidityTue, 05 Dec 2023 08:15:55 GMT - Wed, 04 Dec 2024 08:15:54 GMT
Hash1da71520b7a0a61526a8fa8d0feb40d1 ba1bf69dad8783563328054cae58ccabf1b00829 5eb4d895bcb33061cda238c8ff4985ede69a866819b980c732cf3802ec101e8d
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Bet365 |
GET /ftl/commonPage/themes/hb/css/pc.css HTTP/1.1
Host: 3rzeeh.lxhhf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://64528.com:8989/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 911
Connection: keep-alive
Server: Default-server-KS-CLOUD-XJP-12-04
ETag: W/"5d848f4f-b5d"
Date: Tue, 16 Apr 2024 21:55:36 GMT
Last-Modified: Fri, 20 Sep 2019 08:35:27 GMT
Expires: Thu, 16 May 2024 21:55:36 GMT
Age: 726702
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding, Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
Content-Encoding: gzip
x-link-via: xjp21:443;xjp12:80;
X-Cache-Status: HIT from KS-CLOUD-XJP-12-04, HIT from KS-CLOUD-XJP-FOREIGN-21-11
X-Cdn-Request-ID: 60d65e5a8e44f7bf4a4f16f6a5cc05f9
|
|
| 3rzeeh.lxhhf.com/061410/rcenter/common/static/css/gb.validation.min.css | 103.155.16.137 | 200 OK | 3.8 kB |
URL GET HTTP/1.13rzeeh.lxhhf.com/061410/rcenter/common/static/css/gb.validation.min.css IP103.155.16.137:443 ASN#138915 Kaopu Cloud HK Limited
CertificateIssuerUnizeto Technologies S.A. Subject*.lxhhf.com Fingerprint8D:5A:ED:78:BB:FB:17:9F:37:EA:A1:21:80:F7:F6:0A:13:DC:98:38 ValidityTue, 05 Dec 2023 08:15:55 GMT - Wed, 04 Dec 2024 08:15:54 GMT
File typeUnicode text, UTF-8 text, with very long lines (2295) Hashf00ce0554efc5adea6a8e02d5e501cad 388840e376568b37ac0103aa5c87a268778db67a 3043f42fdd97ec607648da79c3abfa6f364404c7594143227c2541d1f0ac6069
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Bet365 |
GET /061410/rcenter/common/static/css/gb.validation.min.css HTTP/1.1
Host: 3rzeeh.lxhhf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://64528.com:8989/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 3788
Connection: keep-alive
Server: Default-server-KS-CLOUD-XJP-12-04
ETag: W/"633d510e-2d52"
Date: Fri, 05 Apr 2024 06:42:39 GMT
Last-Modified: Wed, 05 Oct 2022 09:40:30 GMT
Expires: Sun, 05 May 2024 06:42:39 GMT
Age: 1731880
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xjp21:443;xjp12:80;
X-Cache-Status: HIT from KS-CLOUD-XJP-12-04, HIT from KS-CLOUD-XJP-FOREIGN-21-19
X-Cdn-Request-ID: 43ff7603f183a3aacd3fddaed46d8825
|
|
| 64528.com:8989/mobile-api/v5/origin/getFloat.html | 20.239.193.208 | 200 OK | 106 B |
URL POST HTTP/1.164528.com:8989/mobile-api/v5/origin/getFloat.html IP20.239.193.208:8989 ASN#8075 MICROSOFT-CORP-MSN-AS-BLOCK
CertificateIssuerLet's Encrypt Subject64528.com Fingerprint87:D8:18:8F:D3:94:EF:E2:AB:16:29:47:F1:38:F8:03:72:0C:14:F0 ValiditySat, 20 Apr 2024 02:12:39 GMT - Fri, 19 Jul 2024 02:12:38 GMT
Hash18da76ef30828950957abc98b28e7327 dc5c652bbb18e3bf5d2f14776ce2e10710e0decb 45c7e7ed630f2a5c7a48a85a78bf558f3a831d66085669a7953dfb0ea646fa54
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Bet365 | | Quad9 DNS | malicious | Sinkholed |
POST /mobile-api/v5/origin/getFloat.html HTTP/1.1
Host: 64528.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 68
Origin: https://64528.com:8989
DNT: 1
Connection: keep-alive
Referer: https://64528.com:8989/
Cookie: sticket=OMll0TkRBMFlpMDVO
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Access-Control-Allow-Headers: Content-Type,Access-Token,X-Requested-With
Access-Control-Allow-Methods: *
Access-Control-Allow-Origin: https://64528.com:8989
Access-Control-Max-Age: 3600
Content-Disposition: inline;filename=f.txt
Content-Encoding: br
Content-Type: text/html;charset=utf-8
Date: Thu, 25 Apr 2024 07:47:19 GMT
Out-Line: gb-cdn-129
Set-Cookie: route=1bd47f3fb2de4e856ef59c7ef0cfd5c8; Path=/
Sub-Sys: mobile
Uuid: 01733-01-00000000-1714031239f80f
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
Content-Length: 106
|
|
| 3rzeeh.lxhhf.com/ftl/commonPage/zh_CN/mobileTopic/images/special_3.jpg | 103.155.16.137 | 200 OK | 6.9 kB |
URL GET HTTP/1.13rzeeh.lxhhf.com/ftl/commonPage/zh_CN/mobileTopic/images/special_3.jpg IP103.155.16.137:443 ASN#138915 Kaopu Cloud HK Limited
CertificateIssuerUnizeto Technologies S.A. Subject*.lxhhf.com Fingerprint8D:5A:ED:78:BB:FB:17:9F:37:EA:A1:21:80:F7:F6:0A:13:DC:98:38 ValidityTue, 05 Dec 2023 08:15:55 GMT - Wed, 04 Dec 2024 08:15:54 GMT
File typeJPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 168x168, components 3 Hash99be4bfe275809d4e436b77c991b1381 54eadee77394eb62ccf377ae68d9f49acb5b6785 4ca35131972acdf420b94f0d64a5a0f504eb5a7b0e6fb7b8b467916a12aae37d
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Bet365 |
GET /ftl/commonPage/zh_CN/mobileTopic/images/special_3.jpg HTTP/1.1
Host: 3rzeeh.lxhhf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://64528.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 6871
Connection: keep-alive
Server: Default-server-KS-CLOUD-XJP-12-02
ETag: "5d848f4f-1ad7"
Date: Tue, 16 Apr 2024 21:55:35 GMT
Last-Modified: Fri, 20 Sep 2019 08:35:27 GMT
Expires: Thu, 16 May 2024 21:55:35 GMT
Age: 726703
Cache-Control: max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xjp21:443;xjp12:80;
X-Cache-Status: HIT from KS-CLOUD-XJP-12-02, HIT from KS-CLOUD-XJP-FOREIGN-21-10
X-Cdn-Request-ID: 12085a3c47494a4ca8c2d3815624856f
|
|
| 64528.com:8989/index/getAppsUrl.html?device=android&fPixelId=&accessToken=&apiVersion= | 20.239.57.18 | 200 OK | 914 B |
URL GET HTTP/1.164528.com:8989/index/getAppsUrl.html?device=android&fPixelId=&accessToken=&apiVersion= IP20.239.57.18:8989 ASN#8075 MICROSOFT-CORP-MSN-AS-BLOCK
CertificateIssuerLet's Encrypt Subject64528.com Fingerprint87:D8:18:8F:D3:94:EF:E2:AB:16:29:47:F1:38:F8:03:72:0C:14:F0 ValiditySat, 20 Apr 2024 02:12:39 GMT - Fri, 19 Jul 2024 02:12:38 GMT
Hash60a3b0abec48766f35439f06e4318002 e13e89884d9d6deb91c84e76e96371b1dfeca92e 3634d2abc8f93ca266eef4e05ef3e8c2e1943955740144fc218bf70c49aa9d72
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /index/getAppsUrl.html?device=android&fPixelId=&accessToken=&apiVersion= HTTP/1.1
Host: 64528.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://64528.com:8989/
Cookie: sticket=OMll0TkRBMFlpMDVO
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Disposition: inline;filename=f.txt
Content-Encoding: gzip
Content-Type: text/html; charset=utf-8
Date: Thu, 25 Apr 2024 07:47:19 GMT
Out-Line: gb-cdn-129
Set-Cookie: route=f99a9c30dbd1a887d1dbc0d8dc11c2e5; Path=/
Sub-Sys: msite
Uuid: 01733-01-00000000-1714031239386a
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
Content-Length: 914
|
|
| 64528.com:8989/index/getUserTimeZoneDate.html?t=lvexy13z | 20.239.193.208 | 200 OK | 97 B |
URL GET HTTP/1.164528.com:8989/index/getUserTimeZoneDate.html?t=lvexy13z IP20.239.193.208:8989 ASN#8075 MICROSOFT-CORP-MSN-AS-BLOCK
CertificateIssuerLet's Encrypt Subject64528.com Fingerprint87:D8:18:8F:D3:94:EF:E2:AB:16:29:47:F1:38:F8:03:72:0C:14:F0 ValiditySat, 20 Apr 2024 02:12:39 GMT - Fri, 19 Jul 2024 02:12:38 GMT
Hash1e0eb43e6f472f91a8b00fe087a3d2b5 6d866d2e6c46ae672d30d5e2aa3fb3472a573562 3e9156e837b4ffde6f3e0f5004bcaa51920f9a4306b2063c6227a39955ab1544
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /index/getUserTimeZoneDate.html?t=lvexy13z HTTP/1.1
Host: 64528.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://64528.com:8989/
Cookie: sticket=OMll0TkRBMFlpMDVO; route=f99a9c30dbd1a887d1dbc0d8dc11c2e5
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cachettl: 3
Content-Disposition: inline;filename=f.txt
Content-Encoding: br
Content-Type: text/html; charset=utf-8
Date: Thu, 25 Apr 2024 07:47:20 GMT
Out-Line: gb-cdn-129
Sub-Sys: msite
Uuid: 01733-01-00000000-17140312409570
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
Content-Length: 97
|
|
| 64528.com:8989/favicon.ico | 20.239.57.18 | 404 Not Found | 150 B |
URL GET HTTP/1.164528.com:8989/favicon.ico IP20.239.57.18:8989 ASN#8075 MICROSOFT-CORP-MSN-AS-BLOCK
CertificateIssuerLet's Encrypt Subject64528.com Fingerprint87:D8:18:8F:D3:94:EF:E2:AB:16:29:47:F1:38:F8:03:72:0C:14:F0 ValiditySat, 20 Apr 2024 02:12:39 GMT - Fri, 19 Jul 2024 02:12:38 GMT
File typeHTML document, ASCII text, with CRLF line terminators Hash597ba0d4396e9c906225140ce907092c 28ae2ba65ccdb583d79f85b8cc9509fae697493b ee1a27178227546d3dcc49e611a6d72e4f1c30080ee4493ae4085b58a49e28e6
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Bet365 | | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: 64528.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://64528.com:8989/
Cookie: sticket=OMll0TkRBMFlpMDVO; route=f99a9c30dbd1a887d1dbc0d8dc11c2e5
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Content-Length: 150
Content-Type: text/html; charset=utf-8
Date: Thu, 25 Apr 2024 07:47:20 GMT
X-Frame-Options: SAMEORIGIN
|
|
| 64528.com:8989/headerInfo.html?t=lvexy1dn | 20.239.193.208 | 200 OK | 118 B |
URL GET HTTP/1.164528.com:8989/headerInfo.html?t=lvexy1dn IP20.239.193.208:8989 ASN#8075 MICROSOFT-CORP-MSN-AS-BLOCK
CertificateIssuerLet's Encrypt Subject64528.com Fingerprint87:D8:18:8F:D3:94:EF:E2:AB:16:29:47:F1:38:F8:03:72:0C:14:F0 ValiditySat, 20 Apr 2024 02:12:39 GMT - Fri, 19 Jul 2024 02:12:38 GMT
Hash5ca9cb85ec4512004699cede64fe6275 e556e80b1a3cb52d6facdfba154d4d8f311eaf70 94063049f4e74985e86d1f469e9a1791fd3af522eeac8a9c2dec57c824fd6391
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /headerInfo.html?t=lvexy1dn HTTP/1.1
Host: 64528.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://64528.com:8989/
Cookie: sticket=OMll0TkRBMFlpMDVO; route=f99a9c30dbd1a887d1dbc0d8dc11c2e5
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Disposition: inline;filename=f.txt
Content-Encoding: gzip
Content-Type: text/html; charset=utf-8
Date: Thu, 25 Apr 2024 07:47:20 GMT
Out-Line: gb-cdn-129
Sub-Sys: msite
Uuid: 01733-01-00000000-17140312405490
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
Content-Length: 118
|
|
| 64528.com:8989/mobile-api/v5/chess/getActivityMsg.html?function=sign | 20.239.193.208 | 200 OK | 113 B |
URL GET HTTP/1.164528.com:8989/mobile-api/v5/chess/getActivityMsg.html?function=sign IP20.239.193.208:8989 ASN#8075 MICROSOFT-CORP-MSN-AS-BLOCK
CertificateIssuerLet's Encrypt Subject64528.com Fingerprint87:D8:18:8F:D3:94:EF:E2:AB:16:29:47:F1:38:F8:03:72:0C:14:F0 ValiditySat, 20 Apr 2024 02:12:39 GMT - Fri, 19 Jul 2024 02:12:38 GMT
Hash381b7de0ec7283b89f95d816cdfffc33 c839889e199f44fdc2b2d04169768e322ceaee77 811dea6ceac68441b7e490a52c1ac0b873feb0c910175fa35c752dfc4126ecb8
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /mobile-api/v5/chess/getActivityMsg.html?function=sign HTTP/1.1
Host: 64528.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://64528.com:8989/
Cookie: sticket=OMll0TkRBMFlpMDVO; route=f99a9c30dbd1a887d1dbc0d8dc11c2e5
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Access-Control-Allow-Headers: Content-Type,Access-Token,X-Requested-With
Access-Control-Allow-Methods: *
Access-Control-Max-Age: 3600
Content-Disposition: inline;filename=f.txt
Content-Encoding: br
Content-Type: text/html;charset=utf-8
Date: Thu, 25 Apr 2024 07:47:20 GMT
Out-Line: gb-cdn-129
Set-Cookie: route=66776b881a59021b52807ef9298664ac; Path=/
Sub-Sys: mobile
Uuid: 01733-01-00000000-17140312401549
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
Content-Length: 113
|
|
| 64528.com:8989/mobile-api/v5/origin/loginSwitchCheck.html | 20.239.57.18 | 200 OK | 113 B |
URL GET HTTP/1.164528.com:8989/mobile-api/v5/origin/loginSwitchCheck.html IP20.239.57.18:8989 ASN#8075 MICROSOFT-CORP-MSN-AS-BLOCK
CertificateIssuerLet's Encrypt Subject64528.com Fingerprint87:D8:18:8F:D3:94:EF:E2:AB:16:29:47:F1:38:F8:03:72:0C:14:F0 ValiditySat, 20 Apr 2024 02:12:39 GMT - Fri, 19 Jul 2024 02:12:38 GMT
Hash1452cebf3e2bb129b06762f43f09e5c8 0ec65f1e79233e8c59f76c55fb89ac8637cfb070 99a31cd18b8ce37d3725d0a77d5e314452d2906ed2b54b8b19d4de849d1bf13d
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Bet365 | | Quad9 DNS | malicious | Sinkholed |
GET /mobile-api/v5/origin/loginSwitchCheck.html HTTP/1.1
Host: 64528.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://64528.com:8989/
Cookie: sticket=OMll0TkRBMFlpMDVO; route=f99a9c30dbd1a887d1dbc0d8dc11c2e5
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Access-Control-Allow-Headers: Content-Type,Access-Token,X-Requested-With
Access-Control-Allow-Methods: *
Access-Control-Max-Age: 3600
Content-Disposition: inline;filename=f.txt
Content-Encoding: br
Content-Type: text/html;charset=utf-8
Date: Thu, 25 Apr 2024 07:47:20 GMT
Out-Line: gb-cdn-129
Set-Cookie: route=181dd5ae39c7acd81ad5ca039c14a954; Path=/
Sub-Sys: mobile
Uuid: 01733-01-00000000-17140312400bf2
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
Content-Length: 113
|
|
| 64528.com:8989/index/getUserTimeZoneDate.html?t=lvexy1ow | 20.239.57.18 | 200 OK | 97 B |
URL GET HTTP/1.164528.com:8989/index/getUserTimeZoneDate.html?t=lvexy1ow IP20.239.57.18:8989 ASN#8075 MICROSOFT-CORP-MSN-AS-BLOCK
CertificateIssuerLet's Encrypt Subject64528.com Fingerprint87:D8:18:8F:D3:94:EF:E2:AB:16:29:47:F1:38:F8:03:72:0C:14:F0 ValiditySat, 20 Apr 2024 02:12:39 GMT - Fri, 19 Jul 2024 02:12:38 GMT
Hashf1667109c2bb771aefe9f4a8d4d42001 5ec711c8f6427ae9a79bbdecec1ebc26f79f669a 8def98464b53c37416abfe5fc5917f8dfd612d436d63618dbb676a60115a6310
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /index/getUserTimeZoneDate.html?t=lvexy1ow HTTP/1.1
Host: 64528.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://64528.com:8989/
Cookie: sticket=OMll0TkRBMFlpMDVO; route=f99a9c30dbd1a887d1dbc0d8dc11c2e5
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cachettl: 3
Content-Disposition: inline;filename=f.txt
Content-Encoding: br
Content-Type: text/html; charset=utf-8
Date: Thu, 25 Apr 2024 07:47:20 GMT
Out-Line: gb-cdn-129
Sub-Sys: msite
Uuid: 01733-01-00000000-1714031240adeb
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
Content-Length: 97
|
|
| 64528.com:8989/ftl/commonPage/themes/fonts/gui-fonts/gui.ttf | 20.239.57.18 | 200 OK | 422 kB |
URL GET HTTP/1.164528.com:8989/ftl/commonPage/themes/fonts/gui-fonts/gui.ttf IP20.239.57.18:8989 ASN#8075 MICROSOFT-CORP-MSN-AS-BLOCK
CertificateIssuerLet's Encrypt Subject64528.com Fingerprint87:D8:18:8F:D3:94:EF:E2:AB:16:29:47:F1:38:F8:03:72:0C:14:F0 ValiditySat, 20 Apr 2024 02:12:39 GMT - Fri, 19 Jul 2024 02:12:38 GMT
File typeTrueType Font data, 11 tables, 1st "OS/2", 14 names, Macintosh, type 1 string, icomoon Size422 kB (422364 bytes) Hashe107469ba07f37a8825e8bd660beade8 13eccefb6250f6e5bb149f835e88b55c44fa07f1 cad7e549ef2e5fda70e63870c4f0d9ca27fdbd2813e1229dd07bdbe271c615a1
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /ftl/commonPage/themes/fonts/gui-fonts/gui.ttf HTTP/1.1
Host: 64528.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://64528.com:8989/ftl/commonPage/themes/gui-base.css
Cookie: sticket=OMll0TkRBMFlpMDVO
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
Content-Length: 422364
Content-Type: application/octet-stream
Date: Thu, 25 Apr 2024 07:47:19 GMT
Etag: "661623eb-671dc"
Expires: Fri, 26 Apr 2024 07:47:19 GMT
Last-Modified: Wed, 10 Apr 2024 05:30:19 GMT
Out-Line: gb-cdn-129
Uuid: -
X-Cache: HIT
X-Frame-Options: SAMEORIGIN
|
|
| 64528.com:8989/mobile-api/v5/origin/getThirdParam.html | 20.239.193.208 | 200 OK | 86 B |
URL GET HTTP/1.164528.com:8989/mobile-api/v5/origin/getThirdParam.html IP20.239.193.208:8989 ASN#8075 MICROSOFT-CORP-MSN-AS-BLOCK
CertificateIssuerLet's Encrypt Subject64528.com Fingerprint87:D8:18:8F:D3:94:EF:E2:AB:16:29:47:F1:38:F8:03:72:0C:14:F0 ValiditySat, 20 Apr 2024 02:12:39 GMT - Fri, 19 Jul 2024 02:12:38 GMT
Hash9ac55fe189e4f53f37156e563e0f542e 18b13b1360ce9fbd973e046d2652be38d58a15e0 d7e02321006e1520d4c3e8d26428462419388e022cc89f3c974d0b87ad83af7b
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Bet365 | | Quad9 DNS | malicious | Sinkholed |
GET /mobile-api/v5/origin/getThirdParam.html HTTP/1.1
Host: 64528.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://64528.com:8989/
Cookie: sticket=OMll0TkRBMFlpMDVO; route=181dd5ae39c7acd81ad5ca039c14a954
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Access-Control-Allow-Headers: Content-Type,Access-Token,X-Requested-With
Access-Control-Allow-Methods: *
Access-Control-Max-Age: 3600
Content-Disposition: inline;filename=f.txt
Content-Encoding: br
Content-Type: text/html;charset=utf-8
Date: Thu, 25 Apr 2024 07:47:21 GMT
Out-Line: gb-cdn-129
Sub-Sys: mobile
Uuid: 01733-01-00000000-1714031241266d
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
Content-Length: 86
|
|
| 3rzeeh.lxhhf.com/ftl/bet365-1733/themes/images/language-zh_CN.png.base64 | 103.155.16.137 | 200 OK | 2.0 kB |
URL GET HTTP/1.13rzeeh.lxhhf.com/ftl/bet365-1733/themes/images/language-zh_CN.png.base64 IP103.155.16.137:443 ASN#138915 Kaopu Cloud HK Limited
CertificateIssuerUnizeto Technologies S.A. Subject*.lxhhf.com Fingerprint8D:5A:ED:78:BB:FB:17:9F:37:EA:A1:21:80:F7:F6:0A:13:DC:98:38 ValidityTue, 05 Dec 2023 08:15:55 GMT - Wed, 04 Dec 2024 08:15:54 GMT
Hashacb0023f8ae926ffbfce1ce7a486ada5 38957d4c98b63fb887eedadf574cf2a3865846b3 16a91990d7d8f863e9026abde2f29b64705da2e87a4a3ffc035b127e26caa586
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Bet365 |
GET /ftl/bet365-1733/themes/images/language-zh_CN.png.base64 HTTP/1.1
Host: 3rzeeh.lxhhf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://64528.com:8989
DNT: 1
Connection: keep-alive
Referer: https://64528.com:8989/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/plain; charset=utf-8
Content-Length: 2002
Connection: keep-alive
Server: Default-server-KS-CLOUD-XJP-12-03
ETag: "646ade39-7d2"
Date: Tue, 16 Apr 2024 22:55:08 GMT
Last-Modified: Mon, 22 May 2023 03:15:05 GMT
Expires: Thu, 16 May 2024 22:55:08 GMT
Age: 723133
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xjp21:443;xjp12:80;
X-Cache-Status: HIT from KS-CLOUD-XJP-12-03, HIT from KS-CLOUD-XJP-FOREIGN-21-09
X-Cdn-Request-ID: d32b039a1f7be4554f51c7e926294fe6
|
|
| 64528.com:8989/ftl/commonPage/themes/images/layer-dialog/gui-layer-close-bg.png | 20.239.57.18 | 200 OK | 1.3 kB |
URL GET HTTP/1.164528.com:8989/ftl/commonPage/themes/images/layer-dialog/gui-layer-close-bg.png IP20.239.57.18:8989 ASN#8075 MICROSOFT-CORP-MSN-AS-BLOCK
CertificateIssuerLet's Encrypt Subject64528.com Fingerprint87:D8:18:8F:D3:94:EF:E2:AB:16:29:47:F1:38:F8:03:72:0C:14:F0 ValiditySat, 20 Apr 2024 02:12:39 GMT - Fri, 19 Jul 2024 02:12:38 GMT
File typePNG image data, 34 x 34, 8-bit/color RGBA, non-interlaced Hasha2e938202c0287b9c82461a6fd94dee9 b5e2adc7cb07c18a70a88af314e56b946ec1a1b6 df9ce20db277ad8302c704a73aff5024683a0d38aff0d3e7e884a67a24439936
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Bet365 | | Quad9 DNS | malicious | Sinkholed |
GET /ftl/commonPage/themes/images/layer-dialog/gui-layer-close-bg.png HTTP/1.1
Host: 64528.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://64528.com:8989/ftl/commonPage/themes/gui-layer.css
Cookie: sticket=OMll0TkRBMFlpMDVO; route=181dd5ae39c7acd81ad5ca039c14a954
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
Content-Length: 1321
Content-Type: image/png
Date: Thu, 25 Apr 2024 07:47:21 GMT
Etag: "5d848f4f-529"
Expires: Fri, 26 Apr 2024 07:47:21 GMT
Last-Modified: Fri, 20 Sep 2019 08:35:27 GMT
Out-Line: gb-cdn-129
Uuid: -
X-Cache: HIT
X-Frame-Options: SAMEORIGIN
|
|
| 3rzeeh.lxhhf.com/ftl/bet365-1733/themes/images/language-vi_VN.png.base64 | 103.155.16.137 | 200 OK | 2.0 kB |
URL GET HTTP/1.13rzeeh.lxhhf.com/ftl/bet365-1733/themes/images/language-vi_VN.png.base64 IP103.155.16.137:443 ASN#138915 Kaopu Cloud HK Limited
CertificateIssuerUnizeto Technologies S.A. Subject*.lxhhf.com Fingerprint8D:5A:ED:78:BB:FB:17:9F:37:EA:A1:21:80:F7:F6:0A:13:DC:98:38 ValidityTue, 05 Dec 2023 08:15:55 GMT - Wed, 04 Dec 2024 08:15:54 GMT
Hash3d5eee7726266b36e35da0cd9816ccc8 e1a24829929dba71a23b55170eaa180e94747263 0f5c6e47bf158fd5177856fd3542a45705c1caea18a96042913718d0f07a419a
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Bet365 |
GET /ftl/bet365-1733/themes/images/language-vi_VN.png.base64 HTTP/1.1
Host: 3rzeeh.lxhhf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://64528.com:8989
DNT: 1
Connection: keep-alive
Referer: https://64528.com:8989/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/plain; charset=utf-8
Content-Length: 2023
Connection: keep-alive
Server: Default-server-KS-CLOUD-XJP-FOREIGN-12-01
ETag: "646ade39-7e7"
Date: Tue, 16 Apr 2024 22:55:07 GMT
Last-Modified: Mon, 22 May 2023 03:15:05 GMT
Expires: Thu, 16 May 2024 22:55:07 GMT
Age: 723134
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xjp21:443;xjp12:80;
X-Cache-Status: HIT from KS-CLOUD-XJP-FOREIGN-12-01, HIT from KS-CLOUD-XJP-FOREIGN-21-19
X-Cdn-Request-ID: 675ed2b5df475679a24b3885eb672d51
|
|
| 3rzeeh.lxhhf.com/ftl/bet365-1733/images/index-ban-04.jpg.base64 | 103.155.16.137 | 200 OK | 40 kB |
URL GET HTTP/1.13rzeeh.lxhhf.com/ftl/bet365-1733/images/index-ban-04.jpg.base64 IP103.155.16.137:443 ASN#138915 Kaopu Cloud HK Limited
CertificateIssuerUnizeto Technologies S.A. Subject*.lxhhf.com Fingerprint8D:5A:ED:78:BB:FB:17:9F:37:EA:A1:21:80:F7:F6:0A:13:DC:98:38 ValidityTue, 05 Dec 2023 08:15:55 GMT - Wed, 04 Dec 2024 08:15:54 GMT
Hash72c65f87289282628ce7e4b917668d8a 3f94a9d261df74ce15adf215d4fe70457bc072e2 16b4ff259955417ed8780f28251ae9f6f7e32b7702fbd49c9191d09a5eaf8932
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Bet365 |
GET /ftl/bet365-1733/images/index-ban-04.jpg.base64 HTTP/1.1
Host: 3rzeeh.lxhhf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://64528.com:8989
DNT: 1
Connection: keep-alive
Referer: https://64528.com:8989/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/plain; charset=utf-8
Content-Length: 40494
Connection: keep-alive
Server: Default-server-KS-CLOUD-XJP-12-08
ETag: "646ade39-9e2e"
Date: Tue, 16 Apr 2024 22:55:07 GMT
Last-Modified: Mon, 22 May 2023 03:15:05 GMT
Expires: Thu, 16 May 2024 22:55:07 GMT
Age: 723133
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xjp21:443;xjp12:80;
X-Cache-Status: HIT from KS-CLOUD-XJP-12-08, HIT from KS-CLOUD-XJP-FOREIGN-21-19
X-Cdn-Request-ID: 982ab4e948af72b5ac9d8457e823cd6d
|
|
| 3rzeeh.lxhhf.com/ftl/bet365-1733/themes/images/language-zh_TW.png.base64 | 103.155.16.137 | 200 OK | 2.2 kB |
URL GET HTTP/1.13rzeeh.lxhhf.com/ftl/bet365-1733/themes/images/language-zh_TW.png.base64 IP103.155.16.137:443 ASN#138915 Kaopu Cloud HK Limited
CertificateIssuerUnizeto Technologies S.A. Subject*.lxhhf.com Fingerprint8D:5A:ED:78:BB:FB:17:9F:37:EA:A1:21:80:F7:F6:0A:13:DC:98:38 ValidityTue, 05 Dec 2023 08:15:55 GMT - Wed, 04 Dec 2024 08:15:54 GMT
Hash0bc3faf9dc56b9c615978bbbff022943 156e43b744cef1306c454506e61452f4ef7314f3 e29763707ae9170bbd9f278651689771fd39cdd073662eb4a2371bc8184a36ce
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Bet365 |
GET /ftl/bet365-1733/themes/images/language-zh_TW.png.base64 HTTP/1.1
Host: 3rzeeh.lxhhf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://64528.com:8989
DNT: 1
Connection: keep-alive
Referer: https://64528.com:8989/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/plain; charset=utf-8
Content-Length: 2165
Connection: keep-alive
Server: Default-server-KS-CLOUD-XJP-12-02
ETag: "646ade39-875"
Date: Tue, 16 Apr 2024 22:55:08 GMT
Last-Modified: Mon, 22 May 2023 03:15:05 GMT
Expires: Thu, 16 May 2024 22:55:08 GMT
Age: 723133
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xjp21:443;xjp12:80;
X-Cache-Status: HIT from KS-CLOUD-XJP-12-02, HIT from KS-CLOUD-XJP-FOREIGN-21-08
X-Cdn-Request-ID: e3b1524d59d62180ea51de7d62b34e43
|
|
| 3rzeeh.lxhhf.com/ftl/bet365-1733/themes/images/language-en_US.png.base64 | 103.155.16.137 | 200 OK | 2.1 kB |
URL GET HTTP/1.13rzeeh.lxhhf.com/ftl/bet365-1733/themes/images/language-en_US.png.base64 IP103.155.16.137:443 ASN#138915 Kaopu Cloud HK Limited
CertificateIssuerUnizeto Technologies S.A. Subject*.lxhhf.com Fingerprint8D:5A:ED:78:BB:FB:17:9F:37:EA:A1:21:80:F7:F6:0A:13:DC:98:38 ValidityTue, 05 Dec 2023 08:15:55 GMT - Wed, 04 Dec 2024 08:15:54 GMT
Hasha44e99626d1ffdebc9145d5eeb7a515a 6d31235bdcbe6772c40af2ead4f4a07f0f1701fe a0f96f7f43630d5c12ff62c0124384305898121b9f57a29bcaf9024bd72e80f0
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Bet365 |
GET /ftl/bet365-1733/themes/images/language-en_US.png.base64 HTTP/1.1
Host: 3rzeeh.lxhhf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://64528.com:8989
DNT: 1
Connection: keep-alive
Referer: https://64528.com:8989/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/plain; charset=utf-8
Content-Length: 2136
Connection: keep-alive
Server: Default-server-KS-CLOUD-XJP-FOREIGN-12-05
ETag: "646ade39-858"
Date: Tue, 16 Apr 2024 22:55:07 GMT
Last-Modified: Mon, 22 May 2023 03:15:05 GMT
Expires: Thu, 16 May 2024 22:55:07 GMT
Age: 723134
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xjp21:443;xjp12:80;
X-Cache-Status: HIT from KS-CLOUD-XJP-FOREIGN-12-05, HIT from KS-CLOUD-XJP-FOREIGN-21-09
X-Cdn-Request-ID: f2baa0c579cfb5ff5c1fc14db18328c6
|
|
| 3rzeeh.lxhhf.com/ftl/bet365-1733/themes/images/language-ja_JP.png.base64 | 103.155.16.137 | 200 OK | 1.6 kB |
URL GET HTTP/1.13rzeeh.lxhhf.com/ftl/bet365-1733/themes/images/language-ja_JP.png.base64 IP103.155.16.137:443 ASN#138915 Kaopu Cloud HK Limited
CertificateIssuerUnizeto Technologies S.A. Subject*.lxhhf.com Fingerprint8D:5A:ED:78:BB:FB:17:9F:37:EA:A1:21:80:F7:F6:0A:13:DC:98:38 ValidityTue, 05 Dec 2023 08:15:55 GMT - Wed, 04 Dec 2024 08:15:54 GMT
Hashebfafa7812ff5a166c3a5651264fac64 e3ba15c69c4b52125aa6c24fadced84ea20f9266 e59169dff05de423209ce0204c75ef5670b8c5234bf7e60bcf607e83872e7cfc
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Bet365 |
GET /ftl/bet365-1733/themes/images/language-ja_JP.png.base64 HTTP/1.1
Host: 3rzeeh.lxhhf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://64528.com:8989
DNT: 1
Connection: keep-alive
Referer: https://64528.com:8989/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/plain; charset=utf-8
Content-Length: 1630
Connection: keep-alive
Server: Default-server-KS-CLOUD-XJP-FOREIGN-12-06
ETag: "646ade39-65e"
Date: Tue, 16 Apr 2024 22:55:06 GMT
Last-Modified: Mon, 22 May 2023 03:15:05 GMT
Expires: Thu, 16 May 2024 22:55:06 GMT
Age: 723135
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xjp21:443;xjp12:80;
X-Cache-Status: HIT from KS-CLOUD-XJP-FOREIGN-12-06, HIT from KS-CLOUD-XJP-FOREIGN-21-11
X-Cdn-Request-ID: a2b4517305f5910844edc9595766891f
|
|
| 3rzeeh.lxhhf.com/ftl/bet365-1733/themes/images/language-th_TH.png.base64 | 103.155.16.137 | 200 OK | 1.8 kB |
URL GET HTTP/1.13rzeeh.lxhhf.com/ftl/bet365-1733/themes/images/language-th_TH.png.base64 IP103.155.16.137:443 ASN#138915 Kaopu Cloud HK Limited
CertificateIssuerUnizeto Technologies S.A. Subject*.lxhhf.com Fingerprint8D:5A:ED:78:BB:FB:17:9F:37:EA:A1:21:80:F7:F6:0A:13:DC:98:38 ValidityTue, 05 Dec 2023 08:15:55 GMT - Wed, 04 Dec 2024 08:15:54 GMT
Hash7f73aaf76bcd269061c3063976330794 1f85fc29389cd16d931aab2a3dfda16a8d78662c 91cbc274b6516bed37e7e00ed4e3ca8728d8df824e55bc0d2fd191329cea39cf
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Bet365 |
GET /ftl/bet365-1733/themes/images/language-th_TH.png.base64 HTTP/1.1
Host: 3rzeeh.lxhhf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://64528.com:8989
DNT: 1
Connection: keep-alive
Referer: https://64528.com:8989/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/plain; charset=utf-8
Content-Length: 1788
Connection: keep-alive
Server: Default-server-KS-CLOUD-XJP-12-09
ETag: "646ade39-6fc"
Date: Tue, 16 Apr 2024 22:55:08 GMT
Last-Modified: Mon, 22 May 2023 03:15:05 GMT
Expires: Thu, 16 May 2024 22:55:08 GMT
Age: 723134
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xjp21:443;xjp12:80;
X-Cache-Status: HIT from KS-CLOUD-XJP-12-09, HIT from KS-CLOUD-XJP-FOREIGN-21-06
X-Cdn-Request-ID: 607618b5ea5a0bdc4ec118493da7ed30
|
|
| 3rzeeh.lxhhf.com/ftl/bet365-1733/themes/images/language-in_ID.png.base64 | 103.155.16.137 | 200 OK | 1.5 kB |
URL GET HTTP/1.13rzeeh.lxhhf.com/ftl/bet365-1733/themes/images/language-in_ID.png.base64 IP103.155.16.137:443 ASN#138915 Kaopu Cloud HK Limited
CertificateIssuerUnizeto Technologies S.A. Subject*.lxhhf.com Fingerprint8D:5A:ED:78:BB:FB:17:9F:37:EA:A1:21:80:F7:F6:0A:13:DC:98:38 ValidityTue, 05 Dec 2023 08:15:55 GMT - Wed, 04 Dec 2024 08:15:54 GMT
Hashf290bf969c50387c3e1f05a5e9ecfa71 497beb2c1f6f1851785070b95d86b54a17a20df9 cff07b4f6c975d981e02a521d63d31f3cd99a2d8bae77b8d471d12faa034f916
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Bet365 |
GET /ftl/bet365-1733/themes/images/language-in_ID.png.base64 HTTP/1.1
Host: 3rzeeh.lxhhf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://64528.com:8989
DNT: 1
Connection: keep-alive
Referer: https://64528.com:8989/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/plain; charset=utf-8
Content-Length: 1520
Connection: keep-alive
Server: Default-server-KS-CLOUD-XJP-12-08
ETag: "646ade39-5f0"
Date: Tue, 16 Apr 2024 22:55:08 GMT
Last-Modified: Mon, 22 May 2023 03:15:05 GMT
Expires: Thu, 16 May 2024 22:55:08 GMT
Age: 723134
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xjp21:443;xjp12:80;
X-Cache-Status: HIT from KS-CLOUD-XJP-12-08, HIT from KS-CLOUD-XJP-FOREIGN-21-20
X-Cdn-Request-ID: 677c2826be91c14defd8bbfeea4ff4a2
|
|
| 3rzeeh.lxhhf.com/ftl/bet365-1733/themes/images/icon-menu-api-bc.png.base64 | 103.155.16.137 | 200 OK | 4.6 kB |
URL GET HTTP/1.13rzeeh.lxhhf.com/ftl/bet365-1733/themes/images/icon-menu-api-bc.png.base64 IP103.155.16.137:443 ASN#138915 Kaopu Cloud HK Limited
CertificateIssuerUnizeto Technologies S.A. Subject*.lxhhf.com Fingerprint8D:5A:ED:78:BB:FB:17:9F:37:EA:A1:21:80:F7:F6:0A:13:DC:98:38 ValidityTue, 05 Dec 2023 08:15:55 GMT - Wed, 04 Dec 2024 08:15:54 GMT
Hash92db7902397b3c16e02080dd226298c2 94f5fba323b1a59cb025ccfbba95cd2b778f1368 1b5c1e8d4c08ffc1c47f6980dba82a757f6a547d5bdc659462158338a3e5a66c
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Bet365 |
GET /ftl/bet365-1733/themes/images/icon-menu-api-bc.png.base64 HTTP/1.1
Host: 3rzeeh.lxhhf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://64528.com:8989
DNT: 1
Connection: keep-alive
Referer: https://64528.com:8989/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/plain; charset=utf-8
Content-Length: 4596
Connection: keep-alive
Server: Default-server-KS-CLOUD-XJP-12-07
ETag: "646ade39-11f4"
Date: Tue, 16 Apr 2024 22:55:09 GMT
Last-Modified: Mon, 22 May 2023 03:15:05 GMT
Expires: Thu, 16 May 2024 22:55:09 GMT
Age: 723132
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xjp21:443;xjp12:80;
X-Cache-Status: HIT from KS-CLOUD-XJP-12-07, HIT from KS-CLOUD-XJP-FOREIGN-21-05
X-Cdn-Request-ID: 092cdc9e55ae257774b12d52835b2411
|
|
| 3rzeeh.lxhhf.com/ftl/bet365-1733/themes/images/language-ko_KR.png.base64 | 103.155.16.137 | 200 OK | 2.1 kB |
URL GET HTTP/1.13rzeeh.lxhhf.com/ftl/bet365-1733/themes/images/language-ko_KR.png.base64 IP103.155.16.137:443 ASN#138915 Kaopu Cloud HK Limited
CertificateIssuerUnizeto Technologies S.A. Subject*.lxhhf.com Fingerprint8D:5A:ED:78:BB:FB:17:9F:37:EA:A1:21:80:F7:F6:0A:13:DC:98:38 ValidityTue, 05 Dec 2023 08:15:55 GMT - Wed, 04 Dec 2024 08:15:54 GMT
Hash619c9fe5c99c3393465ce822532a4952 cd28e39bcec6782ef8491cd92cb042795e034fc7 8eaeb1934910c8b46646455ca7fc7a59fcb9490481a13c4238b33e6b21ab6987
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Bet365 |
GET /ftl/bet365-1733/themes/images/language-ko_KR.png.base64 HTTP/1.1
Host: 3rzeeh.lxhhf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://64528.com:8989
DNT: 1
Connection: keep-alive
Referer: https://64528.com:8989/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/plain; charset=utf-8
Content-Length: 2124
Connection: keep-alive
Server: Default-server-KS-CLOUD-XJP-12-02
ETag: "646ade39-84c"
Date: Tue, 16 Apr 2024 22:55:09 GMT
Last-Modified: Mon, 22 May 2023 03:15:05 GMT
Expires: Thu, 16 May 2024 22:55:09 GMT
Age: 723133
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xjp21:443;xjp12:80;
X-Cache-Status: HIT from KS-CLOUD-XJP-12-02, HIT from KS-CLOUD-XJP-FOREIGN-21-09
X-Cdn-Request-ID: 02d2913379d4788fcf029e0b7ff64ec2
|
|
| 3rzeeh.lxhhf.com/fserver/files/gb/1733/Logo/1/1684727663866.png.base64 | 103.155.16.137 | 200 OK | 14 kB |
URL GET HTTP/1.13rzeeh.lxhhf.com/fserver/files/gb/1733/Logo/1/1684727663866.png.base64 IP103.155.16.137:443 ASN#138915 Kaopu Cloud HK Limited
CertificateIssuerUnizeto Technologies S.A. Subject*.lxhhf.com Fingerprint8D:5A:ED:78:BB:FB:17:9F:37:EA:A1:21:80:F7:F6:0A:13:DC:98:38 ValidityTue, 05 Dec 2023 08:15:55 GMT - Wed, 04 Dec 2024 08:15:54 GMT
File typeASCII text, with very long lines (14169), with no line terminators Hashe39b13609cd87b89bfff18eb8b5078ce 29090be84f725f931bc237d0f61a74714067f273 16d4a1783755a9beb7ee5dcc45e9c347fcdc9a9d24a1a90f283e6e28305bd3c8
GET /fserver/files/gb/1733/Logo/1/1684727663866.png.base64 HTTP/1.1
Host: 3rzeeh.lxhhf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://64528.com:8989
DNT: 1
Connection: keep-alive
Referer: https://64528.com:8989/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/plain; charset=utf-8
Content-Length: 14169
Connection: keep-alive
Server: Default-server-KS-CLOUD-XJP-12-08
ETag: "646ae76f-3759"
Date: Sat, 06 Apr 2024 09:24:26 GMT
Last-Modified: Mon, 22 May 2023 03:54:23 GMT
Expires: Mon, 06 May 2024 09:24:26 GMT
Age: 1635775
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xjp21:443;xjp12:80;
X-Cache-Status: HIT from KS-CLOUD-XJP-12-08, HIT from KS-CLOUD-XJP-FOREIGN-21-13
X-Cdn-Request-ID: b5c55f75a1b7c0b21b095f49b7c07aa4
|
|
| 3rzeeh.lxhhf.com/fserver/files/game/BBIN/MOBILE/bbegame114.png.base64 | 103.155.16.137 | 200 OK | 15 kB |
URL GET HTTP/1.13rzeeh.lxhhf.com/fserver/files/game/BBIN/MOBILE/bbegame114.png.base64 IP103.155.16.137:443 ASN#138915 Kaopu Cloud HK Limited
CertificateIssuerUnizeto Technologies S.A. Subject*.lxhhf.com Fingerprint8D:5A:ED:78:BB:FB:17:9F:37:EA:A1:21:80:F7:F6:0A:13:DC:98:38 ValidityTue, 05 Dec 2023 08:15:55 GMT - Wed, 04 Dec 2024 08:15:54 GMT
File typeASCII text, with very long lines (15141) Hashef9e4c606483d95e60e7700e16ac8abe 17d3b0c6945f4b6c145b19e3cd238d1fa3d14526 3b4e5d821a905c1263ca2ba9b9ff5b1c772fa9929af84d7bed8e82fc1dc8ab4d
GET /fserver/files/game/BBIN/MOBILE/bbegame114.png.base64 HTTP/1.1
Host: 3rzeeh.lxhhf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://64528.com:8989
DNT: 1
Connection: keep-alive
Referer: https://64528.com:8989/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/plain; charset=utf-8
Content-Length: 15142
Connection: keep-alive
Server: Default-server-KS-CLOUD-XJP-12-07
ETag: "6376f9e3-3b26"
Date: Tue, 23 Apr 2024 03:04:37 GMT
Last-Modified: Fri, 18 Nov 2022 03:20:03 GMT
Expires: Thu, 23 May 2024 03:04:37 GMT
Age: 189765
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-204
x-link-via: xjp21:443;xjp12:80;
X-Cache-Status: HIT from KS-CLOUD-XJP-12-07, HIT from KS-CLOUD-XJP-FOREIGN-21-08
X-Cdn-Request-ID: 479fa83cbef1a83425b12532ec438ae9
|
|
| 3rzeeh.lxhhf.com/fserver/files/game/BBIN/MOBILE/bbegame113.png.base64 | 103.155.16.137 | 200 OK | 14 kB |
URL GET HTTP/1.13rzeeh.lxhhf.com/fserver/files/game/BBIN/MOBILE/bbegame113.png.base64 IP103.155.16.137:443 ASN#138915 Kaopu Cloud HK Limited
CertificateIssuerUnizeto Technologies S.A. Subject*.lxhhf.com Fingerprint8D:5A:ED:78:BB:FB:17:9F:37:EA:A1:21:80:F7:F6:0A:13:DC:98:38 ValidityTue, 05 Dec 2023 08:15:55 GMT - Wed, 04 Dec 2024 08:15:54 GMT
File typeASCII text, with very long lines (14197) Hash9a4b47239a59ac6ffb4cce84f7753458 0bbbdb9a3915580e66196d5fa3a222205e233a85 2390bb305358e03bb504c744f7e72e398279a154bef23557e8526e2cfd86afeb
GET /fserver/files/game/BBIN/MOBILE/bbegame113.png.base64 HTTP/1.1
Host: 3rzeeh.lxhhf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://64528.com:8989
DNT: 1
Connection: keep-alive
Referer: https://64528.com:8989/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/plain; charset=utf-8
Content-Length: 14198
Connection: keep-alive
Server: Default-server-KS-CLOUD-XJP-FOREIGN-12-01
ETag: "6376f9e3-3776"
Date: Sat, 06 Apr 2024 08:48:15 GMT
Last-Modified: Fri, 18 Nov 2022 03:20:03 GMT
Expires: Mon, 06 May 2024 08:48:15 GMT
Age: 1637947
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xjp21:443;xjp12:80;
X-Cache-Status: HIT from KS-CLOUD-XJP-FOREIGN-12-01, HIT from KS-CLOUD-XJP-FOREIGN-21-09
X-Cdn-Request-ID: 9e56086b666c1f2ea7dce5e5db1d933f
|
|
| 3rzeeh.lxhhf.com/fserver/files/gb/0/game/380373/1602564230140.png.base64 | 103.155.16.137 | 200 OK | 57 kB |
URL GET HTTP/1.13rzeeh.lxhhf.com/fserver/files/gb/0/game/380373/1602564230140.png.base64 IP103.155.16.137:443 ASN#138915 Kaopu Cloud HK Limited
CertificateIssuerUnizeto Technologies S.A. Subject*.lxhhf.com Fingerprint8D:5A:ED:78:BB:FB:17:9F:37:EA:A1:21:80:F7:F6:0A:13:DC:98:38 ValidityTue, 05 Dec 2023 08:15:55 GMT - Wed, 04 Dec 2024 08:15:54 GMT
File typeASCII text, with very long lines (57215) Hash253b6b4ba261b47e9b25211684bbdbff 0a9f73d2e91a1673a21c3fda4158f1ef21d5915c 855083b3b3feb1066a1cd13b5780b9e07302f72436d59da836ff7badb2749558
GET /fserver/files/gb/0/game/380373/1602564230140.png.base64 HTTP/1.1
Host: 3rzeeh.lxhhf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://64528.com:8989
DNT: 1
Connection: keep-alive
Referer: https://64528.com:8989/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/plain; charset=utf-8
Content-Length: 57216
Connection: keep-alive
Server: Default-server-KS-CLOUD-XJP-12-09
ETag: "637701ec-df80"
Date: Sat, 13 Apr 2024 02:34:57 GMT
Last-Modified: Fri, 18 Nov 2022 03:54:20 GMT
Expires: Mon, 13 May 2024 02:34:57 GMT
Age: 1055545
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xjp21:443;xjp12:80;
X-Cache-Status: HIT from KS-CLOUD-XJP-12-09, HIT from KS-CLOUD-XJP-FOREIGN-21-19
X-Cdn-Request-ID: f28153c315ef223cc4e0b21318b5f647
|
|
| 3rzeeh.lxhhf.com/fserver/files/gb/0/game/380370/1601963988556.png.base64 | 103.155.16.137 | 200 OK | 59 kB |
URL GET HTTP/1.13rzeeh.lxhhf.com/fserver/files/gb/0/game/380370/1601963988556.png.base64 IP103.155.16.137:443 ASN#138915 Kaopu Cloud HK Limited
CertificateIssuerUnizeto Technologies S.A. Subject*.lxhhf.com Fingerprint8D:5A:ED:78:BB:FB:17:9F:37:EA:A1:21:80:F7:F6:0A:13:DC:98:38 ValidityTue, 05 Dec 2023 08:15:55 GMT - Wed, 04 Dec 2024 08:15:54 GMT
File typeASCII text, with very long lines (58824) Hashc7b18c74ae60599491c89f239ce1ea78 b855610f6fad6c330f64419a8e4dbf09ffe9efea 39d08f0cff34d147d34a41911d3ce9893eb495fd84f13a09fca63de4488e6009
GET /fserver/files/gb/0/game/380370/1601963988556.png.base64 HTTP/1.1
Host: 3rzeeh.lxhhf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://64528.com:8989
DNT: 1
Connection: keep-alive
Referer: https://64528.com:8989/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/plain; charset=utf-8
Content-Length: 58825
Connection: keep-alive
Server: Default-server-KS-CLOUD-XJP-FOREIGN-12-06
ETag: "637701d3-e5c9"
Date: Sat, 06 Apr 2024 09:24:26 GMT
Last-Modified: Fri, 18 Nov 2022 03:53:55 GMT
Expires: Mon, 06 May 2024 09:24:26 GMT
Age: 1635775
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-204
x-link-via: xjp21:443;xjp12:80;
X-Cache-Status: HIT from KS-CLOUD-XJP-FOREIGN-12-06, HIT from KS-CLOUD-XJP-FOREIGN-21-03
X-Cdn-Request-ID: 8e46ab0db96c843032a51af234ee9061
|
|
| 3rzeeh.lxhhf.com/fserver/files/gb/0/game/AG/2/SC03_zh_CN.png.base64 | 103.155.16.137 | 200 OK | 16 kB |
URL GET HTTP/1.13rzeeh.lxhhf.com/fserver/files/gb/0/game/AG/2/SC03_zh_CN.png.base64 IP103.155.16.137:443 ASN#138915 Kaopu Cloud HK Limited
CertificateIssuerUnizeto Technologies S.A. Subject*.lxhhf.com Fingerprint8D:5A:ED:78:BB:FB:17:9F:37:EA:A1:21:80:F7:F6:0A:13:DC:98:38 ValidityTue, 05 Dec 2023 08:15:55 GMT - Wed, 04 Dec 2024 08:15:54 GMT
File typeASCII text, with very long lines (16110) Hash1e813453541a10ff45f1a49c0957b94b 759729098acaaa69fb2bec21721db0d9b24057ef 1bbf3c2358d98614c74e800f3451c0563b546d1488f27cd20779ccfaccbb0271
GET /fserver/files/gb/0/game/AG/2/SC03_zh_CN.png.base64 HTTP/1.1
Host: 3rzeeh.lxhhf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://64528.com:8989
DNT: 1
Connection: keep-alive
Referer: https://64528.com:8989/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/plain; charset=utf-8
Content-Length: 16111
Connection: keep-alive
Server: Default-server-KS-CLOUD-XJP-12-02
ETag: "6377001c-3eef"
Date: Fri, 12 Apr 2024 23:56:16 GMT
Last-Modified: Fri, 18 Nov 2022 03:46:36 GMT
Expires: Sun, 12 May 2024 23:56:16 GMT
Age: 1065066
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xjp21:443;xjp12:80;
X-Cache-Status: HIT from KS-CLOUD-XJP-12-02, HIT from KS-CLOUD-XJP-FOREIGN-21-11
X-Cdn-Request-ID: d48c0b497ed7b579ab0d1c20692fb194
|
|
| 3rzeeh.lxhhf.com/fserver/files/gb/0/game/90616/1614828901159.png.base64 | 103.155.16.137 | 200 OK | 55 kB |
URL GET HTTP/1.13rzeeh.lxhhf.com/fserver/files/gb/0/game/90616/1614828901159.png.base64 IP103.155.16.137:443 ASN#138915 Kaopu Cloud HK Limited
CertificateIssuerUnizeto Technologies S.A. Subject*.lxhhf.com Fingerprint8D:5A:ED:78:BB:FB:17:9F:37:EA:A1:21:80:F7:F6:0A:13:DC:98:38 ValidityTue, 05 Dec 2023 08:15:55 GMT - Wed, 04 Dec 2024 08:15:54 GMT
File typeASCII text, with very long lines (54865) Hashde0c82580d4906109d6150af11fdfed8 3d0a4822452fc05b7c668637cb5146f9cd0d5c2c b55a16ca353dbc8c020cfbfbbefb328ed46c988f76a76d5c8eb7d9c184801218
GET /fserver/files/gb/0/game/90616/1614828901159.png.base64 HTTP/1.1
Host: 3rzeeh.lxhhf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://64528.com:8989
DNT: 1
Connection: keep-alive
Referer: https://64528.com:8989/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/plain; charset=utf-8
Content-Length: 54866
Connection: keep-alive
Server: Default-server-KS-CLOUD-XJP-FOREIGN-12-01
ETag: "637700dd-d652"
Date: Tue, 23 Apr 2024 03:04:37 GMT
Last-Modified: Fri, 18 Nov 2022 03:49:49 GMT
Expires: Thu, 23 May 2024 03:04:37 GMT
Age: 189765
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xjp21:443;xjp12:80;
X-Cache-Status: HIT from KS-CLOUD-XJP-FOREIGN-12-01, HIT from KS-CLOUD-XJP-FOREIGN-21-04
X-Cdn-Request-ID: 13f957b7edf73992343673da15cce69a
|
|
| 3rzeeh.lxhhf.com/ftl/commonPage/images/favicon/favicon_1733.png.base64 | 103.155.16.137 | 200 OK | 6.4 kB |
URL GET HTTP/1.13rzeeh.lxhhf.com/ftl/commonPage/images/favicon/favicon_1733.png.base64 IP103.155.16.137:443 ASN#138915 Kaopu Cloud HK Limited
CertificateIssuerUnizeto Technologies S.A. Subject*.lxhhf.com Fingerprint8D:5A:ED:78:BB:FB:17:9F:37:EA:A1:21:80:F7:F6:0A:13:DC:98:38 ValidityTue, 05 Dec 2023 08:15:55 GMT - Wed, 04 Dec 2024 08:15:54 GMT
Hash82d083a46150283e02ccc2dae1864ed7 71f55f5af7c83b92cf00e1994b218e526a0a79c8 dce4485ca07fa0bf611b19cd5fca14a70d0afd7f85d6e6528e121e34e1371a76
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Bet365 |
GET /ftl/commonPage/images/favicon/favicon_1733.png.base64 HTTP/1.1
Host: 3rzeeh.lxhhf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://64528.com:8989
DNT: 1
Connection: keep-alive
Referer: https://64528.com:8989/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/plain; charset=utf-8
Content-Length: 6359
Connection: keep-alive
Server: Default-server-KS-CLOUD-XJP-FOREIGN-12-06
ETag: "646b3bfc-18d7"
Date: Tue, 16 Apr 2024 22:55:08 GMT
Last-Modified: Mon, 22 May 2023 09:55:08 GMT
Expires: Thu, 16 May 2024 22:55:08 GMT
Age: 723134
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xjp21:443;xjp12:80;
X-Cache-Status: HIT from KS-CLOUD-XJP-FOREIGN-12-06, HIT from KS-CLOUD-XJP-FOREIGN-21-21
X-Cdn-Request-ID: 307ed2fb18e8596856e49cea9656832c
|
|
| 3rzeeh.lxhhf.com/fserver/files/game/BBIN/MOBILE/bbegame113.png.base64 | 103.155.16.137 | 200 OK | 14 kB |
URL GET HTTP/1.13rzeeh.lxhhf.com/fserver/files/game/BBIN/MOBILE/bbegame113.png.base64 IP103.155.16.137:443 ASN#138915 Kaopu Cloud HK Limited
CertificateIssuerUnizeto Technologies S.A. Subject*.lxhhf.com Fingerprint8D:5A:ED:78:BB:FB:17:9F:37:EA:A1:21:80:F7:F6:0A:13:DC:98:38 ValidityTue, 05 Dec 2023 08:15:55 GMT - Wed, 04 Dec 2024 08:15:54 GMT
File typeASCII text, with very long lines (14197) Hash9a4b47239a59ac6ffb4cce84f7753458 0bbbdb9a3915580e66196d5fa3a222205e233a85 2390bb305358e03bb504c744f7e72e398279a154bef23557e8526e2cfd86afeb
GET /fserver/files/game/BBIN/MOBILE/bbegame113.png.base64 HTTP/1.1
Host: 3rzeeh.lxhhf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://64528.com:8989
DNT: 1
Connection: keep-alive
Referer: https://64528.com:8989/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/plain; charset=utf-8
Content-Length: 14198
Connection: keep-alive
Server: Default-server-KS-CLOUD-XJP-FOREIGN-12-01
ETag: "6376f9e3-3776"
Date: Sat, 06 Apr 2024 08:48:15 GMT
Last-Modified: Fri, 18 Nov 2022 03:20:03 GMT
Expires: Mon, 06 May 2024 08:48:15 GMT
Age: 1637947
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xjp21:443;xjp12:80;
X-Cache-Status: HIT from KS-CLOUD-XJP-FOREIGN-12-01, HIT from KS-CLOUD-XJP-FOREIGN-21-09
X-Cdn-Request-ID: 70ac814d4afb192467eed98a681c3b5b
|
|
| 3rzeeh.lxhhf.com/fserver/files/game/SPADE/MOBILE/Goldenlotu_se.png.base64 | 103.155.16.137 | 200 OK | 56 kB |
URL GET HTTP/1.13rzeeh.lxhhf.com/fserver/files/game/SPADE/MOBILE/Goldenlotu_se.png.base64 IP103.155.16.137:443 ASN#138915 Kaopu Cloud HK Limited
CertificateIssuerUnizeto Technologies S.A. Subject*.lxhhf.com Fingerprint8D:5A:ED:78:BB:FB:17:9F:37:EA:A1:21:80:F7:F6:0A:13:DC:98:38 ValidityTue, 05 Dec 2023 08:15:55 GMT - Wed, 04 Dec 2024 08:15:54 GMT
File typeASCII text, with very long lines (56036) Hash3ee3acc59e14490c7162ebe323e18d69 f74120cf3a1111d98db1ea8207179781d2670bc4 c88b92faf092259ee802837848666792a24e1a898f30c79225b1208ccab560c0
GET /fserver/files/game/SPADE/MOBILE/Goldenlotu_se.png.base64 HTTP/1.1
Host: 3rzeeh.lxhhf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://64528.com:8989
DNT: 1
Connection: keep-alive
Referer: https://64528.com:8989/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/plain; charset=utf-8
Content-Length: 56037
Connection: keep-alive
Server: Default-server-KS-CLOUD-XJP-12-09
ETag: "6376fa33-dae5"
Date: Sat, 13 Apr 2024 02:34:57 GMT
Last-Modified: Fri, 18 Nov 2022 03:21:23 GMT
Expires: Mon, 13 May 2024 02:34:57 GMT
Age: 1055545
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-204
x-link-via: xjp21:443;xjp12:80;
X-Cache-Status: HIT from KS-CLOUD-XJP-12-09, HIT from KS-CLOUD-XJP-FOREIGN-21-12
X-Cdn-Request-ID: e73ee03de18d3ff1331b582fbdc10476
|
|
| 3rzeeh.lxhhf.com/ftl/commonPage/images/favicon/favicon_1733.png.base64 | 103.155.16.137 | 200 OK | 6.4 kB |
URL GET HTTP/1.13rzeeh.lxhhf.com/ftl/commonPage/images/favicon/favicon_1733.png.base64 IP103.155.16.137:443 ASN#138915 Kaopu Cloud HK Limited
CertificateIssuerUnizeto Technologies S.A. Subject*.lxhhf.com Fingerprint8D:5A:ED:78:BB:FB:17:9F:37:EA:A1:21:80:F7:F6:0A:13:DC:98:38 ValidityTue, 05 Dec 2023 08:15:55 GMT - Wed, 04 Dec 2024 08:15:54 GMT
Hash82d083a46150283e02ccc2dae1864ed7 71f55f5af7c83b92cf00e1994b218e526a0a79c8 dce4485ca07fa0bf611b19cd5fca14a70d0afd7f85d6e6528e121e34e1371a76
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Bet365 |
GET /ftl/commonPage/images/favicon/favicon_1733.png.base64 HTTP/1.1
Host: 3rzeeh.lxhhf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://64528.com:8989
DNT: 1
Connection: keep-alive
Referer: https://64528.com:8989/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/plain; charset=utf-8
Content-Length: 6359
Connection: keep-alive
Server: Default-server-KS-CLOUD-XJP-FOREIGN-12-06
ETag: "646b3bfc-18d7"
Date: Tue, 16 Apr 2024 22:55:08 GMT
Last-Modified: Mon, 22 May 2023 09:55:08 GMT
Expires: Thu, 16 May 2024 22:55:08 GMT
Age: 723134
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xjp21:443;xjp12:80;
X-Cache-Status: HIT from KS-CLOUD-XJP-FOREIGN-12-06, HIT from KS-CLOUD-XJP-FOREIGN-21-21
X-Cdn-Request-ID: 6695b49e843aa55e1a08f9e23588c163
|
|
| 3rzeeh.lxhhf.com/fserver/files/game/BBIN/MOBILE/bbegame114.png.base64 | 103.155.16.137 | 200 OK | 15 kB |
URL GET HTTP/1.13rzeeh.lxhhf.com/fserver/files/game/BBIN/MOBILE/bbegame114.png.base64 IP103.155.16.137:443 ASN#138915 Kaopu Cloud HK Limited
CertificateIssuerUnizeto Technologies S.A. Subject*.lxhhf.com Fingerprint8D:5A:ED:78:BB:FB:17:9F:37:EA:A1:21:80:F7:F6:0A:13:DC:98:38 ValidityTue, 05 Dec 2023 08:15:55 GMT - Wed, 04 Dec 2024 08:15:54 GMT
File typeASCII text, with very long lines (15141) Hashef9e4c606483d95e60e7700e16ac8abe 17d3b0c6945f4b6c145b19e3cd238d1fa3d14526 3b4e5d821a905c1263ca2ba9b9ff5b1c772fa9929af84d7bed8e82fc1dc8ab4d
GET /fserver/files/game/BBIN/MOBILE/bbegame114.png.base64 HTTP/1.1
Host: 3rzeeh.lxhhf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://64528.com:8989
DNT: 1
Connection: keep-alive
Referer: https://64528.com:8989/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/plain; charset=utf-8
Content-Length: 15142
Connection: keep-alive
Server: Default-server-KS-CLOUD-XJP-12-07
ETag: "6376f9e3-3b26"
Date: Tue, 23 Apr 2024 03:04:37 GMT
Last-Modified: Fri, 18 Nov 2022 03:20:03 GMT
Expires: Thu, 23 May 2024 03:04:37 GMT
Age: 189765
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-204
x-link-via: xjp21:443;xjp12:80;
X-Cache-Status: HIT from KS-CLOUD-XJP-12-07, HIT from KS-CLOUD-XJP-FOREIGN-21-08
X-Cdn-Request-ID: 15b41672f4f7ad1a61145927d3e39dc9
|
|
| 3rzeeh.lxhhf.com/fserver/files/gb/0/game/380373/1602564230140.png.base64 | 103.155.16.137 | 200 OK | 57 kB |
URL GET HTTP/1.13rzeeh.lxhhf.com/fserver/files/gb/0/game/380373/1602564230140.png.base64 IP103.155.16.137:443 ASN#138915 Kaopu Cloud HK Limited
CertificateIssuerUnizeto Technologies S.A. Subject*.lxhhf.com Fingerprint8D:5A:ED:78:BB:FB:17:9F:37:EA:A1:21:80:F7:F6:0A:13:DC:98:38 ValidityTue, 05 Dec 2023 08:15:55 GMT - Wed, 04 Dec 2024 08:15:54 GMT
File typeASCII text, with very long lines (57215) Hash253b6b4ba261b47e9b25211684bbdbff 0a9f73d2e91a1673a21c3fda4158f1ef21d5915c 855083b3b3feb1066a1cd13b5780b9e07302f72436d59da836ff7badb2749558
GET /fserver/files/gb/0/game/380373/1602564230140.png.base64 HTTP/1.1
Host: 3rzeeh.lxhhf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://64528.com:8989
DNT: 1
Connection: keep-alive
Referer: https://64528.com:8989/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/plain; charset=utf-8
Content-Length: 57216
Connection: keep-alive
Server: Default-server-KS-CLOUD-XJP-12-09
ETag: "637701ec-df80"
Date: Sat, 13 Apr 2024 02:34:57 GMT
Last-Modified: Fri, 18 Nov 2022 03:54:20 GMT
Expires: Mon, 13 May 2024 02:34:57 GMT
Age: 1055546
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xjp21:443;xjp12:80;
X-Cache-Status: HIT from KS-CLOUD-XJP-12-09, HIT from KS-CLOUD-XJP-FOREIGN-21-19
X-Cdn-Request-ID: a61556768837737b378960e7b925313e
|
|
| 3rzeeh.lxhhf.com/fserver/files/gb/0/game/380370/1601963988556.png.base64 | 103.155.16.137 | 200 OK | 59 kB |
URL GET HTTP/1.13rzeeh.lxhhf.com/fserver/files/gb/0/game/380370/1601963988556.png.base64 IP103.155.16.137:443 ASN#138915 Kaopu Cloud HK Limited
CertificateIssuerUnizeto Technologies S.A. Subject*.lxhhf.com Fingerprint8D:5A:ED:78:BB:FB:17:9F:37:EA:A1:21:80:F7:F6:0A:13:DC:98:38 ValidityTue, 05 Dec 2023 08:15:55 GMT - Wed, 04 Dec 2024 08:15:54 GMT
File typeASCII text, with very long lines (58824) Hashc7b18c74ae60599491c89f239ce1ea78 b855610f6fad6c330f64419a8e4dbf09ffe9efea 39d08f0cff34d147d34a41911d3ce9893eb495fd84f13a09fca63de4488e6009
GET /fserver/files/gb/0/game/380370/1601963988556.png.base64 HTTP/1.1
Host: 3rzeeh.lxhhf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://64528.com:8989
DNT: 1
Connection: keep-alive
Referer: https://64528.com:8989/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/plain; charset=utf-8
Content-Length: 58825
Connection: keep-alive
Server: Default-server-KS-CLOUD-XJP-FOREIGN-12-06
ETag: "637701d3-e5c9"
Date: Sat, 06 Apr 2024 09:24:26 GMT
Last-Modified: Fri, 18 Nov 2022 03:53:55 GMT
Expires: Mon, 06 May 2024 09:24:26 GMT
Age: 1635776
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-204
x-link-via: xjp21:443;xjp12:80;
X-Cache-Status: HIT from KS-CLOUD-XJP-FOREIGN-12-06, HIT from KS-CLOUD-XJP-FOREIGN-21-03
X-Cdn-Request-ID: be97278c4e90fb343c13f19f911eb111
|
|
| 3rzeeh.lxhhf.com/fserver/files/gb/0/game/AG/2/SC03_zh_CN.png.base64 | 103.155.16.137 | 200 OK | 16 kB |
URL GET HTTP/1.13rzeeh.lxhhf.com/fserver/files/gb/0/game/AG/2/SC03_zh_CN.png.base64 IP103.155.16.137:443 ASN#138915 Kaopu Cloud HK Limited
CertificateIssuerUnizeto Technologies S.A. Subject*.lxhhf.com Fingerprint8D:5A:ED:78:BB:FB:17:9F:37:EA:A1:21:80:F7:F6:0A:13:DC:98:38 ValidityTue, 05 Dec 2023 08:15:55 GMT - Wed, 04 Dec 2024 08:15:54 GMT
File typeASCII text, with very long lines (16110) Hash1e813453541a10ff45f1a49c0957b94b 759729098acaaa69fb2bec21721db0d9b24057ef 1bbf3c2358d98614c74e800f3451c0563b546d1488f27cd20779ccfaccbb0271
GET /fserver/files/gb/0/game/AG/2/SC03_zh_CN.png.base64 HTTP/1.1
Host: 3rzeeh.lxhhf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://64528.com:8989
DNT: 1
Connection: keep-alive
Referer: https://64528.com:8989/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/plain; charset=utf-8
Content-Length: 16111
Connection: keep-alive
Server: Default-server-KS-CLOUD-XJP-12-02
ETag: "6377001c-3eef"
Date: Fri, 12 Apr 2024 23:56:16 GMT
Last-Modified: Fri, 18 Nov 2022 03:46:36 GMT
Expires: Sun, 12 May 2024 23:56:16 GMT
Age: 1065067
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xjp21:443;xjp12:80;
X-Cache-Status: HIT from KS-CLOUD-XJP-12-02, HIT from KS-CLOUD-XJP-FOREIGN-21-11
X-Cdn-Request-ID: 082d6c6008fb01aaab4824e4ae951b8c
|
|
| 3rzeeh.lxhhf.com/fserver/files/game/SPADE/MOBILE/Goldenlotu_se.png.base64 | 103.155.16.137 | 200 OK | 56 kB |
URL GET HTTP/1.13rzeeh.lxhhf.com/fserver/files/game/SPADE/MOBILE/Goldenlotu_se.png.base64 IP103.155.16.137:443 ASN#138915 Kaopu Cloud HK Limited
CertificateIssuerUnizeto Technologies S.A. Subject*.lxhhf.com Fingerprint8D:5A:ED:78:BB:FB:17:9F:37:EA:A1:21:80:F7:F6:0A:13:DC:98:38 ValidityTue, 05 Dec 2023 08:15:55 GMT - Wed, 04 Dec 2024 08:15:54 GMT
File typeASCII text, with very long lines (56036) Hash3ee3acc59e14490c7162ebe323e18d69 f74120cf3a1111d98db1ea8207179781d2670bc4 c88b92faf092259ee802837848666792a24e1a898f30c79225b1208ccab560c0
GET /fserver/files/game/SPADE/MOBILE/Goldenlotu_se.png.base64 HTTP/1.1
Host: 3rzeeh.lxhhf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://64528.com:8989
DNT: 1
Connection: keep-alive
Referer: https://64528.com:8989/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/plain; charset=utf-8
Content-Length: 56037
Connection: keep-alive
Server: Default-server-KS-CLOUD-XJP-12-09
ETag: "6376fa33-dae5"
Date: Sat, 13 Apr 2024 02:34:57 GMT
Last-Modified: Fri, 18 Nov 2022 03:21:23 GMT
Expires: Mon, 13 May 2024 02:34:57 GMT
Age: 1055545
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-204
x-link-via: xjp21:443;xjp12:80;
X-Cache-Status: HIT from KS-CLOUD-XJP-12-09, HIT from KS-CLOUD-XJP-FOREIGN-21-12
X-Cdn-Request-ID: ba49755632cc2730de86a1d285b1c051
|
|
| 3rzeeh.lxhhf.com/ftl/commonPage/images/default-banner.jpg.base64 | 103.155.16.137 | 200 OK | 401 kB |
URL GET HTTP/1.13rzeeh.lxhhf.com/ftl/commonPage/images/default-banner.jpg.base64 IP103.155.16.137:443 ASN#138915 Kaopu Cloud HK Limited
CertificateIssuerUnizeto Technologies S.A. Subject*.lxhhf.com Fingerprint8D:5A:ED:78:BB:FB:17:9F:37:EA:A1:21:80:F7:F6:0A:13:DC:98:38 ValidityTue, 05 Dec 2023 08:15:55 GMT - Wed, 04 Dec 2024 08:15:54 GMT
Size401 kB (400631 bytes) Hash26f2cd63dd3cd28ca9b06f61bf1d5643 efb76af90edee56834d8fbc22be222bda2d07e86 b4fd4f8f07f5891cc7862c20832409ada2dd69702cac014f851d8a28270b7010
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Bet365 |
GET /ftl/commonPage/images/default-banner.jpg.base64 HTTP/1.1
Host: 3rzeeh.lxhhf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://64528.com:8989
DNT: 1
Connection: keep-alive
Referer: https://64528.com:8989/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/plain; charset=utf-8
Content-Length: 400631
Connection: keep-alive
Server: Default-server-KS-CLOUD-XJP-12-09
ETag: "64ad1569-61cf7"
Date: Tue, 16 Apr 2024 22:55:08 GMT
Last-Modified: Tue, 11 Jul 2023 08:40:09 GMT
Expires: Thu, 16 May 2024 22:55:08 GMT
Age: 723134
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xjp21:443;xjp12:80;
X-Cache-Status: HIT from KS-CLOUD-XJP-12-09, HIT from KS-CLOUD-XJP-FOREIGN-21-06
X-Cdn-Request-ID: cb5266785aba4dbcf8fd31ed50ae4df4
|
|
| 3rzeeh.lxhhf.com/ftl/commonPage/images/favicon/favicon_1733.png.base64 | 103.155.16.137 | 200 OK | 6.4 kB |
URL GET HTTP/1.13rzeeh.lxhhf.com/ftl/commonPage/images/favicon/favicon_1733.png.base64 IP103.155.16.137:443 ASN#138915 Kaopu Cloud HK Limited
CertificateIssuerUnizeto Technologies S.A. Subject*.lxhhf.com Fingerprint8D:5A:ED:78:BB:FB:17:9F:37:EA:A1:21:80:F7:F6:0A:13:DC:98:38 ValidityTue, 05 Dec 2023 08:15:55 GMT - Wed, 04 Dec 2024 08:15:54 GMT
Hash82d083a46150283e02ccc2dae1864ed7 71f55f5af7c83b92cf00e1994b218e526a0a79c8 dce4485ca07fa0bf611b19cd5fca14a70d0afd7f85d6e6528e121e34e1371a76
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Bet365 |
GET /ftl/commonPage/images/favicon/favicon_1733.png.base64 HTTP/1.1
Host: 3rzeeh.lxhhf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://64528.com:8989
DNT: 1
Connection: keep-alive
Referer: https://64528.com:8989/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/plain; charset=utf-8
Content-Length: 6359
Connection: keep-alive
Server: Default-server-KS-CLOUD-XJP-FOREIGN-12-06
ETag: "646b3bfc-18d7"
Date: Tue, 16 Apr 2024 22:55:08 GMT
Last-Modified: Mon, 22 May 2023 09:55:08 GMT
Expires: Thu, 16 May 2024 22:55:08 GMT
Age: 723135
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xjp21:443;xjp12:80;
X-Cache-Status: HIT from KS-CLOUD-XJP-FOREIGN-12-06, HIT from KS-CLOUD-XJP-FOREIGN-21-21
X-Cdn-Request-ID: 0b08a60512e9309638d116aa0fceccef
|
|
| 3rzeeh.lxhhf.com/fserver/files/gb/0/game/90616/1614828901159.png.base64 | 103.155.16.137 | 200 OK | 55 kB |
URL GET HTTP/1.13rzeeh.lxhhf.com/fserver/files/gb/0/game/90616/1614828901159.png.base64 IP103.155.16.137:443 ASN#138915 Kaopu Cloud HK Limited
CertificateIssuerUnizeto Technologies S.A. Subject*.lxhhf.com Fingerprint8D:5A:ED:78:BB:FB:17:9F:37:EA:A1:21:80:F7:F6:0A:13:DC:98:38 ValidityTue, 05 Dec 2023 08:15:55 GMT - Wed, 04 Dec 2024 08:15:54 GMT
File typeASCII text, with very long lines (54865) Hashde0c82580d4906109d6150af11fdfed8 3d0a4822452fc05b7c668637cb5146f9cd0d5c2c b55a16ca353dbc8c020cfbfbbefb328ed46c988f76a76d5c8eb7d9c184801218
GET /fserver/files/gb/0/game/90616/1614828901159.png.base64 HTTP/1.1
Host: 3rzeeh.lxhhf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://64528.com:8989
DNT: 1
Connection: keep-alive
Referer: https://64528.com:8989/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/plain; charset=utf-8
Content-Length: 54866
Connection: keep-alive
Server: Default-server-KS-CLOUD-XJP-FOREIGN-12-01
ETag: "637700dd-d652"
Date: Tue, 23 Apr 2024 03:04:37 GMT
Last-Modified: Fri, 18 Nov 2022 03:49:49 GMT
Expires: Thu, 23 May 2024 03:04:37 GMT
Age: 189765
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xjp21:443;xjp12:80;
X-Cache-Status: HIT from KS-CLOUD-XJP-FOREIGN-12-01, HIT from KS-CLOUD-XJP-FOREIGN-21-04
X-Cdn-Request-ID: 0bc1232eeee0451ebb013f539738ef4b
|
|
| 3rzeeh.lxhhf.com/ftl/commonPage/images/favicon/favicon_1733.png.base64 | 103.155.16.137 | 200 OK | 6.4 kB |
URL GET HTTP/1.13rzeeh.lxhhf.com/ftl/commonPage/images/favicon/favicon_1733.png.base64 IP103.155.16.137:443 ASN#138915 Kaopu Cloud HK Limited
CertificateIssuerUnizeto Technologies S.A. Subject*.lxhhf.com Fingerprint8D:5A:ED:78:BB:FB:17:9F:37:EA:A1:21:80:F7:F6:0A:13:DC:98:38 ValidityTue, 05 Dec 2023 08:15:55 GMT - Wed, 04 Dec 2024 08:15:54 GMT
Hash82d083a46150283e02ccc2dae1864ed7 71f55f5af7c83b92cf00e1994b218e526a0a79c8 dce4485ca07fa0bf611b19cd5fca14a70d0afd7f85d6e6528e121e34e1371a76
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Bet365 |
GET /ftl/commonPage/images/favicon/favicon_1733.png.base64 HTTP/1.1
Host: 3rzeeh.lxhhf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://64528.com:8989
DNT: 1
Connection: keep-alive
Referer: https://64528.com:8989/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/plain; charset=utf-8
Content-Length: 6359
Connection: keep-alive
Server: Default-server-KS-CLOUD-XJP-FOREIGN-12-06
ETag: "646b3bfc-18d7"
Date: Tue, 16 Apr 2024 22:55:08 GMT
Last-Modified: Mon, 22 May 2023 09:55:08 GMT
Expires: Thu, 16 May 2024 22:55:08 GMT
Age: 723135
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xjp21:443;xjp12:80;
X-Cache-Status: HIT from KS-CLOUD-XJP-FOREIGN-12-06, HIT from KS-CLOUD-XJP-FOREIGN-21-21
X-Cdn-Request-ID: fb0242ce0d129434e74510e82c3624be
|
|
| 3rzeeh.lxhhf.com/ftl/bet365-1733/themes/images/bg-products.gif.base64 | 103.155.16.137 | 200 OK | 28 kB |
URL GET HTTP/1.13rzeeh.lxhhf.com/ftl/bet365-1733/themes/images/bg-products.gif.base64 IP103.155.16.137:443 ASN#138915 Kaopu Cloud HK Limited
CertificateIssuerUnizeto Technologies S.A. Subject*.lxhhf.com Fingerprint8D:5A:ED:78:BB:FB:17:9F:37:EA:A1:21:80:F7:F6:0A:13:DC:98:38 ValidityTue, 05 Dec 2023 08:15:55 GMT - Wed, 04 Dec 2024 08:15:54 GMT
Hashd892e587b7a49e504868bfd2a0a21f20 960e3851883dbda8687f203e48aa6378ef84e397 94e021b79a655d45519d465610b1cfdfdd2f1908890e433c3b7d867dfaffe819
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Bet365 |
GET /ftl/bet365-1733/themes/images/bg-products.gif.base64 HTTP/1.1
Host: 3rzeeh.lxhhf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://64528.com:8989
DNT: 1
Connection: keep-alive
Referer: https://64528.com:8989/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/plain; charset=utf-8
Content-Length: 28413
Connection: keep-alive
Server: Default-server-KS-CLOUD-XJP-12-04
ETag: "646ade39-6efd"
Date: Tue, 16 Apr 2024 22:55:09 GMT
Last-Modified: Mon, 22 May 2023 03:15:05 GMT
Expires: Thu, 16 May 2024 22:55:09 GMT
Age: 723134
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xjp21:443;xjp12:80;
X-Cache-Status: HIT from KS-CLOUD-XJP-12-04, HIT from KS-CLOUD-XJP-FOREIGN-21-17
X-Cdn-Request-ID: 7fb730e2194fa61aab956337558a6874
|
|
| 3rzeeh.lxhhf.com/ftl/bet365-1733/themes/images/body-bg.gif.base64 | 103.155.16.137 | 200 OK | 1.0 kB |
URL GET HTTP/1.13rzeeh.lxhhf.com/ftl/bet365-1733/themes/images/body-bg.gif.base64 IP103.155.16.137:443 ASN#138915 Kaopu Cloud HK Limited
CertificateIssuerUnizeto Technologies S.A. Subject*.lxhhf.com Fingerprint8D:5A:ED:78:BB:FB:17:9F:37:EA:A1:21:80:F7:F6:0A:13:DC:98:38 ValidityTue, 05 Dec 2023 08:15:55 GMT - Wed, 04 Dec 2024 08:15:54 GMT
Hashe96e9f2e747e299fbea0229324083fdd dfe89fa5739efbf9de5296d5d8d83d74730293ca 9baada4f54cb7180f4d241952f4636cca32fa8e35e90fb8c23204dd51d8b19dc
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Bet365 |
GET /ftl/bet365-1733/themes/images/body-bg.gif.base64 HTTP/1.1
Host: 3rzeeh.lxhhf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://64528.com:8989
DNT: 1
Connection: keep-alive
Referer: https://64528.com:8989/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/plain; charset=utf-8
Content-Length: 1030
Connection: keep-alive
Server: Default-server-KS-CLOUD-XJP-12-09
ETag: "646ade39-406"
Date: Tue, 23 Apr 2024 03:56:25 GMT
Last-Modified: Mon, 22 May 2023 03:15:05 GMT
Expires: Thu, 23 May 2024 03:56:25 GMT
Age: 186659
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xjp21:443;xjp12:80;
X-Cache-Status: HIT from KS-CLOUD-XJP-12-09, HIT from KS-CLOUD-XJP-FOREIGN-21-09
X-Cdn-Request-ID: 970ddecb75be89e8371572a160beafae
|
|
| 3rzeeh.lxhhf.com/ftl/bet365-1733/themes/images/sec-nav-bg-grad.gif.base64 | 103.155.16.137 | 200 OK | 515 B |
URL GET HTTP/1.13rzeeh.lxhhf.com/ftl/bet365-1733/themes/images/sec-nav-bg-grad.gif.base64 IP103.155.16.137:443 ASN#138915 Kaopu Cloud HK Limited
CertificateIssuerUnizeto Technologies S.A. Subject*.lxhhf.com Fingerprint8D:5A:ED:78:BB:FB:17:9F:37:EA:A1:21:80:F7:F6:0A:13:DC:98:38 ValidityTue, 05 Dec 2023 08:15:55 GMT - Wed, 04 Dec 2024 08:15:54 GMT
Hashb1734cb77ae0e91b4116a8a06a7fc5b3 146195cdb93b3194f586acabd2712c7efb1c02da d89f82c6664674129fe2a5da52c794ad91b6b8e8840119139180574d278ca20f
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Bet365 |
GET /ftl/bet365-1733/themes/images/sec-nav-bg-grad.gif.base64 HTTP/1.1
Host: 3rzeeh.lxhhf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://64528.com:8989
DNT: 1
Connection: keep-alive
Referer: https://64528.com:8989/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/plain; charset=utf-8
Content-Length: 515
Connection: keep-alive
Server: Default-server-KS-CLOUD-XJP-12-07
ETag: "646ade39-203"
Date: Tue, 23 Apr 2024 05:05:49 GMT
Last-Modified: Mon, 22 May 2023 03:15:05 GMT
Expires: Thu, 23 May 2024 05:05:49 GMT
Age: 182495
Cache-Control: max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xjp21:443;xjp12:80;
X-Cache-Status: HIT from KS-CLOUD-XJP-12-07, HIT from KS-CLOUD-XJP-FOREIGN-21-17
X-Cdn-Request-ID: 8542c9cd43e5e972820e43d4b77f4b27
|
|
| 3rzeeh.lxhhf.com/ftl/bet365-1733/themes/images/sports-infos-bg.png.base64 | 103.155.16.137 | 200 OK | 5.8 kB |
URL GET HTTP/1.13rzeeh.lxhhf.com/ftl/bet365-1733/themes/images/sports-infos-bg.png.base64 IP103.155.16.137:443 ASN#138915 Kaopu Cloud HK Limited
CertificateIssuerUnizeto Technologies S.A. Subject*.lxhhf.com Fingerprint8D:5A:ED:78:BB:FB:17:9F:37:EA:A1:21:80:F7:F6:0A:13:DC:98:38 ValidityTue, 05 Dec 2023 08:15:55 GMT - Wed, 04 Dec 2024 08:15:54 GMT
Hash79c9b3586dba9b3c483f0b77075f62f2 2fb032981889b677e8024a90150b7caf527f87e6 28dae31296a9cb48ab278440246605b535b848a248cc93e22779300a1eac5e28
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Bet365 |
GET /ftl/bet365-1733/themes/images/sports-infos-bg.png.base64 HTTP/1.1
Host: 3rzeeh.lxhhf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://64528.com:8989
DNT: 1
Connection: keep-alive
Referer: https://64528.com:8989/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/plain; charset=utf-8
Content-Length: 5828
Connection: keep-alive
Server: Default-server-KS-CLOUD-XJP-12-09
ETag: "646ade39-16c4"
Date: Tue, 23 Apr 2024 05:05:49 GMT
Last-Modified: Mon, 22 May 2023 03:15:05 GMT
Expires: Thu, 23 May 2024 05:05:49 GMT
Age: 182494
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xjp21:443;xjp12:80;
X-Cache-Status: HIT from KS-CLOUD-XJP-12-09, HIT from KS-CLOUD-XJP-FOREIGN-21-12
X-Cdn-Request-ID: 8353d3c87e09660d36da0a36eefc7eec
|
|
| 3rzeeh.lxhhf.com/ftl/bet365-1733/images/index-lottery.jpg.base64 | 103.155.16.137 | 200 OK | 11 kB |
URL GET HTTP/1.13rzeeh.lxhhf.com/ftl/bet365-1733/images/index-lottery.jpg.base64 IP103.155.16.137:443 ASN#138915 Kaopu Cloud HK Limited
CertificateIssuerUnizeto Technologies S.A. Subject*.lxhhf.com Fingerprint8D:5A:ED:78:BB:FB:17:9F:37:EA:A1:21:80:F7:F6:0A:13:DC:98:38 ValidityTue, 05 Dec 2023 08:15:55 GMT - Wed, 04 Dec 2024 08:15:54 GMT
Hashd57b39c2255266d9e870de7d13e5f6c8 4d83e0307af584cf96e43cc06b95634036882225 17191dc447471f9fcf2115b420c3e34abb3c2bc8fdbfd8e401acd9edca74e783
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Bet365 |
GET /ftl/bet365-1733/images/index-lottery.jpg.base64 HTTP/1.1
Host: 3rzeeh.lxhhf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://64528.com:8989
DNT: 1
Connection: keep-alive
Referer: https://64528.com:8989/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/plain; charset=utf-8
Content-Length: 10712
Connection: keep-alive
Server: Default-server-KS-CLOUD-XJP-12-08
ETag: "646ade39-29d8"
Date: Tue, 23 Apr 2024 05:05:48 GMT
Last-Modified: Mon, 22 May 2023 03:15:05 GMT
Expires: Thu, 23 May 2024 05:05:48 GMT
Age: 182496
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-206
x-link-via: xjp21:443;xjp12:80;
X-Cache-Status: HIT from KS-CLOUD-XJP-12-08, HIT from KS-CLOUD-XJP-FOREIGN-21-16
X-Cdn-Request-ID: 19ea53f1620561bd147880e73024d386
|
|
| 3rzeeh.lxhhf.com/ftl/commonPage/images/default-banner.jpg.base64 | 103.155.16.137 | 200 OK | 401 kB |
URL GET HTTP/1.13rzeeh.lxhhf.com/ftl/commonPage/images/default-banner.jpg.base64 IP103.155.16.137:443 ASN#138915 Kaopu Cloud HK Limited
CertificateIssuerUnizeto Technologies S.A. Subject*.lxhhf.com Fingerprint8D:5A:ED:78:BB:FB:17:9F:37:EA:A1:21:80:F7:F6:0A:13:DC:98:38 ValidityTue, 05 Dec 2023 08:15:55 GMT - Wed, 04 Dec 2024 08:15:54 GMT
Size401 kB (400631 bytes) Hash26f2cd63dd3cd28ca9b06f61bf1d5643 efb76af90edee56834d8fbc22be222bda2d07e86 b4fd4f8f07f5891cc7862c20832409ada2dd69702cac014f851d8a28270b7010
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Bet365 |
GET /ftl/commonPage/images/default-banner.jpg.base64 HTTP/1.1
Host: 3rzeeh.lxhhf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://64528.com:8989
DNT: 1
Connection: keep-alive
Referer: https://64528.com:8989/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/plain; charset=utf-8
Content-Length: 400631
Connection: keep-alive
Server: Default-server-KS-CLOUD-XJP-12-09
ETag: "64ad1569-61cf7"
Date: Tue, 16 Apr 2024 22:55:08 GMT
Last-Modified: Tue, 11 Jul 2023 08:40:09 GMT
Expires: Thu, 16 May 2024 22:55:08 GMT
Age: 723135
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xjp21:443;xjp12:80;
X-Cache-Status: HIT from KS-CLOUD-XJP-12-09, HIT from KS-CLOUD-XJP-FOREIGN-21-06
X-Cdn-Request-ID: 17cb68cdb5a2b781c51fd6037904dc91
|
|
| 3rzeeh.lxhhf.com/ftl/bet365-1733/images/index-casino.jpg.base64 | 103.155.16.137 | 200 OK | 16 kB |
URL GET HTTP/1.13rzeeh.lxhhf.com/ftl/bet365-1733/images/index-casino.jpg.base64 IP103.155.16.137:443 ASN#138915 Kaopu Cloud HK Limited
CertificateIssuerUnizeto Technologies S.A. Subject*.lxhhf.com Fingerprint8D:5A:ED:78:BB:FB:17:9F:37:EA:A1:21:80:F7:F6:0A:13:DC:98:38 ValidityTue, 05 Dec 2023 08:15:55 GMT - Wed, 04 Dec 2024 08:15:54 GMT
Hashfcfa84f35c9906dbf32eefe49146b994 8e8e227c23837370f3b4ab0a5488c989e580f3cd 59f6a7a46e102246786efbc12dba1d25c29576246882a817ffdceaf8874754fa
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Bet365 |
GET /ftl/bet365-1733/images/index-casino.jpg.base64 HTTP/1.1
Host: 3rzeeh.lxhhf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://64528.com:8989
DNT: 1
Connection: keep-alive
Referer: https://64528.com:8989/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/plain; charset=utf-8
Content-Length: 15757
Connection: keep-alive
Server: Default-server-KS-CLOUD-XJP-12-09
ETag: "646ade39-3d8d"
Date: Tue, 23 Apr 2024 05:05:49 GMT
Last-Modified: Mon, 22 May 2023 03:15:05 GMT
Expires: Thu, 23 May 2024 05:05:49 GMT
Age: 182494
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xjp21:443;xjp12:80;
X-Cache-Status: HIT from KS-CLOUD-XJP-12-09, HIT from KS-CLOUD-XJP-FOREIGN-21-04
X-Cdn-Request-ID: 49e40967d13249a9e2f0a83a6740eb0a
|
|
| 3rzeeh.lxhhf.com/ftl/bet365-1733/images/index-game.jpg.base64 | 103.155.16.137 | 200 OK | 16 kB |
URL GET HTTP/1.13rzeeh.lxhhf.com/ftl/bet365-1733/images/index-game.jpg.base64 IP103.155.16.137:443 ASN#138915 Kaopu Cloud HK Limited
CertificateIssuerUnizeto Technologies S.A. Subject*.lxhhf.com Fingerprint8D:5A:ED:78:BB:FB:17:9F:37:EA:A1:21:80:F7:F6:0A:13:DC:98:38 ValidityTue, 05 Dec 2023 08:15:55 GMT - Wed, 04 Dec 2024 08:15:54 GMT
Hashf952beea0ea4245c919822cc678b47c6 183dea21737684ff91760fff6c50a7de52f44058 3cb7fb166036f2a11c8526d3275994ccf2cf2a870684bfe5b8f7de981b07399a
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Bet365 |
GET /ftl/bet365-1733/images/index-game.jpg.base64 HTTP/1.1
Host: 3rzeeh.lxhhf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://64528.com:8989
DNT: 1
Connection: keep-alive
Referer: https://64528.com:8989/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/plain; charset=utf-8
Content-Length: 15510
Connection: keep-alive
Server: Default-server-KS-CLOUD-XJP-12-04
ETag: "646ade39-3c96"
Date: Tue, 23 Apr 2024 05:05:50 GMT
Last-Modified: Mon, 22 May 2023 03:15:05 GMT
Expires: Thu, 23 May 2024 05:05:50 GMT
Age: 182494
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xjp21:443;xjp12:80;
X-Cache-Status: HIT from KS-CLOUD-XJP-12-04, HIT from KS-CLOUD-XJP-FOREIGN-21-09
X-Cdn-Request-ID: 7e63270f45ae164a661653d8accb0aae
|
|
| 3rzeeh.lxhhf.com/ftl/bet365-1733/themes/images/float/rdao-l-title.png.base64 | 103.155.16.137 | 200 OK | 7.1 kB |
URL GET HTTP/1.13rzeeh.lxhhf.com/ftl/bet365-1733/themes/images/float/rdao-l-title.png.base64 IP103.155.16.137:443 ASN#138915 Kaopu Cloud HK Limited
CertificateIssuerUnizeto Technologies S.A. Subject*.lxhhf.com Fingerprint8D:5A:ED:78:BB:FB:17:9F:37:EA:A1:21:80:F7:F6:0A:13:DC:98:38 ValidityTue, 05 Dec 2023 08:15:55 GMT - Wed, 04 Dec 2024 08:15:54 GMT
Hash2568bab36c739f83a57fc33f74f2f8d7 c0e2b336522c1be3894a591f924b581fbbe2cf05 592a7d4b2b831aae8e570cf2df25bdb4cb8b9de1dd3bc2c9e934452127871478
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Bet365 |
GET /ftl/bet365-1733/themes/images/float/rdao-l-title.png.base64 HTTP/1.1
Host: 3rzeeh.lxhhf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://64528.com:8989
DNT: 1
Connection: keep-alive
Referer: https://64528.com:8989/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/plain; charset=utf-8
Content-Length: 7088
Connection: keep-alive
Server: Default-server-KS-CLOUD-XJP-FOREIGN-12-05
ETag: "646ade39-1bb0"
Date: Tue, 23 Apr 2024 05:05:49 GMT
Last-Modified: Mon, 22 May 2023 03:15:05 GMT
Expires: Thu, 23 May 2024 05:05:49 GMT
Age: 182495
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xjp21:443;xjp12:80;
X-Cache-Status: HIT from KS-CLOUD-XJP-FOREIGN-12-05, HIT from KS-CLOUD-XJP-FOREIGN-21-16
X-Cdn-Request-ID: b6cb5d5f50db3293c133aef4df0bc305
|
|
| 3rzeeh.lxhhf.com/ftl/bet365-1733/themes/images/float/rdao-r-title.png.base64 | 103.155.16.137 | 200 OK | 6.3 kB |
URL GET HTTP/1.13rzeeh.lxhhf.com/ftl/bet365-1733/themes/images/float/rdao-r-title.png.base64 IP103.155.16.137:443 ASN#138915 Kaopu Cloud HK Limited
CertificateIssuerUnizeto Technologies S.A. Subject*.lxhhf.com Fingerprint8D:5A:ED:78:BB:FB:17:9F:37:EA:A1:21:80:F7:F6:0A:13:DC:98:38 ValidityTue, 05 Dec 2023 08:15:55 GMT - Wed, 04 Dec 2024 08:15:54 GMT
Hash0fcf27d9f61b2a11af16569007a768b5 a4741fd6ee92b67f4f93694849c05da8ac521d33 f15651d1fcd001e1995025f55d5cdfaa914f74f94704e7c3343585f5bdedd60c
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Bet365 |
GET /ftl/bet365-1733/themes/images/float/rdao-r-title.png.base64 HTTP/1.1
Host: 3rzeeh.lxhhf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://64528.com:8989
DNT: 1
Connection: keep-alive
Referer: https://64528.com:8989/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/plain; charset=utf-8
Content-Length: 6310
Connection: keep-alive
Server: Default-server-KS-CLOUD-XJP-FOREIGN-12-01
ETag: "646ade39-18a6"
Date: Tue, 23 Apr 2024 05:05:48 GMT
Last-Modified: Mon, 22 May 2023 03:15:05 GMT
Expires: Thu, 23 May 2024 05:05:48 GMT
Age: 182496
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xjp21:443;xjp12:80;
X-Cache-Status: HIT from KS-CLOUD-XJP-FOREIGN-12-01, HIT from KS-CLOUD-XJP-FOREIGN-21-09
X-Cdn-Request-ID: 4438cf4b1fba704d566bcef21e15b418
|
|
| 3rzeeh.lxhhf.com/ftl/bet365-1733/themes/images/float/rdaobgR.png.base64 | 103.155.16.137 | 200 OK | 6.3 kB |
URL GET HTTP/1.13rzeeh.lxhhf.com/ftl/bet365-1733/themes/images/float/rdaobgR.png.base64 IP103.155.16.137:443 ASN#138915 Kaopu Cloud HK Limited
CertificateIssuerUnizeto Technologies S.A. Subject*.lxhhf.com Fingerprint8D:5A:ED:78:BB:FB:17:9F:37:EA:A1:21:80:F7:F6:0A:13:DC:98:38 ValidityTue, 05 Dec 2023 08:15:55 GMT - Wed, 04 Dec 2024 08:15:54 GMT
Hash3dcdb8298622ba7b9de589d576682bf5 ca3fe961676f10d8e4ede4a88f6dabfaddb41a47 1aa83c8ffc1e3055d702f547c32673db0427a36598b6ed66ea6e790aae84e9ce
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Bet365 |
GET /ftl/bet365-1733/themes/images/float/rdaobgR.png.base64 HTTP/1.1
Host: 3rzeeh.lxhhf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://64528.com:8989
DNT: 1
Connection: keep-alive
Referer: https://64528.com:8989/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/plain; charset=utf-8
Content-Length: 6327
Connection: keep-alive
Server: Default-server-KS-CLOUD-XJP-12-08
ETag: "646ade39-18b7"
Date: Tue, 23 Apr 2024 05:05:48 GMT
Last-Modified: Mon, 22 May 2023 03:15:05 GMT
Expires: Thu, 23 May 2024 05:05:48 GMT
Age: 182496
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xjp21:443;xjp12:80;
X-Cache-Status: HIT from KS-CLOUD-XJP-12-08, HIT from KS-CLOUD-XJP-FOREIGN-21-19
X-Cdn-Request-ID: 57ed086fe567f5b84851e07ad8a76e7c
|
|
| 3rzeeh.lxhhf.com/ftl/bet365-1733/themes/images/float/rdaobgL.png.base64 | 103.155.16.137 | 200 OK | 6.1 kB |
URL GET HTTP/1.13rzeeh.lxhhf.com/ftl/bet365-1733/themes/images/float/rdaobgL.png.base64 IP103.155.16.137:443 ASN#138915 Kaopu Cloud HK Limited
CertificateIssuerUnizeto Technologies S.A. Subject*.lxhhf.com Fingerprint8D:5A:ED:78:BB:FB:17:9F:37:EA:A1:21:80:F7:F6:0A:13:DC:98:38 ValidityTue, 05 Dec 2023 08:15:55 GMT - Wed, 04 Dec 2024 08:15:54 GMT
Hashc3095a883458ec010d113137082a50ef 7aad38af4578a16e70fcddd484ae96638a176e3a 1641f12ea9319e6f8059f5fd8faa85f0d8bc70f7e0a3eddffed28837b4a02986
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Bet365 |
GET /ftl/bet365-1733/themes/images/float/rdaobgL.png.base64 HTTP/1.1
Host: 3rzeeh.lxhhf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://64528.com:8989
DNT: 1
Connection: keep-alive
Referer: https://64528.com:8989/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/plain; charset=utf-8
Content-Length: 6079
Connection: keep-alive
Server: Default-server-KS-CLOUD-XJP-12-03
ETag: "646ade39-17bf"
Date: Tue, 23 Apr 2024 05:05:49 GMT
Last-Modified: Mon, 22 May 2023 03:15:05 GMT
Expires: Thu, 23 May 2024 05:05:49 GMT
Age: 182495
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xjp21:443;xjp12:80;
X-Cache-Status: HIT from KS-CLOUD-XJP-12-03, HIT from KS-CLOUD-XJP-FOREIGN-21-12
X-Cdn-Request-ID: cccba54f734a944e77a29b6edc58d86c
|
|