| etmqz9.rbjgb.com/ftl/commonPage/themes/gui-skin-default.css |  104.250.33.35 | 200 OK | 6.3 kB |
URL GET HTTP/1.1etmqz9.rbjgb.com/ftl/commonPage/themes/gui-skin-default.css IP104.250.33.35:443 ASN#137280 Kingsoft cloud corporation limited
CertificateIssuerSectigo Limited Subject*.rbjgb.com Fingerprint53:6A:B9:2A:19:DF:AF:0C:E2:82:93:B2:92:62:38:34:56:3C:DE:C3 ValiditySun, 26 Mar 2023 00:00:00 GMT - Mon, 25 Mar 2024 23:59:59 GMT
File typeUnicode text, UTF-8 (with BOM) text, with very long lines (7014) Hash4f6eba52b6bdba2bd8154d39c61fcaab 11a91e977ab64175dc2ec233d45c6cf9d34798b0 b4ae8f84403e1e8ea7f75cac8491e461ac6e5524260a04d772d53dd912f8e53a
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Bet365 |
GET /ftl/commonPage/themes/gui-skin-default.css HTTP/1.1
Host: etmqz9.rbjgb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://8883655.vip/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 6253
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-06
ETag: W/"64ad1569-7b6e"
Date: Tue, 14 Nov 2023 05:17:21 GMT
Last-Modified: Tue, 11 Jul 2023 08:40:09 GMT
Expires: Thu, 14 Dec 2023 05:17:21 GMT
Age: 2109313
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-204
x-link-via: xg03:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-06, HIT from KS-CLOUD-XG-03-02
X-Cdn-Request-ID: 8b13d7cbb4acae6007fc009b54afd1c7
|
|
| etmqz9.rbjgb.com/ftl/commonPage/themes/gui-base.css | 104.250.33.35 | 200 OK | 17 kB |
URL GET HTTP/1.1etmqz9.rbjgb.com/ftl/commonPage/themes/gui-base.css IP104.250.33.35:443 ASN#137280 Kingsoft cloud corporation limited
CertificateIssuerSectigo Limited Subject*.rbjgb.com Fingerprint53:6A:B9:2A:19:DF:AF:0C:E2:82:93:B2:92:62:38:34:56:3C:DE:C3 ValiditySun, 26 Mar 2023 00:00:00 GMT - Mon, 25 Mar 2024 23:59:59 GMT
File typeUnicode text, UTF-8 text, with very long lines (12023) Hash127bc5e19c08901aeedbdee1cb860a7d b479eebde953d307ad4e0363d41520433e09d58d 2f6fa5669c0d38a7652ec88e57d2382ab4d39974181dcf2bc2d4648e449f7db6
GET /ftl/commonPage/themes/gui-base.css HTTP/1.1
Host: etmqz9.rbjgb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://8883655.vip/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 17085
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-01
ETag: W/"654df4a7-144ec"
Date: Tue, 14 Nov 2023 05:17:22 GMT
Last-Modified: Fri, 10 Nov 2023 09:15:19 GMT
Expires: Thu, 14 Dec 2023 05:17:22 GMT
Age: 2109312
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg03:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-01, HIT from KS-CLOUD-XG-03-09
X-Cdn-Request-ID: a0578c26ba7557f42ba9a241d1f1ecb6
|
|
| etmqz9.rbjgb.com/ftl/bet365-1513/themes/style/common.css | 104.250.33.35 | 200 OK | 6.0 kB |
URL GET HTTP/1.1etmqz9.rbjgb.com/ftl/bet365-1513/themes/style/common.css IP104.250.33.35:443 ASN#137280 Kingsoft cloud corporation limited
CertificateIssuerSectigo Limited Subject*.rbjgb.com Fingerprint53:6A:B9:2A:19:DF:AF:0C:E2:82:93:B2:92:62:38:34:56:3C:DE:C3 ValiditySun, 26 Mar 2023 00:00:00 GMT - Mon, 25 Mar 2024 23:59:59 GMT
Hash3ee32cc28bee77ec29467a03b69b0574 36f7c705f1419e6c6840b85f8dd12e379b16c066 4c479d007576da5d4a485513250d8c69d280b5392d54e3516f53140234a532db
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Bet365 |
GET /ftl/bet365-1513/themes/style/common.css HTTP/1.1
Host: etmqz9.rbjgb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://8883655.vip/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 5961
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-03
ETag: W/"631d86f0-7005"
Date: Tue, 14 Nov 2023 05:17:21 GMT
Last-Modified: Sun, 11 Sep 2022 06:57:52 GMT
Expires: Thu, 14 Dec 2023 05:17:21 GMT
Age: 2109314
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xg03:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-03, HIT from KS-CLOUD-XG-03-13
X-Cdn-Request-ID: c345755e5bd68b24c7f49cc6faddbd7e
|
|
| etmqz9.rbjgb.com/ftl/commonPage/themes/hongbao.css | 103.198.200.1 | 200 OK | 5.7 kB |
URL GET HTTP/1.1etmqz9.rbjgb.com/ftl/commonPage/themes/hongbao.css IP103.198.200.1:443 ASN#138915 Kaopu Cloud HK Limited
CertificateIssuerSectigo Limited Subject*.rbjgb.com Fingerprint53:6A:B9:2A:19:DF:AF:0C:E2:82:93:B2:92:62:38:34:56:3C:DE:C3 ValiditySun, 26 Mar 2023 00:00:00 GMT - Mon, 25 Mar 2024 23:59:59 GMT
File typeUnicode text, UTF-8 text, with very long lines (336) Hash499a3a64bcf22609681f5337a6360c80 fc05a8a391c8375ea4e47183eca56a18bed8fca7 5339bf22971b6400e64154decc06b84fd4be337c2758cc7ca565756c92c97894
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Bet365 |
GET /ftl/commonPage/themes/hongbao.css HTTP/1.1
Host: etmqz9.rbjgb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://etmqz9.rbjgb.com/ftl/commonPage/themes/gui-base.css
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 5666
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-05
ETag: W/"64252e4f-d530"
Date: Tue, 14 Nov 2023 05:17:21 GMT
Last-Modified: Thu, 30 Mar 2023 06:38:07 GMT
Expires: Thu, 14 Dec 2023 05:17:21 GMT
Age: 2109313
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-204
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-05, HIT from KS-CLOUD-XG-FOREIGN-21-03
X-Cdn-Request-ID: f2a1b84a1c06b07d300abf0521d7876e
|
|
| etmqz9.rbjgb.com/ftl/commonPage/themes/gui-layer.css | 103.198.200.1 | 200 OK | 6.9 kB |
URL GET HTTP/1.1etmqz9.rbjgb.com/ftl/commonPage/themes/gui-layer.css IP103.198.200.1:443 ASN#138915 Kaopu Cloud HK Limited
CertificateIssuerSectigo Limited Subject*.rbjgb.com Fingerprint53:6A:B9:2A:19:DF:AF:0C:E2:82:93:B2:92:62:38:34:56:3C:DE:C3 ValiditySun, 26 Mar 2023 00:00:00 GMT - Mon, 25 Mar 2024 23:59:59 GMT
File typeUnicode text, UTF-8 text, with very long lines (489) Hash858eefc3fa70af7d0115c901908471f5 29c181bbbc09a424f7de7cb57629bd8a9e3c679a 9f6a77c93f998e065f1ed52eb9943a3c560a50366bba2c8a34a4a1223c793caf
GET /ftl/commonPage/themes/gui-layer.css HTTP/1.1
Host: etmqz9.rbjgb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://etmqz9.rbjgb.com/ftl/commonPage/themes/gui-base.css
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 6923
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-06
ETag: W/"64ddd5e1-c760"
Date: Tue, 14 Nov 2023 05:17:21 GMT
Last-Modified: Thu, 17 Aug 2023 08:10:09 GMT
Expires: Thu, 14 Dec 2023 05:17:21 GMT
Age: 2109313
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-204
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-06, HIT from KS-CLOUD-XG-FOREIGN-21-02
X-Cdn-Request-ID: 3dc0ba41efa5c61d4a57f965c48eaa91
|
|
| etmqz9.rbjgb.com/ftl/commonPage/js/jquery/jquery-1.11.3.min.js | 104.250.33.35 | 200 OK | 34 kB |
URL GET HTTP/1.1etmqz9.rbjgb.com/ftl/commonPage/js/jquery/jquery-1.11.3.min.js IP104.250.33.35:443 ASN#137280 Kingsoft cloud corporation limited
CertificateIssuerSectigo Limited Subject*.rbjgb.com Fingerprint53:6A:B9:2A:19:DF:AF:0C:E2:82:93:B2:92:62:38:34:56:3C:DE:C3 ValiditySun, 26 Mar 2023 00:00:00 GMT - Mon, 25 Mar 2024 23:59:59 GMT
File typeASCII text, with very long lines (32038) Hashb091a47f6b91e26c93a848092c6f3788 52918af2d431e73464060b35d364640c8db75606 329ab92b9276ef4e3148f69be6b208969bebdf2db3121a589caa172453fd9f10
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Bet365 |
GET /ftl/commonPage/js/jquery/jquery-1.11.3.min.js HTTP/1.1
Host: etmqz9.rbjgb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://8883655.vip/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 33545
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-04
ETag: W/"5d848f4f-176d4"
Date: Tue, 14 Nov 2023 05:17:21 GMT
Last-Modified: Fri, 20 Sep 2019 08:35:27 GMT
Expires: Thu, 14 Dec 2023 05:17:21 GMT
Age: 2109313
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-204
x-link-via: xg03:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-04, HIT from KS-CLOUD-XG-03-09
X-Cdn-Request-ID: c11f853140e48d075a0d7c5a2514238d
|
|
| 8883655.vip/ftl/bet365-1513/themes/images/license.png |  188.114.96.1 | 200 OK | 21 kB |
URL GET HTTP/38883655.vip/ftl/bet365-1513/themes/images/license.png IP188.114.96.1:443
CertificateIssuerLet's Encrypt Subject8883655.vip FingerprintAF:1F:39:B8:2B:98:C9:AC:DE:27:3E:3D:CE:9D:79:4D:07:53:E5:27 ValidityMon, 04 Dec 2023 12:59:52 GMT - Sun, 03 Mar 2024 12:59:51 GMT
File typePNG image data, 198 x 249, 8-bit/color RGBA, non-interlaced\012- data Hash6b050a88569349c273caa04328ad5219 b8d7f0fed474522391c84e424585f045563c60cd 3740a6aa129a59a5382f6cd772dcdb598a034229d79c2d40f21210b1625a8895
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Bet365 | | OpenPhish | phishing | Bet365 |
GET /ftl/bet365-1513/themes/images/license.png HTTP/1.1
Host: 8883655.vip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://8883655.vip/
Cookie: route=ed8de952ed57247bb4b5c65efa859ad5; SID=xH990/2Cv5moFMhb2QMhA06zP1nJ/smSvqxeWGk447CizpWTz3SWBFhASVmgDOaS8QxBsb6RVB2QScC1QoPCMUhBJ5guMMMu5tlpM2ld+aR+/oPhn60=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 08 Dec 2023 15:12:35 GMT
content-type: image/png
content-length: 20854
last-modified: Sat, 11 Sep 2021 09:11:05 GMT
etag: "613c72a9-5176"
access-control-allow-origin: *
x-frame-options: SAMEORIGIN
expires: Fri, 08 Dec 2023 19:55:57 GMT
cache-control: max-age=86400
x-cache: HIT
uuid: -
out-line: gb-source-106
cf-cache-status: HIT
age: 69398
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=I5cKtzQ7CEgklCV4%2FFVxq2YKM%2FLIewEWvTB5l9zl3SxaSm5mqo9cFqkBmBsegZ8Wf%2FGEE77edyHBMnnXprrTzvcM2SrT3FrPdNM5SINoreOw2EPBx3XnuL8UG%2BZXaA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 8325f28e7d3156c4-OSL
alt-svc: h3=":443"; ma=86400
|
|
| 8883655.vip/ftl/bet365-1513/themes/images/index_left_title.png | 188.114.96.1 | 200 OK | 2.5 kB |
URL GET HTTP/38883655.vip/ftl/bet365-1513/themes/images/index_left_title.png IP188.114.96.1:443
CertificateIssuerLet's Encrypt Subject8883655.vip FingerprintAF:1F:39:B8:2B:98:C9:AC:DE:27:3E:3D:CE:9D:79:4D:07:53:E5:27 ValidityMon, 04 Dec 2023 12:59:52 GMT - Sun, 03 Mar 2024 12:59:51 GMT
File typePNG image data, 94 x 25, 8-bit/color RGBA, non-interlaced\012- data Hash243751ae9e30b49a76dc9877ad060823 45ced5a86e90e3c2bfdda3598e82fc58d47ea292 5b1fcb53e807ca61edb055b9da1244012dcbe7158ebe7cc98105823f5983c40e
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Bet365 | | OpenPhish | phishing | Bet365 |
GET /ftl/bet365-1513/themes/images/index_left_title.png HTTP/1.1
Host: 8883655.vip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://8883655.vip/
Cookie: route=ed8de952ed57247bb4b5c65efa859ad5; SID=xH990/2Cv5moFMhb2QMhA06zP1nJ/smSvqxeWGk447CizpWTz3SWBFhASVmgDOaS8QxBsb6RVB2QScC1QoPCMUhBJ5guMMMu5tlpM2ld+aR+/oPhn60=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 08 Dec 2023 15:12:35 GMT
content-type: image/png
content-length: 2480
last-modified: Sat, 11 Sep 2021 09:11:05 GMT
etag: "613c72a9-9b0"
access-control-allow-origin: *
x-frame-options: SAMEORIGIN
expires: Fri, 08 Dec 2023 19:55:57 GMT
cache-control: max-age=86400
x-cache: HIT
uuid: -
out-line: gb-source-106
cf-cache-status: HIT
age: 69397
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=A0WZnJkNdn669y03BDdAIAvxX1xWue7Q7MySZyhKuSCIKGXe5OaiHuPqCxV3QybbkONmPHJGW5yruoy89tz4HaR8OTuDYP5gbkAI%2ByUn5pIl5smnNbilC%2Bf5zHcLNA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 8325f28e8d3456c4-OSL
alt-svc: h3=":443"; ma=86400
|
|
| etmqz9.rbjgb.com/ftl/commonPage/js/float.js | 103.198.200.1 | 200 OK | 1.9 kB |
URL GET HTTP/1.1etmqz9.rbjgb.com/ftl/commonPage/js/float.js IP103.198.200.1:443 ASN#138915 Kaopu Cloud HK Limited
CertificateIssuerSectigo Limited Subject*.rbjgb.com Fingerprint53:6A:B9:2A:19:DF:AF:0C:E2:82:93:B2:92:62:38:34:56:3C:DE:C3 ValiditySun, 26 Mar 2023 00:00:00 GMT - Mon, 25 Mar 2024 23:59:59 GMT
Hash829af863b0cdc4a603919824ae046299 1d417b1553e4ecb7125ebf2005b74255291fbf73 1dbe4afbc9ed220c08b9e95577b56f83e2e8e0f7620c5dc18266bb325e5bb271
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Bet365 |
GET /ftl/commonPage/js/float.js HTTP/1.1
Host: etmqz9.rbjgb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://8883655.vip/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 1929
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-06
ETag: W/"612747ba-1b2f"
Date: Tue, 14 Nov 2023 05:17:21 GMT
Last-Modified: Thu, 26 Aug 2021 07:50:18 GMT
Expires: Thu, 14 Dec 2023 05:17:21 GMT
Age: 2109313
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-204
x-link-via: xg21:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-06, HIT from KS-CLOUD-XG-FOREIGN-21-16
X-Cdn-Request-ID: d2ec384b1b3d63495512e9a313882cb0
|
|
| etmqz9.rbjgb.com/ftl/commonPage/js/idangerous.swiper.min.js | 104.250.33.35 | 200 OK | 12 kB |
URL GET HTTP/1.1etmqz9.rbjgb.com/ftl/commonPage/js/idangerous.swiper.min.js IP104.250.33.35:443 ASN#137280 Kingsoft cloud corporation limited
CertificateIssuerSectigo Limited Subject*.rbjgb.com Fingerprint53:6A:B9:2A:19:DF:AF:0C:E2:82:93:B2:92:62:38:34:56:3C:DE:C3 ValiditySun, 26 Mar 2023 00:00:00 GMT - Mon, 25 Mar 2024 23:59:59 GMT
File typeASCII text, with very long lines (32034) Hashf15409fb02c527ce1f66a2fd3c4aa0e9 1e1e1bcc0f49e99e14ba34991cffe0745178d302 1a1b5d3d6fbfc28abe37a668abd59494208c63c5f0b5d040cf4bbbd137f87c27
GET /ftl/commonPage/js/idangerous.swiper.min.js HTTP/1.1
Host: etmqz9.rbjgb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://8883655.vip/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 11957
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-02
ETag: W/"64d5b951-b083"
Date: Tue, 14 Nov 2023 05:17:21 GMT
Last-Modified: Fri, 11 Aug 2023 04:30:09 GMT
Expires: Thu, 14 Dec 2023 05:17:21 GMT
Age: 2109313
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-204
x-link-via: xg03:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-02, HIT from KS-CLOUD-XG-FOREIGN-03-05
X-Cdn-Request-ID: 48fd5af88c79d2ac61401bec97946e8e
|
|
| etmqz9.rbjgb.com/ftl/commonPage/js/websocket/Comet.js | 103.198.200.1 | 200 OK | 4.0 kB |
URL GET HTTP/1.1etmqz9.rbjgb.com/ftl/commonPage/js/websocket/Comet.js IP103.198.200.1:443 ASN#138915 Kaopu Cloud HK Limited
CertificateIssuerSectigo Limited Subject*.rbjgb.com Fingerprint53:6A:B9:2A:19:DF:AF:0C:E2:82:93:B2:92:62:38:34:56:3C:DE:C3 ValiditySun, 26 Mar 2023 00:00:00 GMT - Mon, 25 Mar 2024 23:59:59 GMT
Hash4de3e8bcf2f02d60519ca0d3584d3b8e 6323c2bf18b1bbf968e164bdf2e58d7677f67f8a 6cf6e96f51f13834e233bee9a9040f6eff70601dc0b755e60885b20550b35a9f
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Bet365 |
GET /ftl/commonPage/js/websocket/Comet.js HTTP/1.1
Host: etmqz9.rbjgb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://8883655.vip/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 4031
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-06
ETag: W/"60f60fb5-43bc"
Date: Tue, 14 Nov 2023 05:17:21 GMT
Last-Modified: Mon, 19 Jul 2021 23:50:13 GMT
Expires: Thu, 14 Dec 2023 05:17:21 GMT
Age: 2109314
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-204
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-06, HIT from KS-CLOUD-XG-FOREIGN-21-15
X-Cdn-Request-ID: e812bb71524fb4f2f373afcebc0ba4c8
|
|
| etmqz9.rbjgb.com/ftl/commonPage/js/websocket/CometMarathon.js | 103.198.200.1 | 200 OK | 3.3 kB |
URL GET HTTP/1.1etmqz9.rbjgb.com/ftl/commonPage/js/websocket/CometMarathon.js IP103.198.200.1:443 ASN#138915 Kaopu Cloud HK Limited
CertificateIssuerSectigo Limited Subject*.rbjgb.com Fingerprint53:6A:B9:2A:19:DF:AF:0C:E2:82:93:B2:92:62:38:34:56:3C:DE:C3 ValiditySun, 26 Mar 2023 00:00:00 GMT - Mon, 25 Mar 2024 23:59:59 GMT
Hash3b4680db1e065116488f065419ca9f58 6c646601c5656ff6cb1fdf9d5b95823f41e9bcfa e2bfb9fc21f2a1a6e33c7c5ed20de13ef2ef4bcf266aa4b2e6f2fee06f8f4eaf
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Bet365 |
GET /ftl/commonPage/js/websocket/CometMarathon.js HTTP/1.1
Host: etmqz9.rbjgb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://8883655.vip/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 3316
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-04
ETag: W/"6260ddd4-2f13"
Date: Tue, 14 Nov 2023 05:17:21 GMT
Last-Modified: Thu, 21 Apr 2022 04:30:12 GMT
Expires: Thu, 14 Dec 2023 05:17:21 GMT
Age: 2109314
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding, Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
Content-Encoding: gzip
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-04, HIT from KS-CLOUD-XG-FOREIGN-21-18
X-Cdn-Request-ID: 3caf404ff111b74881d07aadf1c38eb4
|
|
| etmqz9.rbjgb.com/ftl/commonPage/js/websocket/PopUp.js | 104.250.33.35 | 200 OK | 797 B |
URL GET HTTP/1.1etmqz9.rbjgb.com/ftl/commonPage/js/websocket/PopUp.js IP104.250.33.35:443 ASN#137280 Kingsoft cloud corporation limited
CertificateIssuerSectigo Limited Subject*.rbjgb.com Fingerprint53:6A:B9:2A:19:DF:AF:0C:E2:82:93:B2:92:62:38:34:56:3C:DE:C3 ValiditySun, 26 Mar 2023 00:00:00 GMT - Mon, 25 Mar 2024 23:59:59 GMT
Hash07864ad2e2759d53f8f2f14dd4295bd9 95144219e2eb702c4c4a707c3622b086876cf41c 871bf30791bb89605b61cea815c3786246274b65ede3b8a8b8c2dd9244cfa89d
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Bet365 |
GET /ftl/commonPage/js/websocket/PopUp.js HTTP/1.1
Host: etmqz9.rbjgb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://8883655.vip/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 797
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-06
ETag: W/"6260ddd4-828"
Date: Tue, 14 Nov 2023 05:17:20 GMT
Last-Modified: Thu, 21 Apr 2022 04:30:12 GMT
Expires: Thu, 14 Dec 2023 05:17:20 GMT
Age: 2109314
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding, Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
Content-Encoding: gzip
x-link-via: xg03:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-06, HIT from KS-CLOUD-XG-FOREIGN-03-07
X-Cdn-Request-ID: 47496bc97bcc7a40ac3ffdb2c3d9a8a1
|
|
| etmqz9.rbjgb.com/ftl/commonPage/js/lazyload.js | 103.198.200.1 | 200 OK | 2.7 kB |
URL GET HTTP/1.1etmqz9.rbjgb.com/ftl/commonPage/js/lazyload.js IP103.198.200.1:443 ASN#138915 Kaopu Cloud HK Limited
CertificateIssuerSectigo Limited Subject*.rbjgb.com Fingerprint53:6A:B9:2A:19:DF:AF:0C:E2:82:93:B2:92:62:38:34:56:3C:DE:C3 ValiditySun, 26 Mar 2023 00:00:00 GMT - Mon, 25 Mar 2024 23:59:59 GMT
Hash58f1a7fa1a19b0e5ad0a5bad974b98cf 6963ce7378e6c992de06e7e77d79432a0d38f54d fb513dceb383ebeda507b1e1cc89ab4d73de071d8aa4fc78bc22f66e7fc5a7e4
GET /ftl/commonPage/js/lazyload.js HTTP/1.1
Host: etmqz9.rbjgb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://8883655.vip/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 2731
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-05
ETag: W/"64d05f66-2f79"
Date: Tue, 14 Nov 2023 05:17:24 GMT
Last-Modified: Mon, 07 Aug 2023 03:05:10 GMT
Expires: Thu, 14 Dec 2023 05:17:24 GMT
Age: 2109310
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-204
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-05, HIT from KS-CLOUD-XG-FOREIGN-21-09
X-Cdn-Request-ID: 41c2c2729b700ce22f067917d81db59d
|
|
| etmqz9.rbjgb.com/ftl/commonPage/js/bootstrap-dialog.min.js | 104.250.33.35 | 200 OK | 5.0 kB |
URL GET HTTP/1.1etmqz9.rbjgb.com/ftl/commonPage/js/bootstrap-dialog.min.js IP104.250.33.35:443 ASN#137280 Kingsoft cloud corporation limited
CertificateIssuerSectigo Limited Subject*.rbjgb.com Fingerprint53:6A:B9:2A:19:DF:AF:0C:E2:82:93:B2:92:62:38:34:56:3C:DE:C3 ValiditySun, 26 Mar 2023 00:00:00 GMT - Mon, 25 Mar 2024 23:59:59 GMT
File typeASCII text, with very long lines (20132), with no line terminators Hash5ce8851dc823429a42ab6147554403cc 28f381f0e0aa4f5d56690e65723bd97fb59a38e6 dd1edf5e54071903c4c1e81e33636444899d645df6b18bad22249da07f91c811
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Bet365 |
GET /ftl/commonPage/js/bootstrap-dialog.min.js HTTP/1.1
Host: etmqz9.rbjgb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://8883655.vip/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 5007
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-01
ETag: W/"5d848f4f-4ea4"
Date: Tue, 14 Nov 2023 05:17:24 GMT
Last-Modified: Fri, 20 Sep 2019 08:35:27 GMT
Expires: Thu, 14 Dec 2023 05:17:24 GMT
Age: 2109311
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding, Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-204
Content-Encoding: gzip
x-link-via: xg03:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-01, HIT from KS-CLOUD-XG-03-03
X-Cdn-Request-ID: 14a8da339c7752cd303ce4b4bbbb2f6e
|
|
| etmqz9.rbjgb.com/ftl/commonPage/js/gui-base.js | 103.198.200.1 | 200 OK | 16 kB |
URL GET HTTP/1.1etmqz9.rbjgb.com/ftl/commonPage/js/gui-base.js IP103.198.200.1:443 ASN#138915 Kaopu Cloud HK Limited
CertificateIssuerSectigo Limited Subject*.rbjgb.com Fingerprint53:6A:B9:2A:19:DF:AF:0C:E2:82:93:B2:92:62:38:34:56:3C:DE:C3 ValiditySun, 26 Mar 2023 00:00:00 GMT - Mon, 25 Mar 2024 23:59:59 GMT
File typeHTML document, Unicode text, UTF-8 text, with very long lines (11056) Hash4007cfe0a95df1d6a9f4252e636f995f b0f9a2ad5c49b9b50ac5d025c8e9ce803eb5d7a8 4370313fa317e44140f85bba141ec24c2c9ef674593779d3349d2a44001699d0
GET /ftl/commonPage/js/gui-base.js HTTP/1.1
Host: etmqz9.rbjgb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://8883655.vip/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 15779
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-06
ETag: W/"64ddbaed-ee5c"
Date: Tue, 14 Nov 2023 05:17:23 GMT
Last-Modified: Thu, 17 Aug 2023 06:15:09 GMT
Expires: Thu, 14 Dec 2023 05:17:23 GMT
Age: 2109311
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-204
x-link-via: xg21:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-06, HIT from KS-CLOUD-XG-FOREIGN-21-16
X-Cdn-Request-ID: a10d321b4bdeddbc340be3189b72870a
|
|
| etmqz9.rbjgb.com/ftl/commonPage/js/layer.js | 103.198.200.1 | 200 OK | 7.6 kB |
URL GET HTTP/1.1etmqz9.rbjgb.com/ftl/commonPage/js/layer.js IP103.198.200.1:443 ASN#138915 Kaopu Cloud HK Limited
CertificateIssuerSectigo Limited Subject*.rbjgb.com Fingerprint53:6A:B9:2A:19:DF:AF:0C:E2:82:93:B2:92:62:38:34:56:3C:DE:C3 ValiditySun, 26 Mar 2023 00:00:00 GMT - Mon, 25 Mar 2024 23:59:59 GMT
File typeUnicode text, UTF-8 text, with very long lines (21922) Hashc42797aecccd5494e2b747cedf1a890b b9e06a6d245b6a3c87f2753db0c9c9aa020640b2 56feab66e10b4718de666fc63941b4f36a5e553e8887d663e137e635add8beb3
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Bet365 |
GET /ftl/commonPage/js/layer.js HTTP/1.1
Host: etmqz9.rbjgb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://8883655.vip/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 7599
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-01
ETag: W/"5d848f4f-55f6"
Date: Tue, 14 Nov 2023 05:17:24 GMT
Last-Modified: Fri, 20 Sep 2019 08:35:27 GMT
Expires: Thu, 14 Dec 2023 05:17:24 GMT
Age: 2109311
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-204
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-01, HIT from KS-CLOUD-XG-FOREIGN-21-01
X-Cdn-Request-ID: 4834d6147295f521d60129b7d0dc8666
|
|
| etmqz9.rbjgb.com/ftl/commonPage/js/jquery/jquery.super-marquee.js | 103.198.200.1 | 200 OK | 1.4 kB |
URL GET HTTP/1.1etmqz9.rbjgb.com/ftl/commonPage/js/jquery/jquery.super-marquee.js IP103.198.200.1:443 ASN#138915 Kaopu Cloud HK Limited
CertificateIssuerSectigo Limited Subject*.rbjgb.com Fingerprint53:6A:B9:2A:19:DF:AF:0C:E2:82:93:B2:92:62:38:34:56:3C:DE:C3 ValiditySun, 26 Mar 2023 00:00:00 GMT - Mon, 25 Mar 2024 23:59:59 GMT
File typeASCII text, with very long lines (4433), with no line terminators Hashf77d83590bc0a69298f2fbcc5d9911cd 1d6aa25d7052f53ad0181385e5efe72f224bbdb9 1d042b9441e860ddcc01b9e9e5e8d354121ee0e31b47f6e18a321e2e633d22e7
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Bet365 |
GET /ftl/commonPage/js/jquery/jquery.super-marquee.js HTTP/1.1
Host: etmqz9.rbjgb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://8883655.vip/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 1421
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-02
ETag: W/"5d848f4f-1151"
Date: Tue, 14 Nov 2023 05:17:23 GMT
Last-Modified: Fri, 20 Sep 2019 08:35:27 GMT
Expires: Thu, 14 Dec 2023 05:17:23 GMT
Age: 2109312
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-204
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-02, HIT from KS-CLOUD-XG-FOREIGN-21-12
X-Cdn-Request-ID: 32104c85bb92f04f1df65b0fa49d4a9e
|
|
| etmqz9.rbjgb.com/ftl/commonPage/js/jquery/jquery.nicescroll.min.js | 104.250.33.35 | 200 OK | 17 kB |
URL GET HTTP/1.1etmqz9.rbjgb.com/ftl/commonPage/js/jquery/jquery.nicescroll.min.js IP104.250.33.35:443 ASN#137280 Kingsoft cloud corporation limited
CertificateIssuerSectigo Limited Subject*.rbjgb.com Fingerprint53:6A:B9:2A:19:DF:AF:0C:E2:82:93:B2:92:62:38:34:56:3C:DE:C3 ValiditySun, 26 Mar 2023 00:00:00 GMT - Mon, 25 Mar 2024 23:59:59 GMT
File typeASCII text, with very long lines (64577) Hashb5bc8cd626b389bde727a91e6ce79436 3df6c39300ac286cf596b3bda273cb39ff825429 a1eb48eeb3b3f2ba41940d3041464f0b386b7a7c4a8acb42f3017e691f4b116e
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Bet365 |
GET /ftl/commonPage/js/jquery/jquery.nicescroll.min.js HTTP/1.1
Host: etmqz9.rbjgb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://8883655.vip/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 17446
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-01
ETag: W/"5d848f4f-fc8b"
Date: Tue, 14 Nov 2023 05:17:24 GMT
Last-Modified: Fri, 20 Sep 2019 08:35:27 GMT
Expires: Thu, 14 Dec 2023 05:17:24 GMT
Age: 2109311
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-204
x-link-via: xg03:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-01, HIT from KS-CLOUD-XG-FOREIGN-03-11
X-Cdn-Request-ID: 4e0b0ef97b56c088834e2e964b1c1be7
|
|
| etmqz9.rbjgb.com/061410/rcenter/common/js/jquery/plugins/jquery.validate/jquery.validate.js | 103.198.200.1 | 200 OK | 7.7 kB |
URL GET HTTP/1.1etmqz9.rbjgb.com/061410/rcenter/common/js/jquery/plugins/jquery.validate/jquery.validate.js IP103.198.200.1:443 ASN#138915 Kaopu Cloud HK Limited
CertificateIssuerSectigo Limited Subject*.rbjgb.com Fingerprint53:6A:B9:2A:19:DF:AF:0C:E2:82:93:B2:92:62:38:34:56:3C:DE:C3 ValiditySun, 26 Mar 2023 00:00:00 GMT - Mon, 25 Mar 2024 23:59:59 GMT
File typeUnicode text, UTF-8 text, with very long lines (27669) Hashf8c2b37c1dc626eede6a2e3e37aa4504 d4e8419497caa64c8a850ac4808dddb89b5eeb3f 728d63b799ab3d9bee5e987ad13f71aeb9d30ff78ed552c7edc425531c9c0f2a
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Bet365 |
GET /061410/rcenter/common/js/jquery/plugins/jquery.validate/jquery.validate.js HTTP/1.1
Host: etmqz9.rbjgb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://8883655.vip/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 7746
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-02
ETag: W/"65320e6c-6caf"
Date: Tue, 14 Nov 2023 05:17:23 GMT
Last-Modified: Fri, 20 Oct 2023 05:21:48 GMT
Expires: Thu, 14 Dec 2023 05:17:23 GMT
Age: 2109312
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding, Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
Content-Encoding: gzip
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-02, HIT from KS-CLOUD-XG-FOREIGN-21-02
X-Cdn-Request-ID: 43d08821c1e7a5736c34c192988062af
|
|
| etmqz9.rbjgb.com/061410/rcenter/common/js/gamebox/common/jquery.validate.extend.msites.js | 104.250.33.35 | 200 OK | 4.1 kB |
URL GET HTTP/1.1etmqz9.rbjgb.com/061410/rcenter/common/js/gamebox/common/jquery.validate.extend.msites.js IP104.250.33.35:443 ASN#137280 Kingsoft cloud corporation limited
CertificateIssuerSectigo Limited Subject*.rbjgb.com Fingerprint53:6A:B9:2A:19:DF:AF:0C:E2:82:93:B2:92:62:38:34:56:3C:DE:C3 ValiditySun, 26 Mar 2023 00:00:00 GMT - Mon, 25 Mar 2024 23:59:59 GMT
File typeUnicode text, UTF-8 text, with very long lines (14855), with no line terminators Hash4fe7dadf050dad2dcfd386d21b880281 07e7feb8dc9309fe66d86d7a9e27f8efd32ab0bd aa891aafe8e98e1e15d81b2b116e6c3808d0bbbec56cd24818e2e7ac911877c9
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Bet365 |
GET /061410/rcenter/common/js/gamebox/common/jquery.validate.extend.msites.js HTTP/1.1
Host: etmqz9.rbjgb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://8883655.vip/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 4126
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-01
ETag: W/"65320e6c-3a09"
Date: Tue, 14 Nov 2023 05:17:24 GMT
Last-Modified: Fri, 20 Oct 2023 05:21:48 GMT
Expires: Thu, 14 Dec 2023 05:17:24 GMT
Age: 2109312
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg03:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-01, HIT from KS-CLOUD-XG-FOREIGN-03-06
X-Cdn-Request-ID: acc7e6b5e0f78b2e3cd6dc957b8d2295
|
|
| etmqz9.rbjgb.com/ftl/commonPage/themes/hb/css/pc.css | 103.198.200.1 | 200 OK | 911 B |
URL GET HTTP/1.1etmqz9.rbjgb.com/ftl/commonPage/themes/hb/css/pc.css IP103.198.200.1:443 ASN#138915 Kaopu Cloud HK Limited
CertificateIssuerSectigo Limited Subject*.rbjgb.com Fingerprint53:6A:B9:2A:19:DF:AF:0C:E2:82:93:B2:92:62:38:34:56:3C:DE:C3 ValiditySun, 26 Mar 2023 00:00:00 GMT - Mon, 25 Mar 2024 23:59:59 GMT
Hash1da71520b7a0a61526a8fa8d0feb40d1 ba1bf69dad8783563328054cae58ccabf1b00829 5eb4d895bcb33061cda238c8ff4985ede69a866819b980c732cf3802ec101e8d
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Bet365 |
GET /ftl/commonPage/themes/hb/css/pc.css HTTP/1.1
Host: etmqz9.rbjgb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://8883655.vip/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 911
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-03
ETag: W/"5d848f4f-b5d"
Date: Tue, 14 Nov 2023 05:17:24 GMT
Last-Modified: Fri, 20 Sep 2019 08:35:27 GMT
Expires: Thu, 14 Dec 2023 05:17:24 GMT
Age: 2109311
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-204
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-03, HIT from KS-CLOUD-XG-FOREIGN-21-16
X-Cdn-Request-ID: 304734714e9d495d5e505fe7871f8833
|
|
| etmqz9.rbjgb.com/061410/rcenter/common/static/js/gb.validation.min.js?v=1701855930849 | 103.198.200.1 | 200 OK | 5.2 kB |
URL GET HTTP/1.1etmqz9.rbjgb.com/061410/rcenter/common/static/js/gb.validation.min.js?v=1701855930849 IP103.198.200.1:443 ASN#138915 Kaopu Cloud HK Limited
CertificateIssuerSectigo Limited Subject*.rbjgb.com Fingerprint53:6A:B9:2A:19:DF:AF:0C:E2:82:93:B2:92:62:38:34:56:3C:DE:C3 ValiditySun, 26 Mar 2023 00:00:00 GMT - Mon, 25 Mar 2024 23:59:59 GMT
File typeUnicode text, UTF-8 text, with very long lines (801) Hash30be40425b37bee4158676082cef1f4d b41ed46721936872d5d7eadf303ce22938240d2a f5ca5f543161a6b37ca2bf26c4f3c630fe08323108c77dac1fba6ce755ce6f47
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Bet365 |
GET /061410/rcenter/common/static/js/gb.validation.min.js?v=1701855930849 HTTP/1.1
Host: etmqz9.rbjgb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://8883655.vip/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 5207
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-06
ETag: W/"633d510e-7fd7"
Date: Tue, 14 Nov 2023 05:17:23 GMT
Last-Modified: Wed, 05 Oct 2022 09:40:30 GMT
Expires: Thu, 14 Dec 2023 05:17:23 GMT
Age: 2109312
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-204
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-06, HIT from KS-CLOUD-XG-FOREIGN-21-01
X-Cdn-Request-ID: 01182242b0f74141a98ec5c82f48b025
|
|
| etmqz9.rbjgb.com/ftl/commonPage/js/moment.js | 103.198.200.1 | 200 OK | 27 kB |
URL GET HTTP/1.1etmqz9.rbjgb.com/ftl/commonPage/js/moment.js IP103.198.200.1:443 ASN#138915 Kaopu Cloud HK Limited
CertificateIssuerSectigo Limited Subject*.rbjgb.com Fingerprint53:6A:B9:2A:19:DF:AF:0C:E2:82:93:B2:92:62:38:34:56:3C:DE:C3 ValiditySun, 26 Mar 2023 00:00:00 GMT - Mon, 25 Mar 2024 23:59:59 GMT
File typeAlgol 68 source text\012- Pascal source, Unicode text, UTF-8 text Hash36c8f828395a9395549bd6e7307cb7e9 f30a4961558e2d3d4405e7d93aa28fdb63245e78 5d5e32fa1e06a0bc9396f349d142ad248e82086543e438c890e43f41e692db33
GET /ftl/commonPage/js/moment.js HTTP/1.1
Host: etmqz9.rbjgb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://8883655.vip/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 26968
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-05
ETag: W/"64b633ca-1cab9"
Date: Tue, 14 Nov 2023 05:17:23 GMT
Last-Modified: Tue, 18 Jul 2023 06:40:10 GMT
Expires: Thu, 14 Dec 2023 05:17:23 GMT
Age: 2109312
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-204
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-05, HIT from KS-CLOUD-XG-FOREIGN-21-04
X-Cdn-Request-ID: 7a1e719205e9d93fefccc3911a4a9e40
|
|
| etmqz9.rbjgb.com/ftl/commonPage/js/theme/default/layer.css?v=3.1.0 | 103.198.200.1 | 200 OK | 3.1 kB |
URL GET HTTP/1.1etmqz9.rbjgb.com/ftl/commonPage/js/theme/default/layer.css?v=3.1.0 IP103.198.200.1:443 ASN#138915 Kaopu Cloud HK Limited
CertificateIssuerSectigo Limited Subject*.rbjgb.com Fingerprint53:6A:B9:2A:19:DF:AF:0C:E2:82:93:B2:92:62:38:34:56:3C:DE:C3 ValiditySun, 26 Mar 2023 00:00:00 GMT - Mon, 25 Mar 2024 23:59:59 GMT
Hash5cf9259b7dd27aacd46161ec23d261cf ba0c399616a5ae9cdd8aec5b76ba4aae4822367c 7f73a66b3a9a38576d124b6243a8984d795028e3493b8fa3f688d8dbe10cbccc
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Bet365 |
GET /ftl/commonPage/js/theme/default/layer.css?v=3.1.0 HTTP/1.1
Host: etmqz9.rbjgb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://8883655.vip/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 3111
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-03
ETag: W/"6131d862-48e4"
Date: Tue, 14 Nov 2023 05:17:24 GMT
Last-Modified: Fri, 03 Sep 2021 08:10:10 GMT
Expires: Thu, 14 Dec 2023 05:17:24 GMT
Age: 2109311
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-204
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-03, HIT from KS-CLOUD-XG-FOREIGN-21-09
X-Cdn-Request-ID: 4267afec094b9a0aee6202ac90930d1a
|
|
| etmqz9.rbjgb.com/061410/rcenter/common/static/css/gb.validation.min.css | 104.250.33.35 | 200 OK | 3.8 kB |
URL GET HTTP/1.1etmqz9.rbjgb.com/061410/rcenter/common/static/css/gb.validation.min.css IP104.250.33.35:443 ASN#137280 Kingsoft cloud corporation limited
CertificateIssuerSectigo Limited Subject*.rbjgb.com Fingerprint53:6A:B9:2A:19:DF:AF:0C:E2:82:93:B2:92:62:38:34:56:3C:DE:C3 ValiditySun, 26 Mar 2023 00:00:00 GMT - Mon, 25 Mar 2024 23:59:59 GMT
File typeUnicode text, UTF-8 text, with very long lines (2295) Hashf00ce0554efc5adea6a8e02d5e501cad 388840e376568b37ac0103aa5c87a268778db67a 3043f42fdd97ec607648da79c3abfa6f364404c7594143227c2541d1f0ac6069
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Bet365 |
GET /061410/rcenter/common/static/css/gb.validation.min.css HTTP/1.1
Host: etmqz9.rbjgb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://8883655.vip/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 3788
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-02
ETag: W/"633d510e-2d52"
Date: Tue, 14 Nov 2023 05:17:23 GMT
Last-Modified: Wed, 05 Oct 2022 09:40:30 GMT
Expires: Thu, 14 Dec 2023 05:17:23 GMT
Age: 2109312
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-204
x-link-via: xg03:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-02, HIT from KS-CLOUD-XG-FOREIGN-03-10
X-Cdn-Request-ID: f733b2b689e58524836812e6fbc69f4c
|
|
| etmqz9.rbjgb.com/ftl/bet365-1513/plugin/js/countUp.js | 104.250.33.35 | 200 OK | 2.1 kB |
URL GET HTTP/1.1etmqz9.rbjgb.com/ftl/bet365-1513/plugin/js/countUp.js IP104.250.33.35:443 ASN#137280 Kingsoft cloud corporation limited
CertificateIssuerSectigo Limited Subject*.rbjgb.com Fingerprint53:6A:B9:2A:19:DF:AF:0C:E2:82:93:B2:92:62:38:34:56:3C:DE:C3 ValiditySun, 26 Mar 2023 00:00:00 GMT - Mon, 25 Mar 2024 23:59:59 GMT
Hashcc13495ac566c04d5972da9c11a1d870 d9be95a44caff4e4c1d758d0b29236db286ed5b7 ac5b4f611687c11409ae43b2b0e8544bbdd173832cbe7bea873c2bfe3dcafa0a
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Bet365 |
GET /ftl/bet365-1513/plugin/js/countUp.js HTTP/1.1
Host: etmqz9.rbjgb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://8883655.vip/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 2076
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-03
ETag: W/"615584f5-1be5"
Date: Tue, 14 Nov 2023 05:17:22 GMT
Last-Modified: Thu, 30 Sep 2021 09:35:49 GMT
Expires: Thu, 14 Dec 2023 05:17:22 GMT
Age: 2109314
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xg03:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-03, HIT from KS-CLOUD-XG-FOREIGN-03-06
X-Cdn-Request-ID: d14ac648bdc7888262a598cd57f403a6
|
|
| etmqz9.rbjgb.com/ftl/commonPage/zh_CN/mobileTopic/images/special_3.jpg | 103.198.200.1 | 200 OK | 6.9 kB |
URL GET HTTP/1.1etmqz9.rbjgb.com/ftl/commonPage/zh_CN/mobileTopic/images/special_3.jpg IP103.198.200.1:443 ASN#138915 Kaopu Cloud HK Limited
CertificateIssuerSectigo Limited Subject*.rbjgb.com Fingerprint53:6A:B9:2A:19:DF:AF:0C:E2:82:93:B2:92:62:38:34:56:3C:DE:C3 ValiditySun, 26 Mar 2023 00:00:00 GMT - Mon, 25 Mar 2024 23:59:59 GMT
File typeJPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 168x168, components 3\012- data Hash99be4bfe275809d4e436b77c991b1381 54eadee77394eb62ccf377ae68d9f49acb5b6785 4ca35131972acdf420b94f0d64a5a0f504eb5a7b0e6fb7b8b467916a12aae37d
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Bet365 |
GET /ftl/commonPage/zh_CN/mobileTopic/images/special_3.jpg HTTP/1.1
Host: etmqz9.rbjgb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://8883655.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 6871
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-02
ETag: "5d848f4f-1ad7"
Date: Tue, 14 Nov 2023 05:17:23 GMT
Last-Modified: Fri, 20 Sep 2019 08:35:27 GMT
Expires: Thu, 14 Dec 2023 05:17:23 GMT
Age: 2109312
Cache-Control: max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-204
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-02, HIT from KS-CLOUD-XG-FOREIGN-21-17
X-Cdn-Request-ID: 5c3353a61890d27d874bff0b2ce7553e
|
|
| 8883655.vip/index/getAppsUrl.html?device=android&fPixelId=&accessToken=&apiVersion= | 188.114.96.1 | 200 OK | 7.0 kB |
URL GET HTTP/38883655.vip/index/getAppsUrl.html?device=android&fPixelId=&accessToken=&apiVersion= IP188.114.96.1:443
CertificateIssuerLet's Encrypt Subject8883655.vip FingerprintAF:1F:39:B8:2B:98:C9:AC:DE:27:3E:3D:CE:9D:79:4D:07:53:E5:27 ValidityMon, 04 Dec 2023 12:59:52 GMT - Sun, 03 Mar 2024 12:59:51 GMT
File typeJSON data\012- , ASCII text, with very long lines (1132), with no line terminators Hash1aa440debae1c587a76b915db1c51949 d00bf1c04e273c83d4b477a013e3dffa5d329126 1b95920ab015e8b22d3909c17fe4e5eaf64331a5788e340555e2b185fbcf4452
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Bet365 |
GET /index/getAppsUrl.html?device=android&fPixelId=&accessToken=&apiVersion= HTTP/1.1
Host: 8883655.vip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://8883655.vip/
Cookie: route=ed8de952ed57247bb4b5c65efa859ad5; SID=xH990/2Cv5moFMhb2QMhA06zP1nJ/smSvqxeWGk447CizpWTz3SWBFhASVmgDOaS8QxBsb6RVB2QScC1QoPCMUhBJ5guMMMu5tlpM2ld+aR+/oPhn60=
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 08 Dec 2023 15:12:37 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
content-disposition: inline;filename=f.txt
sub-sys: msite
x-frame-options: SAMEORIGIN
uuid: 01513-01-00000000-170204835627dc
out-line: gb-source-106
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kJ1x8eIt70zIC9FpV7GiC0NYX7KBWG6cMnrdvvH0iWukwIFT6%2BaeLyRO%2BYKCppLPmE06ryQLwwA9Rhdn8iNhacJEWVD97o2rCSSJMqENAVwBIpnOsatwatD%2B972nXg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 8325f294bb2c56c4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| etmqz9.rbjgb.com/fserver/files/gb/1513/carousel/10007/1691858019159.jpg?wsSecret=8e5136a8b4c4d9f213fe9634cc9ba252&wsTime=1702048363 | 104.250.33.35 | 200 OK | 93 kB |
URL GET HTTP/1.1etmqz9.rbjgb.com/fserver/files/gb/1513/carousel/10007/1691858019159.jpg?wsSecret=8e5136a8b4c4d9f213fe9634cc9ba252&wsTime=1702048363 IP104.250.33.35:443 ASN#137280 Kingsoft cloud corporation limited
CertificateIssuerSectigo Limited Subject*.rbjgb.com Fingerprint53:6A:B9:2A:19:DF:AF:0C:E2:82:93:B2:92:62:38:34:56:3C:DE:C3 ValiditySun, 26 Mar 2023 00:00:00 GMT - Mon, 25 Mar 2024 23:59:59 GMT
File typeJPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 630x260, components 3\012- data Hashc06a6039b2f3561ec5d4f0c69d170671 6865ffb16dc01a6d6bf86bede76b7c2b449fcd4d 272418fb876975275f984b1983457876733c141e7dbb5fc125fb4276b393234e
GET /fserver/files/gb/1513/carousel/10007/1691858019159.jpg?wsSecret=8e5136a8b4c4d9f213fe9634cc9ba252&wsTime=1702048363 HTTP/1.1
Host: etmqz9.rbjgb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://8883655.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 93406
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-05
ETag: "64d7b463-16cde"
Date: Tue, 14 Nov 2023 07:01:31 GMT
Last-Modified: Sat, 12 Aug 2023 16:33:39 GMT
Expires: Thu, 14 Dec 2023 07:01:31 GMT
Age: 2103066
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xg03:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-05, HIT from KS-CLOUD-XG-FOREIGN-03-06
X-Cdn-Request-ID: 38c0900f0957a8301e88499c5b5a7f24
|
|
| etmqz9.rbjgb.com/ftl/commonPage/themes/images/layer-dialog/gui-layer-close-bg.png | 103.198.200.1 | 200 OK | 1.3 kB |
URL GET HTTP/1.1etmqz9.rbjgb.com/ftl/commonPage/themes/images/layer-dialog/gui-layer-close-bg.png IP103.198.200.1:443 ASN#138915 Kaopu Cloud HK Limited
CertificateIssuerSectigo Limited Subject*.rbjgb.com Fingerprint53:6A:B9:2A:19:DF:AF:0C:E2:82:93:B2:92:62:38:34:56:3C:DE:C3 ValiditySun, 26 Mar 2023 00:00:00 GMT - Mon, 25 Mar 2024 23:59:59 GMT
File typePNG image data, 34 x 34, 8-bit/color RGBA, non-interlaced\012- data Hasha2e938202c0287b9c82461a6fd94dee9 b5e2adc7cb07c18a70a88af314e56b946ec1a1b6 df9ce20db277ad8302c704a73aff5024683a0d38aff0d3e7e884a67a24439936
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Bet365 |
GET /ftl/commonPage/themes/images/layer-dialog/gui-layer-close-bg.png HTTP/1.1
Host: etmqz9.rbjgb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://etmqz9.rbjgb.com/ftl/commonPage/themes/gui-layer.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 1321
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-01
ETag: "5d848f4f-529"
Date: Tue, 14 Nov 2023 07:04:08 GMT
Last-Modified: Fri, 20 Sep 2019 08:35:27 GMT
Expires: Thu, 14 Dec 2023 07:04:08 GMT
Age: 2102909
Cache-Control: max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-204
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-01, HIT from KS-CLOUD-XG-FOREIGN-21-18
X-Cdn-Request-ID: 97f6414b16acf411eccb5320519553f2
|
|
| etmqz9.rbjgb.com/fserver/files/gb/1513/Logo/1/1601467631140.png?wsSecret=d5a266366e1c316b55a07b1124c710b1&wsTime=1702048363 | 103.198.200.1 | 200 OK | 2.3 kB |
URL GET HTTP/1.1etmqz9.rbjgb.com/fserver/files/gb/1513/Logo/1/1601467631140.png?wsSecret=d5a266366e1c316b55a07b1124c710b1&wsTime=1702048363 IP103.198.200.1:443 ASN#138915 Kaopu Cloud HK Limited
CertificateIssuerSectigo Limited Subject*.rbjgb.com Fingerprint53:6A:B9:2A:19:DF:AF:0C:E2:82:93:B2:92:62:38:34:56:3C:DE:C3 ValiditySun, 26 Mar 2023 00:00:00 GMT - Mon, 25 Mar 2024 23:59:59 GMT
File typePNG image data, 139 x 29, 8-bit/color RGBA, non-interlaced\012- data Hash52a331a9176f0e79b54a961fabdadb81 f2b3c1eecc85589242ba6cab9e5ff605364f415e 8ddf9b81682f988f038c7b64d1880a2c18f519497e75b569e0bdea65413d55d6
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Bet365 |
GET /fserver/files/gb/1513/Logo/1/1601467631140.png?wsSecret=d5a266366e1c316b55a07b1124c710b1&wsTime=1702048363 HTTP/1.1
Host: etmqz9.rbjgb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://8883655.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 2276
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-06
ETag: "5f746413-8e4"
Date: Tue, 14 Nov 2023 05:17:23 GMT
Last-Modified: Wed, 30 Sep 2020 10:55:15 GMT
Expires: Thu, 14 Dec 2023 05:17:23 GMT
Age: 2109314
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-06, HIT from KS-CLOUD-XG-FOREIGN-21-09
X-Cdn-Request-ID: 90d1c6efebe2d9fb356fea74e6a7a6b3
|
|
| etmqz9.rbjgb.com/fserver/files/gb/1513/carousel/10046/1700743940627.jpg?wsSecret=3d502b92ec1e2aaa1bcd590c5a6f527c&wsTime=1702048363 | 104.250.33.35 | 200 OK | 113 kB |
URL GET HTTP/1.1etmqz9.rbjgb.com/fserver/files/gb/1513/carousel/10046/1700743940627.jpg?wsSecret=3d502b92ec1e2aaa1bcd590c5a6f527c&wsTime=1702048363 IP104.250.33.35:443 ASN#137280 Kingsoft cloud corporation limited
CertificateIssuerSectigo Limited Subject*.rbjgb.com Fingerprint53:6A:B9:2A:19:DF:AF:0C:E2:82:93:B2:92:62:38:34:56:3C:DE:C3 ValiditySun, 26 Mar 2023 00:00:00 GMT - Mon, 25 Mar 2024 23:59:59 GMT
File typeJPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1, orientation=upper-left], baseline, precision 8, 692x516, components 3\012- data Size113 kB (112572 bytes) Hashcc285e2bcd4bdfa167f3a89cdfa8c3fd 59e3f2eddcfa5bdcd68f132883b5f6a2cf751226 0a7c20d3c2e426baa9403abbeb5bd2ef0fe3d09b5eb2ba42e9e2cb3863227a4e
GET /fserver/files/gb/1513/carousel/10046/1700743940627.jpg?wsSecret=3d502b92ec1e2aaa1bcd590c5a6f527c&wsTime=1702048363 HTTP/1.1
Host: etmqz9.rbjgb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://8883655.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 112572
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-02
ETag: "655f4b04-1b7bc"
Date: Thu, 23 Nov 2023 12:52:50 GMT
Last-Modified: Thu, 23 Nov 2023 12:52:20 GMT
Expires: Sat, 23 Dec 2023 12:52:50 GMT
Age: 1304387
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xg03:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-02, HIT from KS-CLOUD-XG-FOREIGN-03-07
X-Cdn-Request-ID: 192f27263fcd6f6e994ea89a67a1eab9
|
|
| etmqz9.rbjgb.com/ftl/commonPage/images/casino/casino_logo__hot.png?wsSecret=5a88ccdaab110ce310a59ab7b3be66cc&wsTime=1702048363 | 104.250.33.35 | 200 OK | 5.3 kB |
URL GET HTTP/1.1etmqz9.rbjgb.com/ftl/commonPage/images/casino/casino_logo__hot.png?wsSecret=5a88ccdaab110ce310a59ab7b3be66cc&wsTime=1702048363 IP104.250.33.35:443 ASN#137280 Kingsoft cloud corporation limited
CertificateIssuerSectigo Limited Subject*.rbjgb.com Fingerprint53:6A:B9:2A:19:DF:AF:0C:E2:82:93:B2:92:62:38:34:56:3C:DE:C3 ValiditySun, 26 Mar 2023 00:00:00 GMT - Mon, 25 Mar 2024 23:59:59 GMT
File typePNG image data, 90 x 50, 8-bit/color RGBA, interlaced\012- data Hash715accde73ee91614d615e95f82739f9 1c47e65ab9b1ad7074f9b7dd934a816bd3ef834e 13d1b623d4dd66c17067a7aea27e71fc4510406a946f13c86f99c499b4e7aa62
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Bet365 |
GET /ftl/commonPage/images/casino/casino_logo__hot.png?wsSecret=5a88ccdaab110ce310a59ab7b3be66cc&wsTime=1702048363 HTTP/1.1
Host: etmqz9.rbjgb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://8883655.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 5335
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-02
ETag: "5ff80d82-14d7"
Date: Tue, 14 Nov 2023 07:04:11 GMT
Last-Modified: Fri, 08 Jan 2021 07:45:06 GMT
Expires: Thu, 14 Dec 2023 07:04:11 GMT
Age: 2102906
Cache-Control: max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xg03:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-02, HIT from KS-CLOUD-XG-03-02
X-Cdn-Request-ID: 91f6fe76a7c031e74f175f7fc9cc6160
|
|
| etmqz9.rbjgb.com/ftl/commonPage/images/casino/casino_logo_mg.png?wsSecret=a3cf12f0162331f968156a149cea3c62&wsTime=1702048363 | 104.250.33.35 | 200 OK | 4.2 kB |
URL GET HTTP/1.1etmqz9.rbjgb.com/ftl/commonPage/images/casino/casino_logo_mg.png?wsSecret=a3cf12f0162331f968156a149cea3c62&wsTime=1702048363 IP104.250.33.35:443 ASN#137280 Kingsoft cloud corporation limited
CertificateIssuerSectigo Limited Subject*.rbjgb.com Fingerprint53:6A:B9:2A:19:DF:AF:0C:E2:82:93:B2:92:62:38:34:56:3C:DE:C3 ValiditySun, 26 Mar 2023 00:00:00 GMT - Mon, 25 Mar 2024 23:59:59 GMT
File typePNG image data, 90 x 50, 8-bit/color RGBA, non-interlaced\012- data Hashaf8e634c913f2a0398342b315793de02 886daf11ed8cb8a67313b28f042100c3a87cedd0 ab903e832a7be190aab69d16acfd4f4c3694760a8b215e06ec356541f33d4b27
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Bet365 |
GET /ftl/commonPage/images/casino/casino_logo_mg.png?wsSecret=a3cf12f0162331f968156a149cea3c62&wsTime=1702048363 HTTP/1.1
Host: etmqz9.rbjgb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://8883655.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 4152
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-03
ETag: "5d848f4f-1038"
Date: Tue, 14 Nov 2023 07:04:10 GMT
Last-Modified: Fri, 20 Sep 2019 08:35:27 GMT
Expires: Thu, 14 Dec 2023 07:04:10 GMT
Age: 2102908
Cache-Control: max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xg03:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-03, HIT from KS-CLOUD-XG-FOREIGN-03-06
X-Cdn-Request-ID: 3efc2f9ec76c85257b38f3f4e6338cf9
|
|
| etmqz9.rbjgb.com/ftl/commonPage/images/casino/casino_logo_tp.png?wsSecret=df678a2bd108d4e1afb715b6c6a8a6a3&wsTime=1702048363 | 104.250.33.35 | 200 OK | 6.7 kB |
URL GET HTTP/1.1etmqz9.rbjgb.com/ftl/commonPage/images/casino/casino_logo_tp.png?wsSecret=df678a2bd108d4e1afb715b6c6a8a6a3&wsTime=1702048363 IP104.250.33.35:443 ASN#137280 Kingsoft cloud corporation limited
CertificateIssuerSectigo Limited Subject*.rbjgb.com Fingerprint53:6A:B9:2A:19:DF:AF:0C:E2:82:93:B2:92:62:38:34:56:3C:DE:C3 ValiditySun, 26 Mar 2023 00:00:00 GMT - Mon, 25 Mar 2024 23:59:59 GMT
File typePNG image data, 90 x 50, 8-bit/color RGBA, non-interlaced\012- data Hashc77f25179cb35f442d78c765405f197e a623a26a74bb807164c7d95e469a8c31be793a5f 7463103945d72f56abb34b0c17c335dde4bd28b73efa82170a6ffba5909e62eb
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Bet365 |
GET /ftl/commonPage/images/casino/casino_logo_tp.png?wsSecret=df678a2bd108d4e1afb715b6c6a8a6a3&wsTime=1702048363 HTTP/1.1
Host: etmqz9.rbjgb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://8883655.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 6682
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-01
ETag: "5f18304e-1a1a"
Date: Tue, 14 Nov 2023 07:04:11 GMT
Last-Modified: Wed, 22 Jul 2020 12:25:50 GMT
Expires: Thu, 14 Dec 2023 07:04:11 GMT
Age: 2102907
Cache-Control: max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xg03:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-01, HIT from KS-CLOUD-XG-FOREIGN-03-08
X-Cdn-Request-ID: 22b662b0d65caaf8d73ac6a68a51b480
|
|
| etmqz9.rbjgb.com/fserver/files/gb/1513/carousel/10049/1701952414745.jpg?wsSecret=a92c0842482845c73a21ea8364f67446&wsTime=1702048363 | 103.198.200.1 | 200 OK | 83 kB |
URL GET HTTP/1.1etmqz9.rbjgb.com/fserver/files/gb/1513/carousel/10049/1701952414745.jpg?wsSecret=a92c0842482845c73a21ea8364f67446&wsTime=1702048363 IP103.198.200.1:443 ASN#138915 Kaopu Cloud HK Limited
CertificateIssuerSectigo Limited Subject*.rbjgb.com Fingerprint53:6A:B9:2A:19:DF:AF:0C:E2:82:93:B2:92:62:38:34:56:3C:DE:C3 ValiditySun, 26 Mar 2023 00:00:00 GMT - Mon, 25 Mar 2024 23:59:59 GMT
File typeJPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 680x480, components 3\012- data Hash79833aa95bdb9fbbed321efa0475d960 73477b26cc49429a4f3928457dec1076f56a3c39 1bdbe1bb5574afa2da8ac731b7be79be5b28a6cfa1a0470b067dc6cbf115fd17
GET /fserver/files/gb/1513/carousel/10049/1701952414745.jpg?wsSecret=a92c0842482845c73a21ea8364f67446&wsTime=1702048363 HTTP/1.1
Host: etmqz9.rbjgb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://8883655.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 83408
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-02
ETag: "6571bba0-145d0"
Date: Thu, 07 Dec 2023 12:34:02 GMT
Last-Modified: Thu, 07 Dec 2023 12:33:36 GMT
Expires: Sat, 06 Jan 2024 12:34:02 GMT
Age: 95915
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-02, HIT from KS-CLOUD-XG-FOREIGN-21-02
X-Cdn-Request-ID: b5019cc024f7ac519dad7db4922cf1c6
|
|
| etmqz9.rbjgb.com/fserver/files/gb/1513/carousel/10035/1700636520075.jpg?wsSecret=b7c28018c005db7592061b029b5597e8&wsTime=1702048363 | 104.250.33.35 | 200 OK | 176 kB |
URL GET HTTP/1.1etmqz9.rbjgb.com/fserver/files/gb/1513/carousel/10035/1700636520075.jpg?wsSecret=b7c28018c005db7592061b029b5597e8&wsTime=1702048363 IP104.250.33.35:443 ASN#137280 Kingsoft cloud corporation limited
CertificateIssuerSectigo Limited Subject*.rbjgb.com Fingerprint53:6A:B9:2A:19:DF:AF:0C:E2:82:93:B2:92:62:38:34:56:3C:DE:C3 ValiditySun, 26 Mar 2023 00:00:00 GMT - Mon, 25 Mar 2024 23:59:59 GMT
File typeJPEG image data, progressive, precision 8, 692x516, components 3\012- data Size176 kB (176197 bytes) Hash6f4e3e1934e44400d10656625bd4aec9 da0da6ef4b632061b155fa30341755e49e23676b 1ac1edea996c9e8711956ab5fdf4ae0f447b88a8e039fdb86b95f692c942ced6
GET /fserver/files/gb/1513/carousel/10035/1700636520075.jpg?wsSecret=b7c28018c005db7592061b029b5597e8&wsTime=1702048363 HTTP/1.1
Host: etmqz9.rbjgb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://8883655.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 176197
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-03
ETag: "655da768-2b045"
Date: Wed, 22 Nov 2023 07:13:59 GMT
Last-Modified: Wed, 22 Nov 2023 07:02:00 GMT
Expires: Fri, 22 Dec 2023 07:13:59 GMT
Age: 1411118
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xg03:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-03, HIT from KS-CLOUD-XG-FOREIGN-03-08
X-Cdn-Request-ID: 13e2d1aa92d7b1da54fa72d644138e2a
|
|
| etmqz9.rbjgb.com/ftl/commonPage/images/casino/casino_logo_vs.png?wsSecret=5545bafbc1697a748c6ed6bff75e97cf&wsTime=1702048363 | 104.250.33.35 | 200 OK | 5.0 kB |
URL GET HTTP/1.1etmqz9.rbjgb.com/ftl/commonPage/images/casino/casino_logo_vs.png?wsSecret=5545bafbc1697a748c6ed6bff75e97cf&wsTime=1702048363 IP104.250.33.35:443 ASN#137280 Kingsoft cloud corporation limited
CertificateIssuerSectigo Limited Subject*.rbjgb.com Fingerprint53:6A:B9:2A:19:DF:AF:0C:E2:82:93:B2:92:62:38:34:56:3C:DE:C3 ValiditySun, 26 Mar 2023 00:00:00 GMT - Mon, 25 Mar 2024 23:59:59 GMT
File typePNG image data, 90 x 50, 8-bit/color RGBA, non-interlaced\012- data Hash2402cfcfffe253d89768ba1614847112 b4daa7393b99f7960926992247d1609ea5cd3921 4b28589dba696ca992cde07a46032664b959a925889dcbc6193054bba8fcbf1d
GET /ftl/commonPage/images/casino/casino_logo_vs.png?wsSecret=5545bafbc1697a748c6ed6bff75e97cf&wsTime=1702048363 HTTP/1.1
Host: etmqz9.rbjgb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://8883655.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 4950
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-03
ETag: "615c060f-1356"
Date: Tue, 14 Nov 2023 07:04:11 GMT
Last-Modified: Tue, 05 Oct 2021 08:00:15 GMT
Expires: Thu, 14 Dec 2023 07:04:11 GMT
Age: 2102906
Cache-Control: max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xg03:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-03, HIT from KS-CLOUD-XG-03-03
X-Cdn-Request-ID: 4f70199cb8770de968144c2517000640
|
|
| etmqz9.rbjgb.com/ftl/bet365-1513/themes/images/oclock.png?wsSecret=80bac3212d2f0cb8ed6b100e224ce414&wsTime=1702048363 | 104.250.33.35 | 200 OK | 519 B |
URL GET HTTP/1.1etmqz9.rbjgb.com/ftl/bet365-1513/themes/images/oclock.png?wsSecret=80bac3212d2f0cb8ed6b100e224ce414&wsTime=1702048363 IP104.250.33.35:443 ASN#137280 Kingsoft cloud corporation limited
CertificateIssuerSectigo Limited Subject*.rbjgb.com Fingerprint53:6A:B9:2A:19:DF:AF:0C:E2:82:93:B2:92:62:38:34:56:3C:DE:C3 ValiditySun, 26 Mar 2023 00:00:00 GMT - Mon, 25 Mar 2024 23:59:59 GMT
File typePNG image data, 15 x 17, 8-bit colormap, non-interlaced\012- data Hashabf297e51fa41e9771aa7392fa9cba44 f76236aa20e9b0d8032666ff853fa87489049b08 1e082f27f562177c07f18f10e71d37d43ded6c836d16d425272ff33c51c3c798
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Bet365 |
GET /ftl/bet365-1513/themes/images/oclock.png?wsSecret=80bac3212d2f0cb8ed6b100e224ce414&wsTime=1702048363 HTTP/1.1
Host: etmqz9.rbjgb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://8883655.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 519
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-04
ETag: "613c72a9-207"
Date: Tue, 14 Nov 2023 05:17:23 GMT
Last-Modified: Sat, 11 Sep 2021 09:11:05 GMT
Expires: Thu, 14 Dec 2023 05:17:23 GMT
Age: 2109314
Cache-Control: max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xg03:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-04, HIT from KS-CLOUD-XG-03-14
X-Cdn-Request-ID: 26b1b0982b6d09bf9ec95640f18b1918
|
|
| etmqz9.rbjgb.com/ftl/bet365-1513/themes/images/hot1.gif?wsSecret=09af9d42b04b2d5b016f57355954198f&wsTime=1702048363 | 103.198.200.1 | 200 OK | 1.2 kB |
URL GET HTTP/1.1etmqz9.rbjgb.com/ftl/bet365-1513/themes/images/hot1.gif?wsSecret=09af9d42b04b2d5b016f57355954198f&wsTime=1702048363 IP103.198.200.1:443 ASN#138915 Kaopu Cloud HK Limited
CertificateIssuerSectigo Limited Subject*.rbjgb.com Fingerprint53:6A:B9:2A:19:DF:AF:0C:E2:82:93:B2:92:62:38:34:56:3C:DE:C3 ValiditySun, 26 Mar 2023 00:00:00 GMT - Mon, 25 Mar 2024 23:59:59 GMT
File typeGIF image data, version 89a, 14 x 18\012- data Hashd7ee8c341d86a4bb78532e2d8e721b7e 0e9394a2905d235b6a7215a03f0a5f8534451bef ff425363cf8edbb85d152bcdc36a137596829b6c003ac77a1be531922cd8f055
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Bet365 |
GET /ftl/bet365-1513/themes/images/hot1.gif?wsSecret=09af9d42b04b2d5b016f57355954198f&wsTime=1702048363 HTTP/1.1
Host: etmqz9.rbjgb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://8883655.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/gif
Content-Length: 1248
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-06
ETag: "613c72a9-4e0"
Date: Tue, 14 Nov 2023 05:17:23 GMT
Last-Modified: Sat, 11 Sep 2021 09:11:05 GMT
Expires: Thu, 14 Dec 2023 05:17:23 GMT
Age: 2109315
Cache-Control: max-age=86400
Accept-Ranges: bytes
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-06, HIT from KS-CLOUD-XG-FOREIGN-21-02
X-Cdn-Request-ID: bd0673a3496065ad6d1e6981e911a963
|
|
| etmqz9.rbjgb.com/ftl/bet365-1513/themes/images/layout-left.jpg?wsSecret=2d263bf3862e1314204c20941b58aa34&wsTime=1702048363 | 104.250.33.35 | 200 OK | 918 B |
URL GET HTTP/1.1etmqz9.rbjgb.com/ftl/bet365-1513/themes/images/layout-left.jpg?wsSecret=2d263bf3862e1314204c20941b58aa34&wsTime=1702048363 IP104.250.33.35:443 ASN#137280 Kingsoft cloud corporation limited
CertificateIssuerSectigo Limited Subject*.rbjgb.com Fingerprint53:6A:B9:2A:19:DF:AF:0C:E2:82:93:B2:92:62:38:34:56:3C:DE:C3 ValiditySun, 26 Mar 2023 00:00:00 GMT - Mon, 25 Mar 2024 23:59:59 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 120x796, components 3\012- data Hash28b9980238466725db46247eeb3ae314 5490115ce6b25413f142811de784c6460cb7bab2 32c09d293a7029ae5c392f2986a13296809654b4e3816ebc5b9dd7a31a9fb51d
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Bet365 |
GET /ftl/bet365-1513/themes/images/layout-left.jpg?wsSecret=2d263bf3862e1314204c20941b58aa34&wsTime=1702048363 HTTP/1.1
Host: etmqz9.rbjgb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://8883655.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 918
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-01
ETag: "613c72a9-396"
Date: Tue, 14 Nov 2023 07:04:10 GMT
Last-Modified: Sat, 11 Sep 2021 09:11:05 GMT
Expires: Thu, 14 Dec 2023 07:04:10 GMT
Age: 2102907
Cache-Control: max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xg03:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-01, HIT from KS-CLOUD-XG-FOREIGN-03-07
X-Cdn-Request-ID: e0465be78ae91b4b13999c1e24b418f4
|
|
| etmqz9.rbjgb.com/ftl/bet365-1513/themes/images/member_login.png?wsSecret=374b96a3a6361d272fa60fb859aa202c&wsTime=1702048363 | 103.198.200.1 | 200 OK | 680 B |
URL GET HTTP/1.1etmqz9.rbjgb.com/ftl/bet365-1513/themes/images/member_login.png?wsSecret=374b96a3a6361d272fa60fb859aa202c&wsTime=1702048363 IP103.198.200.1:443 ASN#138915 Kaopu Cloud HK Limited
CertificateIssuerSectigo Limited Subject*.rbjgb.com Fingerprint53:6A:B9:2A:19:DF:AF:0C:E2:82:93:B2:92:62:38:34:56:3C:DE:C3 ValiditySun, 26 Mar 2023 00:00:00 GMT - Mon, 25 Mar 2024 23:59:59 GMT
File typePNG image data, 169 x 34, 8-bit colormap, non-interlaced\012- data Hashdd8380feb68da72f3f8fe960f611ce7c 707651dea23c986d71afe91337a2822d3945b552 f25f16a3e8f11c5e37793ddbaf9351a915d8df2e1c8d39cac01dadd255de9573
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Bet365 |
GET /ftl/bet365-1513/themes/images/member_login.png?wsSecret=374b96a3a6361d272fa60fb859aa202c&wsTime=1702048363 HTTP/1.1
Host: etmqz9.rbjgb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://8883655.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 680
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-05
ETag: "613c72a9-2a8"
Date: Tue, 14 Nov 2023 07:04:09 GMT
Last-Modified: Sat, 11 Sep 2021 09:11:05 GMT
Expires: Thu, 14 Dec 2023 07:04:09 GMT
Age: 2102909
Cache-Control: max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-05, HIT from KS-CLOUD-XG-FOREIGN-21-18
X-Cdn-Request-ID: 7a5c6b58cf4d5920130393eedcf450b1
|
|
| etmqz9.rbjgb.com/ftl/bet365-1513/themes/images/input_id.png?wsSecret=0e15b9cef7136900588f60bd0ddbc928&wsTime=1702048363 | 104.250.33.35 | 200 OK | 306 B |
URL GET HTTP/1.1etmqz9.rbjgb.com/ftl/bet365-1513/themes/images/input_id.png?wsSecret=0e15b9cef7136900588f60bd0ddbc928&wsTime=1702048363 IP104.250.33.35:443 ASN#137280 Kingsoft cloud corporation limited
CertificateIssuerSectigo Limited Subject*.rbjgb.com Fingerprint53:6A:B9:2A:19:DF:AF:0C:E2:82:93:B2:92:62:38:34:56:3C:DE:C3 ValiditySun, 26 Mar 2023 00:00:00 GMT - Mon, 25 Mar 2024 23:59:59 GMT
File typePNG image data, 11 x 14, 8-bit colormap, non-interlaced\012- data Hash8eff7c810e9fe738953f72c30600c49d 76d0ff44cfe59218f5520bb880ca1a8b227185be ce1d697df52ad12d4443c85c7d257ccdfc48803bdc84409ed7732231587f56d0
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Bet365 |
GET /ftl/bet365-1513/themes/images/input_id.png?wsSecret=0e15b9cef7136900588f60bd0ddbc928&wsTime=1702048363 HTTP/1.1
Host: etmqz9.rbjgb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://8883655.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 306
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-05
ETag: "613c72a9-132"
Date: Tue, 14 Nov 2023 05:17:24 GMT
Last-Modified: Sat, 11 Sep 2021 09:11:05 GMT
Expires: Thu, 14 Dec 2023 05:17:24 GMT
Age: 2109314
Cache-Control: max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xg03:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-05, HIT from KS-CLOUD-XG-03-14
X-Cdn-Request-ID: 168f4239975569c5a50ed76da98902c8
|
|
| etmqz9.rbjgb.com/fserver/files/gb/1513/carousel/10030/1686395314100.png?wsSecret=c5d293c93c6f4c67a9d16ab54713fe8a&wsTime=1702048363 | 103.198.200.1 | 200 OK | 266 kB |
URL GET HTTP/1.1etmqz9.rbjgb.com/fserver/files/gb/1513/carousel/10030/1686395314100.png?wsSecret=c5d293c93c6f4c67a9d16ab54713fe8a&wsTime=1702048363 IP103.198.200.1:443 ASN#138915 Kaopu Cloud HK Limited
CertificateIssuerSectigo Limited Subject*.rbjgb.com Fingerprint53:6A:B9:2A:19:DF:AF:0C:E2:82:93:B2:92:62:38:34:56:3C:DE:C3 ValiditySun, 26 Mar 2023 00:00:00 GMT - Mon, 25 Mar 2024 23:59:59 GMT
File typePNG image data, 692 x 516, 8-bit/color RGB, non-interlaced\012- data Size266 kB (266168 bytes) Hasha806d7a444b2ef9b8cc89ec7e8e7734f 55868897081e15bcf2c399bc5a775e3007155442 671761066cbac53d7aa37a14455d8a4fd9d20e69ce51fd00d95352091feaff84
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Bet365 |
GET /fserver/files/gb/1513/carousel/10030/1686395314100.png?wsSecret=c5d293c93c6f4c67a9d16ab54713fe8a&wsTime=1702048363 HTTP/1.1
Host: etmqz9.rbjgb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://8883655.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 266168
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-06
ETag: "648459b2-40fb8"
Date: Tue, 14 Nov 2023 07:04:10 GMT
Last-Modified: Sat, 10 Jun 2023 11:08:34 GMT
Expires: Thu, 14 Dec 2023 07:04:10 GMT
Age: 2102907
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-06, HIT from KS-CLOUD-XG-FOREIGN-21-03
X-Cdn-Request-ID: 770e94ea3aa01a33d77a6b53d45e009a
|
|
| etmqz9.rbjgb.com/ftl/bet365-1513/themes/images/input_pw.png?wsSecret=efe5c3d696702dd3f1f5909f1a4415cd&wsTime=1702048363 | 103.198.200.1 | 200 OK | 295 B |
URL GET HTTP/1.1etmqz9.rbjgb.com/ftl/bet365-1513/themes/images/input_pw.png?wsSecret=efe5c3d696702dd3f1f5909f1a4415cd&wsTime=1702048363 IP103.198.200.1:443 ASN#138915 Kaopu Cloud HK Limited
CertificateIssuerSectigo Limited Subject*.rbjgb.com Fingerprint53:6A:B9:2A:19:DF:AF:0C:E2:82:93:B2:92:62:38:34:56:3C:DE:C3 ValiditySun, 26 Mar 2023 00:00:00 GMT - Mon, 25 Mar 2024 23:59:59 GMT
File typePNG image data, 11 x 14, 8-bit colormap, non-interlaced\012- data Hash8a10f6dde7ab93278fce03968f25594f 61bc29c3cd2a21ca6ff9dc300cfbe3b7789b7862 6792a1a4f681b2d608c6a3e1964e0d2ef9b3fcf743ce3b8afee4a1c97ea2da7b
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Bet365 |
GET /ftl/bet365-1513/themes/images/input_pw.png?wsSecret=efe5c3d696702dd3f1f5909f1a4415cd&wsTime=1702048363 HTTP/1.1
Host: etmqz9.rbjgb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://8883655.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 295
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-04
ETag: "613c72a9-127"
Date: Tue, 14 Nov 2023 05:17:24 GMT
Last-Modified: Sat, 11 Sep 2021 09:11:05 GMT
Expires: Thu, 14 Dec 2023 05:17:24 GMT
Age: 2109314
Cache-Control: max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-04, HIT from KS-CLOUD-XG-FOREIGN-21-04
X-Cdn-Request-ID: 1f9760b1be244c8697cd524cf419060b
|
|
| etmqz9.rbjgb.com/fserver/files/gb/1513/carousel/10026/1686752442517.png?wsSecret=86decd89c1e4dd423400634c3ab95fe6&wsTime=1702048363 | 103.198.200.1 | 200 OK | 341 kB |
URL GET HTTP/1.1etmqz9.rbjgb.com/fserver/files/gb/1513/carousel/10026/1686752442517.png?wsSecret=86decd89c1e4dd423400634c3ab95fe6&wsTime=1702048363 IP103.198.200.1:443 ASN#138915 Kaopu Cloud HK Limited
CertificateIssuerSectigo Limited Subject*.rbjgb.com Fingerprint53:6A:B9:2A:19:DF:AF:0C:E2:82:93:B2:92:62:38:34:56:3C:DE:C3 ValiditySun, 26 Mar 2023 00:00:00 GMT - Mon, 25 Mar 2024 23:59:59 GMT
File typePNG image data, 692 x 516, 8-bit/color RGB, non-interlaced\012- data Size341 kB (340563 bytes) Hashf8a72225548e26262f749c395c97d1fa e8910bdaf16e6c1cd5df6fca3d286167f821f96b 93d1d2dae7ebf2d19694b0f20032128435898169a7924bf8d4074918e48acdff
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Bet365 |
GET /fserver/files/gb/1513/carousel/10026/1686752442517.png?wsSecret=86decd89c1e4dd423400634c3ab95fe6&wsTime=1702048363 HTTP/1.1
Host: etmqz9.rbjgb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://8883655.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 340563
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-03
ETag: "6489ccba-53253"
Date: Tue, 14 Nov 2023 07:04:10 GMT
Last-Modified: Wed, 14 Jun 2023 14:20:42 GMT
Expires: Thu, 14 Dec 2023 07:04:10 GMT
Age: 2102906
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-03, HIT from KS-CLOUD-XG-FOREIGN-21-20
X-Cdn-Request-ID: 386d8b4a7cac8daaf4f6e48a68b6c04d
|
|
| etmqz9.rbjgb.com/ftl/bet365-1513/themes/images/login_btn_index.png?wsSecret=fc1f6e53df81b8da8f0c413707ca0a3a&wsTime=1702048363 | 104.250.33.35 | 200 OK | 328 B |
URL GET HTTP/1.1etmqz9.rbjgb.com/ftl/bet365-1513/themes/images/login_btn_index.png?wsSecret=fc1f6e53df81b8da8f0c413707ca0a3a&wsTime=1702048363 IP104.250.33.35:443 ASN#137280 Kingsoft cloud corporation limited
CertificateIssuerSectigo Limited Subject*.rbjgb.com Fingerprint53:6A:B9:2A:19:DF:AF:0C:E2:82:93:B2:92:62:38:34:56:3C:DE:C3 ValiditySun, 26 Mar 2023 00:00:00 GMT - Mon, 25 Mar 2024 23:59:59 GMT
File typePNG image data, 190 x 66, 8-bit colormap, non-interlaced\012- data Hashc84badf514a135594e25cbcd6a5e6d4b 6883fd7e93396a9aeb426d2035a724335b5e04c4 5975ef695aff12c818fe0c61c10a3a14b01f38dbfc7d102de8c1d3444befa08e
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Bet365 |
GET /ftl/bet365-1513/themes/images/login_btn_index.png?wsSecret=fc1f6e53df81b8da8f0c413707ca0a3a&wsTime=1702048363 HTTP/1.1
Host: etmqz9.rbjgb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://8883655.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 328
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-06
ETag: "613c72a9-148"
Date: Tue, 14 Nov 2023 07:04:09 GMT
Last-Modified: Sat, 11 Sep 2021 09:11:05 GMT
Expires: Thu, 14 Dec 2023 07:04:09 GMT
Age: 2102909
Cache-Control: max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xg03:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-06, HIT from KS-CLOUD-XG-03-13
X-Cdn-Request-ID: 65358d7a6d96bf8a9af5cbbba8db011c
|
|
| etmqz9.rbjgb.com/ftl/bet365-1513/themes/images/notice_icon.png?wsSecret=6369e68d6a221fbb92b07c6674862e09&wsTime=1702048363 | 103.198.200.1 | 200 OK | 318 B |
URL GET HTTP/1.1etmqz9.rbjgb.com/ftl/bet365-1513/themes/images/notice_icon.png?wsSecret=6369e68d6a221fbb92b07c6674862e09&wsTime=1702048363 IP103.198.200.1:443 ASN#138915 Kaopu Cloud HK Limited
CertificateIssuerSectigo Limited Subject*.rbjgb.com Fingerprint53:6A:B9:2A:19:DF:AF:0C:E2:82:93:B2:92:62:38:34:56:3C:DE:C3 ValiditySun, 26 Mar 2023 00:00:00 GMT - Mon, 25 Mar 2024 23:59:59 GMT
File typePNG image data, 14 x 14, 8-bit colormap, non-interlaced\012- data Hashe149b3e85d15c14a150036f93b296253 0006db6a1d3cc14a1d6da738d3243674d6110f84 9137d5630ca64621c97786e21e5ff77e75de43a4e0597aa6974e25d59082428e
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Bet365 |
GET /ftl/bet365-1513/themes/images/notice_icon.png?wsSecret=6369e68d6a221fbb92b07c6674862e09&wsTime=1702048363 HTTP/1.1
Host: etmqz9.rbjgb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://8883655.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 318
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-03
ETag: "613c72a9-13e"
Date: Tue, 14 Nov 2023 05:17:23 GMT
Last-Modified: Sat, 11 Sep 2021 09:11:05 GMT
Expires: Thu, 14 Dec 2023 05:17:23 GMT
Age: 2109315
Cache-Control: max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-03, HIT from KS-CLOUD-XG-FOREIGN-21-18
X-Cdn-Request-ID: 6e8c169a31cbd1eed251e2f0fc60a010
|
|
| etmqz9.rbjgb.com/ftl/bet365-1513/themes/images/slot_list_bg.jpg?wsSecret=3bbf8cc4658ae4657b54b55e7a80e784&wsTime=1702048363 | 104.250.33.35 | 200 OK | 3.7 kB |
URL GET HTTP/1.1etmqz9.rbjgb.com/ftl/bet365-1513/themes/images/slot_list_bg.jpg?wsSecret=3bbf8cc4658ae4657b54b55e7a80e784&wsTime=1702048363 IP104.250.33.35:443 ASN#137280 Kingsoft cloud corporation limited
CertificateIssuerSectigo Limited Subject*.rbjgb.com Fingerprint53:6A:B9:2A:19:DF:AF:0C:E2:82:93:B2:92:62:38:34:56:3C:DE:C3 ValiditySun, 26 Mar 2023 00:00:00 GMT - Mon, 25 Mar 2024 23:59:59 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 307x260, components 3\012- data Hash884ab3a54eaeeee2c944773ac757ebcd 1aded473eecfb23f06fc59d4cc989853d2117489 bb3a93104a804d751e4456abbef235889811b806243edbbbb31a757c070b612a
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Bet365 |
GET /ftl/bet365-1513/themes/images/slot_list_bg.jpg?wsSecret=3bbf8cc4658ae4657b54b55e7a80e784&wsTime=1702048363 HTTP/1.1
Host: etmqz9.rbjgb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://8883655.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 3728
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-06
ETag: "613c72a9-e90"
Date: Tue, 14 Nov 2023 07:04:08 GMT
Last-Modified: Sat, 11 Sep 2021 09:11:05 GMT
Expires: Thu, 14 Dec 2023 07:04:08 GMT
Age: 2102910
Cache-Control: max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xg03:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-06, HIT from KS-CLOUD-XG-03-13
X-Cdn-Request-ID: 7a2484be5af87321e5f9659116b70edb
|
|
| etmqz9.rbjgb.com/ftl/bet365-1513/themes/images/slot_more.png?wsSecret=826ad1e86037dcad6fac9845b80fbe33&wsTime=1702048363 | 103.198.200.1 | 200 OK | 740 B |
URL GET HTTP/1.1etmqz9.rbjgb.com/ftl/bet365-1513/themes/images/slot_more.png?wsSecret=826ad1e86037dcad6fac9845b80fbe33&wsTime=1702048363 IP103.198.200.1:443 ASN#138915 Kaopu Cloud HK Limited
CertificateIssuerSectigo Limited Subject*.rbjgb.com Fingerprint53:6A:B9:2A:19:DF:AF:0C:E2:82:93:B2:92:62:38:34:56:3C:DE:C3 ValiditySun, 26 Mar 2023 00:00:00 GMT - Mon, 25 Mar 2024 23:59:59 GMT
File typePNG image data, 36 x 38, 8-bit colormap, non-interlaced\012- data Hashd2020a71d2421b3d25dc61b5d3791fa9 95253209215c094261111d322b008882c5ea44cf c10dc5600856216b21a2a3af99e8a3e9fd7b7a022ed9c0d54c1eb1a8d2eeb201
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Bet365 |
GET /ftl/bet365-1513/themes/images/slot_more.png?wsSecret=826ad1e86037dcad6fac9845b80fbe33&wsTime=1702048363 HTTP/1.1
Host: etmqz9.rbjgb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://8883655.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 740
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-02
ETag: "613c72a9-2e4"
Date: Tue, 14 Nov 2023 07:04:10 GMT
Last-Modified: Sat, 11 Sep 2021 09:11:05 GMT
Expires: Thu, 14 Dec 2023 07:04:10 GMT
Age: 2102908
Cache-Control: max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-02, HIT from KS-CLOUD-XG-FOREIGN-21-09
X-Cdn-Request-ID: ff19d812a2c7ba19ada0e7591e538c68
|
|
| etmqz9.rbjgb.com/ftl/bet365-1513/themes/images/jackpot_title.png?wsSecret=17b30743da5798f8d4ab32d2232089f4&wsTime=1702048363 | 104.250.33.35 | 200 OK | 928 B |
URL GET HTTP/1.1etmqz9.rbjgb.com/ftl/bet365-1513/themes/images/jackpot_title.png?wsSecret=17b30743da5798f8d4ab32d2232089f4&wsTime=1702048363 IP104.250.33.35:443 ASN#137280 Kingsoft cloud corporation limited
CertificateIssuerSectigo Limited Subject*.rbjgb.com Fingerprint53:6A:B9:2A:19:DF:AF:0C:E2:82:93:B2:92:62:38:34:56:3C:DE:C3 ValiditySun, 26 Mar 2023 00:00:00 GMT - Mon, 25 Mar 2024 23:59:59 GMT
File typePNG image data, 171 x 34, 8-bit colormap, non-interlaced\012- data Hash6a35d7146f6fb12966be9d95ec7390f0 4e08c3f9269809beff65e607577204e3fa259d22 3892610b331020e0c985693c462ea4c2f1a2a86194fc1a61562725820c7e81cb
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Bet365 |
GET /ftl/bet365-1513/themes/images/jackpot_title.png?wsSecret=17b30743da5798f8d4ab32d2232089f4&wsTime=1702048363 HTTP/1.1
Host: etmqz9.rbjgb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://8883655.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 928
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-03
ETag: "613c72a9-3a0"
Date: Tue, 14 Nov 2023 07:04:10 GMT
Last-Modified: Sat, 11 Sep 2021 09:11:05 GMT
Expires: Thu, 14 Dec 2023 07:04:10 GMT
Age: 2102908
Cache-Control: max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xg03:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-03, HIT from KS-CLOUD-XG-FOREIGN-03-05
X-Cdn-Request-ID: 3aebe32707b97d6267086e5e3405ba91
|
|
| etmqz9.rbjgb.com/ftl/bet365-1513/themes/images/other_links_fish.jpg?wsSecret=e38560c399691049194a9a78bcefc66b&wsTime=1702048363 | 103.198.200.1 | 200 OK | 19 kB |
URL GET HTTP/1.1etmqz9.rbjgb.com/ftl/bet365-1513/themes/images/other_links_fish.jpg?wsSecret=e38560c399691049194a9a78bcefc66b&wsTime=1702048363 IP103.198.200.1:443 ASN#138915 Kaopu Cloud HK Limited
CertificateIssuerSectigo Limited Subject*.rbjgb.com Fingerprint53:6A:B9:2A:19:DF:AF:0C:E2:82:93:B2:92:62:38:34:56:3C:DE:C3 ValiditySun, 26 Mar 2023 00:00:00 GMT - Mon, 25 Mar 2024 23:59:59 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 313x125, components 3\012- data Hashd06d179cfd809dd45cd071fd1aefb40a 343efa5fdbe90c21443d4ab53ca3e1bb579d973f 6c0365335149978f1ab9b2980e13e95dea2538c2e21a54e7ddeb33ca21a1b039
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Bet365 |
GET /ftl/bet365-1513/themes/images/other_links_fish.jpg?wsSecret=e38560c399691049194a9a78bcefc66b&wsTime=1702048363 HTTP/1.1
Host: etmqz9.rbjgb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://8883655.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 19222
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-03
ETag: "613c72a9-4b16"
Date: Tue, 14 Nov 2023 07:04:09 GMT
Last-Modified: Sat, 11 Sep 2021 09:11:05 GMT
Expires: Thu, 14 Dec 2023 07:04:09 GMT
Age: 2102910
Cache-Control: max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-03, HIT from KS-CLOUD-XG-FOREIGN-21-15
X-Cdn-Request-ID: c7c5b313dda96d968722335d3bf24efe
|
|
| 8883655.vip/mobile-api/v5/origin/getFloat.html | 188.114.96.1 | 200 OK | 21 kB |
URL POST HTTP/38883655.vip/mobile-api/v5/origin/getFloat.html IP188.114.96.1:443
CertificateIssuerLet's Encrypt Subject8883655.vip FingerprintAF:1F:39:B8:2B:98:C9:AC:DE:27:3E:3D:CE:9D:79:4D:07:53:E5:27 ValidityMon, 04 Dec 2023 12:59:52 GMT - Sun, 03 Mar 2024 12:59:51 GMT
File typeJSON data\012- , Unicode text, UTF-8 text, with very long lines (4324), with no line terminators Hashb3edef0cff65ef87c16c3a1a12e447b1 06cca808fb305290a1401b42cf3d590be43ceff4 5961e0baec4d5cb2042801a435ac080b2537b35520af45b33240c0ec392414c8
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Bet365 |
POST /mobile-api/v5/origin/getFloat.html HTTP/1.1
Host: 8883655.vip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 68
Origin: https://8883655.vip
DNT: 1
Connection: keep-alive
Referer: https://8883655.vip/
Cookie: route=ed8de952ed57247bb4b5c65efa859ad5; SID=xH990/2Cv5moFMhb2QMhA06zP1nJ/smSvqxeWGk447CizpWTz3SWBFhASVmgDOaS8QxBsb6RVB2QScC1QoPCMUhBJ5guMMMu5tlpM2ld+aR+/oPhn60=
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 08 Dec 2023 15:12:36 GMT
content-type: text/html;charset=utf-8
vary: Accept-Encoding
set-cookie: route=181dd5ae39c7acd81ad5ca039c14a954; Path=/
access-control-allow-origin: https://8883655.vip
access-control-allow-methods: *
access-control-max-age: 3600
access-control-allow-headers: Content-Type,Access-Token,X-Requested-With
content-disposition: inline;filename=f.txt
sub-sys: mobile
x-frame-options: SAMEORIGIN
uuid: 01513-01-00000000-17020483569972
out-line: gb-source-106
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1axTk6bg5%2F%2BcXz6E5tJCGagswZ7cf8twEkF6v9fN%2BDBH1y%2FFFIN42OzQLbflc7rXcVs5gNHi3R9zz6%2FS99yH7u16%2FBq7uewIsvxqkck%2F7N9REWpXRb38KaAddiRPGA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 8325f2939a0b56c4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| etmqz9.rbjgb.com/ftl/bet365-1513/themes/images/list_head.png?wsSecret=7c932099fbdf0adca76b4e20cbb25f90&wsTime=1702048363 | 103.198.200.1 | 200 OK | 111 B |
URL GET HTTP/1.1etmqz9.rbjgb.com/ftl/bet365-1513/themes/images/list_head.png?wsSecret=7c932099fbdf0adca76b4e20cbb25f90&wsTime=1702048363 IP103.198.200.1:443 ASN#138915 Kaopu Cloud HK Limited
CertificateIssuerSectigo Limited Subject*.rbjgb.com Fingerprint53:6A:B9:2A:19:DF:AF:0C:E2:82:93:B2:92:62:38:34:56:3C:DE:C3 ValiditySun, 26 Mar 2023 00:00:00 GMT - Mon, 25 Mar 2024 23:59:59 GMT
File typePNG image data, 5 x 23, 2-bit colormap, non-interlaced\012- data Hash21fb21afd6064e87b0f471e81a00469f b706061210181a99108aed97c7e694f08b0e5a29 7eeab9f0c7b8fb99b0973ad8e07b720cc651893ef4400204937f1962b3d5ed17
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Bet365 |
GET /ftl/bet365-1513/themes/images/list_head.png?wsSecret=7c932099fbdf0adca76b4e20cbb25f90&wsTime=1702048363 HTTP/1.1
Host: etmqz9.rbjgb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://8883655.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 111
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-04
ETag: "613c72a9-6f"
Date: Tue, 14 Nov 2023 07:04:09 GMT
Last-Modified: Sat, 11 Sep 2021 09:11:05 GMT
Expires: Thu, 14 Dec 2023 07:04:09 GMT
Age: 2102909
Cache-Control: max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-04, HIT from KS-CLOUD-XG-FOREIGN-21-20
X-Cdn-Request-ID: 042d17374e9ab2a33331682919b6c745
|
|
| etmqz9.rbjgb.com/ftl/bet365-1513/themes/images/deposit_img01.png?wsSecret=eecde8331bfa15146ac52260956bb0cf&wsTime=1702048363 | 104.250.33.35 | 200 OK | 873 B |
URL GET HTTP/1.1etmqz9.rbjgb.com/ftl/bet365-1513/themes/images/deposit_img01.png?wsSecret=eecde8331bfa15146ac52260956bb0cf&wsTime=1702048363 IP104.250.33.35:443 ASN#137280 Kingsoft cloud corporation limited
CertificateIssuerSectigo Limited Subject*.rbjgb.com Fingerprint53:6A:B9:2A:19:DF:AF:0C:E2:82:93:B2:92:62:38:34:56:3C:DE:C3 ValiditySun, 26 Mar 2023 00:00:00 GMT - Mon, 25 Mar 2024 23:59:59 GMT
File typePNG image data, 30 x 30, 8-bit colormap, non-interlaced\012- data Hashaae380c627076a477224dc2ccdc60c88 f60cadb09dac7476733f1924aa59853cb98df7ab 7e6d9e46386b12a52b52e4361c17f23e3b3041947155d6a9286b9ec563350273
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Bet365 |
GET /ftl/bet365-1513/themes/images/deposit_img01.png?wsSecret=eecde8331bfa15146ac52260956bb0cf&wsTime=1702048363 HTTP/1.1
Host: etmqz9.rbjgb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://8883655.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 873
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-05
ETag: "613c72a9-369"
Date: Tue, 14 Nov 2023 07:04:09 GMT
Last-Modified: Sat, 11 Sep 2021 09:11:05 GMT
Expires: Thu, 14 Dec 2023 07:04:09 GMT
Age: 2102909
Cache-Control: max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xg03:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-05, HIT from KS-CLOUD-XG-FOREIGN-03-05
X-Cdn-Request-ID: 3fb5c91ab5ffa5cd7dc81af4f96ebd95
|
|
| etmqz9.rbjgb.com/ftl/bet365-1513/themes/images/deposit_img02.png?wsSecret=7675cf5c6bdd95165e6b78f209ee35a2&wsTime=1702048363 | 103.198.200.1 | 200 OK | 538 B |
URL GET HTTP/1.1etmqz9.rbjgb.com/ftl/bet365-1513/themes/images/deposit_img02.png?wsSecret=7675cf5c6bdd95165e6b78f209ee35a2&wsTime=1702048363 IP103.198.200.1:443 ASN#138915 Kaopu Cloud HK Limited
CertificateIssuerSectigo Limited Subject*.rbjgb.com Fingerprint53:6A:B9:2A:19:DF:AF:0C:E2:82:93:B2:92:62:38:34:56:3C:DE:C3 ValiditySun, 26 Mar 2023 00:00:00 GMT - Mon, 25 Mar 2024 23:59:59 GMT
File typePNG image data, 31 x 30, 8-bit colormap, non-interlaced\012- data Hash892feea4e5200bad99b81a1d0f08de44 f0ab65687dae79bb8d17acee21af91861382c55d e353da507c7cd437813dae33a058d8b1b7c41aeab30489499abb99b0d542699e
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Bet365 |
GET /ftl/bet365-1513/themes/images/deposit_img02.png?wsSecret=7675cf5c6bdd95165e6b78f209ee35a2&wsTime=1702048363 HTTP/1.1
Host: etmqz9.rbjgb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://8883655.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 538
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-06
ETag: "613c72a9-21a"
Date: Tue, 14 Nov 2023 07:04:09 GMT
Last-Modified: Sat, 11 Sep 2021 09:11:05 GMT
Expires: Thu, 14 Dec 2023 07:04:09 GMT
Age: 2102909
Cache-Control: max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-06, HIT from KS-CLOUD-XG-FOREIGN-21-17
X-Cdn-Request-ID: 6aed3b718816b2646b918beb52542c4b
|
|
| etmqz9.rbjgb.com/ftl/bet365-1513/themes/images/deposit_img03.png?wsSecret=fb0495258737a64e44d384007cc82782&wsTime=1702048363 | 104.250.33.35 | 200 OK | 543 B |
URL GET HTTP/1.1etmqz9.rbjgb.com/ftl/bet365-1513/themes/images/deposit_img03.png?wsSecret=fb0495258737a64e44d384007cc82782&wsTime=1702048363 IP104.250.33.35:443 ASN#137280 Kingsoft cloud corporation limited
CertificateIssuerSectigo Limited Subject*.rbjgb.com Fingerprint53:6A:B9:2A:19:DF:AF:0C:E2:82:93:B2:92:62:38:34:56:3C:DE:C3 ValiditySun, 26 Mar 2023 00:00:00 GMT - Mon, 25 Mar 2024 23:59:59 GMT
File typePNG image data, 35 x 30, 8-bit colormap, non-interlaced\012- data Hash730071bbc93fe62be758c91e08e477e3 809ece67f2e7ae25f91de7ae082ab63b43068591 e02f4603a6ce557ca57f7aab0a3359d4baeb77abd4f3c9e0b9af59c2dffcccef
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Bet365 |
GET /ftl/bet365-1513/themes/images/deposit_img03.png?wsSecret=fb0495258737a64e44d384007cc82782&wsTime=1702048363 HTTP/1.1
Host: etmqz9.rbjgb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://8883655.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 543
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-01
ETag: "613c72a9-21f"
Date: Tue, 14 Nov 2023 07:04:11 GMT
Last-Modified: Sat, 11 Sep 2021 09:11:05 GMT
Expires: Thu, 14 Dec 2023 07:04:11 GMT
Age: 2102907
Cache-Control: max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xg03:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-01, HIT from KS-CLOUD-XG-03-03
X-Cdn-Request-ID: 0436e931aac0e06a326598ece8c668d3
|
|
| etmqz9.rbjgb.com/ftl/bet365-1513/themes/images/deposit_img04.png?wsSecret=038b9c4025d7337485c1c0396b21796f&wsTime=1702048363 | 103.198.200.1 | 200 OK | 1.7 kB |
URL GET HTTP/1.1etmqz9.rbjgb.com/ftl/bet365-1513/themes/images/deposit_img04.png?wsSecret=038b9c4025d7337485c1c0396b21796f&wsTime=1702048363 IP103.198.200.1:443 ASN#138915 Kaopu Cloud HK Limited
CertificateIssuerSectigo Limited Subject*.rbjgb.com Fingerprint53:6A:B9:2A:19:DF:AF:0C:E2:82:93:B2:92:62:38:34:56:3C:DE:C3 ValiditySun, 26 Mar 2023 00:00:00 GMT - Mon, 25 Mar 2024 23:59:59 GMT
File typePNG image data, 28 x 33, 8-bit colormap, non-interlaced\012- data Hash7cc35487e902b5a225eb1c7bafcab384 c93a1544416caff36cf704c2d9361d7acd0b1fc0 3acedbde98f248f7dd0167f15dd644e473a9455b23c3d44056c7b383712fa32b
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Bet365 |
GET /ftl/bet365-1513/themes/images/deposit_img04.png?wsSecret=038b9c4025d7337485c1c0396b21796f&wsTime=1702048363 HTTP/1.1
Host: etmqz9.rbjgb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://8883655.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 1704
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-01
ETag: "613c72a9-6a8"
Date: Tue, 14 Nov 2023 07:04:10 GMT
Last-Modified: Sat, 11 Sep 2021 09:11:05 GMT
Expires: Thu, 14 Dec 2023 07:04:10 GMT
Age: 2102908
Cache-Control: max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-01, HIT from KS-CLOUD-XG-FOREIGN-21-05
X-Cdn-Request-ID: 8f5a2849f725aa714f5e7cf98a4f0f5a
|
|
| etmqz9.rbjgb.com/ftl/bet365-1513/themes/images/deposit_img05.png?wsSecret=b98ec916c73c3a75b93aa7718c825928&wsTime=1702048363 | 103.198.200.1 | 200 OK | 720 B |
URL GET HTTP/1.1etmqz9.rbjgb.com/ftl/bet365-1513/themes/images/deposit_img05.png?wsSecret=b98ec916c73c3a75b93aa7718c825928&wsTime=1702048363 IP103.198.200.1:443 ASN#138915 Kaopu Cloud HK Limited
CertificateIssuerSectigo Limited Subject*.rbjgb.com Fingerprint53:6A:B9:2A:19:DF:AF:0C:E2:82:93:B2:92:62:38:34:56:3C:DE:C3 ValiditySun, 26 Mar 2023 00:00:00 GMT - Mon, 25 Mar 2024 23:59:59 GMT
File typePNG image data, 32 x 32, 8-bit colormap, non-interlaced\012- data Hasheafb012d74f2fccb8980ff1f5fe07ef4 81ce3388b2452316c98a04232e85fea66875a4bb cb620d60f10951a0d7adfa808e9591e672c5669c8e2701e39d0120c9474e8c17
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Bet365 |
GET /ftl/bet365-1513/themes/images/deposit_img05.png?wsSecret=b98ec916c73c3a75b93aa7718c825928&wsTime=1702048363 HTTP/1.1
Host: etmqz9.rbjgb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://8883655.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 720
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-02
ETag: "613c72a9-2d0"
Date: Tue, 14 Nov 2023 07:04:09 GMT
Last-Modified: Sat, 11 Sep 2021 09:11:05 GMT
Expires: Thu, 14 Dec 2023 07:04:09 GMT
Age: 2102910
Cache-Control: max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-02, HIT from KS-CLOUD-XG-FOREIGN-21-07
X-Cdn-Request-ID: 5430b892911c776231d8d72a1ed8da18
|
|
| etmqz9.rbjgb.com/ftl/bet365-1513/themes/images/index_footer_bg.jpg?wsSecret=400842b767ef84672c97428891e55b8d&wsTime=1702048363 | 103.198.200.1 | 200 OK | 421 B |
URL GET HTTP/1.1etmqz9.rbjgb.com/ftl/bet365-1513/themes/images/index_footer_bg.jpg?wsSecret=400842b767ef84672c97428891e55b8d&wsTime=1702048363 IP103.198.200.1:443 ASN#138915 Kaopu Cloud HK Limited
CertificateIssuerSectigo Limited Subject*.rbjgb.com Fingerprint53:6A:B9:2A:19:DF:AF:0C:E2:82:93:B2:92:62:38:34:56:3C:DE:C3 ValiditySun, 26 Mar 2023 00:00:00 GMT - Mon, 25 Mar 2024 23:59:59 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1x606, components 3\012- data Hash3b818a8e981df7bd62b44be39b0c4c98 d833407d5ff08e4b5d6503951f01cd2f1c9ed3c1 fca542f60ac7b1d89c6806136f5faca8433dffe65687b921a973de952590f68c
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Bet365 |
GET /ftl/bet365-1513/themes/images/index_footer_bg.jpg?wsSecret=400842b767ef84672c97428891e55b8d&wsTime=1702048363 HTTP/1.1
Host: etmqz9.rbjgb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://8883655.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 421
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-01
ETag: "613c72a9-1a5"
Date: Tue, 14 Nov 2023 07:04:09 GMT
Last-Modified: Sat, 11 Sep 2021 09:11:05 GMT
Expires: Thu, 14 Dec 2023 07:04:09 GMT
Age: 2102910
Cache-Control: max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-01, HIT from KS-CLOUD-XG-FOREIGN-21-15
X-Cdn-Request-ID: 939309c51574077313b5529e291ea507
|
|
| etmqz9.rbjgb.com/ftl/bet365-1513/themes/images/footer_partner_index.png?wsSecret=f3649d39c5d8e71f179848d0397f8cd8&wsTime=1702048363 | 104.250.33.35 | 200 OK | 12 kB |
URL GET HTTP/1.1etmqz9.rbjgb.com/ftl/bet365-1513/themes/images/footer_partner_index.png?wsSecret=f3649d39c5d8e71f179848d0397f8cd8&wsTime=1702048363 IP104.250.33.35:443 ASN#137280 Kingsoft cloud corporation limited
CertificateIssuerSectigo Limited Subject*.rbjgb.com Fingerprint53:6A:B9:2A:19:DF:AF:0C:E2:82:93:B2:92:62:38:34:56:3C:DE:C3 ValiditySun, 26 Mar 2023 00:00:00 GMT - Mon, 25 Mar 2024 23:59:59 GMT
File typePNG image data, 861 x 68, 8-bit colormap, non-interlaced\012- data Hash56c2eec7f48eb3d9671c0be5ae85122e 31673dee121aeefb578b0399c772b98bbea2d33f 59dccedf293c4425ced117b504ddd0d96d7e4460ba90cfe0f7c82173f35c9552
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Bet365 |
GET /ftl/bet365-1513/themes/images/footer_partner_index.png?wsSecret=f3649d39c5d8e71f179848d0397f8cd8&wsTime=1702048363 HTTP/1.1
Host: etmqz9.rbjgb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://8883655.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 12448
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-04
ETag: "613c72a9-30a0"
Date: Tue, 14 Nov 2023 07:04:10 GMT
Last-Modified: Sat, 11 Sep 2021 09:11:05 GMT
Expires: Thu, 14 Dec 2023 07:04:10 GMT
Age: 2102909
Cache-Control: max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xg03:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-04, HIT from KS-CLOUD-XG-FOREIGN-03-08
X-Cdn-Request-ID: fed9f67f6a5154179ca3b11ba51a7df4
|
|
| etmqz9.rbjgb.com/ftl/bet365-1513/themes/images/footer_title_service.png?wsSecret=a4f3acfbf09f82c6e4fc8b4982447182&wsTime=1702048363 | 103.198.200.1 | 200 OK | 13 kB |
URL GET HTTP/1.1etmqz9.rbjgb.com/ftl/bet365-1513/themes/images/footer_title_service.png?wsSecret=a4f3acfbf09f82c6e4fc8b4982447182&wsTime=1702048363 IP103.198.200.1:443 ASN#138915 Kaopu Cloud HK Limited
CertificateIssuerSectigo Limited Subject*.rbjgb.com Fingerprint53:6A:B9:2A:19:DF:AF:0C:E2:82:93:B2:92:62:38:34:56:3C:DE:C3 ValiditySun, 26 Mar 2023 00:00:00 GMT - Mon, 25 Mar 2024 23:59:59 GMT
File typePNG image data, 193 x 64, 8-bit/color RGBA, non-interlaced\012- data Hashf0f041843a33f8356cb6ad96fb74c2f5 42fd118f67208a2491b5fe3b8a9e30c0ae2e51b4 fbb999a8d57dbee751c035fd30e9c4bbdbb16f440f6886f285d540c33d4381f9
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Bet365 |
GET /ftl/bet365-1513/themes/images/footer_title_service.png?wsSecret=a4f3acfbf09f82c6e4fc8b4982447182&wsTime=1702048363 HTTP/1.1
Host: etmqz9.rbjgb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://8883655.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 12679
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-04
ETag: "613c72a9-3187"
Date: Tue, 14 Nov 2023 07:04:08 GMT
Last-Modified: Sat, 11 Sep 2021 09:11:05 GMT
Expires: Thu, 14 Dec 2023 07:04:08 GMT
Age: 2102911
Cache-Control: max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-04, HIT from KS-CLOUD-XG-FOREIGN-21-02
X-Cdn-Request-ID: efb67359511ce0ed5d2ff07fe734e7b5
|
|
| etmqz9.rbjgb.com/ftl/bet365-1513/themes/images/footer-bar.png?wsSecret=767b58cd5dce9a4125c4256030927e04&wsTime=1702048363 | 103.198.200.1 | 200 OK | 3.1 kB |
URL GET HTTP/1.1etmqz9.rbjgb.com/ftl/bet365-1513/themes/images/footer-bar.png?wsSecret=767b58cd5dce9a4125c4256030927e04&wsTime=1702048363 IP103.198.200.1:443 ASN#138915 Kaopu Cloud HK Limited
CertificateIssuerSectigo Limited Subject*.rbjgb.com Fingerprint53:6A:B9:2A:19:DF:AF:0C:E2:82:93:B2:92:62:38:34:56:3C:DE:C3 ValiditySun, 26 Mar 2023 00:00:00 GMT - Mon, 25 Mar 2024 23:59:59 GMT
File typePNG image data, 259 x 17, 8-bit/color RGBA, non-interlaced\012- data Hashd2523fd53cda5e60ebc8c997ecc48f82 eb77e52163a77ce43da2488259ca0d9f5be36e6b f6bbf2c57164cb4f4cbf26ab2deef162518af6ca4d803a45ab5e22f9086232b8
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Bet365 |
GET /ftl/bet365-1513/themes/images/footer-bar.png?wsSecret=767b58cd5dce9a4125c4256030927e04&wsTime=1702048363 HTTP/1.1
Host: etmqz9.rbjgb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://8883655.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 3083
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-05
ETag: "613c72a9-c0b"
Date: Tue, 14 Nov 2023 07:04:09 GMT
Last-Modified: Sat, 11 Sep 2021 09:11:05 GMT
Expires: Thu, 14 Dec 2023 07:04:09 GMT
Age: 2102910
Cache-Control: max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-05, HIT from KS-CLOUD-XG-FOREIGN-21-03
X-Cdn-Request-ID: 9dd4ebf1ac3343e33b14b7557e53ecd4
|
|
| etmqz9.rbjgb.com/ftl/bet365-1513/themes/images/footer_icon_bank.png?wsSecret=b45dafcdc46fbadcb348cac020de8fb1&wsTime=1702048363 | 104.250.33.35 | 200 OK | 9.9 kB |
URL GET HTTP/1.1etmqz9.rbjgb.com/ftl/bet365-1513/themes/images/footer_icon_bank.png?wsSecret=b45dafcdc46fbadcb348cac020de8fb1&wsTime=1702048363 IP104.250.33.35:443 ASN#137280 Kingsoft cloud corporation limited
CertificateIssuerSectigo Limited Subject*.rbjgb.com Fingerprint53:6A:B9:2A:19:DF:AF:0C:E2:82:93:B2:92:62:38:34:56:3C:DE:C3 ValiditySun, 26 Mar 2023 00:00:00 GMT - Mon, 25 Mar 2024 23:59:59 GMT
File typePNG image data, 180 x 30, 8-bit/color RGBA, non-interlaced\012- data Hashefbea615018e4733d9c40d6bdb6c799f 6c97e61d83dba5f380bb943ffed709b75786b51c 9a87511ad5d13eff3b7693505f536d6f0f8a71846fe069973ce64983efa72b53
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Bet365 |
GET /ftl/bet365-1513/themes/images/footer_icon_bank.png?wsSecret=b45dafcdc46fbadcb348cac020de8fb1&wsTime=1702048363 HTTP/1.1
Host: etmqz9.rbjgb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://8883655.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 9923
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-05
ETag: "613c72a9-26c3"
Date: Tue, 14 Nov 2023 07:04:12 GMT
Last-Modified: Sat, 11 Sep 2021 09:11:05 GMT
Expires: Thu, 14 Dec 2023 07:04:12 GMT
Age: 2102906
Cache-Control: max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xg03:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-05, HIT from KS-CLOUD-XG-03-14
X-Cdn-Request-ID: e8c7963e72217dc4959496df13d20c2b
|
|
| etmqz9.rbjgb.com/ftl/bet365-1513/themes/images/footer_title_pro.png?wsSecret=160d6c8ee83c391ecafa718f0e1e6fe9&wsTime=1702048363 | 103.198.200.1 | 200 OK | 12 kB |
URL GET HTTP/1.1etmqz9.rbjgb.com/ftl/bet365-1513/themes/images/footer_title_pro.png?wsSecret=160d6c8ee83c391ecafa718f0e1e6fe9&wsTime=1702048363 IP103.198.200.1:443 ASN#138915 Kaopu Cloud HK Limited
CertificateIssuerSectigo Limited Subject*.rbjgb.com Fingerprint53:6A:B9:2A:19:DF:AF:0C:E2:82:93:B2:92:62:38:34:56:3C:DE:C3 ValiditySun, 26 Mar 2023 00:00:00 GMT - Mon, 25 Mar 2024 23:59:59 GMT
File typePNG image data, 193 x 64, 8-bit/color RGBA, non-interlaced\012- data Hasha02f1d45ed4ce0a8a2f9837cfa215843 57bd5aa4347c4fc913c6dce38df9d4d0ed467508 041b0bbe548392af8a849b349d4f68fd88d57481581f9d7c2839d77c2141139b
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Bet365 |
GET /ftl/bet365-1513/themes/images/footer_title_pro.png?wsSecret=160d6c8ee83c391ecafa718f0e1e6fe9&wsTime=1702048363 HTTP/1.1
Host: etmqz9.rbjgb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://8883655.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 11890
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-04
ETag: "613c72a9-2e72"
Date: Tue, 14 Nov 2023 07:04:09 GMT
Last-Modified: Sat, 11 Sep 2021 09:11:05 GMT
Expires: Thu, 14 Dec 2023 07:04:09 GMT
Age: 2102910
Cache-Control: max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-04, HIT from KS-CLOUD-XG-FOREIGN-21-09
X-Cdn-Request-ID: 58814ed4438c007ec82902eda22671c9
|
|
| etmqz9.rbjgb.com/ftl/bet365-1513/themes/images/footer_title_local.png?wsSecret=112ec4f46f409d54652504ee627a82ec&wsTime=1702048363 | 104.250.33.35 | 200 OK | 10 kB |
URL GET HTTP/1.1etmqz9.rbjgb.com/ftl/bet365-1513/themes/images/footer_title_local.png?wsSecret=112ec4f46f409d54652504ee627a82ec&wsTime=1702048363 IP104.250.33.35:443 ASN#137280 Kingsoft cloud corporation limited
CertificateIssuerSectigo Limited Subject*.rbjgb.com Fingerprint53:6A:B9:2A:19:DF:AF:0C:E2:82:93:B2:92:62:38:34:56:3C:DE:C3 ValiditySun, 26 Mar 2023 00:00:00 GMT - Mon, 25 Mar 2024 23:59:59 GMT
File typePNG image data, 193 x 64, 8-bit/color RGBA, non-interlaced\012- data Hash34e3bd0d952cf4bb9092e070e348d2cc 650132049dc41e5773763105171871671f3454a8 6647178c379774784e1d97b75ede766542a6bf070b1e53834864aab318daaafa
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Bet365 |
GET /ftl/bet365-1513/themes/images/footer_title_local.png?wsSecret=112ec4f46f409d54652504ee627a82ec&wsTime=1702048363 HTTP/1.1
Host: etmqz9.rbjgb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://8883655.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 10488
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-04
ETag: "613c72a9-28f8"
Date: Tue, 14 Nov 2023 07:04:09 GMT
Last-Modified: Sat, 11 Sep 2021 09:11:05 GMT
Expires: Thu, 14 Dec 2023 07:04:09 GMT
Age: 2102910
Cache-Control: max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xg03:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-04, HIT from KS-CLOUD-XG-FOREIGN-03-06
X-Cdn-Request-ID: 8e410f29eb0acacaa2b1c281c3b8d21a
|
|
| etmqz9.rbjgb.com/ftl/bet365-1513/themes/images/footer_local_img.png?wsSecret=9478b2e2f15d4bbf69a9ee3a48c0aadc&wsTime=1702048363 | 103.198.200.1 | 200 OK | 95 kB |
URL GET HTTP/1.1etmqz9.rbjgb.com/ftl/bet365-1513/themes/images/footer_local_img.png?wsSecret=9478b2e2f15d4bbf69a9ee3a48c0aadc&wsTime=1702048363 IP103.198.200.1:443 ASN#138915 Kaopu Cloud HK Limited
CertificateIssuerSectigo Limited Subject*.rbjgb.com Fingerprint53:6A:B9:2A:19:DF:AF:0C:E2:82:93:B2:92:62:38:34:56:3C:DE:C3 ValiditySun, 26 Mar 2023 00:00:00 GMT - Mon, 25 Mar 2024 23:59:59 GMT
File typePNG image data, 302 x 131, 8-bit/color RGBA, non-interlaced\012- data Hash7342be391839a9f3577416ecec727997 e8787b6f61f92a5b0104e584c0bb6ef5fef95cd7 2a35483ce4e6048fe99173aaca64ac50c66f27e108d6986183013c689177dcd2
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Bet365 |
GET /ftl/bet365-1513/themes/images/footer_local_img.png?wsSecret=9478b2e2f15d4bbf69a9ee3a48c0aadc&wsTime=1702048363 HTTP/1.1
Host: etmqz9.rbjgb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://8883655.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 95223
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-05
ETag: "613c72a9-173f7"
Date: Tue, 14 Nov 2023 07:04:08 GMT
Last-Modified: Sat, 11 Sep 2021 09:11:05 GMT
Expires: Thu, 14 Dec 2023 07:04:08 GMT
Age: 2102911
Cache-Control: max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-05, HIT from KS-CLOUD-XG-FOREIGN-21-16
X-Cdn-Request-ID: 185f57baf8dd0cb78659a2dec5236ae1
|
|
| etmqz9.rbjgb.com/ftl/commonPage/images/casino/casino_logo_prg.png?wsSecret=5cdd38da88bb45ab3c9d90947d90edab&wsTime=1702048363 | 103.198.200.1 | 200 OK | 3.4 kB |
URL GET HTTP/1.1etmqz9.rbjgb.com/ftl/commonPage/images/casino/casino_logo_prg.png?wsSecret=5cdd38da88bb45ab3c9d90947d90edab&wsTime=1702048363 IP103.198.200.1:443 ASN#138915 Kaopu Cloud HK Limited
CertificateIssuerSectigo Limited Subject*.rbjgb.com Fingerprint53:6A:B9:2A:19:DF:AF:0C:E2:82:93:B2:92:62:38:34:56:3C:DE:C3 ValiditySun, 26 Mar 2023 00:00:00 GMT - Mon, 25 Mar 2024 23:59:59 GMT
File typePNG image data, 90 x 50, 8-bit/color RGBA, non-interlaced\012- data Hash713d3249f565ee6cdea22930f286ae6b d4c9e8b133d52da738b2514a18b9895562b93feb 4db2562253749f79c14ce870175325af50e48040e99b31aa5ddb25512b92dafb
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Bet365 |
GET /ftl/commonPage/images/casino/casino_logo_prg.png?wsSecret=5cdd38da88bb45ab3c9d90947d90edab&wsTime=1702048363 HTTP/1.1
Host: etmqz9.rbjgb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://8883655.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 3379
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-03
ETag: "636cc24e-d33"
Date: Tue, 14 Nov 2023 07:04:10 GMT
Last-Modified: Thu, 10 Nov 2022 09:20:14 GMT
Expires: Thu, 14 Dec 2023 07:04:10 GMT
Age: 2102909
Cache-Control: max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-03, HIT from KS-CLOUD-XG-FOREIGN-21-03
X-Cdn-Request-ID: a988b492efa1bc64af8ab27aef7c7d4e
|
|
| etmqz9.rbjgb.com/ftl/commonPage/images/casino/casino_logo_ttg.png?wsSecret=ff66ec675bab5fa4fc06868c2b9ddd23&wsTime=1702048363 | 104.250.33.35 | 200 OK | 2.1 kB |
URL GET HTTP/1.1etmqz9.rbjgb.com/ftl/commonPage/images/casino/casino_logo_ttg.png?wsSecret=ff66ec675bab5fa4fc06868c2b9ddd23&wsTime=1702048363 IP104.250.33.35:443 ASN#137280 Kingsoft cloud corporation limited
CertificateIssuerSectigo Limited Subject*.rbjgb.com Fingerprint53:6A:B9:2A:19:DF:AF:0C:E2:82:93:B2:92:62:38:34:56:3C:DE:C3 ValiditySun, 26 Mar 2023 00:00:00 GMT - Mon, 25 Mar 2024 23:59:59 GMT
File typePNG image data, 90 x 50, 8-bit/color RGBA, non-interlaced\012- data Hashb224f5c6f0321dba6c0730cfb52c5caa 06fc8641b0f75514db0e2de37f2f8821484b0824 f5af43e1319fd7352f90632ea4541e479a30a664cda3be710869bc54b3c4bb21
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Bet365 |
GET /ftl/commonPage/images/casino/casino_logo_ttg.png?wsSecret=ff66ec675bab5fa4fc06868c2b9ddd23&wsTime=1702048363 HTTP/1.1
Host: etmqz9.rbjgb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://8883655.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 2145
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-06
ETag: "619df478-861"
Date: Tue, 14 Nov 2023 07:04:09 GMT
Last-Modified: Wed, 24 Nov 2021 08:14:48 GMT
Expires: Thu, 14 Dec 2023 07:04:09 GMT
Age: 2102910
Cache-Control: max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xg03:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-06, HIT from KS-CLOUD-XG-03-09
X-Cdn-Request-ID: 91c9c0ccc47b21aa24ba4ea37da39db9
|
|
| etmqz9.rbjgb.com/ftl/commonPage/images/casino/casino_logo_bg.png?wsSecret=3da5567d7a43e0979502d6b84343b761&wsTime=1702048363 | 104.250.33.35 | 200 OK | 5.7 kB |
URL GET HTTP/1.1etmqz9.rbjgb.com/ftl/commonPage/images/casino/casino_logo_bg.png?wsSecret=3da5567d7a43e0979502d6b84343b761&wsTime=1702048363 IP104.250.33.35:443 ASN#137280 Kingsoft cloud corporation limited
CertificateIssuerSectigo Limited Subject*.rbjgb.com Fingerprint53:6A:B9:2A:19:DF:AF:0C:E2:82:93:B2:92:62:38:34:56:3C:DE:C3 ValiditySun, 26 Mar 2023 00:00:00 GMT - Mon, 25 Mar 2024 23:59:59 GMT
File typePNG image data, 90 x 50, 8-bit/color RGBA, non-interlaced\012- data Hasha2040151bcd2b19d418bd4fcd5ac9d8c 5b4601fb188d8f6eaf6c1fb16f2d0ec9f9d3082e bdd7e20d16f1020eb8333a37e789a166ec8db535318a09804279854caafdd854
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Bet365 |
GET /ftl/commonPage/images/casino/casino_logo_bg.png?wsSecret=3da5567d7a43e0979502d6b84343b761&wsTime=1702048363 HTTP/1.1
Host: etmqz9.rbjgb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://8883655.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 5727
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-05
ETag: "5e4ceeed-165f"
Date: Tue, 14 Nov 2023 07:04:10 GMT
Last-Modified: Wed, 19 Feb 2020 08:16:45 GMT
Expires: Thu, 14 Dec 2023 07:04:10 GMT
Age: 2102909
Cache-Control: max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xg03:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-05, HIT from KS-CLOUD-XG-FOREIGN-03-11
X-Cdn-Request-ID: 3dcb7cbbfaaaf110d5bc105cbf58ff2c
|
|
| etmqz9.rbjgb.com/ftl/commonPage/images/casino/casino_logo_gg.png?wsSecret=81faeae970d766b6ffcbfc732bdaa0e5&wsTime=1702048363 | 103.198.200.1 | 200 OK | 4.6 kB |
URL GET HTTP/1.1etmqz9.rbjgb.com/ftl/commonPage/images/casino/casino_logo_gg.png?wsSecret=81faeae970d766b6ffcbfc732bdaa0e5&wsTime=1702048363 IP103.198.200.1:443 ASN#138915 Kaopu Cloud HK Limited
CertificateIssuerSectigo Limited Subject*.rbjgb.com Fingerprint53:6A:B9:2A:19:DF:AF:0C:E2:82:93:B2:92:62:38:34:56:3C:DE:C3 ValiditySun, 26 Mar 2023 00:00:00 GMT - Mon, 25 Mar 2024 23:59:59 GMT
File typePNG image data, 90 x 50, 8-bit/color RGBA, non-interlaced\012- data Hash6367cd3c681901e312cb07b638199763 00c3a6f5637892f270fae08dce4b2d52bd3a9ab5 65f8fbc997841ff7e0c55ac7d409bf7769d7bc83e04473c740580c4ebda8b6da
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Bet365 |
GET /ftl/commonPage/images/casino/casino_logo_gg.png?wsSecret=81faeae970d766b6ffcbfc732bdaa0e5&wsTime=1702048363 HTTP/1.1
Host: etmqz9.rbjgb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://8883655.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 4646
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-01
ETag: "5d848f4f-1226"
Date: Tue, 14 Nov 2023 07:04:09 GMT
Last-Modified: Fri, 20 Sep 2019 08:35:27 GMT
Expires: Thu, 14 Dec 2023 07:04:09 GMT
Age: 2102910
Cache-Control: max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-01, HIT from KS-CLOUD-XG-FOREIGN-21-07
X-Cdn-Request-ID: 0fdc6f749eec24acded417526c9f8297
|
|
| etmqz9.rbjgb.com/ftl/commonPage/images/casino/casino_logo_bng.png?wsSecret=207539f609312fb1fc90e247943da548&wsTime=1702048363 | 103.198.200.1 | 200 OK | 4.2 kB |
URL GET HTTP/1.1etmqz9.rbjgb.com/ftl/commonPage/images/casino/casino_logo_bng.png?wsSecret=207539f609312fb1fc90e247943da548&wsTime=1702048363 IP103.198.200.1:443 ASN#138915 Kaopu Cloud HK Limited
CertificateIssuerSectigo Limited Subject*.rbjgb.com Fingerprint53:6A:B9:2A:19:DF:AF:0C:E2:82:93:B2:92:62:38:34:56:3C:DE:C3 ValiditySun, 26 Mar 2023 00:00:00 GMT - Mon, 25 Mar 2024 23:59:59 GMT
File typePNG image data, 90 x 50, 8-bit/color RGBA, non-interlaced\012- data Hash851bc43c07207b0813c18bef2d19e93a b4a338be347c09b5c95145b1e8b387f7b731409b ce35caef3c0d1468ff4446343ab903d56e9bb9e31ff70c75fc568f8cbbc12a61
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Bet365 |
GET /ftl/commonPage/images/casino/casino_logo_bng.png?wsSecret=207539f609312fb1fc90e247943da548&wsTime=1702048363 HTTP/1.1
Host: etmqz9.rbjgb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://8883655.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 4232
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-05
ETag: "619df478-1088"
Date: Tue, 14 Nov 2023 07:04:10 GMT
Last-Modified: Wed, 24 Nov 2021 08:14:48 GMT
Expires: Thu, 14 Dec 2023 07:04:10 GMT
Age: 2102909
Cache-Control: max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-05, HIT from KS-CLOUD-XG-FOREIGN-21-01
X-Cdn-Request-ID: e7bee91dca212beafad47ef48a2b0748
|
|
| etmqz9.rbjgb.com/ftl/commonPage/images/casino/casino_logo_jdb.png?wsSecret=9bc2491180394e9af7cc4f8565a97826&wsTime=1702048363 | 103.198.200.1 | 200 OK | 6.1 kB |
URL GET HTTP/1.1etmqz9.rbjgb.com/ftl/commonPage/images/casino/casino_logo_jdb.png?wsSecret=9bc2491180394e9af7cc4f8565a97826&wsTime=1702048363 IP103.198.200.1:443 ASN#138915 Kaopu Cloud HK Limited
CertificateIssuerSectigo Limited Subject*.rbjgb.com Fingerprint53:6A:B9:2A:19:DF:AF:0C:E2:82:93:B2:92:62:38:34:56:3C:DE:C3 ValiditySun, 26 Mar 2023 00:00:00 GMT - Mon, 25 Mar 2024 23:59:59 GMT
File typePNG image data, 90 x 50, 8-bit/color RGBA, non-interlaced\012- data Hasha76ef82febe3f738505be4fbe5f937c9 fd03a2b51bec9d07c359692dc6c3347a163fbc90 3b615683d2d685ff22698be0b84d7ca39d057faa0d614d41c83c51ca06f412f9
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Bet365 |
GET /ftl/commonPage/images/casino/casino_logo_jdb.png?wsSecret=9bc2491180394e9af7cc4f8565a97826&wsTime=1702048363 HTTP/1.1
Host: etmqz9.rbjgb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://8883655.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 6121
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-05
ETag: "5d848f4f-17e9"
Date: Tue, 14 Nov 2023 07:04:10 GMT
Last-Modified: Fri, 20 Sep 2019 08:35:27 GMT
Expires: Thu, 14 Dec 2023 07:04:10 GMT
Age: 2102909
Cache-Control: max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-05, HIT from KS-CLOUD-XG-FOREIGN-21-04
X-Cdn-Request-ID: 96fd82a533b5c44d9cd2e02cc7f79e57
|
|
| etmqz9.rbjgb.com/ftl/commonPage/images/casino/casino_logo_pg.png?wsSecret=38ec0a95ed2696a1eb63b43535e6580e&wsTime=1702048363 | 104.250.33.35 | 200 OK | 4.5 kB |
URL GET HTTP/1.1etmqz9.rbjgb.com/ftl/commonPage/images/casino/casino_logo_pg.png?wsSecret=38ec0a95ed2696a1eb63b43535e6580e&wsTime=1702048363 IP104.250.33.35:443 ASN#137280 Kingsoft cloud corporation limited
CertificateIssuerSectigo Limited Subject*.rbjgb.com Fingerprint53:6A:B9:2A:19:DF:AF:0C:E2:82:93:B2:92:62:38:34:56:3C:DE:C3 ValiditySun, 26 Mar 2023 00:00:00 GMT - Mon, 25 Mar 2024 23:59:59 GMT
File typePNG image data, 90 x 50, 8-bit/color RGBA, non-interlaced\012- data Hasha6d5dc01fb05c1594b4463047f0d4ca9 0c2c51e152822d6ff838939bdaac4bc8c9daa6a7 4514baa50c78ce7ba02287adb13f677f79490f3b27eb47434c8174c808112536
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Bet365 |
GET /ftl/commonPage/images/casino/casino_logo_pg.png?wsSecret=38ec0a95ed2696a1eb63b43535e6580e&wsTime=1702048363 HTTP/1.1
Host: etmqz9.rbjgb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://8883655.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 4502
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-04
ETag: "6253c645-1196"
Date: Tue, 14 Nov 2023 07:04:11 GMT
Last-Modified: Mon, 11 Apr 2022 06:10:13 GMT
Expires: Thu, 14 Dec 2023 07:04:11 GMT
Age: 2102908
Cache-Control: max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xg03:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-04, HIT from KS-CLOUD-XG-FOREIGN-03-05
X-Cdn-Request-ID: a3fe8422ffa02dc7080a1570f69da7cc
|
|
| etmqz9.rbjgb.com/ftl/bet365-1513/images/footer_title_cunkuan.png?wsSecret=dfbe84c96c3daf4ff92a9420aff532c4&wsTime=1702048363 | 104.250.33.35 | 200 OK | 4.9 kB |
URL GET HTTP/1.1etmqz9.rbjgb.com/ftl/bet365-1513/images/footer_title_cunkuan.png?wsSecret=dfbe84c96c3daf4ff92a9420aff532c4&wsTime=1702048363 IP104.250.33.35:443 ASN#137280 Kingsoft cloud corporation limited
CertificateIssuerSectigo Limited Subject*.rbjgb.com Fingerprint53:6A:B9:2A:19:DF:AF:0C:E2:82:93:B2:92:62:38:34:56:3C:DE:C3 ValiditySun, 26 Mar 2023 00:00:00 GMT - Mon, 25 Mar 2024 23:59:59 GMT
File typePNG image data, 133 x 25, 8-bit/color RGBA, non-interlaced\012- data Hashfbc974184b18d827643872da1d2739b3 746e2c9f0a914a235ce40cc05c49f6db9eca3042 e47f831e00225a9098d4476a48e06eddc6868f480fd2983ed9b3a5a695673c08
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Bet365 |
GET /ftl/bet365-1513/images/footer_title_cunkuan.png?wsSecret=dfbe84c96c3daf4ff92a9420aff532c4&wsTime=1702048363 HTTP/1.1
Host: etmqz9.rbjgb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://8883655.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 4876
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-06
ETag: "613c72a9-130c"
Date: Tue, 14 Nov 2023 07:04:11 GMT
Last-Modified: Sat, 11 Sep 2021 09:11:05 GMT
Expires: Thu, 14 Dec 2023 07:04:11 GMT
Age: 2102908
Cache-Control: max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xg03:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-06, HIT from KS-CLOUD-XG-03-09
X-Cdn-Request-ID: 28171f879774963e3ca35fa16d9abc78
|
|
| etmqz9.rbjgb.com/ftl/bet365-1513/images/footer_title_qukuan.png?wsSecret=fecec5773ffbf88edf43a610e0a59382&wsTime=1702048363 | 103.198.200.1 | 200 OK | 5.0 kB |
URL GET HTTP/1.1etmqz9.rbjgb.com/ftl/bet365-1513/images/footer_title_qukuan.png?wsSecret=fecec5773ffbf88edf43a610e0a59382&wsTime=1702048363 IP103.198.200.1:443 ASN#138915 Kaopu Cloud HK Limited
CertificateIssuerSectigo Limited Subject*.rbjgb.com Fingerprint53:6A:B9:2A:19:DF:AF:0C:E2:82:93:B2:92:62:38:34:56:3C:DE:C3 ValiditySun, 26 Mar 2023 00:00:00 GMT - Mon, 25 Mar 2024 23:59:59 GMT
File typePNG image data, 133 x 25, 8-bit/color RGBA, non-interlaced\012- data Hash8f67f5e64a8f4d60603b0a6e1c38e6ee f9c32ab52c3abeb39d8c5d63dd15bc3ad6d405dc 7b199776ac719337083313728c34ba2b41aa1b022628e74116fd6c0ff5d07bfd
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Bet365 |
GET /ftl/bet365-1513/images/footer_title_qukuan.png?wsSecret=fecec5773ffbf88edf43a610e0a59382&wsTime=1702048363 HTTP/1.1
Host: etmqz9.rbjgb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://8883655.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 4991
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-05
ETag: "613c72a9-137f"
Date: Tue, 14 Nov 2023 07:04:12 GMT
Last-Modified: Sat, 11 Sep 2021 09:11:05 GMT
Expires: Thu, 14 Dec 2023 07:04:12 GMT
Age: 2102907
Cache-Control: max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-05, HIT from KS-CLOUD-XG-FOREIGN-21-13
X-Cdn-Request-ID: 1cbd0bb1f5d9000bea772c0b2e2b31d3
|
|
| etmqz9.rbjgb.com/ftl/bet365-1513/images/footer_title_fuwu.png?wsSecret=4b38d358fc5105c08196137ca5c66139&wsTime=1702048363 | 103.198.200.1 | 200 OK | 6.7 kB |
URL GET HTTP/1.1etmqz9.rbjgb.com/ftl/bet365-1513/images/footer_title_fuwu.png?wsSecret=4b38d358fc5105c08196137ca5c66139&wsTime=1702048363 IP103.198.200.1:443 ASN#138915 Kaopu Cloud HK Limited
CertificateIssuerSectigo Limited Subject*.rbjgb.com Fingerprint53:6A:B9:2A:19:DF:AF:0C:E2:82:93:B2:92:62:38:34:56:3C:DE:C3 ValiditySun, 26 Mar 2023 00:00:00 GMT - Mon, 25 Mar 2024 23:59:59 GMT
File typePNG image data, 133 x 25, 8-bit/color RGBA, non-interlaced\012- data Hash63c298e01595b32f4f2971eb27f783fe 9adc401ac856b459f1cfb38aed5e3cfd06638370 b9d963160361f311bae0eec8d26862cfeebc48ba2550923850c16a05bf362ff1
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Bet365 |
GET /ftl/bet365-1513/images/footer_title_fuwu.png?wsSecret=4b38d358fc5105c08196137ca5c66139&wsTime=1702048363 HTTP/1.1
Host: etmqz9.rbjgb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://8883655.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 6693
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-01
ETag: "613c72a9-1a25"
Date: Tue, 14 Nov 2023 07:04:11 GMT
Last-Modified: Sat, 11 Sep 2021 09:11:05 GMT
Expires: Thu, 14 Dec 2023 07:04:11 GMT
Age: 2102908
Cache-Control: max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-01, HIT from KS-CLOUD-XG-FOREIGN-21-20
X-Cdn-Request-ID: bea9a613e131940997cb7cca83189571
|
|
| etmqz9.rbjgb.com/ftl/bet365-1513/images/footer_title_casino.png?wsSecret=bc8bc27df5d8900578f030443b3358be&wsTime=1702048363 | 103.198.200.1 | 200 OK | 4.5 kB |
URL GET HTTP/1.1etmqz9.rbjgb.com/ftl/bet365-1513/images/footer_title_casino.png?wsSecret=bc8bc27df5d8900578f030443b3358be&wsTime=1702048363 IP103.198.200.1:443 ASN#138915 Kaopu Cloud HK Limited
CertificateIssuerSectigo Limited Subject*.rbjgb.com Fingerprint53:6A:B9:2A:19:DF:AF:0C:E2:82:93:B2:92:62:38:34:56:3C:DE:C3 ValiditySun, 26 Mar 2023 00:00:00 GMT - Mon, 25 Mar 2024 23:59:59 GMT
File typePNG image data, 133 x 25, 8-bit/color RGBA, non-interlaced\012- data Hasha7e7b05569568ecd0b1ead75fb95c09b 04f1c9f182fa92bdd50b077832c94b35ef883e54 d5745f287627927eed249abd81eb1157e35b802e39c7b41c3eb0ebc3c828650d
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Bet365 |
GET /ftl/bet365-1513/images/footer_title_casino.png?wsSecret=bc8bc27df5d8900578f030443b3358be&wsTime=1702048363 HTTP/1.1
Host: etmqz9.rbjgb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://8883655.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 4534
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-03
ETag: "613c72a9-11b6"
Date: Tue, 14 Nov 2023 07:04:10 GMT
Last-Modified: Sat, 11 Sep 2021 09:11:05 GMT
Expires: Thu, 14 Dec 2023 07:04:10 GMT
Age: 2102910
Cache-Control: max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-03, HIT from KS-CLOUD-XG-FOREIGN-21-15
X-Cdn-Request-ID: e81e8d5fa1d6d3e655ec0ccfebf23f69
|
|
| etmqz9.rbjgb.com/ftl/bet365-1513/images/footer_title_sport.png?wsSecret=0dd63bf0136743c1d56cb1e2d1440df1&wsTime=1702048363 | 104.250.33.35 | 200 OK | 4.4 kB |
URL GET HTTP/1.1etmqz9.rbjgb.com/ftl/bet365-1513/images/footer_title_sport.png?wsSecret=0dd63bf0136743c1d56cb1e2d1440df1&wsTime=1702048363 IP104.250.33.35:443 ASN#137280 Kingsoft cloud corporation limited
CertificateIssuerSectigo Limited Subject*.rbjgb.com Fingerprint53:6A:B9:2A:19:DF:AF:0C:E2:82:93:B2:92:62:38:34:56:3C:DE:C3 ValiditySun, 26 Mar 2023 00:00:00 GMT - Mon, 25 Mar 2024 23:59:59 GMT
File typePNG image data, 133 x 25, 8-bit/color RGBA, non-interlaced\012- data Hash2cd1ba94626259c8da256ce96f29c1d3 e5df37b38f73118dd9b8a01df3bfa89c2b8ca7b3 da5b51a8701850aa23830fe79ec24cfd3eb1e8bc873aeef301cb9b8a5bfb2c1b
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Bet365 |
GET /ftl/bet365-1513/images/footer_title_sport.png?wsSecret=0dd63bf0136743c1d56cb1e2d1440df1&wsTime=1702048363 HTTP/1.1
Host: etmqz9.rbjgb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://8883655.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 4376
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-01
ETag: "613c72a9-1118"
Date: Tue, 14 Nov 2023 07:04:12 GMT
Last-Modified: Sat, 11 Sep 2021 09:11:05 GMT
Expires: Thu, 14 Dec 2023 07:04:12 GMT
Age: 2102907
Cache-Control: max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xg03:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-01, HIT from KS-CLOUD-XG-FOREIGN-03-07
X-Cdn-Request-ID: 5caa834001cd4cd8f5c2893ea82e95a1
|
|
| 8883655.vip/favicon.ico | 188.114.96.1 | 404 Not Found | 4.8 kB |
IP188.114.96.1:443
CertificateIssuerLet's Encrypt Subject8883655.vip FingerprintAF:1F:39:B8:2B:98:C9:AC:DE:27:3E:3D:CE:9D:79:4D:07:53:E5:27 ValidityMon, 04 Dec 2023 12:59:52 GMT - Sun, 03 Mar 2024 12:59:51 GMT
File typeHTML document text\012- HTML document text\012- HTML document, ASCII text Hashd0d7e0e5b87fb1277e5d7b9777db33db 905d6532628cf4234070582ec5cd4e991ea9f4bd acfee72de19108403beed0c60e2624ef660a4dbd925f8709e887af56048cba53
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Bet365 | | OpenPhish | phishing | Bet365 |
GET /favicon.ico HTTP/1.1
Host: 8883655.vip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://8883655.vip/
Cookie: route=181dd5ae39c7acd81ad5ca039c14a954; SID=xH990/2Cv5moFMhb2QMhA06zP1nJ/smSvqxeWGk447CizpWTz3SWBFhASVmgDOaS8QxBsb6RVB2QScC1QoPCMUhBJ5guMMMu5tlpM2ld+aR+/oPhn60=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 404 Not Found
date: Fri, 08 Dec 2023 15:12:37 GMT
content-type: text/html; charset=utf-8
x-frame-options: SAMEORIGIN
cache-control: max-age=14400
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=53K3fMwroM%2Fyf6nrsOU5R1D8IFAv3GwFmqKpUOVgRfIC1NKnMT5Mq6aVhGVJcSSx3R87aAUfdHWV4sd5rkoqMTtmD8KnQFN5jiiUmfpaTWf99hKihTginMm6o7a%2FDA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 8325f29a081256c4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| etmqz9.rbjgb.com/ftl/bet365-1513/images/footer_title_help.png?wsSecret=c0d3d4e0d4ca2ad16fd5945e7e83f815&wsTime=1702048363 | 103.198.200.1 | 200 OK | 4.3 kB |
URL GET HTTP/1.1etmqz9.rbjgb.com/ftl/bet365-1513/images/footer_title_help.png?wsSecret=c0d3d4e0d4ca2ad16fd5945e7e83f815&wsTime=1702048363 IP103.198.200.1:443 ASN#138915 Kaopu Cloud HK Limited
CertificateIssuerSectigo Limited Subject*.rbjgb.com Fingerprint53:6A:B9:2A:19:DF:AF:0C:E2:82:93:B2:92:62:38:34:56:3C:DE:C3 ValiditySun, 26 Mar 2023 00:00:00 GMT - Mon, 25 Mar 2024 23:59:59 GMT
File typePNG image data, 133 x 25, 8-bit/color RGBA, non-interlaced\012- data Hash5b44dd263dd1cf25933f2e2190f5170e 8abfc08b3e807ab38b6f21cb7800d358ee7e49aa 31dd526cb7fffa943e6d8f9ea3f64b5570e60a20ed4641030fd83b11be27b62a
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Bet365 |
GET /ftl/bet365-1513/images/footer_title_help.png?wsSecret=c0d3d4e0d4ca2ad16fd5945e7e83f815&wsTime=1702048363 HTTP/1.1
Host: etmqz9.rbjgb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://8883655.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 4254
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-01
ETag: "613c72a9-109e"
Date: Tue, 14 Nov 2023 07:04:12 GMT
Last-Modified: Sat, 11 Sep 2021 09:11:05 GMT
Expires: Thu, 14 Dec 2023 07:04:12 GMT
Age: 2102908
Cache-Control: max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-01, HIT from KS-CLOUD-XG-FOREIGN-21-06
X-Cdn-Request-ID: 73ddce09916f7ed6730df9313f4e91d8
|
|
| etmqz9.rbjgb.com/fserver/files/gb/1513/floatImage/212/1700045902962.png?wsSecret=4d374d044bfaad67373fab151423d5a6&wsTime=1702048363 | 103.198.200.1 | 200 OK | 15 kB |
URL GET HTTP/1.1etmqz9.rbjgb.com/fserver/files/gb/1513/floatImage/212/1700045902962.png?wsSecret=4d374d044bfaad67373fab151423d5a6&wsTime=1702048363 IP103.198.200.1:443 ASN#138915 Kaopu Cloud HK Limited
CertificateIssuerSectigo Limited Subject*.rbjgb.com Fingerprint53:6A:B9:2A:19:DF:AF:0C:E2:82:93:B2:92:62:38:34:56:3C:DE:C3 ValiditySun, 26 Mar 2023 00:00:00 GMT - Mon, 25 Mar 2024 23:59:59 GMT
File typePNG image data, 143 x 80, 8-bit/color RGB, non-interlaced\012- data Hash86afff64a44545ec2277749f3b94c5cb ec45875ea85f494ec95744e192772c34ebb42e12 772017efdc950b0bfad413c09ca089d1534c5745546529ec6ed566735f42d91e
GET /fserver/files/gb/1513/floatImage/212/1700045902962.png?wsSecret=4d374d044bfaad67373fab151423d5a6&wsTime=1702048363 HTTP/1.1
Host: etmqz9.rbjgb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://8883655.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 14613
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-03
ETag: "6554a44e-3915"
Date: Wed, 15 Nov 2023 10:58:55 GMT
Last-Modified: Wed, 15 Nov 2023 10:58:22 GMT
Expires: Fri, 15 Dec 2023 10:58:55 GMT
Age: 2002425
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xg21:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-03, HIT from KS-CLOUD-XG-FOREIGN-21-07
X-Cdn-Request-ID: efac041817350b0ae91f064868bb651d
|
|
| etmqz9.rbjgb.com/fserver/files/gb/1513/floatImage/212/1700045431477.png?wsSecret=eb58249a7cc0ae3cff8fc1cd935b87b8&wsTime=1702048363 | 103.198.200.1 | 200 OK | 16 kB |
URL GET HTTP/1.1etmqz9.rbjgb.com/fserver/files/gb/1513/floatImage/212/1700045431477.png?wsSecret=eb58249a7cc0ae3cff8fc1cd935b87b8&wsTime=1702048363 IP103.198.200.1:443 ASN#138915 Kaopu Cloud HK Limited
CertificateIssuerSectigo Limited Subject*.rbjgb.com Fingerprint53:6A:B9:2A:19:DF:AF:0C:E2:82:93:B2:92:62:38:34:56:3C:DE:C3 ValiditySun, 26 Mar 2023 00:00:00 GMT - Mon, 25 Mar 2024 23:59:59 GMT
File typePNG image data, 143 x 80, 8-bit/color RGBA, non-interlaced\012- data Hash91b0f49ac73bb35808aeee3638d7bbd8 7c2ffcfe6c7f0bf33212a2db72d6bf3be580ba77 9ad9648c8366c2556ffbcb89a0477dc2e9dd1ab04940f306021b083ce65d2aa0
GET /fserver/files/gb/1513/floatImage/212/1700045431477.png?wsSecret=eb58249a7cc0ae3cff8fc1cd935b87b8&wsTime=1702048363 HTTP/1.1
Host: etmqz9.rbjgb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://8883655.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 15762
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-06
ETag: "6554a277-3d92"
Date: Wed, 15 Nov 2023 10:50:59 GMT
Last-Modified: Wed, 15 Nov 2023 10:50:31 GMT
Expires: Fri, 15 Dec 2023 10:50:59 GMT
Age: 2002900
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-06, HIT from KS-CLOUD-XG-FOREIGN-21-04
X-Cdn-Request-ID: 144aac0c4a5ce65556b536f42e3deeca
|
|
| etmqz9.rbjgb.com/fserver/files/gb/1513/floatImage/212/1700045431751.png?wsSecret=11c437d9ad02c79c2b1d3db83c0c2daf&wsTime=1702048363 | 104.250.33.35 | 200 OK | 16 kB |
URL GET HTTP/1.1etmqz9.rbjgb.com/fserver/files/gb/1513/floatImage/212/1700045431751.png?wsSecret=11c437d9ad02c79c2b1d3db83c0c2daf&wsTime=1702048363 IP104.250.33.35:443 ASN#137280 Kingsoft cloud corporation limited
CertificateIssuerSectigo Limited Subject*.rbjgb.com Fingerprint53:6A:B9:2A:19:DF:AF:0C:E2:82:93:B2:92:62:38:34:56:3C:DE:C3 ValiditySun, 26 Mar 2023 00:00:00 GMT - Mon, 25 Mar 2024 23:59:59 GMT
File typePNG image data, 143 x 80, 8-bit/color RGB, non-interlaced\012- data Hash1183212810a77bb943eea500fb0eb596 a778beca4b0a38c852ba9787e7d9bf6ae9957efc 0ecf967d78a75714245836f66430519949658bb4e049b0bb8523b642f58ac197
GET /fserver/files/gb/1513/floatImage/212/1700045431751.png?wsSecret=11c437d9ad02c79c2b1d3db83c0c2daf&wsTime=1702048363 HTTP/1.1
Host: etmqz9.rbjgb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://8883655.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 15528
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-02
ETag: "6554a277-3ca8"
Date: Wed, 15 Nov 2023 10:50:59 GMT
Last-Modified: Wed, 15 Nov 2023 10:50:31 GMT
Expires: Fri, 15 Dec 2023 10:50:59 GMT
Age: 2002901
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xg03:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-02, HIT from KS-CLOUD-XG-03-12
X-Cdn-Request-ID: 6ba54d5c33eb36ab7279d87cc1f0039c
|
|
| etmqz9.rbjgb.com/fserver/files/gb/1513/floatImage/212/1700045431871.png?wsSecret=156219f9c60a195a0ef87843fa3a771e&wsTime=1702048363 | 104.250.33.35 | 200 OK | 14 kB |
URL GET HTTP/1.1etmqz9.rbjgb.com/fserver/files/gb/1513/floatImage/212/1700045431871.png?wsSecret=156219f9c60a195a0ef87843fa3a771e&wsTime=1702048363 IP104.250.33.35:443 ASN#137280 Kingsoft cloud corporation limited
CertificateIssuerSectigo Limited Subject*.rbjgb.com Fingerprint53:6A:B9:2A:19:DF:AF:0C:E2:82:93:B2:92:62:38:34:56:3C:DE:C3 ValiditySun, 26 Mar 2023 00:00:00 GMT - Mon, 25 Mar 2024 23:59:59 GMT
File typePNG image data, 143 x 80, 8-bit/color RGB, non-interlaced\012- data Hash0ae2c6750996554547fdfc6d1785ffae 2ba04bd895785322f17c863665c7cff308aff6f0 bcb043066424a811dfc5a222f7bc1feb6ed23170af7765d527ef02210a0f113c
GET /fserver/files/gb/1513/floatImage/212/1700045431871.png?wsSecret=156219f9c60a195a0ef87843fa3a771e&wsTime=1702048363 HTTP/1.1
Host: etmqz9.rbjgb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://8883655.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 14209
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-01
ETag: "6554a277-3781"
Date: Wed, 15 Nov 2023 10:51:01 GMT
Last-Modified: Wed, 15 Nov 2023 10:50:31 GMT
Expires: Fri, 15 Dec 2023 10:51:01 GMT
Age: 2002899
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xg03:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-01, HIT from KS-CLOUD-XG-FOREIGN-03-06
X-Cdn-Request-ID: bc29b32d1a31d1882cb2c3bcd4c8fb49
|
|
| etmqz9.rbjgb.com/fserver/files/gb/1513/floatImage/212/1700045432002.png?wsSecret=6bc361d839bd10d37b4cae4808b31a88&wsTime=1702048363 | 103.198.200.1 | 200 OK | 16 kB |
URL GET HTTP/1.1etmqz9.rbjgb.com/fserver/files/gb/1513/floatImage/212/1700045432002.png?wsSecret=6bc361d839bd10d37b4cae4808b31a88&wsTime=1702048363 IP103.198.200.1:443 ASN#138915 Kaopu Cloud HK Limited
CertificateIssuerSectigo Limited Subject*.rbjgb.com Fingerprint53:6A:B9:2A:19:DF:AF:0C:E2:82:93:B2:92:62:38:34:56:3C:DE:C3 ValiditySun, 26 Mar 2023 00:00:00 GMT - Mon, 25 Mar 2024 23:59:59 GMT
File typePNG image data, 143 x 80, 8-bit/color RGB, non-interlaced\012- data Hash488b005d56b3a299e7bb121613a4f57c 9ef29c9bfc3dc1272c12105d409a96dedfd23e9a d1fc31fd79b489efe23f2324549a77d91c4019d62b3b2d896ee7a386b3c17fc8
GET /fserver/files/gb/1513/floatImage/212/1700045432002.png?wsSecret=6bc361d839bd10d37b4cae4808b31a88&wsTime=1702048363 HTTP/1.1
Host: etmqz9.rbjgb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://8883655.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 16233
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-03
ETag: "6554a278-3f69"
Date: Wed, 15 Nov 2023 10:50:59 GMT
Last-Modified: Wed, 15 Nov 2023 10:50:32 GMT
Expires: Fri, 15 Dec 2023 10:50:59 GMT
Age: 2002900
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xg21:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-03, HIT from KS-CLOUD-XG-FOREIGN-21-11
X-Cdn-Request-ID: eaab5fc91c036e60933b608addad05d5
|
|
| etmqz9.rbjgb.com/fserver/files/gb/1513/floatImage/212/1700310359500.png?wsSecret=ebbbe7d8756c6f6777a9105608ef7dd6&wsTime=1702048363 | 103.198.200.1 | 200 OK | 14 kB |
URL GET HTTP/1.1etmqz9.rbjgb.com/fserver/files/gb/1513/floatImage/212/1700310359500.png?wsSecret=ebbbe7d8756c6f6777a9105608ef7dd6&wsTime=1702048363 IP103.198.200.1:443 ASN#138915 Kaopu Cloud HK Limited
CertificateIssuerSectigo Limited Subject*.rbjgb.com Fingerprint53:6A:B9:2A:19:DF:AF:0C:E2:82:93:B2:92:62:38:34:56:3C:DE:C3 ValiditySun, 26 Mar 2023 00:00:00 GMT - Mon, 25 Mar 2024 23:59:59 GMT
File typePNG image data, 143 x 80, 8-bit/color RGB, non-interlaced\012- data Hashc0b1ecc6c94e70236a450b8cb2f3f00a 3176d9f6cfae15256cdefe041de7e6da08fe024e bda727b0f74dafb9f3120cdf3dd0c8636ebcdb35783fecdd7142bf3235e4f018
GET /fserver/files/gb/1513/floatImage/212/1700310359500.png?wsSecret=ebbbe7d8756c6f6777a9105608ef7dd6&wsTime=1702048363 HTTP/1.1
Host: etmqz9.rbjgb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://8883655.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 14195
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-02
ETag: "6558ad57-3773"
Date: Sat, 18 Nov 2023 12:26:14 GMT
Last-Modified: Sat, 18 Nov 2023 12:25:59 GMT
Expires: Mon, 18 Dec 2023 12:26:14 GMT
Age: 1737986
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-02, HIT from KS-CLOUD-XG-FOREIGN-21-05
X-Cdn-Request-ID: 9bc8e3817cd8e50f16f47373fcb4aa0e
|
|
| etmqz9.rbjgb.com/fserver/files/gb/1513/floatImage/212/1700310359667.png?wsSecret=4a9206afd22ebb69707e375c1a254c89&wsTime=1702048363 | 103.198.200.1 | 200 OK | 17 kB |
URL GET HTTP/1.1etmqz9.rbjgb.com/fserver/files/gb/1513/floatImage/212/1700310359667.png?wsSecret=4a9206afd22ebb69707e375c1a254c89&wsTime=1702048363 IP103.198.200.1:443 ASN#138915 Kaopu Cloud HK Limited
CertificateIssuerSectigo Limited Subject*.rbjgb.com Fingerprint53:6A:B9:2A:19:DF:AF:0C:E2:82:93:B2:92:62:38:34:56:3C:DE:C3 ValiditySun, 26 Mar 2023 00:00:00 GMT - Mon, 25 Mar 2024 23:59:59 GMT
File typePNG image data, 143 x 80, 8-bit/color RGBA, non-interlaced\012- data Hashdd3ecb9566e31de8d286c11145a6fa42 66c29f340f898dc622a64099ac50cf1de3d865dc 164df9c961efd68f9ce03a4da4f4d015f830df141a56d964f343e4468529c6c2
GET /fserver/files/gb/1513/floatImage/212/1700310359667.png?wsSecret=4a9206afd22ebb69707e375c1a254c89&wsTime=1702048363 HTTP/1.1
Host: etmqz9.rbjgb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://8883655.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 16656
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-06
ETag: "6558ad57-4110"
Date: Sat, 18 Nov 2023 12:26:15 GMT
Last-Modified: Sat, 18 Nov 2023 12:25:59 GMT
Expires: Mon, 18 Dec 2023 12:26:15 GMT
Age: 1737985
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xg21:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-06, HIT from KS-CLOUD-XG-FOREIGN-21-16
X-Cdn-Request-ID: dd8e5ddb9d42e54cb1824b911f149b1c
|
|
| etmqz9.rbjgb.com/fserver/files/gb/1513/floatImage/211/1699781633288.png?wsSecret=a36df98c1c46cc58281a7fb9bdd6b1bd&wsTime=1702048363 | 104.250.33.35 | 200 OK | 47 kB |
URL GET HTTP/1.1etmqz9.rbjgb.com/fserver/files/gb/1513/floatImage/211/1699781633288.png?wsSecret=a36df98c1c46cc58281a7fb9bdd6b1bd&wsTime=1702048363 IP104.250.33.35:443 ASN#137280 Kingsoft cloud corporation limited
CertificateIssuerSectigo Limited Subject*.rbjgb.com Fingerprint53:6A:B9:2A:19:DF:AF:0C:E2:82:93:B2:92:62:38:34:56:3C:DE:C3 ValiditySun, 26 Mar 2023 00:00:00 GMT - Mon, 25 Mar 2024 23:59:59 GMT
File typePNG image data, 143 x 240, 8-bit/color RGBA, non-interlaced\012- data Hash405e92fef40788d11c1917240f4d74f0 b3f07b732c92fb8bed654b845f643653281096d6 859af0a3bdcb7c8298f4443cd6cadb7e9e0d916743057644c36194fabe0ad0a1
GET /fserver/files/gb/1513/floatImage/211/1699781633288.png?wsSecret=a36df98c1c46cc58281a7fb9bdd6b1bd&wsTime=1702048363 HTTP/1.1
Host: etmqz9.rbjgb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://8883655.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 47090
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-06
ETag: "65509c01-b7f2"
Date: Tue, 14 Nov 2023 07:08:08 GMT
Last-Modified: Sun, 12 Nov 2023 09:33:53 GMT
Expires: Thu, 14 Dec 2023 07:08:08 GMT
Age: 2102672
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xg03:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-06, HIT from KS-CLOUD-XG-03-03
X-Cdn-Request-ID: 7000f2a37adf19dd3301931336867277
|
|
| etmqz9.rbjgb.com/fserver/files/gb/1513/floatImage/211/1699781633460.png?wsSecret=bb84638969330269f1429be6a9d4ee57&wsTime=1702048363 | 104.250.33.35 | 200 OK | 16 kB |
URL GET HTTP/1.1etmqz9.rbjgb.com/fserver/files/gb/1513/floatImage/211/1699781633460.png?wsSecret=bb84638969330269f1429be6a9d4ee57&wsTime=1702048363 IP104.250.33.35:443 ASN#137280 Kingsoft cloud corporation limited
CertificateIssuerSectigo Limited Subject*.rbjgb.com Fingerprint53:6A:B9:2A:19:DF:AF:0C:E2:82:93:B2:92:62:38:34:56:3C:DE:C3 ValiditySun, 26 Mar 2023 00:00:00 GMT - Mon, 25 Mar 2024 23:59:59 GMT
File typePNG image data, 143 x 80, 8-bit/color RGB, non-interlaced\012- data Hash4465c18ebd1f5cdb5bc2c50e52023b46 7ed68e60810268fa1b1164272d0a133b700233ca 9733ffead1de54193e2b24c8b5b539113a86da64090b1694b719c57bee7fdb33
GET /fserver/files/gb/1513/floatImage/211/1699781633460.png?wsSecret=bb84638969330269f1429be6a9d4ee57&wsTime=1702048363 HTTP/1.1
Host: etmqz9.rbjgb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://8883655.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 16529
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-05
ETag: "65509c01-4091"
Date: Tue, 14 Nov 2023 07:08:07 GMT
Last-Modified: Sun, 12 Nov 2023 09:33:53 GMT
Expires: Thu, 14 Dec 2023 07:08:07 GMT
Age: 2102673
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xg03:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-05, HIT from KS-CLOUD-XG-03-12
X-Cdn-Request-ID: 48d74e0abafb191c5710dbecc8bd1447
|
|
| etmqz9.rbjgb.com/fserver/files/gb/1513/floatImage/211/1699781643457.png?wsSecret=f9ae844f81bd30ea4b26489e9f58e29b&wsTime=1702048363 | 103.198.200.1 | 200 OK | 16 kB |
URL GET HTTP/1.1etmqz9.rbjgb.com/fserver/files/gb/1513/floatImage/211/1699781643457.png?wsSecret=f9ae844f81bd30ea4b26489e9f58e29b&wsTime=1702048363 IP103.198.200.1:443 ASN#138915 Kaopu Cloud HK Limited
CertificateIssuerSectigo Limited Subject*.rbjgb.com Fingerprint53:6A:B9:2A:19:DF:AF:0C:E2:82:93:B2:92:62:38:34:56:3C:DE:C3 ValiditySun, 26 Mar 2023 00:00:00 GMT - Mon, 25 Mar 2024 23:59:59 GMT
File typePNG image data, 143 x 80, 8-bit/color RGBA, non-interlaced\012- data Hash433ffd36b4692bc29766babaacd95b18 bedb2330a84a86d6c4dd89ba03fe3de9e9756916 f985eb5d3c7f1c67421f6f02c976b16fbbeb2c504d93b9fd46d8e6aacac9903f
GET /fserver/files/gb/1513/floatImage/211/1699781643457.png?wsSecret=f9ae844f81bd30ea4b26489e9f58e29b&wsTime=1702048363 HTTP/1.1
Host: etmqz9.rbjgb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://8883655.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 16136
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-05
ETag: "65509c0b-3f08"
Date: Tue, 14 Nov 2023 07:08:08 GMT
Last-Modified: Sun, 12 Nov 2023 09:34:03 GMT
Expires: Thu, 14 Dec 2023 07:08:08 GMT
Age: 2102672
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-05, HIT from KS-CLOUD-XG-FOREIGN-21-13
X-Cdn-Request-ID: 9967fb35b73ccdfbb66516396c2a6cb9
|
|
| etmqz9.rbjgb.com/fserver/files/gb/1513/floatImage/211/1699781633625.png?wsSecret=1d6c5d00b857e00bc208d2363832934f&wsTime=1702048363 | 103.198.200.1 | 200 OK | 16 kB |
URL GET HTTP/1.1etmqz9.rbjgb.com/fserver/files/gb/1513/floatImage/211/1699781633625.png?wsSecret=1d6c5d00b857e00bc208d2363832934f&wsTime=1702048363 IP103.198.200.1:443 ASN#138915 Kaopu Cloud HK Limited
CertificateIssuerSectigo Limited Subject*.rbjgb.com Fingerprint53:6A:B9:2A:19:DF:AF:0C:E2:82:93:B2:92:62:38:34:56:3C:DE:C3 ValiditySun, 26 Mar 2023 00:00:00 GMT - Mon, 25 Mar 2024 23:59:59 GMT
File typePNG image data, 143 x 80, 8-bit/color RGBA, non-interlaced\012- data Hash433ffd36b4692bc29766babaacd95b18 bedb2330a84a86d6c4dd89ba03fe3de9e9756916 f985eb5d3c7f1c67421f6f02c976b16fbbeb2c504d93b9fd46d8e6aacac9903f
GET /fserver/files/gb/1513/floatImage/211/1699781633625.png?wsSecret=1d6c5d00b857e00bc208d2363832934f&wsTime=1702048363 HTTP/1.1
Host: etmqz9.rbjgb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://8883655.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 16136
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-05
ETag: "65509c01-3f08"
Date: Tue, 14 Nov 2023 07:08:07 GMT
Last-Modified: Sun, 12 Nov 2023 09:33:53 GMT
Expires: Thu, 14 Dec 2023 07:08:07 GMT
Age: 2102673
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-05, HIT from KS-CLOUD-XG-FOREIGN-21-20
X-Cdn-Request-ID: ef677813cde22920c3fd12bb108d553e
|
|
| etmqz9.rbjgb.com/ftl/commonPage/images/favicon/favicon_1513.png?wsSecret=e99aa7fc9f4b7e4e6f1cc94a8bcd2a77&wsTime=1702048363 | 103.198.200.1 | 200 OK | 487 B |
URL GET HTTP/1.1etmqz9.rbjgb.com/ftl/commonPage/images/favicon/favicon_1513.png?wsSecret=e99aa7fc9f4b7e4e6f1cc94a8bcd2a77&wsTime=1702048363 IP103.198.200.1:443 ASN#138915 Kaopu Cloud HK Limited
CertificateIssuerSectigo Limited Subject*.rbjgb.com Fingerprint53:6A:B9:2A:19:DF:AF:0C:E2:82:93:B2:92:62:38:34:56:3C:DE:C3 ValiditySun, 26 Mar 2023 00:00:00 GMT - Mon, 25 Mar 2024 23:59:59 GMT
File typePNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced\012- data Hash781062dc23675b1bce34ae394fb04e88 ae4ce5f36facd039efdb9ca4ba4fcfa5f310b9b4 14cd3b391a10d10314e70f1252e5e90525b280d4a4b5328097c0c0f2d5f28a79
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Bet365 |
GET /ftl/commonPage/images/favicon/favicon_1513.png?wsSecret=e99aa7fc9f4b7e4e6f1cc94a8bcd2a77&wsTime=1702048363 HTTP/1.1
Host: etmqz9.rbjgb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://8883655.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 487
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-03
ETag: "6311d300-1e7"
Date: Tue, 14 Nov 2023 07:06:31 GMT
Last-Modified: Fri, 02 Sep 2022 09:55:12 GMT
Expires: Thu, 14 Dec 2023 07:06:31 GMT
Age: 2102769
Cache-Control: max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-03, HIT from KS-CLOUD-XG-FOREIGN-21-11
X-Cdn-Request-ID: d702cd6cbc70923d60546081b27cb942
|
|
| etmqz9.rbjgb.com/fserver/files/gb/1513/carousel/10006/1691858042466.jpg?wsSecret=fc97fa474e8716354f31905f015c3710&wsTime=1702048363 | 104.250.33.35 | 200 OK | 85 kB |
URL GET HTTP/1.1etmqz9.rbjgb.com/fserver/files/gb/1513/carousel/10006/1691858042466.jpg?wsSecret=fc97fa474e8716354f31905f015c3710&wsTime=1702048363 IP104.250.33.35:443 ASN#137280 Kingsoft cloud corporation limited
CertificateIssuerSectigo Limited Subject*.rbjgb.com Fingerprint53:6A:B9:2A:19:DF:AF:0C:E2:82:93:B2:92:62:38:34:56:3C:DE:C3 ValiditySun, 26 Mar 2023 00:00:00 GMT - Mon, 25 Mar 2024 23:59:59 GMT
File typeJPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 630x260, components 3\012- data Hash41d7a246380afdbd4161f4f652d3f7cb 2e56aeb5c5b7185b5442bee64ee760e74e835eb4 6b2b10f3285b947e277e56484cd14952b4d2a48e5d79031965a2efefd230b33f
GET /fserver/files/gb/1513/carousel/10006/1691858042466.jpg?wsSecret=fc97fa474e8716354f31905f015c3710&wsTime=1702048363 HTTP/1.1
Host: etmqz9.rbjgb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://8883655.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 85086
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-01
ETag: "64d7b47a-14c5e"
Date: Tue, 14 Nov 2023 07:04:11 GMT
Last-Modified: Sat, 12 Aug 2023 16:34:02 GMT
Expires: Thu, 14 Dec 2023 07:04:11 GMT
Age: 2102908
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xg03:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-01, HIT from KS-CLOUD-XG-FOREIGN-03-05
X-Cdn-Request-ID: 50d920fa3c29eda161c77db3f5b66368
|
|
| etmqz9.rbjgb.com/fserver/files/gb/1513/carousel/10005/1691858051640.jpg?wsSecret=507a30bad119509c7ea533a72830ad35&wsTime=1702048363 | 103.198.200.1 | 200 OK | 107 kB |
URL GET HTTP/1.1etmqz9.rbjgb.com/fserver/files/gb/1513/carousel/10005/1691858051640.jpg?wsSecret=507a30bad119509c7ea533a72830ad35&wsTime=1702048363 IP103.198.200.1:443 ASN#138915 Kaopu Cloud HK Limited
CertificateIssuerSectigo Limited Subject*.rbjgb.com Fingerprint53:6A:B9:2A:19:DF:AF:0C:E2:82:93:B2:92:62:38:34:56:3C:DE:C3 ValiditySun, 26 Mar 2023 00:00:00 GMT - Mon, 25 Mar 2024 23:59:59 GMT
File typeJPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 630x260, components 3\012- data Size107 kB (107416 bytes) Hashf981cf6e0a16dcb88768e9f6179ccb51 02e2c6bef198eec02a25683e442fc315b2bc5e6d c40d25fe4111e49815c23a7998b6a846dfeee8aeaaf196240e30b640a0f65d31
GET /fserver/files/gb/1513/carousel/10005/1691858051640.jpg?wsSecret=507a30bad119509c7ea533a72830ad35&wsTime=1702048363 HTTP/1.1
Host: etmqz9.rbjgb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://8883655.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 107416
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-05
ETag: "64d7b483-1a398"
Date: Tue, 14 Nov 2023 07:04:11 GMT
Last-Modified: Sat, 12 Aug 2023 16:34:11 GMT
Expires: Thu, 14 Dec 2023 07:04:11 GMT
Age: 2102911
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-05, HIT from KS-CLOUD-XG-FOREIGN-21-15
X-Cdn-Request-ID: d277db16bcc80119f8d2ce68fe91c6c4
|
|
| etmqz9.rbjgb.com/fserver/files/gb/1513/carousel/10004/1691858060209.jpg?wsSecret=4f383b6d10deb7c76f5a23208de6160d&wsTime=1702048363 | 103.198.200.1 | 200 OK | 117 kB |
URL GET HTTP/1.1etmqz9.rbjgb.com/fserver/files/gb/1513/carousel/10004/1691858060209.jpg?wsSecret=4f383b6d10deb7c76f5a23208de6160d&wsTime=1702048363 IP103.198.200.1:443 ASN#138915 Kaopu Cloud HK Limited
CertificateIssuerSectigo Limited Subject*.rbjgb.com Fingerprint53:6A:B9:2A:19:DF:AF:0C:E2:82:93:B2:92:62:38:34:56:3C:DE:C3 ValiditySun, 26 Mar 2023 00:00:00 GMT - Mon, 25 Mar 2024 23:59:59 GMT
File typeJPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 630x260, components 3\012- data Size117 kB (117070 bytes) Hashad0391655a739624d31e9c642b4d5a70 9a2e04b6b8d3c7743b76bc4a13dd14ff822e0caa 305424648f37af3eb398f19360221542a2939e571230c30004abc67fe24bcaa3
GET /fserver/files/gb/1513/carousel/10004/1691858060209.jpg?wsSecret=4f383b6d10deb7c76f5a23208de6160d&wsTime=1702048363 HTTP/1.1
Host: etmqz9.rbjgb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://8883655.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 117070
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-01
ETag: "64d7b48c-1c94e"
Date: Tue, 14 Nov 2023 07:04:13 GMT
Last-Modified: Sat, 12 Aug 2023 16:34:20 GMT
Expires: Thu, 14 Dec 2023 07:04:13 GMT
Age: 2102910
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-01, HIT from KS-CLOUD-XG-FOREIGN-21-20
X-Cdn-Request-ID: 815a4d6636f161ab9ca2fd7a3baab6e2
|
|
| | 188.114.96.1 | 200 OK | 352 kB |
URL User Request GET HTTP/2IP188.114.96.1:443
CertificateIssuerLet's Encrypt Subject8883655.vip FingerprintAF:1F:39:B8:2B:98:C9:AC:DE:27:3E:3D:CE:9D:79:4D:07:53:E5:27 ValidityMon, 04 Dec 2023 12:59:52 GMT - Sun, 03 Mar 2024 12:59:51 GMT
Size352 kB (351699 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Bet365 |
GET / HTTP/1.1
Host: 8883655.vip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 08 Dec 2023 15:12:33 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
x-html-cache: HIT-3600
x-frame-options: SAMEORIGIN
uuid: -
out-line: gb-source-106
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lntv34xlD62GViDvvIKEqKiGOmC27%2BPTBrAT24n%2BHDasFFRWTJmtj044THxqe7aH1Qm76%2B1eOqChKWNZZOsxtTh8cYQMO4XubL54m6zYj3Cvf9JOk2DOESt6e3QyyQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 8325f27b4d650b4d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| |  172.67.197.161 | 301 Moved Permanently | 352 kB |
URL User Request GET HTTP/2IP172.67.197.161:443
CertificateIssuerGoogle Trust Services LLC Subjectcc04323.com Fingerprint18:F1:EA:23:0C:1F:7A:F4:8A:7C:22:56:53:C2:B6:92:83:C5:28:9C ValiditySat, 18 Nov 2023 00:46:39 GMT - Fri, 16 Feb 2024 00:46:38 GMT
Size352 kB (351699 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Bet365 |
GET / HTTP/1.1
Host: cc04323.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 301 Moved Permanently
date: Fri, 08 Dec 2023 15:12:32 GMT
location: https://04320432.vip
cache-control: max-age=3600
expires: Fri, 08 Dec 2023 16:12:32 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=k2u6GuY6zdOlk47EojlGbHCCEMcIDh%2FPNPp3chEDcXjC8%2F7iQqvF3TeAWtj7IsRA%2FPyMV1X82Yf5KSEsHz6dDjqaWwptsOmG0gEprBkVV8VypzeGcnEAJGNDE5WoTQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8325f27a3ddeb515-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 8883655.vip/mobile-api/v5/chess/getActivityMsg.html?function=sign | 188.114.96.1 | 200 OK | 140 B |
URL GET HTTP/38883655.vip/mobile-api/v5/chess/getActivityMsg.html?function=sign IP188.114.96.1:443
CertificateIssuerLet's Encrypt Subject8883655.vip FingerprintAF:1F:39:B8:2B:98:C9:AC:DE:27:3E:3D:CE:9D:79:4D:07:53:E5:27 ValidityMon, 04 Dec 2023 12:59:52 GMT - Sun, 03 Mar 2024 12:59:51 GMT
File typetroff or preprocessor input, Unicode text, UTF-8 text, with no line terminators Hash8a912a1cb453f1d332c69c6fdd0d3629 8a7da066c09ed0ce711f0524fc7273e814dc89f6 51e780a944436376a888e7053614f95fce8236591338ec92946f937a3650a072
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Bet365 | | OpenPhish | phishing | Bet365 |
GET /mobile-api/v5/chess/getActivityMsg.html?function=sign HTTP/1.1
Host: 8883655.vip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://8883655.vip/
Cookie: route=f99a9c30dbd1a887d1dbc0d8dc11c2e5; SID=xH990/2Cv5moFMhb2QMhA06zP1nJ/smSvqxeWGk447CizpWTz3SWBFhASVmgDOaS8QxBsb6RVB2QScC1QoPCMUhBJ5guMMMu5tlpM2ld+aR+/oPhn60=
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 08 Dec 2023 15:12:38 GMT
content-type: text/html;charset=utf-8
set-cookie: route=1bd47f3fb2de4e856ef59c7ef0cfd5c8; Path=/
access-control-allow-methods: *
access-control-max-age: 3600
access-control-allow-headers: Content-Type,Access-Token,X-Requested-With
content-disposition: inline;filename=f.txt
sub-sys: mobile
x-frame-options: SAMEORIGIN
uuid: 01513-01-00000000-1702048358995a
out-line: gb-source-106
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5Q0%2Bf6vD5qz5fieUCbHk4oUKBFr4HQDF6cTstxZn5KOaz%2FiwnciAhFKDV3Tit41OhVw73Ahr7l3EGly5eFlzoLM%2B7cXfSMG%2Fr3ecoOri1djijX80i2PGqCgC6%2BujkQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 8325f29ceb0156c4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| 8883655.vip/captcha/loginTop.html?t=lpwrnfbi | 188.114.96.1 | 200 OK | 1.5 kB |
URL GET HTTP/38883655.vip/captcha/loginTop.html?t=lpwrnfbi IP188.114.96.1:443
CertificateIssuerLet's Encrypt Subject8883655.vip FingerprintAF:1F:39:B8:2B:98:C9:AC:DE:27:3E:3D:CE:9D:79:4D:07:53:E5:27 ValidityMon, 04 Dec 2023 12:59:52 GMT - Sun, 03 Mar 2024 12:59:51 GMT
Hashf5c0f6b0e9d92762b6e46f5659889666 249cdb41c7876141314639f8826f4c05fbd0ae1e a8a0f43e5045ef1e15f14c79fc99fd8610eefcc7a991a7522ae82550221f6b45
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Bet365 |
GET /captcha/loginTop.html?t=lpwrnfbi HTTP/1.1
Host: 8883655.vip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://8883655.vip/
Cookie: route=f99a9c30dbd1a887d1dbc0d8dc11c2e5; SID=xH990/2Cv5moFMhb2QMhA06zP1nJ/smSvqxeWGk447CizpWTz3SWBFhASVmgDOaS8QxBsb6RVB2QScC1QoPCMUhBJ5guMMMu5tlpM2ld+aR+/oPhn60=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 08 Dec 2023 15:12:38 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
expires: Thu, 01 Jan 1970 00:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
sub-sys: msite
x-frame-options: SAMEORIGIN
uuid: 01513-01-00000000-1702048358f799
out-line: gb-source-106
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BeSVXqK2W6FHckXdvGPJNRVuxQlHJTV%2FutcgXFA1%2BwWMuwqkLFY0GVSHPsUvgUO%2FDk2Uv%2BCpisWrVf5OZzoOEgt041ejcsk5ytOSo5jcf6mIjlUe5euEkisfO0maeg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 8325f29cdaf956c4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| 8883655.vip/mobile-api/v5/origin/getThirdParam.html | 188.114.96.1 | 200 OK | 103 B |
URL GET HTTP/38883655.vip/mobile-api/v5/origin/getThirdParam.html IP188.114.96.1:443
CertificateIssuerLet's Encrypt Subject8883655.vip FingerprintAF:1F:39:B8:2B:98:C9:AC:DE:27:3E:3D:CE:9D:79:4D:07:53:E5:27 ValidityMon, 04 Dec 2023 12:59:52 GMT - Sun, 03 Mar 2024 12:59:51 GMT
File typetroff or preprocessor input, Unicode text, UTF-8 text, with no line terminators Hash696fb49ead30121d5513e1c2b60d42a2 dd34a288bf6b0e4c295c1bb848705f58ba5f245d c030ec18bd43fe0351659670355a8fc897e26b6a34b990e8a4878a51b76a268d
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Bet365 | | OpenPhish | phishing | Bet365 |
GET /mobile-api/v5/origin/getThirdParam.html HTTP/1.1
Host: 8883655.vip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://8883655.vip/
Cookie: route=f7c95a7b6b031c620a6304190a7ddf24; SID=xH990/2Cv5moFMhb2QMhA06zP1nJ/smSvqxeWGk447CizpWTz3SWBFhASVmgDOaS8QxBsb6RVB2QScC1QoPCMUhBJ5guMMMu5tlpM2ld+aR+/oPhn60=
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 08 Dec 2023 15:12:38 GMT
content-type: text/html;charset=utf-8
access-control-allow-methods: *
access-control-max-age: 3600
access-control-allow-headers: Content-Type,Access-Token,X-Requested-With
content-disposition: inline;filename=f.txt
sub-sys: mobile
x-frame-options: SAMEORIGIN
uuid: 01513-01-00000000-1702048358abc7
out-line: gb-source-106
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wFYFZCruF0pwMXrgED%2B46pJSe%2FfhZE6apc6JLePCk%2FMeJw9JUS4obAWFK4N0cB9V2eTbjY85lOxIIjr9fTxztxB2QCcBWoB5TlKbpPAXEtyPIt%2FXjCWuLRYxH3eV0Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 8325f2a0cedc56c4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| 8883655.vip/headerInfo.html?t=lpwrnf2t | 188.114.96.1 | 200 OK | 126 B |
URL GET HTTP/38883655.vip/headerInfo.html?t=lpwrnf2t IP188.114.96.1:443
CertificateIssuerLet's Encrypt Subject8883655.vip FingerprintAF:1F:39:B8:2B:98:C9:AC:DE:27:3E:3D:CE:9D:79:4D:07:53:E5:27 ValidityMon, 04 Dec 2023 12:59:52 GMT - Sun, 03 Mar 2024 12:59:51 GMT
File typetroff or preprocessor input, ASCII text, with no line terminators Hash8ffdddac94837eda2b81b218081e2252 74d4cb9866abff840b1860b23270a04639efc902 ea85c2e98bf2a604d82365a0d97498ea97ffd844f2612e9a50e53fca6f5b780e
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Bet365 |
GET /headerInfo.html?t=lpwrnf2t HTTP/1.1
Host: 8883655.vip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://8883655.vip/
Cookie: route=f99a9c30dbd1a887d1dbc0d8dc11c2e5; SID=xH990/2Cv5moFMhb2QMhA06zP1nJ/smSvqxeWGk447CizpWTz3SWBFhASVmgDOaS8QxBsb6RVB2QScC1QoPCMUhBJ5guMMMu5tlpM2ld+aR+/oPhn60=
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 08 Dec 2023 15:12:37 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
content-disposition: inline;filename=f.txt
sub-sys: msite
x-frame-options: SAMEORIGIN
uuid: 01513-01-00000000-1702048357fbce
out-line: gb-source-106
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QJLHcEJxFfSkXOYujhSih6%2BpucwLFZEyzq6xD23od5mPlq9z2XUoJYSE8jEzlw0hIPF2sb5Rg%2BGonyRGx%2Ft2sTmP7rHWCds%2BnFuiA%2B2S3V3Z7u3iZD1Js1eCltz%2FAw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 8325f29af8fb56c4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| | 188.114.97.1 | 301 Moved Permanently | 352 kB |
URL User Request GET HTTP/2IP188.114.97.1:443
CertificateIssuerGoogle Trust Services LLC Subjectrr04321.com Fingerprint95:60:79:1A:E1:F2:72:22:74:DD:FF:B3:10:7B:FA:C3:BC:34:5F:57 ValidityFri, 20 Oct 2023 19:58:47 GMT - Thu, 18 Jan 2024 19:58:46 GMT
Size352 kB (351699 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Bet365 |
GET / HTTP/1.1
Host: www.rr04321.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 301 Moved Permanently
date: Fri, 08 Dec 2023 15:12:32 GMT
location: https://cc04323.com/
cache-control: max-age=3600
expires: Fri, 08 Dec 2023 16:12:32 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YR7PVgIZUEkvtDh3UjVpSsSogjVZhrNRhlVyZgE%2FIOGuzN0XNX4hvHhZ6lcxv%2BSLhQskcGdz769qj40cBvL177CCyiBpLNc%2FiGXMncrl2OcqrU5UKEy1iFg6IEqOZ16wHyw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8325f27989e50b49-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 8883655.vip/captcha/loginTop.html?t=jhzptiaj | 188.114.96.1 | 200 OK | 1.5 kB |
URL GET HTTP/38883655.vip/captcha/loginTop.html?t=jhzptiaj IP188.114.96.1:443
CertificateIssuerLet's Encrypt Subject8883655.vip FingerprintAF:1F:39:B8:2B:98:C9:AC:DE:27:3E:3D:CE:9D:79:4D:07:53:E5:27 ValidityMon, 04 Dec 2023 12:59:52 GMT - Sun, 03 Mar 2024 12:59:51 GMT
Hash2fd5a2dc2f9fb1325d4f4c62d57f831e e9f9c0e8b9a38abe534f6c2d93548383fedd4926 1938d194f8bfc223a95cd547df7e14f0eb927c047405d1950bb241b5f2f5812e
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Bet365 |
GET /captcha/loginTop.html?t=jhzptiaj HTTP/1.1
Host: 8883655.vip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://8883655.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 08 Dec 2023 15:12:34 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
set-cookie: route=ed8de952ed57247bb4b5c65efa859ad5; Path=/
SID=xH990/2Cv5moFMhb2QMhA06zP1nJ/smSvqxeWGk447CizpWTz3SWBFhASVmgDOaS8QxBsb6RVB2QScC1QoPCMUhBJ5guMMMu5tlpM2ld+aR+/oPhn60=; Domain=.8883655.vip; Path=/; HttpOnly
tempsid: xH990/2Cv5moFMhb2QMhA06zP1nJ/smSvqxeWGk447CizpWTz3SWBFhASVmgDOaS8QxBsb6RVB2QScC1QoPCMUhBJ5guMMMu5tlpM2ld+aR+/oPhn60=
expires: Thu, 01 Jan 1970 00:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
sub-sys: msite
x-frame-options: SAMEORIGIN
uuid: 01513-01-00000000-1702048353666a
out-line: gb-source-106
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eiQuJ%2FPHk92HbIrBw9ehb7luafOKUra8Cb7BMOwEBMHblnk2rnhbOheRdpeGtaw3MjenBgKDkbc555B7ksYL6BXcBbe9gPB%2F3P7w64v2%2FYc45AqWo8fy6H55w3Y2EA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 8325f280df5856c4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| 8883655.vip/mobile-api/v5/origin/loginSwitchCheck.html | 188.114.96.1 | 200 OK | 174 B |
URL GET HTTP/38883655.vip/mobile-api/v5/origin/loginSwitchCheck.html IP188.114.96.1:443
CertificateIssuerLet's Encrypt Subject8883655.vip FingerprintAF:1F:39:B8:2B:98:C9:AC:DE:27:3E:3D:CE:9D:79:4D:07:53:E5:27 ValidityMon, 04 Dec 2023 12:59:52 GMT - Sun, 03 Mar 2024 12:59:51 GMT
File typetroff or preprocessor input, Unicode text, UTF-8 text, with no line terminators Hash384b8edc0425027ea8363c2a3a1ccc8a 8fd8da38388b633453e57836f639a9105eba15c4 37a39fed46764175ca6e8cb7cd92deaebe855c5151b6154d65b5f42d8dc46519
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Bet365 | | OpenPhish | phishing | Bet365 |
GET /mobile-api/v5/origin/loginSwitchCheck.html HTTP/1.1
Host: 8883655.vip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://8883655.vip/
Cookie: route=f99a9c30dbd1a887d1dbc0d8dc11c2e5; SID=xH990/2Cv5moFMhb2QMhA06zP1nJ/smSvqxeWGk447CizpWTz3SWBFhASVmgDOaS8QxBsb6RVB2QScC1QoPCMUhBJ5guMMMu5tlpM2ld+aR+/oPhn60=
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 08 Dec 2023 15:12:38 GMT
content-type: text/html;charset=utf-8
set-cookie: route=f7c95a7b6b031c620a6304190a7ddf24; Path=/
access-control-allow-methods: *
access-control-max-age: 3600
access-control-allow-headers: Content-Type,Access-Token,X-Requested-With
content-disposition: inline;filename=f.txt
sub-sys: mobile
x-frame-options: SAMEORIGIN
uuid: 01513-01-00000000-1702048358a96d
out-line: gb-source-106
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aEz9IZFR2m8rRdRA%2FjZrEecRcuJeklWlPIPreIIaLoSnTncST1cG2sOZYDAeDussT3OmCLHG%2FkE4vGsinIgtGXzwYuttiI5GatrKyAHv54ctvahMhaShIz8QQdRAEQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 8325f29d1b2d56c4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| 8883655.vip/message_zh_CN.js?v=1701855930849 | 188.114.96.1 | 200 OK | 33 kB |
URL GET HTTP/38883655.vip/message_zh_CN.js?v=1701855930849 IP188.114.96.1:443
CertificateIssuerLet's Encrypt Subject8883655.vip FingerprintAF:1F:39:B8:2B:98:C9:AC:DE:27:3E:3D:CE:9D:79:4D:07:53:E5:27 ValidityMon, 04 Dec 2023 12:59:52 GMT - Sun, 03 Mar 2024 12:59:51 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Bet365 |
GET /message_zh_CN.js?v=1701855930849 HTTP/1.1
Host: 8883655.vip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://8883655.vip/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 08 Dec 2023 15:12:33 GMT
content-type: application/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=86400
cf-bgj: minify
cf-polished: origSize=33266
expires: Sat, 09 Dec 2023 08:35:08 GMT
vary: Accept-Encoding
x-cache: HIT
x-frame-options: SAMEORIGIN
out-line: gb-source-106
uuid: 01513-01-00000000-17020245084766
cf-cache-status: HIT
age: 23845
last-modified: Fri, 08 Dec 2023 08:35:08 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3lg1THq8Y2bBPiYVMdHMF4FzDANtP8UlKMwEjsW1Jt6Tc61Id8036AIAmuIdiNr6mYHv%2FjoHu4m3nfYPRh7MhZOUSkJVKifLv3nk4UzfGlsrgvktOOLUdlgDRpRL7w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 8325f280ef6756c4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| | 188.114.96.1 | 301 Moved Permanently | 352 kB |
URL User Request GET HTTP/2IP188.114.96.1:443
CertificateIssuerLet's Encrypt Subject04320432.vip FingerprintCD:F1:0A:CB:EC:64:2F:CB:A4:55:9E:F5:02:41:F3:01:A1:E6:C4:1D ValiditySat, 04 Nov 2023 00:02:25 GMT - Fri, 02 Feb 2024 00:02:24 GMT
Size352 kB (351699 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: 04320432.vip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 301 Moved Permanently
date: Fri, 08 Dec 2023 15:12:32 GMT
location: https://8883655.vip
cache-control: max-age=3600
expires: Fri, 08 Dec 2023 16:12:32 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2LpJYeuwSoRKFlvjCEyRLZZBAWcTeqE3a1al0vVAhSNvDzz0xKuMrFPiLc8%2B%2BAc%2FiJrEjEikiW7v6Wu3mOrIGzeuxea9iRbU6MmU0sLhG9jG9W8WzR%2FGAudl%2Blo%2Fj0k%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8325f27adbee0b51-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| etmqz9.rbjgb.com/ftl/bet365-1513/images/footer_title_live.png?wsSecret=412a96ff9bfd2ff5f39a57ebb76bd1ee&wsTime=1702048363 | 104.250.33.35 | 200 OK | 4.7 kB |
URL GET HTTP/1.1etmqz9.rbjgb.com/ftl/bet365-1513/images/footer_title_live.png?wsSecret=412a96ff9bfd2ff5f39a57ebb76bd1ee&wsTime=1702048363 IP104.250.33.35:443 ASN#137280 Kingsoft cloud corporation limited
CertificateIssuerSectigo Limited Subject*.rbjgb.com Fingerprint53:6A:B9:2A:19:DF:AF:0C:E2:82:93:B2:92:62:38:34:56:3C:DE:C3 ValiditySun, 26 Mar 2023 00:00:00 GMT - Mon, 25 Mar 2024 23:59:59 GMT
File typePNG image data, 133 x 25, 8-bit/color RGBA, non-interlaced\012- data Hash50131f6464f919d825a3a4e6df880e3b 873858bc4f2468bf96ab561fe7c7846affb0c28e 6c7a853c7aee278b699cc5ecc219a8302f130ba4cfa74e7db189e68cef092bd5
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Bet365 |
GET /ftl/bet365-1513/images/footer_title_live.png?wsSecret=412a96ff9bfd2ff5f39a57ebb76bd1ee&wsTime=1702048363 HTTP/1.1
Host: etmqz9.rbjgb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://8883655.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 4722
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-06
ETag: "613c72a9-1272"
Date: Tue, 14 Nov 2023 07:04:11 GMT
Last-Modified: Sat, 11 Sep 2021 09:11:05 GMT
Expires: Thu, 14 Dec 2023 07:04:11 GMT
Age: 2102909
Cache-Control: max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xg03:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-06, HIT from KS-CLOUD-XG-03-12
X-Cdn-Request-ID: afdbc0d58de51ca944eb5b33ae2245fc
|
|
| 8883655.vip/index/getUserTimeZoneDate.html?t=lpwrnetc | 188.114.96.1 | 200 OK | 119 B |
URL GET HTTP/38883655.vip/index/getUserTimeZoneDate.html?t=lpwrnetc IP188.114.96.1:443
CertificateIssuerLet's Encrypt Subject8883655.vip FingerprintAF:1F:39:B8:2B:98:C9:AC:DE:27:3E:3D:CE:9D:79:4D:07:53:E5:27 ValidityMon, 04 Dec 2023 12:59:52 GMT - Sun, 03 Mar 2024 12:59:51 GMT
File typetroff or preprocessor input, ASCII text, with no line terminators Hash6a349953ea69e81291a3804f8b11a578 2e0531ae20a69f040ebf2401f8ddd58650c260c1 b0b76ea2220367e34b472cf8917b792b13a407e95914041871abc468a7fe7adc
| Analyzer | Verdict | Alert |
|---|
| OpenPhish | phishing | Bet365 |
GET /index/getUserTimeZoneDate.html?t=lpwrnetc HTTP/1.1
Host: 8883655.vip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://8883655.vip/
Cookie: route=181dd5ae39c7acd81ad5ca039c14a954; SID=xH990/2Cv5moFMhb2QMhA06zP1nJ/smSvqxeWGk447CizpWTz3SWBFhASVmgDOaS8QxBsb6RVB2QScC1QoPCMUhBJ5guMMMu5tlpM2ld+aR+/oPhn60=
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 08 Dec 2023 15:12:37 GMT
content-type: text/html; charset=utf-8
set-cookie: route=f99a9c30dbd1a887d1dbc0d8dc11c2e5; Path=/
content-disposition: inline;filename=f.txt
sub-sys: msite
cachettl: 3
x-frame-options: SAMEORIGIN
uuid: 01513-01-00000000-17020483579743
out-line: gb-source-106
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vlRc5CyDLUuhONm9UnEEcs0ZY83BjX2ayNgwTqCFpjDHztuTZQwe2xGHDBTR%2FajlRqB%2BtkVG%2FtHXFUKPF5tnrGjsGZsjMWWUwSBEhJpSMXcq6oDIZMBKE8IBUAqhSw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 8325f298deec56c4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| 8883655.vip/ftl/commonPage/themes/images/hongbao/icon-close-1.png | 188.114.96.1 | 200 OK | 6.1 kB |
URL GET HTTP/38883655.vip/ftl/commonPage/themes/images/hongbao/icon-close-1.png IP188.114.96.1:443
CertificateIssuerLet's Encrypt Subject8883655.vip FingerprintAF:1F:39:B8:2B:98:C9:AC:DE:27:3E:3D:CE:9D:79:4D:07:53:E5:27 ValidityMon, 04 Dec 2023 12:59:52 GMT - Sun, 03 Mar 2024 12:59:51 GMT
File typePNG image data, 60 x 60, 8-bit/color RGBA, non-interlaced\012- data Hash30eb0e841ea47a1f05854ebca3f9e9c1 0cb9874c32ff8837c1ffaf89cba502ceb3483b2b 382670ae61fc81522b190a0536d7b993058183aea2ffe81d197ded6af07d2183
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Bet365 | | OpenPhish | phishing | Bet365 |
GET /ftl/commonPage/themes/images/hongbao/icon-close-1.png HTTP/1.1
Host: 8883655.vip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://8883655.vip/
Cookie: route=181dd5ae39c7acd81ad5ca039c14a954; SID=xH990/2Cv5moFMhb2QMhA06zP1nJ/smSvqxeWGk447CizpWTz3SWBFhASVmgDOaS8QxBsb6RVB2QScC1QoPCMUhBJ5guMMMu5tlpM2ld+aR+/oPhn60=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 08 Dec 2023 15:12:37 GMT
content-type: image/png
content-length: 6087
last-modified: Wed, 11 Aug 2021 06:10:54 GMT
etag: "611369ee-17c7"
access-control-allow-origin: *
x-frame-options: SAMEORIGIN
expires: Fri, 08 Dec 2023 19:56:00 GMT
cache-control: max-age=86400
x-cache: HIT
uuid: -
out-line: gb-source-106
cf-cache-status: HIT
age: 69397
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=00hOf4jjlXVxxFYXnkxEsMDYX2yUbgrDkh3SROtrFvmE%2BATOrdDk14ktB%2FddprBOp3tC9PGxcptp2avpf4TfVcyw7KagcjBsIuaplXYu9%2FjVB4DxknqYomMIriUNvg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 8325f2989eb956c4-OSL
alt-svc: h3=":443"; ma=86400
|
|
| etmqz9.rbjgb.com/ftl/bet365-1513/themes/images/other_links_chess.jpg?wsSecret=cfac17689defeeecf4212c19e8bf62e0&wsTime=1702048363 | 103.198.200.1 | 200 OK | 20 kB |
URL GET HTTP/1.1etmqz9.rbjgb.com/ftl/bet365-1513/themes/images/other_links_chess.jpg?wsSecret=cfac17689defeeecf4212c19e8bf62e0&wsTime=1702048363 IP103.198.200.1:443 ASN#138915 Kaopu Cloud HK Limited
CertificateIssuerSectigo Limited Subject*.rbjgb.com Fingerprint53:6A:B9:2A:19:DF:AF:0C:E2:82:93:B2:92:62:38:34:56:3C:DE:C3 ValiditySun, 26 Mar 2023 00:00:00 GMT - Mon, 25 Mar 2024 23:59:59 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 313x125, components 3\012- data Hashb3f1a365e502da9ff5a176396d415771 7c7967837cd4704a21265da90bcc978a1c98eaac 42af959e91e71e0af8d559e88bb0537cdfa8a89e7d593a2d1d179b22691736e7
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Bet365 |
GET /ftl/bet365-1513/themes/images/other_links_chess.jpg?wsSecret=cfac17689defeeecf4212c19e8bf62e0&wsTime=1702048363 HTTP/1.1
Host: etmqz9.rbjgb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://8883655.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 20422
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-04
ETag: "613c72a9-4fc6"
Date: Tue, 14 Nov 2023 07:04:09 GMT
Last-Modified: Sat, 11 Sep 2021 09:11:05 GMT
Expires: Thu, 14 Dec 2023 07:04:09 GMT
Age: 2102909
Cache-Control: max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-04, HIT from KS-CLOUD-XG-FOREIGN-21-10
X-Cdn-Request-ID: dac90858ef0b91b89c2eb3f72e9f361c
|
|