www.vip3659q.com/
103 B IP
ASN #140227 Hong Kong Communications International Co., Limited
File type HTML document, ASCII text
Hash 59e244061cc43f272b92ea72af13afe0
c5f367cf011284b6cf3ef4129a2e669962d9f25d
f747b3ff159699ceb4f5409191ac8a3d181d7f35ba2640b572581bc41e8864d3
Analyzer Verdict Alert OpenPhish phishing Bet365
GET / HTTP/1.1
Host: www.vip3659q.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:37:53 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
Cache-Control: private, no-store, no-cache, must-revalidate, proxy-revalidate
Content-Encoding: gzip
www.vip3659q.com:8989/
115 kB IP
ASN #140227 Hong Kong Communications International Co., Limited
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text
Size 115 kB (114975 bytes)
Hash b9a8bff072c5df9cf4fb26f47795b698
9560577cfe1c236a938d69e3368d0882d34e4899
000284ddadbf59cbb9361a48a05bcbc1f511c8bad5a3bf162af0295b0e4ccc6c
GET / HTTP/1.1
Host: www.vip3659q.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:37:55 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-html-cache: HIT-3600
X-Frame-Options: SAMEORIGIN
uuid: -
out-line: gb-site-097
Content-Encoding: gzip
www.vip3659q.com:8989/message_zh_CN.js?v=1695807924649
200 9.8 kB URL GET HTTP/1.1 www.vip3659q.com:8989/message_zh_CN.js?v=1695807924649
IP
ASN #140227 Hong Kong Communications International Co., Limited
Requested by https://www.vip3659q.com:8989/
Certificate IssuerLet's Encrypt
Subjectvip3659q.com
FingerprintA1:64:6A:6B:41:AC:6F:A2:2E:0A:55:07:A6:52:B1:98:D5:49:7C:90
ValidityMon, 25 Sep 2023 15:15:43 GMT - Sun, 24 Dec 2023 15:15:42 GMT
File type Unicode text, UTF-8 text, with very long lines (17948)
Hash 16d2b39f43c2e63099526eaa0e1bd5de
b9735cecdbc80252aa2bee9a7c86915d746b31ff
142afe35d294149ef6c9f9ad052a085d9bd4b5e18eba50361b1c1f2d26c38e6c
GET /message_zh_CN.js?v=1695807924649 HTTP/1.1
Host: www.vip3659q.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659q.com:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200
Date: Tue, 03 Oct 2023 13:37:56 GMT
Content-Type: application/javascript;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:37:56 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: 00141-02-00000000-1696340276b70e
out-line: gb-site-097
www.vip3659q.com:8989/commonPage/lan/i18n.js?t=1696340275.162
814 B URL www.vip3659q.com:8989/commonPage/lan/i18n.js?t=1696340275.162
IP
ASN #140227 Hong Kong Communications International Co., Limited
File type ASCII text, with very long lines (1217)
Hash 3f9a6147e3063deddd2075f45a74efab
51c4305ba0da1accf129f1909f54400d512b403d
4657d963bef0ad9897d9257578c4cca2fd6c4b3409abda640505e50d3802466d
GET /commonPage/lan/i18n.js?t=1696340275.162 HTTP/1.1
Host: www.vip3659q.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659q.com:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:37:56 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
uuid: 00141-02-00000000-1696340276849b
out-line: gb-site-097
Content-Encoding: gzip
ocsp.sectigo.com/
471 B IP
Hash de7314c1d8e4f2b41662ff2a141a1d54
a1e02c00282f63b18b61d420bc48ab9b71c7e059
7ac1c230d8ab43bf84f099d6dcce7a277245d03704a3a922a87815e2c6caecda
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:37:56 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sun, 01 Oct 2023 11:38:15 GMT
Expires: Sun, 08 Oct 2023 11:38:14 GMT
Etag: "a1e02c00282f63b18b61d420bc48ab9b71c7e059"
Cache-Control: max-age=424828,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 81059529ec821c12-OSL
ocsp.sectigo.com/
471 B IP
Hash de7314c1d8e4f2b41662ff2a141a1d54
a1e02c00282f63b18b61d420bc48ab9b71c7e059
7ac1c230d8ab43bf84f099d6dcce7a277245d03704a3a922a87815e2c6caecda
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:37:56 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sun, 01 Oct 2023 11:38:15 GMT
Expires: Sun, 08 Oct 2023 11:38:14 GMT
Etag: "a1e02c00282f63b18b61d420bc48ab9b71c7e059"
Cache-Control: max-age=424333,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 81059529eed956c5-OSL
ocsp.sectigo.com/
471 B IP
Hash de7314c1d8e4f2b41662ff2a141a1d54
a1e02c00282f63b18b61d420bc48ab9b71c7e059
7ac1c230d8ab43bf84f099d6dcce7a277245d03704a3a922a87815e2c6caecda
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:37:56 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sun, 01 Oct 2023 11:38:15 GMT
Expires: Sun, 08 Oct 2023 11:38:14 GMT
Etag: "a1e02c00282f63b18b61d420bc48ab9b71c7e059"
Cache-Control: max-age=424333,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 8105952a1ce356bb-OSL
ocsp.sectigo.com/
471 B IP
Hash de7314c1d8e4f2b41662ff2a141a1d54
a1e02c00282f63b18b61d420bc48ab9b71c7e059
7ac1c230d8ab43bf84f099d6dcce7a277245d03704a3a922a87815e2c6caecda
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:37:56 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sun, 01 Oct 2023 11:38:15 GMT
Expires: Sun, 08 Oct 2023 11:38:14 GMT
Etag: "a1e02c00282f63b18b61d420bc48ab9b71c7e059"
Cache-Control: max-age=424828,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 8105952a2ca31c12-OSL
ocsp.sectigo.com/
471 B IP
Hash de7314c1d8e4f2b41662ff2a141a1d54
a1e02c00282f63b18b61d420bc48ab9b71c7e059
7ac1c230d8ab43bf84f099d6dcce7a277245d03704a3a922a87815e2c6caecda
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:37:56 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sun, 01 Oct 2023 11:38:15 GMT
Expires: Sun, 08 Oct 2023 11:38:14 GMT
Etag: "a1e02c00282f63b18b61d420bc48ab9b71c7e059"
Cache-Control: max-age=424828,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 8105952a2f1656c5-OSL
3dsa62.gaokejd.xyz/ftl/commonPage/themes/gui-skin-default.css
6.3 kB URL 3dsa62.gaokejd.xyz/ftl/commonPage/themes/gui-skin-default.css
IP
ASN #138915 Kaopu Cloud HK Limited
File type Unicode text, UTF-8 (with BOM) text, with very long lines (7014)
Hash 4f6eba52b6bdba2bd8154d39c61fcaab
11a91e977ab64175dc2ec233d45c6cf9d34798b0
b4ae8f84403e1e8ea7f75cac8491e461ac6e5524260a04d772d53dd912f8e53a
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/commonPage/themes/gui-skin-default.css HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659q.com:8989/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 6253
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-05
ETag: W/"64ad1569-7b6e"
Date: Thu, 28 Sep 2023 08:02:48 GMT
Last-Modified: Tue, 11 Jul 2023 08:40:09 GMT
Expires: Sat, 28 Oct 2023 08:02:48 GMT
Age: 452108
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-05, HIT from KS-CLOUD-XG-FOREIGN-21-01
X-Cdn-Request-ID: 01cfb3559f1cf5c60f17f29f2ba2f8bc
3dsa62.gaokejd.xyz/ftl/bet365-141-2/themes/style/common.css
200 OK 13 kB URL GET HTTP/1.1 3dsa62.gaokejd.xyz/ftl/bet365-141-2/themes/style/common.css
IP
ASN #138915 Kaopu Cloud HK Limited
Requested by https://www.vip3659q.com:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type assembler source, Unicode text, UTF-8 (with BOM) text, with very long lines (532)
Hash d85714aa13b8df3bbe47562a0a5b0a82
e1dd836dc82ce5c0e8586bf837a90b2efb55916a
02f1ef82366e3bb0fb19f6e5f967e5c63ea857d53803aedcf6cb8f79ee7d4ac2
GET /ftl/bet365-141-2/themes/style/common.css HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659q.com:8989/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 12593
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-01
ETag: W/"65138f5d-d024"
Date: Thu, 28 Sep 2023 08:02:48 GMT
Last-Modified: Wed, 27 Sep 2023 02:11:41 GMT
Expires: Sat, 28 Oct 2023 08:02:48 GMT
Age: 452108
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-01, HIT from KS-CLOUD-XG-FOREIGN-21-12
X-Cdn-Request-ID: 46390159eb95f1036ced6b178c11ce15
3dsa62.gaokejd.xyz/ftl/bet365-141-2/themes/style/swiper-4.3.3.min.css
3.1 kB URL 3dsa62.gaokejd.xyz/ftl/bet365-141-2/themes/style/swiper-4.3.3.min.css
IP
ASN #138915 Kaopu Cloud HK Limited
File type ASCII text, with very long lines (19512)
Hash f29b1aec530d4ecb1255894948203345
ec15a3a265c1556fae8f9553d371423df9653c50
f476606c821fd23ba0fcae1845e3e45ae39f6040921de2d96698ad7d1e922f3e
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/bet365-141-2/themes/style/swiper-4.3.3.min.css HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659q.com:8989/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 3094
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-01
ETag: W/"6153e3b6-4d3d"
Date: Thu, 28 Sep 2023 08:02:48 GMT
Last-Modified: Wed, 29 Sep 2021 03:55:34 GMT
Expires: Sat, 28 Oct 2023 08:02:48 GMT
Age: 452108
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-01, HIT from KS-CLOUD-XG-FOREIGN-21-07
X-Cdn-Request-ID: 097b6114cb1497df68e1012be8227783
3dsa62.gaokejd.xyz/ftl/bet365-141-2/themes/style/bootstrap-dialog.min.css
630 B URL 3dsa62.gaokejd.xyz/ftl/bet365-141-2/themes/style/bootstrap-dialog.min.css
IP
ASN #138915 Kaopu Cloud HK Limited
Hash 304eb84809c6637b7cdd0dc6225c5761
e724aff10b16dc82bf1086cd3b70d8396f630d64
cb1d0b332c0218bbb360fd25d693f88293b54389caf88c36ffcfd8adc948d0e4
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/bet365-141-2/themes/style/bootstrap-dialog.min.css HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659q.com:8989/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 630
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-05
ETag: W/"6153e3b6-adc"
Date: Thu, 28 Sep 2023 08:02:48 GMT
Last-Modified: Wed, 29 Sep 2021 03:55:34 GMT
Expires: Sat, 28 Oct 2023 08:02:48 GMT
Age: 452108
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-05, HIT from KS-CLOUD-XG-FOREIGN-21-10
X-Cdn-Request-ID: b4a23e1e4effdceca29549b0fbd02ace
3dsa62.gaokejd.xyz/ftl/commonPage/themes/gui-base.css
17 kB URL 3dsa62.gaokejd.xyz/ftl/commonPage/themes/gui-base.css
IP
ASN #138915 Kaopu Cloud HK Limited
File type Unicode text, UTF-8 text, with very long lines (12023)
Hash abc91330704282873c6755800f5cbf06
8677f67e781c23cadc13d0310eda118ba754339a
f481810dd316265622c2eee91fc349f6ac24367352f74c8fa849ddaf28a5c475
GET /ftl/commonPage/themes/gui-base.css HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659q.com:8989/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 16935
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-01
ETag: W/"650e8aa5-1413b"
Date: Thu, 28 Sep 2023 08:02:47 GMT
Last-Modified: Sat, 23 Sep 2023 06:50:13 GMT
Expires: Sat, 28 Oct 2023 08:02:47 GMT
Age: 452109
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-01, HIT from KS-CLOUD-XG-FOREIGN-21-06
X-Cdn-Request-ID: f1c427dfb554f7f6f67eb06e187c02de
3dsa62.gaokejd.xyz/ftl/commonPage/js/jquery/jquery-1.11.3.min.js
34 kB URL 3dsa62.gaokejd.xyz/ftl/commonPage/js/jquery/jquery-1.11.3.min.js
IP
ASN #138915 Kaopu Cloud HK Limited
File type ASCII text, with very long lines (32038)
Hash b091a47f6b91e26c93a848092c6f3788
52918af2d431e73464060b35d364640c8db75606
329ab92b9276ef4e3148f69be6b208969bebdf2db3121a589caa172453fd9f10
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/commonPage/js/jquery/jquery-1.11.3.min.js HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659q.com:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 33545
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-05
ETag: W/"5d848f4f-176d4"
Date: Thu, 28 Sep 2023 08:02:48 GMT
Last-Modified: Fri, 20 Sep 2019 08:35:27 GMT
Expires: Sat, 28 Oct 2023 08:02:48 GMT
Age: 452108
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-05, HIT from KS-CLOUD-XG-FOREIGN-21-11
X-Cdn-Request-ID: 64bd0826f49e199f2d7a6a0ed8f94a65
3dsa62.gaokejd.xyz/ftl/commonPage/js/float.js
1.9 kB URL 3dsa62.gaokejd.xyz/ftl/commonPage/js/float.js
IP
ASN #138915 Kaopu Cloud HK Limited
Hash 829af863b0cdc4a603919824ae046299
1d417b1553e4ecb7125ebf2005b74255291fbf73
1dbe4afbc9ed220c08b9e95577b56f83e2e8e0f7620c5dc18266bb325e5bb271
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/commonPage/js/float.js HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659q.com:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 1929
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-01
ETag: W/"612747ba-1b2f"
Date: Thu, 28 Sep 2023 08:02:49 GMT
Last-Modified: Thu, 26 Aug 2021 07:50:18 GMT
Expires: Sat, 28 Oct 2023 08:02:49 GMT
Age: 452107
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-01, HIT from KS-CLOUD-XG-FOREIGN-21-09
X-Cdn-Request-ID: d47182af2340d05d33ccaf86b195ff60
3dsa62.gaokejd.xyz/ftl/commonPage/js/websocket/Comet.js
4.0 kB URL 3dsa62.gaokejd.xyz/ftl/commonPage/js/websocket/Comet.js
IP
ASN #138915 Kaopu Cloud HK Limited
Hash 4de3e8bcf2f02d60519ca0d3584d3b8e
6323c2bf18b1bbf968e164bdf2e58d7677f67f8a
6cf6e96f51f13834e233bee9a9040f6eff70601dc0b755e60885b20550b35a9f
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/commonPage/js/websocket/Comet.js HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659q.com:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 4031
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-02
ETag: W/"60f60fb5-43bc"
Date: Thu, 28 Sep 2023 08:02:49 GMT
Last-Modified: Mon, 19 Jul 2021 23:50:13 GMT
Expires: Sat, 28 Oct 2023 08:02:49 GMT
Age: 452107
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-02, HIT from KS-CLOUD-XG-FOREIGN-21-17
X-Cdn-Request-ID: 1188c63aa171d0010bd7696a805d97a0
3dsa62.gaokejd.xyz/ftl/commonPage/js/lazyload.js
2.7 kB URL 3dsa62.gaokejd.xyz/ftl/commonPage/js/lazyload.js
IP
ASN #138915 Kaopu Cloud HK Limited
Hash 58f1a7fa1a19b0e5ad0a5bad974b98cf
6963ce7378e6c992de06e7e77d79432a0d38f54d
fb513dceb383ebeda507b1e1cc89ab4d73de071d8aa4fc78bc22f66e7fc5a7e4
GET /ftl/commonPage/js/lazyload.js HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659q.com:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 2731
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-06
ETag: W/"64d05f66-2f79"
Date: Thu, 28 Sep 2023 08:02:48 GMT
Last-Modified: Mon, 07 Aug 2023 03:05:10 GMT
Expires: Sat, 28 Oct 2023 08:02:48 GMT
Age: 452108
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-06, HIT from KS-CLOUD-XG-FOREIGN-21-20
X-Cdn-Request-ID: a58c2232f2a0dfbedaeb60d736078eb2
3dsa62.gaokejd.xyz/ftl/commonPage/js/idangerous.swiper.min.js
12 kB URL 3dsa62.gaokejd.xyz/ftl/commonPage/js/idangerous.swiper.min.js
IP
ASN #138915 Kaopu Cloud HK Limited
File type ASCII text, with very long lines (32034)
Hash f15409fb02c527ce1f66a2fd3c4aa0e9
1e1e1bcc0f49e99e14ba34991cffe0745178d302
1a1b5d3d6fbfc28abe37a668abd59494208c63c5f0b5d040cf4bbbd137f87c27
GET /ftl/commonPage/js/idangerous.swiper.min.js HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659q.com:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 11957
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-02
ETag: W/"64d5b951-b083"
Date: Thu, 28 Sep 2023 08:02:49 GMT
Last-Modified: Fri, 11 Aug 2023 04:30:09 GMT
Expires: Sat, 28 Oct 2023 08:02:49 GMT
Age: 452107
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-02, HIT from KS-CLOUD-XG-FOREIGN-21-12
X-Cdn-Request-ID: 84861f0d4ee6a2a4671dcb0a989455b2
3dsa62.gaokejd.xyz/ftl/commonPage/js/websocket/CometMarathon.js
3.3 kB URL 3dsa62.gaokejd.xyz/ftl/commonPage/js/websocket/CometMarathon.js
IP
ASN #138915 Kaopu Cloud HK Limited
Hash 3b4680db1e065116488f065419ca9f58
6c646601c5656ff6cb1fdf9d5b95823f41e9bcfa
e2bfb9fc21f2a1a6e33c7c5ed20de13ef2ef4bcf266aa4b2e6f2fee06f8f4eaf
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/commonPage/js/websocket/CometMarathon.js HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659q.com:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 3316
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-02
ETag: W/"6260ddd4-2f13"
Date: Thu, 28 Sep 2023 08:02:49 GMT
Last-Modified: Thu, 21 Apr 2022 04:30:12 GMT
Expires: Sat, 28 Oct 2023 08:02:49 GMT
Age: 452107
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-02, HIT from KS-CLOUD-XG-FOREIGN-21-17
X-Cdn-Request-ID: 06992529c3ed281c44dddea318fbe74e
3dsa62.gaokejd.xyz/ftl/commonPage/js/websocket/PopUp.js
200 OK 797 B URL GET HTTP/1.1 3dsa62.gaokejd.xyz/ftl/commonPage/js/websocket/PopUp.js
IP
ASN #138915 Kaopu Cloud HK Limited
Requested by https://www.vip3659q.com:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
Hash 07864ad2e2759d53f8f2f14dd4295bd9
95144219e2eb702c4c4a707c3622b086876cf41c
871bf30791bb89605b61cea815c3786246274b65ede3b8a8b8c2dd9244cfa89d
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/commonPage/js/websocket/PopUp.js HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659q.com:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 797
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-05
ETag: W/"6260ddd4-828"
Date: Thu, 28 Sep 2023 08:02:49 GMT
Last-Modified: Thu, 21 Apr 2022 04:30:12 GMT
Expires: Sat, 28 Oct 2023 08:02:49 GMT
Age: 452107
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-05, HIT from KS-CLOUD-XG-FOREIGN-21-04
X-Cdn-Request-ID: d9ec162e3127c814eef02203b794ccd7
3dsa62.gaokejd.xyz/ftl/commonPage/themes/hongbao.css
5.7 kB URL 3dsa62.gaokejd.xyz/ftl/commonPage/themes/hongbao.css
IP
ASN #138915 Kaopu Cloud HK Limited
File type Unicode text, UTF-8 text, with very long lines (336)
Hash 499a3a64bcf22609681f5337a6360c80
fc05a8a391c8375ea4e47183eca56a18bed8fca7
5339bf22971b6400e64154decc06b84fd4be337c2758cc7ca565756c92c97894
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/commonPage/themes/hongbao.css HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3dsa62.gaokejd.xyz/ftl/commonPage/themes/gui-base.css
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 5666
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-06
ETag: W/"64252e4f-d530"
Date: Thu, 28 Sep 2023 08:02:48 GMT
Last-Modified: Thu, 30 Mar 2023 06:38:07 GMT
Expires: Sat, 28 Oct 2023 08:02:48 GMT
Age: 452109
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-06, HIT from KS-CLOUD-XG-FOREIGN-21-20
X-Cdn-Request-ID: 253e4c762eb05586b057afb6089d64a3
3dsa62.gaokejd.xyz/ftl/commonPage/themes/gui-layer.css
6.9 kB URL 3dsa62.gaokejd.xyz/ftl/commonPage/themes/gui-layer.css
IP
ASN #138915 Kaopu Cloud HK Limited
File type Unicode text, UTF-8 text, with very long lines (489)
Hash 858eefc3fa70af7d0115c901908471f5
29c181bbbc09a424f7de7cb57629bd8a9e3c679a
9f6a77c93f998e065f1ed52eb9943a3c560a50366bba2c8a34a4a1223c793caf
GET /ftl/commonPage/themes/gui-layer.css HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3dsa62.gaokejd.xyz/ftl/commonPage/themes/gui-base.css
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 6923
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-02
ETag: W/"64ddd5e1-c760"
Date: Thu, 28 Sep 2023 08:02:49 GMT
Last-Modified: Thu, 17 Aug 2023 08:10:09 GMT
Expires: Sat, 28 Oct 2023 08:02:49 GMT
Age: 452107
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-02, HIT from KS-CLOUD-XG-FOREIGN-21-04
X-Cdn-Request-ID: 11ae61e46e8de4e51498eccac36d6b51
3dsa62.gaokejd.xyz/ftl/commonPage/js/gui-base.js
16 kB URL 3dsa62.gaokejd.xyz/ftl/commonPage/js/gui-base.js
IP
ASN #138915 Kaopu Cloud HK Limited
File type HTML document, Unicode text, UTF-8 text, with very long lines (11056)
Hash 4007cfe0a95df1d6a9f4252e636f995f
b0f9a2ad5c49b9b50ac5d025c8e9ce803eb5d7a8
4370313fa317e44140f85bba141ec24c2c9ef674593779d3349d2a44001699d0
GET /ftl/commonPage/js/gui-base.js HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659q.com:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 15779
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-04
ETag: W/"64ddbaed-ee5c"
Date: Thu, 28 Sep 2023 08:02:49 GMT
Last-Modified: Thu, 17 Aug 2023 06:15:09 GMT
Expires: Sat, 28 Oct 2023 08:02:49 GMT
Age: 452107
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-04, HIT from KS-CLOUD-XG-FOREIGN-21-10
X-Cdn-Request-ID: 8aaf8b9d684edb4d0c60192cf1019568
3dsa62.gaokejd.xyz/ftl/commonPage/js/layer.js
7.6 kB URL 3dsa62.gaokejd.xyz/ftl/commonPage/js/layer.js
IP
ASN #138915 Kaopu Cloud HK Limited
File type Unicode text, UTF-8 text, with very long lines (21922)
Hash c42797aecccd5494e2b747cedf1a890b
b9e06a6d245b6a3c87f2753db0c9c9aa020640b2
56feab66e10b4718de666fc63941b4f36a5e553e8887d663e137e635add8beb3
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/commonPage/js/layer.js HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659q.com:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 7599
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-03
ETag: W/"5d848f4f-55f6"
Date: Thu, 28 Sep 2023 08:02:49 GMT
Last-Modified: Fri, 20 Sep 2019 08:35:27 GMT
Expires: Sat, 28 Oct 2023 08:02:49 GMT
Age: 452108
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-03, HIT from KS-CLOUD-XG-FOREIGN-21-15
X-Cdn-Request-ID: 8a0e69fd424520a6d9b7b9aed50b6864
3dsa62.gaokejd.xyz/ftl/commonPage/js/bootstrap-dialog.min.js
5.0 kB URL 3dsa62.gaokejd.xyz/ftl/commonPage/js/bootstrap-dialog.min.js
IP
ASN #138915 Kaopu Cloud HK Limited
File type ASCII text, with very long lines (20132), with no line terminators
Hash 5ce8851dc823429a42ab6147554403cc
28f381f0e0aa4f5d56690e65723bd97fb59a38e6
dd1edf5e54071903c4c1e81e33636444899d645df6b18bad22249da07f91c811
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/commonPage/js/bootstrap-dialog.min.js HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659q.com:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 5007
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-02
ETag: W/"5d848f4f-4ea4"
Date: Thu, 28 Sep 2023 08:02:49 GMT
Last-Modified: Fri, 20 Sep 2019 08:35:27 GMT
Expires: Sat, 28 Oct 2023 08:02:49 GMT
Age: 452107
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-02, HIT from KS-CLOUD-XG-FOREIGN-21-10
X-Cdn-Request-ID: 20c17381dbd51127d608304dce558910
3dsa62.gaokejd.xyz/ftl/commonPage/js/jquery/jquery.super-marquee.js
1.4 kB URL 3dsa62.gaokejd.xyz/ftl/commonPage/js/jquery/jquery.super-marquee.js
IP
ASN #138915 Kaopu Cloud HK Limited
File type ASCII text, with very long lines (4433), with no line terminators
Hash f77d83590bc0a69298f2fbcc5d9911cd
1d6aa25d7052f53ad0181385e5efe72f224bbdb9
1d042b9441e860ddcc01b9e9e5e8d354121ee0e31b47f6e18a321e2e633d22e7
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/commonPage/js/jquery/jquery.super-marquee.js HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659q.com:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 1421
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-06
ETag: W/"5d848f4f-1151"
Date: Thu, 28 Sep 2023 08:02:49 GMT
Last-Modified: Fri, 20 Sep 2019 08:35:27 GMT
Expires: Sat, 28 Oct 2023 08:02:49 GMT
Age: 452107
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-06, HIT from KS-CLOUD-XG-FOREIGN-21-09
X-Cdn-Request-ID: 3f748da9ca35496d621a508739623c16
3dsa62.gaokejd.xyz/ftl/commonPage/js/jquery/jquery.nicescroll.min.js
17 kB URL 3dsa62.gaokejd.xyz/ftl/commonPage/js/jquery/jquery.nicescroll.min.js
IP
ASN #138915 Kaopu Cloud HK Limited
File type ASCII text, with very long lines (64577)
Hash b5bc8cd626b389bde727a91e6ce79436
3df6c39300ac286cf596b3bda273cb39ff825429
a1eb48eeb3b3f2ba41940d3041464f0b386b7a7c4a8acb42f3017e691f4b116e
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/commonPage/js/jquery/jquery.nicescroll.min.js HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659q.com:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 17446
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-02
ETag: W/"5d848f4f-fc8b"
Date: Thu, 28 Sep 2023 08:02:49 GMT
Last-Modified: Fri, 20 Sep 2019 08:35:27 GMT
Expires: Sat, 28 Oct 2023 08:02:49 GMT
Age: 452108
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding, Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
Content-Encoding: gzip
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-02, HIT from KS-CLOUD-XG-FOREIGN-21-12
X-Cdn-Request-ID: d844b6d7890d044b2e9137d589544b6f
3dsa62.gaokejd.xyz/061410/rcenter/common/js/jquery/plugins/jquery.validate/jquery.validate.js
7.7 kB URL 3dsa62.gaokejd.xyz/061410/rcenter/common/js/jquery/plugins/jquery.validate/jquery.validate.js
IP
ASN #138915 Kaopu Cloud HK Limited
File type Unicode text, UTF-8 text, with very long lines (27669)
Hash f8c2b37c1dc626eede6a2e3e37aa4504
d4e8419497caa64c8a850ac4808dddb89b5eeb3f
728d63b799ab3d9bee5e987ad13f71aeb9d30ff78ed552c7edc425531c9c0f2a
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /061410/rcenter/common/js/jquery/plugins/jquery.validate/jquery.validate.js HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659q.com:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 7746
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-05
ETag: W/"650aa3e4-6caf"
Date: Thu, 28 Sep 2023 08:04:55 GMT
Last-Modified: Wed, 20 Sep 2023 07:48:52 GMT
Expires: Sat, 28 Oct 2023 08:04:55 GMT
Age: 451982
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-204
x-link-via: xg21:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-05, HIT from KS-CLOUD-XG-FOREIGN-21-13
X-Cdn-Request-ID: 5e6d8c5d4727c1c01025e0f62dcbfada
3dsa62.gaokejd.xyz/061410/rcenter/common/js/gamebox/common/jquery.validate.extend.msites.js
4.1 kB URL 3dsa62.gaokejd.xyz/061410/rcenter/common/js/gamebox/common/jquery.validate.extend.msites.js
IP
ASN #138915 Kaopu Cloud HK Limited
File type Unicode text, UTF-8 text, with very long lines (14855), with no line terminators
Hash 4fe7dadf050dad2dcfd386d21b880281
07e7feb8dc9309fe66d86d7a9e27f8efd32ab0bd
aa891aafe8e98e1e15d81b2b116e6c3808d0bbbec56cd24818e2e7ac911877c9
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /061410/rcenter/common/js/gamebox/common/jquery.validate.extend.msites.js HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659q.com:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 4126
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-05
ETag: W/"650aa3e4-3a09"
Date: Thu, 28 Sep 2023 08:04:55 GMT
Last-Modified: Wed, 20 Sep 2023 07:48:52 GMT
Expires: Sat, 28 Oct 2023 08:04:55 GMT
Age: 451982
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-05, HIT from KS-CLOUD-XG-FOREIGN-21-18
X-Cdn-Request-ID: 89dc68227b47a8d5e4d0e744b3acb6d8
3dsa62.gaokejd.xyz/ftl/commonPage/themes/hb/css/pc.css
200 OK 911 B URL GET HTTP/1.1 3dsa62.gaokejd.xyz/ftl/commonPage/themes/hb/css/pc.css
IP
ASN #138915 Kaopu Cloud HK Limited
Requested by https://www.vip3659q.com:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
Hash 1da71520b7a0a61526a8fa8d0feb40d1
ba1bf69dad8783563328054cae58ccabf1b00829
5eb4d895bcb33061cda238c8ff4985ede69a866819b980c732cf3802ec101e8d
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/commonPage/themes/hb/css/pc.css HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659q.com:8989/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 911
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-05
ETag: W/"5d848f4f-b5d"
Date: Thu, 28 Sep 2023 08:02:48 GMT
Last-Modified: Fri, 20 Sep 2019 08:35:27 GMT
Expires: Sat, 28 Oct 2023 08:02:48 GMT
Age: 452109
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-05, HIT from KS-CLOUD-XG-FOREIGN-21-04
X-Cdn-Request-ID: 03ceb5ff4cb6528311ed418fb3610377
3dsa62.gaokejd.xyz/061410/rcenter/common/static/js/gb.validation.min.js?v=1695807924649
5.2 kB URL 3dsa62.gaokejd.xyz/061410/rcenter/common/static/js/gb.validation.min.js?v=1695807924649
IP
ASN #138915 Kaopu Cloud HK Limited
File type Unicode text, UTF-8 text, with very long lines (801)
Hash 30be40425b37bee4158676082cef1f4d
b41ed46721936872d5d7eadf303ce22938240d2a
f5ca5f543161a6b37ca2bf26c4f3c630fe08323108c77dac1fba6ce755ce6f47
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /061410/rcenter/common/static/js/gb.validation.min.js?v=1695807924649 HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659q.com:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 5207
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-01
ETag: W/"633d510e-7fd7"
Date: Thu, 28 Sep 2023 08:04:55 GMT
Last-Modified: Wed, 05 Oct 2022 09:40:30 GMT
Expires: Sat, 28 Oct 2023 08:04:55 GMT
Age: 451982
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-204
x-link-via: xg21:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-01, HIT from KS-CLOUD-XG-FOREIGN-21-20
X-Cdn-Request-ID: 8817964990d49130cc793286ac9db8f1
3dsa62.gaokejd.xyz/ftl/commonPage/js/moment.js
27 kB URL 3dsa62.gaokejd.xyz/ftl/commonPage/js/moment.js
IP
ASN #138915 Kaopu Cloud HK Limited
File type Algol 68 source text\012- Pascal source, Unicode text, UTF-8 text
Hash 36c8f828395a9395549bd6e7307cb7e9
f30a4961558e2d3d4405e7d93aa28fdb63245e78
5d5e32fa1e06a0bc9396f349d142ad248e82086543e438c890e43f41e692db33
GET /ftl/commonPage/js/moment.js HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659q.com:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 26968
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-01
ETag: W/"64b633ca-1cab9"
Date: Thu, 28 Sep 2023 08:02:48 GMT
Last-Modified: Tue, 18 Jul 2023 06:40:10 GMT
Expires: Sat, 28 Oct 2023 08:02:48 GMT
Age: 452109
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-01, HIT from KS-CLOUD-XG-FOREIGN-21-06
X-Cdn-Request-ID: 47ac0b8d406149a9469226f1b0ba41ce
3dsa62.gaokejd.xyz/061410/rcenter/common/static/css/gb.validation.min.css
3.8 kB URL 3dsa62.gaokejd.xyz/061410/rcenter/common/static/css/gb.validation.min.css
IP
ASN #138915 Kaopu Cloud HK Limited
File type Unicode text, UTF-8 text, with very long lines (2295)
Hash f00ce0554efc5adea6a8e02d5e501cad
388840e376568b37ac0103aa5c87a268778db67a
3043f42fdd97ec607648da79c3abfa6f364404c7594143227c2541d1f0ac6069
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /061410/rcenter/common/static/css/gb.validation.min.css HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659q.com:8989/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 3788
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-02
ETag: W/"633d510e-2d52"
Date: Thu, 28 Sep 2023 08:05:21 GMT
Last-Modified: Wed, 05 Oct 2022 09:40:30 GMT
Expires: Sat, 28 Oct 2023 08:05:21 GMT
Age: 451956
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-204
x-link-via: xg21:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-02, HIT from KS-CLOUD-XG-FOREIGN-21-17
X-Cdn-Request-ID: 8c05f5cb3472c50a4c769038d5067081
3dsa62.gaokejd.xyz/ftl/commonPage/js/theme/default/layer.css?v=3.1.0
3.1 kB URL 3dsa62.gaokejd.xyz/ftl/commonPage/js/theme/default/layer.css?v=3.1.0
IP
ASN #138915 Kaopu Cloud HK Limited
Hash 5cf9259b7dd27aacd46161ec23d261cf
ba0c399616a5ae9cdd8aec5b76ba4aae4822367c
7f73a66b3a9a38576d124b6243a8984d795028e3493b8fa3f688d8dbe10cbccc
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/commonPage/js/theme/default/layer.css?v=3.1.0 HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659q.com:8989/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 3111
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-05
ETag: W/"6131d862-48e4"
Date: Thu, 28 Sep 2023 08:02:49 GMT
Last-Modified: Fri, 03 Sep 2021 08:10:10 GMT
Expires: Sat, 28 Oct 2023 08:02:49 GMT
Age: 452108
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-204
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-05, HIT from KS-CLOUD-XG-FOREIGN-21-03
X-Cdn-Request-ID: ebecbb09646edc3ab618c7ec7d6ac7f8
3dsa62.gaokejd.xyz/ftl/bet365-141-2/plugin/js/swiper-4.3.3.min.js
32 kB URL 3dsa62.gaokejd.xyz/ftl/bet365-141-2/plugin/js/swiper-4.3.3.min.js
IP
ASN #138915 Kaopu Cloud HK Limited
File type ASCII text, with very long lines (65275)
Hash 317fd00903b68a157500b40495e8d74e
29ba73703d5c1d5390551e9fb230a3f1ace1437e
efac6fec2ba437b6a906e249fad9de3c7d3c105a48136b0155376b5989c4d76a
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/bet365-141-2/plugin/js/swiper-4.3.3.min.js HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659q.com:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 31739
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-01
ETag: W/"614d2b23-1df6f"
Date: Thu, 28 Sep 2023 08:02:48 GMT
Last-Modified: Fri, 24 Sep 2021 01:34:27 GMT
Expires: Sat, 28 Oct 2023 08:02:48 GMT
Age: 452109
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-01, HIT from KS-CLOUD-XG-FOREIGN-21-15
X-Cdn-Request-ID: cb4f0e40e39df15128169fa6e6f9e2dd
www.vip3659q.com:8989/mobile-api/v5/origin/getFloat.html
2.6 kB URL www.vip3659q.com:8989/mobile-api/v5/origin/getFloat.html
IP
ASN #140227 Hong Kong Communications International Co., Limited
File type JSON data\012- HTML document, Unicode text, UTF-8 text, with very long lines (6686), with no line terminators
Hash 3a2ea604ecbba7d4dff15307b40b4484
61f300e5028c65c81db6d6b922f83f70cbeb3de8
4caeda93294300606ea1945c785dfe5b49811c2a17a7eef13a9a86d6a337070d
POST /mobile-api/v5/origin/getFloat.html HTTP/1.1
Host: www.vip3659q.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 68
Origin: https://www.vip3659q.com:8989
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659q.com:8989/
Cookie: sticket=UYzFPVGd0Tkdaall5
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200
Date: Tue, 03 Oct 2023 13:37:58 GMT
Content-Type: text/html;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Set-Cookie: route=e4e732c52e31521cf093adea5bf44bc6; Path=/
Access-Control-Allow-Origin: https://www.vip3659q.com:8989
Access-Control-Allow-Methods: *
Access-Control-Max-Age: 3600
Access-Control-Allow-Headers: Content-Type,Access-Token,X-Requested-With
Content-Disposition: inline;filename=f.txt
sub-sys: mobile
Content-Encoding: gzip
X-Frame-Options: SAMEORIGIN
uuid: 00141-02-00000000-1696340278660e
out-line: gb-site-097
www.vip3659q.com:8989/ftl/bet365-141-2/themes/images/hot.gif
1.3 kB URL www.vip3659q.com:8989/ftl/bet365-141-2/themes/images/hot.gif
IP
ASN #140227 Hong Kong Communications International Co., Limited
File type GIF image data, version 89a, 16 x 21\012- data
Hash 98b6e28b9ec42fb2cfeeb767adf534b0
ec30e424f3b775ad1d9b80e8947a4646ee8c5af9
06011ce85e775ecfeda87eaca9ee6ac75cb9522cefe71448d8b04adc81bd9f67
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/bet365-141-2/themes/images/hot.gif HTTP/1.1
Host: www.vip3659q.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659q.com:8989/
Cookie: sticket=UYzFPVGd0Tkdaall5
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:37:58 GMT
Content-Type: image/gif
Content-Length: 1265
Connection: keep-alive
Last-Modified: Mon, 15 Jul 2019 12:48:03 GMT
ETag: "5d2c7603-4f1"
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:37:58 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-097
Accept-Ranges: bytes
3dsa62.gaokejd.xyz/ftl/commonPage/zh_CN/mobileTopic/images/special_3.jpg
6.9 kB URL 3dsa62.gaokejd.xyz/ftl/commonPage/zh_CN/mobileTopic/images/special_3.jpg
IP
ASN #138915 Kaopu Cloud HK Limited
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 168x168, components 3\012- data
Hash 99be4bfe275809d4e436b77c991b1381
54eadee77394eb62ccf377ae68d9f49acb5b6785
4ca35131972acdf420b94f0d64a5a0f504eb5a7b0e6fb7b8b467916a12aae37d
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/commonPage/zh_CN/mobileTopic/images/special_3.jpg HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659q.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 6871
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-04
ETag: "5d848f4f-1ad7"
Date: Thu, 28 Sep 2023 08:02:49 GMT
Last-Modified: Fri, 20 Sep 2019 08:35:27 GMT
Expires: Sat, 28 Oct 2023 08:02:49 GMT
Age: 452108
Cache-Control: max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-04, HIT from KS-CLOUD-XG-FOREIGN-21-13
X-Cdn-Request-ID: 0f4509e74936f8f685df4cf21a0fb294
www.vip3659q.com:8989/index/getAppsUrl.html?device=android
898 B URL www.vip3659q.com:8989/index/getAppsUrl.html?device=android
IP
ASN #140227 Hong Kong Communications International Co., Limited
File type JSON data\012- , ASCII text, with very long lines (1136), with no line terminators
Hash c5b191f2839f9f93ee3fb8882a9977a8
cfc63038b85e7301a5c1fa2adc99afe923136417
e1b098888e1040741b8d17da22b875be76028d77e7e2a99d8388edbd0500f366
GET /index/getAppsUrl.html?device=android HTTP/1.1
Host: www.vip3659q.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659q.com:8989/
Cookie: sticket=UYzFPVGd0Tkdaall5
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200
Date: Tue, 03 Oct 2023 13:37:58 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Set-Cookie: route=f33ee5a1dfc5b32aa468916b583888ca; Path=/
Content-Disposition: inline;filename=f.txt
sub-sys: msite
Content-Encoding: gzip
X-Frame-Options: SAMEORIGIN
uuid: 00141-02-00000000-1696340278796f
out-line: gb-site-097
www.vip3659q.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_88_b8rzo7uzqt4sw.png
24 kB URL www.vip3659q.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_88_b8rzo7uzqt4sw.png
IP
ASN #140227 Hong Kong Communications International Co., Limited
File type PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Hash d7c26fb9503ab2caf040730495a59f32
06f8414b2709fac132dd2b3071843a86ab745b51
8d437af3cea1d4efc2bf19c763c17c3487f9a76db3a287a975a18f90dffea630
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_88_b8rzo7uzqt4sw.png HTTP/1.1
Host: www.vip3659q.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659q.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:37:58 GMT
Content-Type: image/png
Content-Length: 23806
Connection: keep-alive
Last-Modified: Sat, 11 Sep 2021 09:11:25 GMT
ETag: "613c72bd-5cfe"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:37:58 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-097
Accept-Ranges: bytes
www.vip3659q.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_48_AT05.png
23 kB URL www.vip3659q.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_48_AT05.png
IP
ASN #140227 Hong Kong Communications International Co., Limited
File type PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Hash 993bbfdbad1c48f514367407a17d2a77
7d3db06be9d7912432c768fa5b23335264db002c
df044589914265a7b02cca67f876c01d20e5eb0d9e50bdb2e8af8e0994daeab7
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_48_AT05.png HTTP/1.1
Host: www.vip3659q.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659q.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:37:58 GMT
Content-Type: image/png
Content-Length: 23286
Connection: keep-alive
Last-Modified: Mon, 14 Aug 2023 10:05:04 GMT
ETag: "64d9fc50-5af6"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:37:58 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-097
Accept-Ranges: bytes
www.vip3659q.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_10_30598.png
20 kB URL www.vip3659q.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_10_30598.png
IP
ASN #140227 Hong Kong Communications International Co., Limited
File type PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Hash 06b42bc87015b1f21a614c47bd914859
533e764dcc3ae171ac0c8f51a7fbcca10f26072f
dbcc205b41e6eec3484c66381d57bd921175da6e5936ade916c42e8bd1110eb3
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_10_30598.png HTTP/1.1
Host: www.vip3659q.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659q.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:37:58 GMT
Content-Type: image/png
Content-Length: 20250
Connection: keep-alive
Last-Modified: Mon, 15 Jul 2019 12:48:11 GMT
ETag: "5d2c760b-4f1a"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:37:58 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-097
Accept-Ranges: bytes
www.vip3659q.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_10_30599.png
22 kB URL www.vip3659q.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_10_30599.png
IP
ASN #140227 Hong Kong Communications International Co., Limited
File type PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Hash a83dc10b4e607a2685552e62c61e28ba
0f879b68bd5690faa0577ec9335ad219468e2670
3983d86b32d2cba092eea2e69dbdd3e6739824505d27c3ed04c892b28861a6e7
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_10_30599.png HTTP/1.1
Host: www.vip3659q.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659q.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:37:58 GMT
Content-Type: image/png
Content-Length: 22499
Connection: keep-alive
Last-Modified: Mon, 15 Jul 2019 12:48:11 GMT
ETag: "5d2c760b-57e3"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:37:58 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-097
Accept-Ranges: bytes
www.vip3659q.com:8989/ftl/commonPage/themes/images/hongbao/icon-close-1.png
6.1 kB URL www.vip3659q.com:8989/ftl/commonPage/themes/images/hongbao/icon-close-1.png
IP
ASN #140227 Hong Kong Communications International Co., Limited
File type PNG image data, 60 x 60, 8-bit/color RGBA, non-interlaced\012- data
Hash 30eb0e841ea47a1f05854ebca3f9e9c1
0cb9874c32ff8837c1ffaf89cba502ceb3483b2b
382670ae61fc81522b190a0536d7b993058183aea2ffe81d197ded6af07d2183
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/commonPage/themes/images/hongbao/icon-close-1.png HTTP/1.1
Host: www.vip3659q.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659q.com:8989/
Cookie: sticket=UYzFPVGd0Tkdaall5; route=f33ee5a1dfc5b32aa468916b583888ca
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:37:59 GMT
Content-Type: image/png
Content-Length: 6087
Connection: keep-alive
Last-Modified: Wed, 11 Aug 2021 06:10:54 GMT
ETag: "611369ee-17c7"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:37:59 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-097
Accept-Ranges: bytes
www.vip3659q.com:8989/index/getUserTimeZoneDate.html?t=lnad7ckk
119 B URL www.vip3659q.com:8989/index/getUserTimeZoneDate.html?t=lnad7ckk
IP
ASN #140227 Hong Kong Communications International Co., Limited
File type JSON data\012- , ASCII text, with no line terminators
Hash de5be7caddc1810380a0980c1f4e128d
48a66e004216a91e92f0bd9b6b4172e023f30179
3cf44af872237db98b9d47e110a17d5d5909c99ff8d6a22f5bbcbcb194c00c06
GET /index/getUserTimeZoneDate.html?t=lnad7ckk HTTP/1.1
Host: www.vip3659q.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659q.com:8989/
Cookie: sticket=UYzFPVGd0Tkdaall5; route=f33ee5a1dfc5b32aa468916b583888ca
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200
Date: Tue, 03 Oct 2023 13:37:59 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 119
Connection: keep-alive
Content-Disposition: inline;filename=f.txt
sub-sys: msite
cachettl: 3
X-Frame-Options: SAMEORIGIN
uuid: 00141-02-00000000-1696340279351a
out-line: gb-site-097
www.vip3659q.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_10_30595.png
28 kB URL www.vip3659q.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_10_30595.png
IP
ASN #140227 Hong Kong Communications International Co., Limited
File type PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Hash b2c524e4d0297da3203c6d45d2f07115
e91bac7336aabae38e8038d2fd931a2f42fe3c84
91c4128aa7b5fa411efae3f85e25b618c0e83958b984a0460dc5e51cb83ccdd1
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_10_30595.png HTTP/1.1
Host: www.vip3659q.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659q.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:37:59 GMT
Content-Type: image/png
Content-Length: 27580
Connection: keep-alive
Last-Modified: Tue, 21 Dec 2021 09:55:47 GMT
ETag: "61c1a4a3-6bbc"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:37:59 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-097
Accept-Ranges: bytes
www.vip3659q.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_10_30594.png
25 kB URL www.vip3659q.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_10_30594.png
IP
ASN #140227 Hong Kong Communications International Co., Limited
File type PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Hash 7b497cfccdf85cf3a934c4d61e80d55a
2ed0898ac3b002f53b99dd5b059509098078295e
210370587be2eff0fbd4e3f29dd8114da568e50ef60f94912bd6b37eb657be72
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_10_30594.png HTTP/1.1
Host: www.vip3659q.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659q.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:37:59 GMT
Content-Type: image/png
Content-Length: 24721
Connection: keep-alive
Last-Modified: Mon, 04 Jul 2022 02:26:45 GMT
ETag: "62c24fe5-6091"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:37:59 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-097
Accept-Ranges: bytes
www.vip3659q.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_25_F-SF01.png
23 kB URL www.vip3659q.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_25_F-SF01.png
IP
ASN #140227 Hong Kong Communications International Co., Limited
File type PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Hash 2fbcb4a692fc6b41699f7e60ecf26a63
da35d134b38413040316f5cf1e5f76d75fd941c7
ccdecdf7de01b3b3513596f7c4555266473805551702685e14299770ae8bed26
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_25_F-SF01.png HTTP/1.1
Host: www.vip3659q.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659q.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:37:59 GMT
Content-Type: image/png
Content-Length: 22679
Connection: keep-alive
Last-Modified: Mon, 15 Jul 2019 12:48:11 GMT
ETag: "5d2c760b-5897"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:37:59 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-097
Accept-Ranges: bytes
www.vip3659q.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_10_30588.png
20 kB URL www.vip3659q.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_10_30588.png
IP
ASN #140227 Hong Kong Communications International Co., Limited
File type PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Hash f5a323409d6eeca58e65b88d3d0bdd15
6b60c6305e3065a1e9641865eb20243526444f17
b895770db7a902a14119dae3f32bb5622b8e0ae8ddb181f5b4e833e6cd535fb2
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_10_30588.png HTTP/1.1
Host: www.vip3659q.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659q.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:37:59 GMT
Content-Type: image/png
Content-Length: 19724
Connection: keep-alive
Last-Modified: Mon, 05 Jun 2023 01:35:42 GMT
ETag: "647d3bee-4d0c"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:37:59 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-097
Accept-Ranges: bytes
www.vip3659q.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_35_1050.png
22 kB URL www.vip3659q.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_35_1050.png
IP
ASN #140227 Hong Kong Communications International Co., Limited
File type PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Hash 0445397f922bcef3252bedd6877d8668
f4d265e0774ed0dbda4d4548863cd852c48c570f
3069757649a24fe38937eebf84c12b959ec4e58edf10cf2c661cc2ae433a40c0
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_35_1050.png HTTP/1.1
Host: www.vip3659q.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659q.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:37:59 GMT
Content-Type: image/png
Content-Length: 21792
Connection: keep-alive
Last-Modified: Sat, 11 Sep 2021 09:11:25 GMT
ETag: "613c72bd-5520"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:37:59 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-097
Accept-Ranges: bytes
www.vip3659q.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_10_30592.png
18 kB URL www.vip3659q.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_10_30592.png
IP
ASN #140227 Hong Kong Communications International Co., Limited
File type PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Hash 2a8b9275fdec775b8d1ec6e4b0c5df8f
d1d297beee93861fd031fa9e66ddfbe8f7822e28
d2e8ae7ed84c4081f1aa6e15229af593354b571a2097b506a489a0bc1eeea8ec
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_10_30592.png HTTP/1.1
Host: www.vip3659q.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659q.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:37:59 GMT
Content-Type: image/png
Content-Length: 17796
Connection: keep-alive
Last-Modified: Fri, 10 Mar 2023 09:30:12 GMT
ETag: "640af8a4-4584"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:37:59 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-097
Accept-Ranges: bytes
www.vip3659q.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_49_14.png
20 kB URL www.vip3659q.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_49_14.png
IP
ASN #140227 Hong Kong Communications International Co., Limited
File type PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Hash 86f136869bc81df2a646e873bd23b46d
c40c25bbe820c39731d1c679653b28e119cbbadc
bfebb7307f1858837e6b61be64e46352b1ccd29bf982e9975886c9feda9f637f
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_49_14.png HTTP/1.1
Host: www.vip3659q.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659q.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:37:59 GMT
Content-Type: image/png
Content-Length: 20462
Connection: keep-alive
Last-Modified: Fri, 03 Feb 2023 02:46:55 GMT
ETag: "63dc759f-4fee"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:37:59 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-097
Accept-Ranges: bytes
3dsa62.gaokejd.xyz/fserver/files/gb/141/carousel/10315/1659084673947.png?wsSecret=57915deacf81338a9e7311d249589e01&wsTime=1696340278
107 kB URL 3dsa62.gaokejd.xyz/fserver/files/gb/141/carousel/10315/1659084673947.png?wsSecret=57915deacf81338a9e7311d249589e01&wsTime=1696340278
IP
ASN #138915 Kaopu Cloud HK Limited
File type PNG image data, 850 x 214, 8-bit colormap, non-interlaced\012- data
Size 107 kB (106746 bytes)
Hash e575f7f68ace5718a733ce9a735dba27
2a2aff13696be1b051eb7c78e7153db8c1ecaea4
144dfdb1a20d96a0eeef856bcacb63396dce907b5291196a2ea89f3b96543544
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /fserver/files/gb/141/carousel/10315/1659084673947.png?wsSecret=57915deacf81338a9e7311d249589e01&wsTime=1696340278 HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659q.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 106746
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-04
ETag: "6379d708-1a0fa"
Date: Thu, 28 Sep 2023 08:09:30 GMT
Last-Modified: Sun, 20 Nov 2022 07:28:08 GMT
Expires: Sat, 28 Oct 2023 08:09:30 GMT
Age: 451708
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-04, HIT from KS-CLOUD-XG-FOREIGN-21-13
X-Cdn-Request-ID: 66cdeb9afdf2934979e5603ea1791690
www.vip3659q.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_10_30593.png
87 kB URL www.vip3659q.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_10_30593.png
IP
ASN #140227 Hong Kong Communications International Co., Limited
File type PNG image data, 250 x 215, 8-bit/color RGBA, non-interlaced\012- data
Hash c851a15f25d8a0c556c7a56b75aebf6f
90dd4c3169383ee12aea9e93ce8fdfb6f3146f51
655efce4a9020abae7117b5e296b181b1ffbd3f9b9dece49f1e547cf6b9396b3
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_10_30593.png HTTP/1.1
Host: www.vip3659q.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659q.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:37:59 GMT
Content-Type: image/png
Content-Length: 86675
Connection: keep-alive
Last-Modified: Wed, 06 Oct 2021 05:11:57 GMT
ETag: "615d301d-15293"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:37:59 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-097
Accept-Ranges: bytes
www.vip3659q.com:8989/headerInfo.html?t=lnad7cvy
118 B URL www.vip3659q.com:8989/headerInfo.html?t=lnad7cvy
IP
ASN #140227 Hong Kong Communications International Co., Limited
File type JSON data\012- , ASCII text, with no line terminators
Hash 8745901b28622b47c5f427b7d056184f
f980da45f40a5fed26f35e7c7fc37bb2718d8d65
5b4b28d20fc75c37634169517ad7c3cc2632044504fb0038d8026d3969a91744
GET /headerInfo.html?t=lnad7cvy HTTP/1.1
Host: www.vip3659q.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659q.com:8989/
Cookie: sticket=UYzFPVGd0Tkdaall5; route=f33ee5a1dfc5b32aa468916b583888ca
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200
Date: Tue, 03 Oct 2023 13:37:59 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Disposition: inline;filename=f.txt
sub-sys: msite
Content-Encoding: gzip
X-Frame-Options: SAMEORIGIN
uuid: 00141-02-00000000-16963402791a2b
out-line: gb-site-097
www.vip3659q.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_48_GO02.png
22 kB URL www.vip3659q.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_48_GO02.png
IP
ASN #140227 Hong Kong Communications International Co., Limited
File type PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Hash 12f4870c1a8e51e39a6c8bfdd11ed804
47eb5ed8af8ae69595b8743e7a61d3fe825cc048
1f6c135cc810d561e52ad5ba9ca5cfda82897c82db0863ab366e62d5970b3883
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_48_GO02.png HTTP/1.1
Host: www.vip3659q.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659q.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:37:59 GMT
Content-Type: image/png
Content-Length: 21953
Connection: keep-alive
Last-Modified: Thu, 23 Dec 2021 07:42:29 GMT
ETag: "61c42865-55c1"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:37:59 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-097
Accept-Ranges: bytes
www.vip3659q.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_35_1051.png
200 OK 23 kB URL GET HTTP/1.1 www.vip3659q.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_35_1051.png
IP
ASN #140227 Hong Kong Communications International Co., Limited
Requested by https://www.vip3659q.com:8989/
Certificate IssuerLet's Encrypt
Subjectvip3659q.com
FingerprintA1:64:6A:6B:41:AC:6F:A2:2E:0A:55:07:A6:52:B1:98:D5:49:7C:90
ValidityMon, 25 Sep 2023 15:15:43 GMT - Sun, 24 Dec 2023 15:15:42 GMT
File type PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Hash c2bad36f7d90b3d9d5077df183c0a80b
7890000fd16f911c2aa5223af3cddf3ed6c5f702
90b7d091ece32c042a2866eb7d6943d7e88148d3bb474eaff988a78942d6d3aa
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_35_1051.png HTTP/1.1
Host: www.vip3659q.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659q.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:37:59 GMT
Content-Type: image/png
Content-Length: 23172
Connection: keep-alive
Last-Modified: Mon, 15 Jul 2019 12:48:11 GMT
ETag: "5d2c760b-5a84"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:37:59 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-097
Accept-Ranges: bytes
www.vip3659q.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_48_AB3.png
77 kB URL www.vip3659q.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_48_AB3.png
IP
ASN #140227 Hong Kong Communications International Co., Limited
File type PNG image data, 249 x 215, 8-bit/color RGBA, non-interlaced\012- data
Hash 4efe93bd780474540b29c662acef4d68
2d588f15315c28feef52d101bff05d5a2071929d
e52983bbd04e43f83dccc17ccff1064098ae925ae651f753e59b1530a0e4d733
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_48_AB3.png HTTP/1.1
Host: www.vip3659q.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659q.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:37:59 GMT
Content-Type: image/png
Content-Length: 76813
Connection: keep-alive
Last-Modified: Mon, 14 Aug 2023 10:05:04 GMT
ETag: "64d9fc50-12c0d"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:37:59 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-097
Accept-Ranges: bytes
www.vip3659q.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_48_AT01.png
26 kB URL www.vip3659q.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_48_AT01.png
IP
ASN #140227 Hong Kong Communications International Co., Limited
File type PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Hash f7637fd9fb8b0dd130560efe9dfcc5ac
c6a6b30f73923175a88fb0c5685c7943ef934c2e
a647abf9fc56228cf6ab783115c113b35479dce89ff1dc4db61efb0bf3234cb4
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_48_AT01.png HTTP/1.1
Host: www.vip3659q.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659q.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:37:59 GMT
Content-Type: image/png
Content-Length: 25819
Connection: keep-alive
Last-Modified: Mon, 14 Aug 2023 10:05:04 GMT
ETag: "64d9fc50-64db"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:37:59 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-097
Accept-Ranges: bytes
www.vip3659q.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_49_11.png
20 kB URL www.vip3659q.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_49_11.png
IP
ASN #140227 Hong Kong Communications International Co., Limited
File type PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Hash d495fdd61d29ff61ff34fdccc5597d0f
95a2b5b377a239ccf2d5e5cc81534f79dbbbe033
08097b5ebe2de4f6d295aeb64fc72170c766ea81851e9baf96ff4de926fc678b
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_49_11.png HTTP/1.1
Host: www.vip3659q.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659q.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:37:59 GMT
Content-Type: image/png
Content-Length: 19964
Connection: keep-alive
Last-Modified: Sat, 11 Sep 2021 09:11:25 GMT
ETag: "613c72bd-4dfc"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:37:59 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-097
Accept-Ranges: bytes
www.vip3659q.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_3_7695.png
23 kB URL www.vip3659q.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_3_7695.png
IP
ASN #140227 Hong Kong Communications International Co., Limited
File type PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Hash 3c3c588128385827b532946ac86d0a6d
7d84bebb554df6b3c699352d83d640368903ceff
206c91c826cef5d9db409283a0c439a4322211588ecc14b6abb0af9d4573b328
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_3_7695.png HTTP/1.1
Host: www.vip3659q.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659q.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:37:59 GMT
Content-Type: image/png
Content-Length: 22623
Connection: keep-alive
Last-Modified: Tue, 29 Mar 2022 10:22:55 GMT
ETag: "6242ddff-585f"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:37:59 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-097
Accept-Ranges: bytes
vue.livehelp100service.com/visitorside/js/common.80370cb8.js
200 OK 23 kB URL GET HTTP/2 vue.livehelp100service.com/visitorside/js/common.80370cb8.js
IP
Requested by https://www.vip3659q.com:8989/
Certificate IssuerAmazon
Subject*.livehelp100service.com
Fingerprint64:45:EC:14:03:13:80:70:27:C3:0D:CA:0D:28:F6:FA:05:0E:D3:D0
ValidityTue, 15 Aug 2023 00:00:00 GMT - Thu, 12 Sep 2024 23:59:59 GMT
File type Unicode text, UTF-8 text, with very long lines (62098)
Hash 97304dbfaa07b3fefbc7b8d8049c7585
6591ec921e4e391977d0340f6f4520a3cf5f3e2d
f436d2d7a39d26a2c9e615d69d28facd8826ce128b167497c290e0d0b1ecdc99
GET /visitorside/js/common.80370cb8.js HTTP/1.1
Host: vue.livehelp100service.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.vip3659q.com:8989
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659q.com:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript
date: Tue, 03 Oct 2023 02:20:18 GMT
server: nginx/1.22.1
last-modified: Wed, 20 Sep 2023 11:00:35 GMT
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
access-control-expose-headers: Content-Length,Content-Range
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: br
etag: W/"650ad0d3-10474"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 80d21802b1b80c40e55ccf83433b8eac.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: r2cbKm49GLDOvq-U87Qq18-pdhxDP0vVgRoUARShK2Ctp0mFmR5Lmg==
age: 40661
X-Firefox-Spdy: h2
www.vip3659q.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_3_7583.png
20 kB URL www.vip3659q.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_3_7583.png
IP
ASN #140227 Hong Kong Communications International Co., Limited
File type PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Hash a33f52ea5bd6275e21267f80791ef78a
8c628b103599834a360c53bbb3fbc9e01c5878c6
bb5a4afcdc59886a05b426337bdc6480c07742c0d06ca7bb3a03f66d904731e7
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_3_7583.png HTTP/1.1
Host: www.vip3659q.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659q.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:38:00 GMT
Content-Type: image/png
Content-Length: 20322
Connection: keep-alive
Last-Modified: Tue, 29 Mar 2022 10:22:55 GMT
ETag: "6242ddff-4f62"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:38:00 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-097
Accept-Ranges: bytes
www.vip3659q.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_3_8673.png
25 kB URL www.vip3659q.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_3_8673.png
IP
ASN #140227 Hong Kong Communications International Co., Limited
File type PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Hash 230a3ba266ae64dee8f70d0ff2f3b0e0
e5bd5defc0486a69adf7d8b187c2100e015260a2
c38424550af0abe01c532bcfdb9d3985a006a2f50ebe65da95b5a4afd2495449
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_3_8673.png HTTP/1.1
Host: www.vip3659q.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659q.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:38:00 GMT
Content-Type: image/png
Content-Length: 25030
Connection: keep-alive
Last-Modified: Mon, 19 Dec 2022 03:01:08 GMT
ETag: "639fd3f4-61c6"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:38:00 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-097
Accept-Ranges: bytes
www.vip3659q.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_48_CC1001.png
200 OK 21 kB URL GET HTTP/1.1 www.vip3659q.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_48_CC1001.png
IP
ASN #140227 Hong Kong Communications International Co., Limited
Requested by https://www.vip3659q.com:8989/
Certificate IssuerLet's Encrypt
Subjectvip3659q.com
FingerprintA1:64:6A:6B:41:AC:6F:A2:2E:0A:55:07:A6:52:B1:98:D5:49:7C:90
ValidityMon, 25 Sep 2023 15:15:43 GMT - Sun, 24 Dec 2023 15:15:42 GMT
File type PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Hash 07db342d71e455736e0e8b5656ed7174
2d9bb7427a73a28f4bfec2a70dc227af4555968c
c1a35508763b061947ad0ea9eb9972b92b079c9510a2a746979dbffd84efde0f
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_48_CC1001.png HTTP/1.1
Host: www.vip3659q.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659q.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:38:00 GMT
Content-Type: image/png
Content-Length: 20993
Connection: keep-alive
Last-Modified: Wed, 30 Mar 2022 02:50:04 GMT
ETag: "6243c55c-5201"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:38:00 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-097
Accept-Ranges: bytes
www.vip3659q.com:8989/mobile-api/v5/origin/loginSwitchCheck.html
174 B URL www.vip3659q.com:8989/mobile-api/v5/origin/loginSwitchCheck.html
IP
ASN #140227 Hong Kong Communications International Co., Limited
File type JSON data\012- , Unicode text, UTF-8 text, with no line terminators
Hash 1452cebf3e2bb129b06762f43f09e5c8
0ec65f1e79233e8c59f76c55fb89ac8637cfb070
99a31cd18b8ce37d3725d0a77d5e314452d2906ed2b54b8b19d4de849d1bf13d
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /mobile-api/v5/origin/loginSwitchCheck.html HTTP/1.1
Host: www.vip3659q.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659q.com:8989/
Cookie: sticket=UYzFPVGd0Tkdaall5; route=f33ee5a1dfc5b32aa468916b583888ca
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200
Date: Tue, 03 Oct 2023 13:38:00 GMT
Content-Type: text/html;charset=utf-8
Content-Length: 174
Connection: keep-alive
Set-Cookie: route=21c20bedba26b78ebec8dc5df8d96c86; Path=/
Access-Control-Allow-Methods: *
Access-Control-Max-Age: 3600
Access-Control-Allow-Headers: Content-Type,Access-Token,X-Requested-With
Content-Disposition: inline;filename=f.txt
sub-sys: mobile
X-Frame-Options: SAMEORIGIN
uuid: 00141-02-00000000-1696340280c238
out-line: gb-site-097
www.vip3659q.com:8989/index/getUserTimeZoneDate.html?t=lnad7d9k
200 119 B URL GET HTTP/1.1 www.vip3659q.com:8989/index/getUserTimeZoneDate.html?t=lnad7d9k
IP
ASN #140227 Hong Kong Communications International Co., Limited
Requested by https://www.vip3659q.com:8989/
Certificate IssuerLet's Encrypt
Subjectvip3659q.com
FingerprintA1:64:6A:6B:41:AC:6F:A2:2E:0A:55:07:A6:52:B1:98:D5:49:7C:90
ValidityMon, 25 Sep 2023 15:15:43 GMT - Sun, 24 Dec 2023 15:15:42 GMT
File type JSON data\012- , ASCII text, with no line terminators
Hash 08a1993a05689de70570f3e63ef0b4e6
14f199c8338053f42c24fe9308a45ec178d33548
2da48c5a896b50ca3f0c2c477cf36912a06174e5f0a9c207aea252acac5c2c80
GET /index/getUserTimeZoneDate.html?t=lnad7d9k HTTP/1.1
Host: www.vip3659q.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659q.com:8989/
Cookie: sticket=UYzFPVGd0Tkdaall5; route=f33ee5a1dfc5b32aa468916b583888ca
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200
Date: Tue, 03 Oct 2023 13:38:00 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 119
Connection: keep-alive
Content-Disposition: inline;filename=f.txt
sub-sys: msite
cachettl: 3
X-Frame-Options: SAMEORIGIN
uuid: 00141-02-00000000-16963402802eb5
out-line: gb-site-097
www.vip3659q.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_60_31006.png
20 kB URL www.vip3659q.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_60_31006.png
IP
ASN #140227 Hong Kong Communications International Co., Limited
File type PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Hash a678f783e25a467193ee4fa0252d5bf4
ffadbf4388ce2dc312c720e75f9b9d73c05e93cd
1421dad09cedb4c186e8b4ac1cc027955d52a9d268b29144d3d8f0d60d5ed075
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_60_31006.png HTTP/1.1
Host: www.vip3659q.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659q.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:38:00 GMT
Content-Type: image/png
Content-Length: 19766
Connection: keep-alive
Last-Modified: Wed, 10 May 2023 06:20:23 GMT
ETag: "645b37a7-4d36"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:38:00 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-097
Accept-Ranges: bytes
www.vip3659q.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_3_7697.png
27 kB URL www.vip3659q.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_3_7697.png
IP
ASN #140227 Hong Kong Communications International Co., Limited
File type PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Hash 6806dc9c36ddfc927f9814ab1f8a021c
fee37bf769af8a26bf58ed70405100bfee39e867
1455e15577781e784863594804797d19c9edb69c6aaa32fe86f9268b9847d6c0
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_3_7697.png HTTP/1.1
Host: www.vip3659q.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659q.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:38:00 GMT
Content-Type: image/png
Content-Length: 26952
Connection: keep-alive
Last-Modified: Tue, 29 Mar 2022 10:22:55 GMT
ETag: "6242ddff-6948"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:38:00 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-097
Accept-Ranges: bytes
www.vip3659q.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_49_12.png
26 kB URL www.vip3659q.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_49_12.png
IP
ASN #140227 Hong Kong Communications International Co., Limited
File type PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Hash dc21406f53974241a6ea9d1ba342a0a3
d98181158619aa5993f35dc4821c26ea657c9c35
656f550c68b469776ebe40713d8556d43af391da6cc881918da5f6c983ba823f
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_49_12.png HTTP/1.1
Host: www.vip3659q.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659q.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:38:00 GMT
Content-Type: image/png
Content-Length: 26500
Connection: keep-alive
Last-Modified: Tue, 30 Nov 2021 08:28:44 GMT
ETag: "61a5e0bc-6784"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:38:00 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-097
Accept-Ranges: bytes
www.vip3659q.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_3_7696.png
23 kB URL www.vip3659q.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_3_7696.png
IP
ASN #140227 Hong Kong Communications International Co., Limited
File type PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Hash 8443275571f203acae6b53207ed73b9f
c3d112abe5edbacb300b321b54cdc9c7d4666bbf
c54b7cdaf70e87778fc4d9c645d5c0296184f7f67793a2b777c194599700882c
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_3_7696.png HTTP/1.1
Host: www.vip3659q.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659q.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:38:00 GMT
Content-Type: image/png
Content-Length: 22876
Connection: keep-alive
Last-Modified: Tue, 29 Mar 2022 10:22:55 GMT
ETag: "6242ddff-595c"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:38:00 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-097
Accept-Ranges: bytes
www.vip3659q.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_49_10.png
22 kB URL www.vip3659q.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_49_10.png
IP
ASN #140227 Hong Kong Communications International Co., Limited
File type PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Hash 548f74b6fbacfdafac2d13982ea01f5b
62056e33bd99fdb7a26ed1eb6e0d34baae75ab4b
8d23af5f64406af80c5f00bbe2806c0a696eee1b9fa144135a679cf7d15c27a9
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_49_10.png HTTP/1.1
Host: www.vip3659q.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659q.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:38:00 GMT
Content-Type: image/png
Content-Length: 21502
Connection: keep-alive
Last-Modified: Sat, 11 Sep 2021 09:11:25 GMT
ETag: "613c72bd-53fe"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:38:00 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-097
Accept-Ranges: bytes
www.vip3659q.com:8989/mobile-api/v5/origin/getThirdParam.html
103 B URL www.vip3659q.com:8989/mobile-api/v5/origin/getThirdParam.html
IP
ASN #140227 Hong Kong Communications International Co., Limited
File type JSON data\012- , Unicode text, UTF-8 text, with no line terminators
Hash 9ac55fe189e4f53f37156e563e0f542e
18b13b1360ce9fbd973e046d2652be38d58a15e0
d7e02321006e1520d4c3e8d26428462419388e022cc89f3c974d0b87ad83af7b
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /mobile-api/v5/origin/getThirdParam.html HTTP/1.1
Host: www.vip3659q.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659q.com:8989/
Cookie: sticket=UYzFPVGd0Tkdaall5; route=21c20bedba26b78ebec8dc5df8d96c86
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200
Date: Tue, 03 Oct 2023 13:38:00 GMT
Content-Type: text/html;charset=utf-8
Content-Length: 103
Connection: keep-alive
Access-Control-Allow-Methods: *
Access-Control-Max-Age: 3600
Access-Control-Allow-Headers: Content-Type,Access-Token,X-Requested-With
Content-Disposition: inline;filename=f.txt
sub-sys: mobile
X-Frame-Options: SAMEORIGIN
uuid: 00141-02-00000000-1696340280969f
out-line: gb-site-097
www.vip3659q.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_9_6.png
22 kB URL www.vip3659q.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_9_6.png
IP
ASN #140227 Hong Kong Communications International Co., Limited
File type PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Hash 18fc529cc0b071eee9ab764c7b3cebf2
e79958322824752ee3be995515d242f3a65dbd15
7dc7c033a2391b021f70e5576b15806c1e3e73b2bf5a0beda751bbdff7513b7b
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_9_6.png HTTP/1.1
Host: www.vip3659q.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659q.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:38:00 GMT
Content-Type: image/png
Content-Length: 21622
Connection: keep-alive
Last-Modified: Mon, 15 Jul 2019 12:48:11 GMT
ETag: "5d2c760b-5476"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:38:00 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-097
Accept-Ranges: bytes
3dsa62.gaokejd.xyz/ftl/bet365-141-2/images/index-casino.jpg?wsSecret=a2c93fabbf3fcc0522fb2223e29ee1e9&wsTime=1696340278
12 kB URL 3dsa62.gaokejd.xyz/ftl/bet365-141-2/images/index-casino.jpg?wsSecret=a2c93fabbf3fcc0522fb2223e29ee1e9&wsTime=1696340278
IP
ASN #138915 Kaopu Cloud HK Limited
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 271x81, components 3\012- data
Hash 62f912bb32aecad4ab710243a04a4ba9
f8a22eaaf6dc17329932db9c19484907332ea800
ecc11913678af89246c957fae2eaf6cbb07316f7ad24bdcc3e2b115293e46f60
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/bet365-141-2/images/index-casino.jpg?wsSecret=a2c93fabbf3fcc0522fb2223e29ee1e9&wsTime=1696340278 HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659q.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 11660
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-05
ETag: "5d2c7603-2d8c"
Date: Thu, 28 Sep 2023 08:02:50 GMT
Last-Modified: Mon, 15 Jul 2019 12:48:03 GMT
Expires: Sat, 28 Oct 2023 08:02:50 GMT
Age: 452109
Cache-Control: max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-05, HIT from KS-CLOUD-XG-FOREIGN-21-12
X-Cdn-Request-ID: cf0b28447527005f4bf415b89f7472ca
www.vip3659q.com:8989/game-api/v5/content/sportRecommended.html?t=lnad7dlc
200 755 B URL GET HTTP/1.1 www.vip3659q.com:8989/game-api/v5/content/sportRecommended.html?t=lnad7dlc
IP
ASN #140227 Hong Kong Communications International Co., Limited
Requested by https://www.vip3659q.com:8989/
Certificate IssuerLet's Encrypt
Subjectvip3659q.com
FingerprintA1:64:6A:6B:41:AC:6F:A2:2E:0A:55:07:A6:52:B1:98:D5:49:7C:90
ValidityMon, 25 Sep 2023 15:15:43 GMT - Sun, 24 Dec 2023 15:15:42 GMT
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (2759), with no line terminators
Hash 1a8ea2eba6062801d6e96d38028ddb48
db6ac927d3a44bc3c1309a3358f095cc7b0be514
31413276ebe4e6cfee64debf63b81ec30787f7457382a6324b1c1eefd7073b2f
GET /game-api/v5/content/sportRecommended.html?t=lnad7dlc HTTP/1.1
Host: www.vip3659q.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659q.com:8989/
Cookie: sticket=UYzFPVGd0Tkdaall5; route=21c20bedba26b78ebec8dc5df8d96c86
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200
Date: Tue, 03 Oct 2023 13:38:00 GMT
Content-Type: text/html;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Set-Cookie: route=290ce78404a5215f66d3621e56fad2b8; Path=/
Content-Disposition: inline;filename=f.txt
sub-sys: mobile
Content-Encoding: gzip
X-Frame-Options: SAMEORIGIN
uuid: 00141-02-00000000-1696340280c9fc
out-line: gb-site-097
3dsa62.gaokejd.xyz/ftl/bet365-141-2/images/index-lottery.jpg?wsSecret=c55555e27d9d86ae45366e1b9825374a&wsTime=1696340278
7.9 kB URL 3dsa62.gaokejd.xyz/ftl/bet365-141-2/images/index-lottery.jpg?wsSecret=c55555e27d9d86ae45366e1b9825374a&wsTime=1696340278
IP
ASN #138915 Kaopu Cloud HK Limited
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 270x81, components 3\012- data
Hash 90dfcd159d726929aa2e8140ac0a43cd
dae58fb59b64ca2922198f64c87762d10dbd161a
cd548d38e7e22e8597da17809e9dd1ee020cfe72288ac55fdb14c9b4130d9e92
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/bet365-141-2/images/index-lottery.jpg?wsSecret=c55555e27d9d86ae45366e1b9825374a&wsTime=1696340278 HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659q.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 7926
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-06
ETag: "5d2c7603-1ef6"
Date: Thu, 28 Sep 2023 08:02:50 GMT
Last-Modified: Mon, 15 Jul 2019 12:48:03 GMT
Expires: Sat, 28 Oct 2023 08:02:50 GMT
Age: 452109
Cache-Control: max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-06, HIT from KS-CLOUD-XG-FOREIGN-21-16
X-Cdn-Request-ID: cb36aa8c3f4ce8303d42d63f42a33991
3dsa62.gaokejd.xyz/ftl/commonPage/themes/images/layer-dialog/gui-layer-close-bg.png
1.3 kB URL 3dsa62.gaokejd.xyz/ftl/commonPage/themes/images/layer-dialog/gui-layer-close-bg.png
IP
ASN #138915 Kaopu Cloud HK Limited
File type PNG image data, 34 x 34, 8-bit/color RGBA, non-interlaced\012- data
Hash a2e938202c0287b9c82461a6fd94dee9
b5e2adc7cb07c18a70a88af314e56b946ec1a1b6
df9ce20db277ad8302c704a73aff5024683a0d38aff0d3e7e884a67a24439936
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/commonPage/themes/images/layer-dialog/gui-layer-close-bg.png HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3dsa62.gaokejd.xyz/ftl/commonPage/themes/gui-layer.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 1321
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-02
ETag: "5d848f4f-529"
Date: Thu, 28 Sep 2023 08:06:23 GMT
Last-Modified: Fri, 20 Sep 2019 08:35:27 GMT
Expires: Sat, 28 Oct 2023 08:06:23 GMT
Age: 451896
Cache-Control: max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-02, HIT from KS-CLOUD-XG-FOREIGN-21-11
X-Cdn-Request-ID: 4a9c4334cc33772ac63577a6caab793c
www.vip3659q.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_60_31008.png
20 kB URL www.vip3659q.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_60_31008.png
IP
ASN #140227 Hong Kong Communications International Co., Limited
File type PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Hash 37070ea9397e4c9bfa4c6fa5e499de59
fd2237d48600d3a6acba5c8982c1d594962418d4
f3d50d3f597d6a23e42d069971e80a14851d7c996bbce674ed591c6e87b64bda
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_60_31008.png HTTP/1.1
Host: www.vip3659q.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659q.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:38:00 GMT
Content-Type: image/png
Content-Length: 20172
Connection: keep-alive
Last-Modified: Wed, 10 May 2023 06:20:23 GMT
ETag: "645b37a7-4ecc"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:38:00 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-097
Accept-Ranges: bytes
3dsa62.gaokejd.xyz/ftl/bet365-141-2/images/index-game.jpg?wsSecret=bdbd05876f64b201aac0888c9691a429&wsTime=1696340278
200 OK 12 kB URL GET HTTP/1.1 3dsa62.gaokejd.xyz/ftl/bet365-141-2/images/index-game.jpg?wsSecret=bdbd05876f64b201aac0888c9691a429&wsTime=1696340278
IP
ASN #138915 Kaopu Cloud HK Limited
Requested by https://www.vip3659q.com:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 271x81, components 3\012- data
Hash 6274335f5e37fb7e3aa19dba05a07ef3
d54c0b0cccf2158aee56d7f1f465d5bb907edf06
39d9bd9e19956bb52c4c880dc6987383c34dc0873aadaa6b3763e3421e06def7
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/bet365-141-2/images/index-game.jpg?wsSecret=bdbd05876f64b201aac0888c9691a429&wsTime=1696340278 HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659q.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 11478
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-01
ETag: "5d2c7603-2cd6"
Date: Thu, 28 Sep 2023 08:02:49 GMT
Last-Modified: Mon, 15 Jul 2019 12:48:03 GMT
Expires: Sat, 28 Oct 2023 08:02:49 GMT
Age: 452110
Cache-Control: max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-01, HIT from KS-CLOUD-XG-FOREIGN-21-03
X-Cdn-Request-ID: d846f232e6e267fbc0c655cbaa01c85d
www.vip3659q.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_49_13.png
26 kB URL www.vip3659q.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_49_13.png
IP
ASN #140227 Hong Kong Communications International Co., Limited
File type PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Hash 1ac91d4dfd52f26f9c5682cf67ac3f49
6ca58050b81ce1be80d3b0c749b60a79d8413b98
021c28d7d369afa39f3aeac128f91dd3f377fc910a35d76a2e9d2463093e3b44
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_49_13.png HTTP/1.1
Host: www.vip3659q.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659q.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:38:00 GMT
Content-Type: image/png
Content-Length: 26179
Connection: keep-alive
Last-Modified: Mon, 25 Apr 2022 07:55:46 GMT
ETag: "62665402-6643"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:38:00 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-097
Accept-Ranges: bytes
www.vip3659q.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_60_7006.png
20 kB URL www.vip3659q.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_60_7006.png
IP
ASN #140227 Hong Kong Communications International Co., Limited
File type PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Hash 7facd57d474585a0c9e3b2b6d4762969
814362f72beba19c7dfb93b8d2bc760f87a2a00e
3bf01b8e569dbd7060d7dcb2222e7e3ebc9e42f715535df2315c877fed9046bd
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_60_7006.png HTTP/1.1
Host: www.vip3659q.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659q.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:38:00 GMT
Content-Type: image/png
Content-Length: 20484
Connection: keep-alive
Last-Modified: Sat, 11 Sep 2021 09:11:25 GMT
ETag: "613c72bd-5004"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:38:00 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-097
Accept-Ranges: bytes
www.vip3659q.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_65_5011.png
23 kB URL www.vip3659q.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_65_5011.png
IP
ASN #140227 Hong Kong Communications International Co., Limited
File type PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Hash 2ae6a25328f92bbd4f06bf83f0d64a34
a182c94addc49f545829566f4f87e7cdf5a2b16a
92d81aa551c89d28170300c1d6ae6e5795e33ac101988de54570fae720fa15c9
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_65_5011.png HTTP/1.1
Host: www.vip3659q.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659q.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:38:00 GMT
Content-Type: image/png
Content-Length: 23076
Connection: keep-alive
Last-Modified: Mon, 15 May 2023 01:55:35 GMT
ETag: "64619117-5a24"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:38:00 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-097
Accept-Ranges: bytes
www.vip3659q.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_65_5001.png
20 kB URL www.vip3659q.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_65_5001.png
IP
ASN #140227 Hong Kong Communications International Co., Limited
File type PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Hash 45d0f5934f7f664e4fb397fbe69c0bec
72a5c4e823954ec0111709b6aec71c1f0b08fe43
3e9fedb5bbb6caac2dfc16278ba5d0c26483aa3efb5508374eeec9de7b9f9cd4
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_65_5001.png HTTP/1.1
Host: www.vip3659q.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659q.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:38:00 GMT
Content-Type: image/png
Content-Length: 20254
Connection: keep-alive
Last-Modified: Fri, 09 Aug 2019 09:47:47 GMT
ETag: "5d4d4143-4f1e"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:38:00 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-097
Accept-Ranges: bytes
www.vip3659q.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_3_8339.png
96 kB URL www.vip3659q.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_3_8339.png
IP
ASN #140227 Hong Kong Communications International Co., Limited
File type PNG image data, 250 x 215, 8-bit/color RGBA, non-interlaced\012- data
Hash 852c361c9460f489e179f3d34edab1dd
c981b28bbab1500869ff9aa937c3f17e67262ad8
97538b6351173a03757ff751ee08d62cf615b8e01725bc60ec299a2b54a6859b
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_3_8339.png HTTP/1.1
Host: www.vip3659q.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659q.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:38:00 GMT
Content-Type: image/png
Content-Length: 95973
Connection: keep-alive
Last-Modified: Mon, 20 Jun 2022 03:50:04 GMT
ETag: "62afee6c-176e5"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:38:00 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-097
Accept-Ranges: bytes
www.vip3659q.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_65_5002.png
200 OK 21 kB URL GET HTTP/1.1 www.vip3659q.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_65_5002.png
IP
ASN #140227 Hong Kong Communications International Co., Limited
Requested by https://www.vip3659q.com:8989/
Certificate IssuerLet's Encrypt
Subjectvip3659q.com
FingerprintA1:64:6A:6B:41:AC:6F:A2:2E:0A:55:07:A6:52:B1:98:D5:49:7C:90
ValidityMon, 25 Sep 2023 15:15:43 GMT - Sun, 24 Dec 2023 15:15:42 GMT
File type PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Hash d73cf218f18362d0a89cb36a4a3303ff
57bf03bb562ca33343b19db1fe5e872335cc1cb2
691d5caeb173c0c0817111fea711d2685d1e0e4e7e19f6aa7282fc525193f40c
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_65_5002.png HTTP/1.1
Host: www.vip3659q.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659q.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:38:00 GMT
Content-Type: image/png
Content-Length: 21363
Connection: keep-alive
Last-Modified: Fri, 11 Feb 2022 05:28:08 GMT
ETag: "6205f3e8-5373"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:38:00 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-097
Accept-Ranges: bytes
www.vip3659q.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_60_7003.png
105 kB URL www.vip3659q.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_60_7003.png
IP
ASN #140227 Hong Kong Communications International Co., Limited
File type PNG image data, 250 x 215, 8-bit/color RGBA, non-interlaced\012- data
Size 105 kB (105068 bytes)
Hash c421c976cf701cd806a7ebeb8575e0a3
cb84123cde62bcad60f34b5a5703f7bfafca1906
e797e57325c453e7ca7e56e634ada214b51ab9298ba5aea4d183fea859857d60
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_60_7003.png HTTP/1.1
Host: www.vip3659q.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659q.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:38:00 GMT
Content-Type: image/png
Content-Length: 105068
Connection: keep-alive
Last-Modified: Mon, 15 Jul 2019 12:48:11 GMT
ETag: "5d2c760b-19a6c"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:38:00 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-097
Accept-Ranges: bytes
www.vip3659q.com:8989/fserver/files/sportTeam/football/de26.png
13 kB URL www.vip3659q.com:8989/fserver/files/sportTeam/football/de26.png
IP
ASN #140227 Hong Kong Communications International Co., Limited
File type PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced\012- data
Hash 7273ff05ae6c6d5db14481285d7cb1ab
9ae6fa365a825510b87aba8ccc3b3602717adcbe
27c7d0d420d1e700862dc781ab2da7a09cf4adf9f920894333969221683bb357
GET /fserver/files/sportTeam/football/de26.png HTTP/1.1
Host: www.vip3659q.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659q.com:8989/
Cookie: sticket=UYzFPVGd0Tkdaall5; route=290ce78404a5215f66d3621e56fad2b8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:38:00 GMT
Content-Type: image/png
Content-Length: 13375
Connection: keep-alive
Last-Modified: Wed, 24 Jul 2019 08:37:10 GMT
Vary: Accept-Encoding
ETag: "5d3818b6-343f"
Expires: Wed, 04 Oct 2023 13:38:00 GMT
Cache-Control: max-age=86400
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-site-097
Accept-Ranges: bytes
www.vip3659q.com:8989/fserver/files/sportTeam/football/pt03.png
200 OK 7.0 kB URL GET HTTP/1.1 www.vip3659q.com:8989/fserver/files/sportTeam/football/pt03.png
IP
ASN #140227 Hong Kong Communications International Co., Limited
Requested by https://www.vip3659q.com:8989/
Certificate IssuerLet's Encrypt
Subjectvip3659q.com
FingerprintA1:64:6A:6B:41:AC:6F:A2:2E:0A:55:07:A6:52:B1:98:D5:49:7C:90
ValidityMon, 25 Sep 2023 15:15:43 GMT - Sun, 24 Dec 2023 15:15:42 GMT
File type PNG image data, 150 x 150, 8-bit colormap, non-interlaced\012- data
Hash 43f500c22dc35cdc7584ff070476a37f
7fffd6464cc1b90efa0dd96e2cbb19d9fd4f8c58
44697b36473e1eebef6bf419d50f4d937676932d6d2a2cc3b65919661adf8a82
GET /fserver/files/sportTeam/football/pt03.png HTTP/1.1
Host: www.vip3659q.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659q.com:8989/
Cookie: sticket=UYzFPVGd0Tkdaall5; route=290ce78404a5215f66d3621e56fad2b8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:38:00 GMT
Content-Type: image/png
Content-Length: 6961
Connection: keep-alive
Last-Modified: Mon, 19 Nov 2018 03:48:52 GMT
Vary: Accept-Encoding
ETag: "5bf232a4-1b31"
Expires: Wed, 04 Oct 2023 13:38:00 GMT
Cache-Control: max-age=86400
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-site-097
Accept-Ranges: bytes
www.vip3659q.com:8989/fserver/files/sportTeam/football/en07.png
5.9 kB URL www.vip3659q.com:8989/fserver/files/sportTeam/football/en07.png
IP
ASN #140227 Hong Kong Communications International Co., Limited
File type PNG image data, 150 x 150, 8-bit colormap, non-interlaced\012- data
Hash 991514091de72a099ae947c7e0bd2c9d
446770ed35c0570b9cac57d5728cc33ba55f6046
393e067c36af1ce4084aa6d758c20f57db38ed68c9ffee331899cf9a1c5b703f
GET /fserver/files/sportTeam/football/en07.png HTTP/1.1
Host: www.vip3659q.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659q.com:8989/
Cookie: sticket=UYzFPVGd0Tkdaall5; route=290ce78404a5215f66d3621e56fad2b8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:38:01 GMT
Content-Type: image/png
Content-Length: 5916
Connection: keep-alive
Last-Modified: Wed, 14 Nov 2018 05:42:00 GMT
Vary: Accept-Encoding
ETag: "5bebb5a8-171c"
Expires: Wed, 04 Oct 2023 13:38:01 GMT
Cache-Control: max-age=86400
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-site-097
Accept-Ranges: bytes
www.vip3659q.com:8989/fserver/files/gb/0/siteGameNavigation/0/1663921259266.png
9.9 kB URL www.vip3659q.com:8989/fserver/files/gb/0/siteGameNavigation/0/1663921259266.png
IP
ASN #140227 Hong Kong Communications International Co., Limited
File type PNG image data, 150 x 150, 8-bit colormap, non-interlaced\012- data
Hash bde2ef956bc333150f06f11a82e09aad
6a45da232d31fcb04c53ea9a57221c08fd176d08
c7bfe52050bcafc68a7b080e141cf5826761b67bc40fb89825b645eff5e8b3df
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /fserver/files/gb/0/siteGameNavigation/0/1663921259266.png HTTP/1.1
Host: www.vip3659q.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659q.com:8989/
Cookie: sticket=UYzFPVGd0Tkdaall5; route=290ce78404a5215f66d3621e56fad2b8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:38:01 GMT
Content-Type: image/png
Content-Length: 9903
Connection: keep-alive
Last-Modified: Fri, 23 Sep 2022 08:20:59 GMT
Vary: Accept-Encoding
ETag: "632d6c6b-26af"
Expires: Wed, 04 Oct 2023 13:38:01 GMT
Cache-Control: max-age=86400
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-site-097
Accept-Ranges: bytes
www.vip3659q.com:8989/fserver/files/sportTeam/football/tr02.png
14 kB URL www.vip3659q.com:8989/fserver/files/sportTeam/football/tr02.png
IP
ASN #140227 Hong Kong Communications International Co., Limited
File type PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced\012- data
Hash 4cbe63f38066cee6b0e8b16257f7c96b
73682979e803d37cdf73951116065d7c4e9d8fa6
4a0ca58eab43500034c98e96aac47f1733fe688580dabdf06f4919385534abf0
GET /fserver/files/sportTeam/football/tr02.png HTTP/1.1
Host: www.vip3659q.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659q.com:8989/
Cookie: sticket=UYzFPVGd0Tkdaall5; route=290ce78404a5215f66d3621e56fad2b8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:38:01 GMT
Content-Type: image/png
Content-Length: 14282
Connection: keep-alive
Last-Modified: Fri, 16 Nov 2018 11:58:10 GMT
Vary: Accept-Encoding
ETag: "5beeb0d2-37ca"
Expires: Wed, 04 Oct 2023 13:38:01 GMT
Cache-Control: max-age=86400
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-site-097
Accept-Ranges: bytes
www.vip3659q.com:8989/fserver/files/sportTeam/football/fr27.png
5.3 kB URL www.vip3659q.com:8989/fserver/files/sportTeam/football/fr27.png
IP
ASN #140227 Hong Kong Communications International Co., Limited
File type PNG image data, 150 x 150, 8-bit colormap, non-interlaced\012- data
Hash 8ebade574cca1f25cfe97bfc609e552d
49cd04b18560d6224a6fe1752294673d30140136
3894228ba3704c8980366724fb4e140d256ed9429ee1b83d4741dfef13a39492
GET /fserver/files/sportTeam/football/fr27.png HTTP/1.1
Host: www.vip3659q.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659q.com:8989/
Cookie: sticket=UYzFPVGd0Tkdaall5; route=290ce78404a5215f66d3621e56fad2b8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:38:01 GMT
Content-Type: image/png
Content-Length: 5291
Connection: keep-alive
Last-Modified: Wed, 14 Nov 2018 04:11:32 GMT
Vary: Accept-Encoding
ETag: "5beba074-14ab"
Expires: Wed, 04 Oct 2023 13:38:01 GMT
Cache-Control: max-age=86400
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-site-097
Accept-Ranges: bytes
www.vip3659q.com:8989/fserver/files/sportTeam/football/en06.png
8.3 kB URL www.vip3659q.com:8989/fserver/files/sportTeam/football/en06.png
IP
ASN #140227 Hong Kong Communications International Co., Limited
File type PNG image data, 150 x 150, 8-bit colormap, non-interlaced\012- data
Hash 8c597c02135fc6dd1fcd25fbb155bf64
1766765d593b2cfbd199e178d95a4257a6d23fd5
4307d34ec5c483ad4cb5e09b33691f5725a301a68eea661243ce89110587646c
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /fserver/files/sportTeam/football/en06.png HTTP/1.1
Host: www.vip3659q.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659q.com:8989/
Cookie: sticket=UYzFPVGd0Tkdaall5; route=290ce78404a5215f66d3621e56fad2b8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:38:01 GMT
Content-Type: image/png
Content-Length: 8266
Connection: keep-alive
Last-Modified: Wed, 14 Nov 2018 03:28:40 GMT
Vary: Accept-Encoding
ETag: "5beb9668-204a"
Expires: Wed, 04 Oct 2023 13:38:01 GMT
Cache-Control: max-age=86400
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-site-097
Accept-Ranges: bytes
ocsp.r2m01.amazontrust.com/
471 B URL ocsp.r2m01.amazontrust.com/
IP
Hash eed471c91a532b4ec94cec539985a73c
eeff32f763201ff0586026afb07618bcc791eae3
92c2092ea534a94a9f558862dca11c1bd1c94ed5410e591176134680510f2dcd
POST / HTTP/1.1
Host: ocsp.r2m01.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Cache-Control: max-age=7200
Date: Tue, 03 Oct 2023 13:38:01 GMT
Server: ECAcc (amb/6B09)
X-Cache: Miss from cloudfront
Via: 1.1 2e0b0e777d576ee595b61a5d3b296990.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: HEL51-P1
X-Amz-Cf-Id: cPThyIhMkrpBPjV4Z-N3H2Nk40ov_YT7mw-62zf_E49udTCa0vdaxQ==
3dsa62.gaokejd.xyz/fserver/files/gb/141/carousel/10322/1663577476020.png?wsSecret=2f494ebb76707efbc85b25c542ef68af&wsTime=1696340278
122 kB URL 3dsa62.gaokejd.xyz/fserver/files/gb/141/carousel/10322/1663577476020.png?wsSecret=2f494ebb76707efbc85b25c542ef68af&wsTime=1696340278
IP
ASN #138915 Kaopu Cloud HK Limited
File type PNG image data, 694 x 500, 8-bit colormap, non-interlaced\012- data
Size 122 kB (121611 bytes)
Hash 9b4d417046a78dcf8e12a51376905624
162c19341237baf7d2107461a954e4451321b55f
0bd1ed2e44971103548fd5ba76ecd6a8b8903b011e5715e869989be81e613341
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /fserver/files/gb/141/carousel/10322/1663577476020.png?wsSecret=2f494ebb76707efbc85b25c542ef68af&wsTime=1696340278 HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659q.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 121611
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-03
ETag: "6379d70d-1db0b"
Date: Thu, 28 Sep 2023 08:09:32 GMT
Last-Modified: Sun, 20 Nov 2022 07:28:13 GMT
Expires: Sat, 28 Oct 2023 08:09:32 GMT
Age: 451707
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-03, HIT from KS-CLOUD-XG-FOREIGN-21-18
X-Cdn-Request-ID: 830129648cffb78c3fe6732166090204
www.vip3659q.com:8989/fserver/files/gb/1272/sportTeam/1/1620130580209.png
85 kB URL www.vip3659q.com:8989/fserver/files/gb/1272/sportTeam/1/1620130580209.png
IP
ASN #140227 Hong Kong Communications International Co., Limited
File type PNG image data, 256 x 260, 8-bit/color RGB, non-interlaced\012- data
Hash 7eaced594befc61e2ddbbbc55b771cf0
9e1a5ad65af14be29cb96508c18c28c64c829809
fb1e0d4a9f5f6723173afe5f99d94a8b45b07472f2d17ee2c8d7a4cef639713d
GET /fserver/files/gb/1272/sportTeam/1/1620130580209.png HTTP/1.1
Host: www.vip3659q.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659q.com:8989/
Cookie: sticket=UYzFPVGd0Tkdaall5; route=290ce78404a5215f66d3621e56fad2b8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:38:00 GMT
Content-Type: image/png
Content-Length: 84999
Connection: keep-alive
Last-Modified: Tue, 04 May 2021 12:16:20 GMT
Vary: Accept-Encoding
ETag: "60913b14-14c07"
Expires: Wed, 04 Oct 2023 13:38:00 GMT
Cache-Control: max-age=86400
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-site-097
Accept-Ranges: bytes
www.vip3659q.com:8989/fserver/files/sportTeam/football/it04.png
200 OK 7.1 kB URL GET HTTP/1.1 www.vip3659q.com:8989/fserver/files/sportTeam/football/it04.png
IP
ASN #140227 Hong Kong Communications International Co., Limited
Requested by https://www.vip3659q.com:8989/
Certificate IssuerLet's Encrypt
Subjectvip3659q.com
FingerprintA1:64:6A:6B:41:AC:6F:A2:2E:0A:55:07:A6:52:B1:98:D5:49:7C:90
ValidityMon, 25 Sep 2023 15:15:43 GMT - Sun, 24 Dec 2023 15:15:42 GMT
File type PNG image data, 150 x 150, 8-bit colormap, non-interlaced\012- data
Hash bebb28464026e982f3247044bc244cda
6850144ff65e2a30807efe71e0c0abffd9d18224
e2d458bab2e5d027c190a9d710e4d74d717435fe731c44fc4aa2e50b95f2e388
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /fserver/files/sportTeam/football/it04.png HTTP/1.1
Host: www.vip3659q.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659q.com:8989/
Cookie: sticket=UYzFPVGd0Tkdaall5; route=290ce78404a5215f66d3621e56fad2b8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:38:01 GMT
Content-Type: image/png
Content-Length: 7140
Connection: keep-alive
Last-Modified: Thu, 15 Nov 2018 08:56:28 GMT
Vary: Accept-Encoding
ETag: "5bed34bc-1be4"
Expires: Wed, 04 Oct 2023 13:38:01 GMT
Cache-Control: max-age=86400
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-site-097
Accept-Ranges: bytes
www.vip3659q.com:8989/fserver/files/sportTeam/football/pt04.png
8.4 kB URL www.vip3659q.com:8989/fserver/files/sportTeam/football/pt04.png
IP
ASN #140227 Hong Kong Communications International Co., Limited
File type PNG image data, 150 x 150, 8-bit colormap, non-interlaced\012- data
Hash d2832f699ffdb194deca17f797598a02
17f4672c28448e39ffddc28f8d0cf4b6fa2c1d85
6c7d81e599fbfdad66a39133aa5c4380bd011522143698f46667ce1f4f7b79eb
GET /fserver/files/sportTeam/football/pt04.png HTTP/1.1
Host: www.vip3659q.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659q.com:8989/
Cookie: sticket=UYzFPVGd0Tkdaall5; route=290ce78404a5215f66d3621e56fad2b8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:38:01 GMT
Content-Type: image/png
Content-Length: 8366
Connection: keep-alive
Last-Modified: Mon, 19 Nov 2018 03:48:52 GMT
Vary: Accept-Encoding
ETag: "5bf232a4-20ae"
Expires: Wed, 04 Oct 2023 13:38:01 GMT
Cache-Control: max-age=86400
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-site-097
Accept-Ranges: bytes
www.vip3659q.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_65_5003.png
21 kB URL www.vip3659q.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_65_5003.png
IP
ASN #140227 Hong Kong Communications International Co., Limited
File type PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Hash a03861df13ee208fcb22c604bc412484
9d5925012e3eb16bb86bbe0b0febd3941847172d
a9a4c50c7e2f04fcfdf467f4b3a6697a2a359c84000b8e38c1b5e3ab3115ab8d
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_65_5003.png HTTP/1.1
Host: www.vip3659q.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659q.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:38:01 GMT
Content-Type: image/png
Content-Length: 21009
Connection: keep-alive
Last-Modified: Fri, 09 Aug 2019 09:47:47 GMT
ETag: "5d4d4143-5211"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:38:01 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-097
Accept-Ranges: bytes
3dsa62.gaokejd.xyz/fserver/files/gb/141/carousel/10402/1694933395297.jpg?wsSecret=84baaefe01991f966e3a6dd350187f20&wsTime=1696340278
396 kB URL 3dsa62.gaokejd.xyz/fserver/files/gb/141/carousel/10402/1694933395297.jpg?wsSecret=84baaefe01991f966e3a6dd350187f20&wsTime=1696340278
IP
ASN #138915 Kaopu Cloud HK Limited
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 694x520, components 3\012- data
Size 396 kB (395791 bytes)
Hash 3b5db1903355f4bf7f91129ceae9d1be
06e7ee5a32d3824415680395548f5265e2e9efe9
ad7d8e59e738426389ed5023b09a1fb1960dafb371a03e9ea06b6120327e403d
GET /fserver/files/gb/141/carousel/10402/1694933395297.jpg?wsSecret=84baaefe01991f966e3a6dd350187f20&wsTime=1696340278 HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659q.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 395791
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-05
ETag: "6506a193-60a0f"
Date: Thu, 28 Sep 2023 08:09:32 GMT
Last-Modified: Sun, 17 Sep 2023 06:49:55 GMT
Expires: Sat, 28 Oct 2023 08:09:32 GMT
Age: 451707
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-05, HIT from KS-CLOUD-XG-FOREIGN-21-01
X-Cdn-Request-ID: cdf820785ce4c6e020aacdfe0f871c7a
www.vip3659q.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_65_5004.png
23 kB URL www.vip3659q.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_65_5004.png
IP
ASN #140227 Hong Kong Communications International Co., Limited
File type PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Hash 20cd47483388f1e46ed9c2304f2c60ea
1c09b695620a64ae94ba7807a41e95733c6211f9
8f091a2a4dd3a918c15d7692aeb343f3d8e8d673541411e74256a48865735448
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_65_5004.png HTTP/1.1
Host: www.vip3659q.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659q.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:38:01 GMT
Content-Type: image/png
Content-Length: 23021
Connection: keep-alive
Last-Modified: Fri, 09 Aug 2019 09:47:47 GMT
ETag: "5d4d4143-59ed"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:38:01 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-097
Accept-Ranges: bytes
www.vip3659q.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_65_5005.png
22 kB URL www.vip3659q.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_65_5005.png
IP
ASN #140227 Hong Kong Communications International Co., Limited
File type PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Hash 2acb631ee46633c2bb57645aa0062b24
7ebc60e9519805119574b600d0400278fb02ea7f
c026010b4e9ba86b7dd1670e242e42a1e4fec0547b7fecc3b37feddd0c21d46b
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_65_5005.png HTTP/1.1
Host: www.vip3659q.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659q.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:38:01 GMT
Content-Type: image/png
Content-Length: 21850
Connection: keep-alive
Last-Modified: Fri, 09 Aug 2019 09:47:47 GMT
ETag: "5d4d4143-555a"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:38:01 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-097
Accept-Ranges: bytes
vue.livehelp100service.com/livechat.ashx?siteId=65000584
219 kB URL vue.livehelp100service.com/livechat.ashx?siteId=65000584
IP
Certificate IssuerAmazon
Subject*.livehelp100service.com
Fingerprint64:45:EC:14:03:13:80:70:27:C3:0D:CA:0D:28:F6:FA:05:0E:D3:D0
ValidityTue, 15 Aug 2023 00:00:00 GMT - Thu, 12 Sep 2024 23:59:59 GMT
File type gzip compressed data, from Unix\012- data
Size 219 kB (218625 bytes)
Hash 89b930a72cbe51a383190a6b429a6903
41d30cebd5359db54ca400b320820db4666ff28d
05fc97fa18edac920dc73cef5d75a3b075bc01fac7b28eb4887977ef62ab993c
GET /livechat.ashx?siteId=65000584 HTTP/1.1
Host: vue.livehelp100service.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659q.com:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/x-javascript; charset=utf-8
date: Tue, 03 Oct 2023 02:30:45 GMT
server: Kestrel
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 6a757ab2991da716151f94ca00b38098.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: w0oFQXqCep45eYc_0r3td1berO4c2UO7bCMc8PJVz_nr2-k01zQxyQ==
age: 40032
X-Firefox-Spdy: h2
3dsa62.gaokejd.xyz/ftl/bet365-141-2/themes/images/body-bg.gif?wsSecret=0449b3e17628450b0ba214a92da39610&wsTime=1696340278
200 OK 758 B URL GET HTTP/1.1 3dsa62.gaokejd.xyz/ftl/bet365-141-2/themes/images/body-bg.gif?wsSecret=0449b3e17628450b0ba214a92da39610&wsTime=1696340278
IP
ASN #138915 Kaopu Cloud HK Limited
Requested by https://www.vip3659q.com:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type GIF image data, version 89a, 1 x 500\012- data
Hash 41a9eebb99ba7c3b2a905aaa45726923
abf17115c33bdea05313ce6bcebe3fe4d7da935a
f9b50670a93fcef81c4f838f7da60d397994bea07f83af0f51ae89d670f1189c
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/bet365-141-2/themes/images/body-bg.gif?wsSecret=0449b3e17628450b0ba214a92da39610&wsTime=1696340278 HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659q.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/gif
Content-Length: 758
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-04
ETag: "5d2c7603-2f6"
Date: Thu, 28 Sep 2023 08:02:50 GMT
Last-Modified: Mon, 15 Jul 2019 12:48:03 GMT
Expires: Sat, 28 Oct 2023 08:02:50 GMT
Age: 452110
Cache-Control: max-age=86400
Accept-Ranges: bytes
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-04, HIT from KS-CLOUD-XG-FOREIGN-21-04
X-Cdn-Request-ID: f7e734b31b6f32d515eb876a972e30ea
www.vip3659q.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_88_1jeqx59c7ztqg.png
200 OK 24 kB URL GET HTTP/1.1 www.vip3659q.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_88_1jeqx59c7ztqg.png
IP
ASN #140227 Hong Kong Communications International Co., Limited
Requested by https://www.vip3659q.com:8989/
Certificate IssuerLet's Encrypt
Subjectvip3659q.com
FingerprintA1:64:6A:6B:41:AC:6F:A2:2E:0A:55:07:A6:52:B1:98:D5:49:7C:90
ValidityMon, 25 Sep 2023 15:15:43 GMT - Sun, 24 Dec 2023 15:15:42 GMT
File type PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Hash 19e16d0cf5c005f3fd798e8f0131db7d
ebb9c520f4047172662991c689a2e07015680dcd
57c3d3bf827de223898f46813f9bd0fd2296cc21a61f3f77d03ba6cee265c78d
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_88_1jeqx59c7ztqg.png HTTP/1.1
Host: www.vip3659q.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659q.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:38:01 GMT
Content-Type: image/png
Content-Length: 23771
Connection: keep-alive
Last-Modified: Sat, 11 Sep 2021 09:11:25 GMT
ETag: "613c72bd-5cdb"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:38:01 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-097
Accept-Ranges: bytes
www.vip3659q.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_65_5006.png
20 kB URL www.vip3659q.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_65_5006.png
IP
ASN #140227 Hong Kong Communications International Co., Limited
File type PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Hash 7769f6a35df5811fbe7fa97b2aea9a1c
2875a7cfef0a8a296374aba27f95a8a8d79b8acf
855a9b3bb8c24ca1ed6cbf42331ff6a243e03b1452d8c2d371df11d861f8712b
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_65_5006.png HTTP/1.1
Host: www.vip3659q.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659q.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:38:01 GMT
Content-Type: image/png
Content-Length: 20434
Connection: keep-alive
Last-Modified: Fri, 09 Aug 2019 09:47:47 GMT
ETag: "5d4d4143-4fd2"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:38:01 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-097
Accept-Ranges: bytes
3dsa62.gaokejd.xyz/fserver/files/gb/141/carousel/10311/1658375599529.png?wsSecret=4b00d284f574243f7e0cbee757121ba1&wsTime=1696340278
279 kB URL 3dsa62.gaokejd.xyz/fserver/files/gb/141/carousel/10311/1658375599529.png?wsSecret=4b00d284f574243f7e0cbee757121ba1&wsTime=1696340278
IP
ASN #138915 Kaopu Cloud HK Limited
File type PNG image data, 1384 x 961, 8-bit colormap, non-interlaced\012- data
Size 279 kB (278659 bytes)
Hash a494db53e3ad3d19a85e330e33b6a182
315a19514103494c6cf60a8d91545e1944206047
1c32a585655c4d7d56b66a7e578c240d7a0d3808b16bc15a2f30b97ce02aa275
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /fserver/files/gb/141/carousel/10311/1658375599529.png?wsSecret=4b00d284f574243f7e0cbee757121ba1&wsTime=1696340278 HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659q.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 278659
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-06
ETag: "6379d6df-44083"
Date: Thu, 28 Sep 2023 08:09:32 GMT
Last-Modified: Sun, 20 Nov 2022 07:27:27 GMT
Expires: Sat, 28 Oct 2023 08:09:32 GMT
Age: 451708
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xg21:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-06, HIT from KS-CLOUD-XG-FOREIGN-21-15
X-Cdn-Request-ID: 3b39f869034dcc073670c3c7d8dba400
www.vip3659q.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_65_5007.png
22 kB URL www.vip3659q.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_65_5007.png
IP
ASN #140227 Hong Kong Communications International Co., Limited
File type PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Hash feaff8384a2780bf50a660b657928245
eb492cee9a7d13b8114aa1c75c6db75742d7ef4a
ec33d957ba07daa21a098bc096b1c643ae64420e1924f0691b6b75fd4e8707f2
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_65_5007.png HTTP/1.1
Host: www.vip3659q.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659q.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:38:01 GMT
Content-Type: image/png
Content-Length: 21877
Connection: keep-alive
Last-Modified: Fri, 09 Aug 2019 09:47:47 GMT
ETag: "5d4d4143-5575"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:38:01 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-097
Accept-Ranges: bytes
www.vip3659q.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_10_38001.png
23 kB URL www.vip3659q.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_10_38001.png
IP
ASN #140227 Hong Kong Communications International Co., Limited
File type PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Hash 14f7dbafc1472fa05db8eb17ae826f30
991915b5ae07c7a47e93dce0c6c82d0d0b690993
7287fcb933e5bf3eba0d13e7312cf5ba90f94c0593310090fdc521f866b0b134
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_10_38001.png HTTP/1.1
Host: www.vip3659q.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659q.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:38:01 GMT
Content-Type: image/png
Content-Length: 23355
Connection: keep-alive
Last-Modified: Mon, 15 Jul 2019 12:48:11 GMT
ETag: "5d2c760b-5b3b"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:38:01 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-097
Accept-Ranges: bytes
3dsa62.gaokejd.xyz/fserver/files/gb/141/carousel/10307/1658300326348.png?wsSecret=90add608ab96869bafa911cc589e0451&wsTime=1696340278
200 OK 328 kB URL GET HTTP/1.1 3dsa62.gaokejd.xyz/fserver/files/gb/141/carousel/10307/1658300326348.png?wsSecret=90add608ab96869bafa911cc589e0451&wsTime=1696340278
IP
ASN #138915 Kaopu Cloud HK Limited
Requested by https://www.vip3659q.com:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type PNG image data, 1400 x 1047, 8-bit colormap, non-interlaced\012- data
Size 328 kB (328303 bytes)
Hash 535172ad3a435afe80c33ed17cc592f9
7d8bc3efa5a46e12b54ee07d0428c5e3d0662fc4
f7b20469f299a0722ccc52bbecdba656f73435b4c827add798de38797a2c266e
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /fserver/files/gb/141/carousel/10307/1658300326348.png?wsSecret=90add608ab96869bafa911cc589e0451&wsTime=1696340278 HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659q.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 328303
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-06
ETag: "6379d6d4-5026f"
Date: Thu, 28 Sep 2023 08:09:42 GMT
Last-Modified: Sun, 20 Nov 2022 07:27:16 GMT
Expires: Sat, 28 Oct 2023 08:09:42 GMT
Age: 451697
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-06, HIT from KS-CLOUD-XG-FOREIGN-21-03
X-Cdn-Request-ID: ef114c5e109c7029313a67f0d126c40f
3dsa62.gaokejd.xyz/fserver/files/gb/141/carousel/10366/1678507559237.jpg?wsSecret=64db93d3019fdd20406aa60b83725da8&wsTime=1696340278
386 kB URL 3dsa62.gaokejd.xyz/fserver/files/gb/141/carousel/10366/1678507559237.jpg?wsSecret=64db93d3019fdd20406aa60b83725da8&wsTime=1696340278
IP
ASN #138915 Kaopu Cloud HK Limited
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 694x520, components 3\012- data
Size 386 kB (386527 bytes)
Hash 81a5f65507df89f605fbf600872099fe
791d238960719ed5e3dd17b592c868d029dbc7a4
656130b23da3fb9ce75eee3708b6f22f7c160f1640f7e858ffa64bc054856519
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /fserver/files/gb/141/carousel/10366/1678507559237.jpg?wsSecret=64db93d3019fdd20406aa60b83725da8&wsTime=1696340278 HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659q.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 386527
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-04
ETag: "640bfe27-5e5df"
Date: Thu, 28 Sep 2023 08:09:32 GMT
Last-Modified: Sat, 11 Mar 2023 04:05:59 GMT
Expires: Sat, 28 Oct 2023 08:09:32 GMT
Age: 451707
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xg21:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-04, HIT from KS-CLOUD-XG-FOREIGN-21-20
X-Cdn-Request-ID: 14d4f7e1bfd6220354bfbb99d8bea45a
www.vip3659q.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_73_411.png
107 kB URL www.vip3659q.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_73_411.png
IP
ASN #140227 Hong Kong Communications International Co., Limited
File type PNG image data, 250 x 215, 8-bit/color RGBA, non-interlaced\012- data
Size 107 kB (107367 bytes)
Hash f391a00c7ca4a801c7c46431f6949f3e
392e698fcd6b15c2397eb576de33134e7abae702
1ffd1f9416cc641e5c5659de5a2f1530bbe7ddeeb71c91af2db8129c6624f64f
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_73_411.png HTTP/1.1
Host: www.vip3659q.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659q.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:38:01 GMT
Content-Type: image/png
Content-Length: 107367
Connection: keep-alive
Last-Modified: Sat, 11 Sep 2021 09:11:25 GMT
ETag: "613c72bd-1a367"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:38:01 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-097
Accept-Ranges: bytes
3dsa62.gaokejd.xyz/fserver/files/gb/141/carousel/10316/1659084716430.png?wsSecret=7ba3b93f643e9fdd06f08d9dd2d557b1&wsTime=1696340278
200 OK 70 kB URL GET HTTP/1.1 3dsa62.gaokejd.xyz/fserver/files/gb/141/carousel/10316/1659084716430.png?wsSecret=7ba3b93f643e9fdd06f08d9dd2d557b1&wsTime=1696340278
IP
ASN #138915 Kaopu Cloud HK Limited
Requested by https://www.vip3659q.com:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type PNG image data, 750 x 190, 8-bit colormap, non-interlaced\012- data
Hash 3cec45bced128357804406f23fdb94d1
2e300c18f2c721f4d8580098b46829ef2be4ce1e
36d46701f11f890e85341c03a1381dd46dce7c1be4c2582ebfa67b0e39101d15
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /fserver/files/gb/141/carousel/10316/1659084716430.png?wsSecret=7ba3b93f643e9fdd06f08d9dd2d557b1&wsTime=1696340278 HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659q.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 70362
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-01
ETag: "62e39fac-112da"
Date: Thu, 28 Sep 2023 08:09:45 GMT
Last-Modified: Fri, 29 Jul 2022 08:51:56 GMT
Expires: Sat, 28 Oct 2023 08:09:45 GMT
Age: 451696
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-01, HIT from KS-CLOUD-XG-FOREIGN-21-15
X-Cdn-Request-ID: 5c092c18377fd5a52198f1d7e681ab82
3dsa62.gaokejd.xyz/fserver/files/gb/141/carousel/10381/1687412906249.jpg?wsSecret=33dd161dcf990e26393eb79355386905&wsTime=1696340278
369 kB URL 3dsa62.gaokejd.xyz/fserver/files/gb/141/carousel/10381/1687412906249.jpg?wsSecret=33dd161dcf990e26393eb79355386905&wsTime=1696340278
IP
ASN #138915 Kaopu Cloud HK Limited
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 694x520, components 3\012- data
Size 369 kB (368702 bytes)
Hash de11f3b1d817b150ad03f39aaedd0017
3b6dcfd2d2d5fa19397144ef3c8e1734b1635542
10ff505bcab9d3bc20bbe02032a4b5bb474368cc164c60cbc9f3f59701503a6e
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /fserver/files/gb/141/carousel/10381/1687412906249.jpg?wsSecret=33dd161dcf990e26393eb79355386905&wsTime=1696340278 HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659q.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 368702
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-05
ETag: "6493e0aa-5a03e"
Date: Thu, 28 Sep 2023 08:09:43 GMT
Last-Modified: Thu, 22 Jun 2023 05:48:26 GMT
Expires: Sat, 28 Oct 2023 08:09:43 GMT
Age: 451696
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-05, HIT from KS-CLOUD-XG-FOREIGN-21-13
X-Cdn-Request-ID: ba9291452d4fa12b9be084d42ccb8101
3dsa62.gaokejd.xyz/ftl/bet365-141-2/themes/images//sec-nav-bg-grad.gif?wsSecret=e70b1e6b42afd47e85bd4789c8e8f67c&wsTime=1696340278
376 B URL 3dsa62.gaokejd.xyz/ftl/bet365-141-2/themes/images//sec-nav-bg-grad.gif?wsSecret=e70b1e6b42afd47e85bd4789c8e8f67c&wsTime=1696340278
IP
ASN #138915 Kaopu Cloud HK Limited
File type GIF image data, version 89a, 1 x 594\012- data
Hash 355b2cb853d78ae262c093065eaa6e70
3e8d2a456204e635cfe5bd959cff47faf63023fc
cd58d657e3d79583a5722257d8770e3b5f620f1d58e392f1d9460cc89ac485fa
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/bet365-141-2/themes/images//sec-nav-bg-grad.gif?wsSecret=e70b1e6b42afd47e85bd4789c8e8f67c&wsTime=1696340278 HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659q.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/gif
Content-Length: 376
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-03
ETag: "5d2c7603-178"
Date: Thu, 28 Sep 2023 08:02:51 GMT
Last-Modified: Mon, 15 Jul 2019 12:48:03 GMT
Expires: Sat, 28 Oct 2023 08:02:51 GMT
Age: 452109
Cache-Control: max-age=86400
Accept-Ranges: bytes
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-03, HIT from KS-CLOUD-XG-FOREIGN-21-04
X-Cdn-Request-ID: 2a0006026c39f9c96b9f4cb89d588441
3dsa62.gaokejd.xyz/ftl/bet365-141-2/themes/images/head1.jpg?wsSecret=f5d361d36ad292442f5b89364e561a46&wsTime=1696340278
7.7 kB URL 3dsa62.gaokejd.xyz/ftl/bet365-141-2/themes/images/head1.jpg?wsSecret=f5d361d36ad292442f5b89364e561a46&wsTime=1696340278
IP
ASN #138915 Kaopu Cloud HK Limited
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 960x72, components 3\012- data
Hash 4e7da730a5cbfe4a7ce573ddcea0e60a
ac31a27a6d71a7a297905c195a6434f043f7f0a7
fe5506589506db3c8dad8b544636c2794a764f28a9ab79215714d5cfe2d866c0
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/bet365-141-2/themes/images/head1.jpg?wsSecret=f5d361d36ad292442f5b89364e561a46&wsTime=1696340278 HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659q.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 7727
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-01
ETag: "613c72a8-1e2f"
Date: Thu, 28 Sep 2023 08:02:51 GMT
Last-Modified: Sat, 11 Sep 2021 09:11:04 GMT
Expires: Sat, 28 Oct 2023 08:02:51 GMT
Age: 452109
Cache-Control: max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-01, HIT from KS-CLOUD-XG-FOREIGN-21-09
X-Cdn-Request-ID: bf1dd80d863ee99a57041be0d780f91b
www.vip3659q.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_60_7004.png
102 kB URL www.vip3659q.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_60_7004.png
IP
ASN #140227 Hong Kong Communications International Co., Limited
File type PNG image data, 250 x 215, 8-bit/color RGBA, non-interlaced\012- data
Size 102 kB (102160 bytes)
Hash 18b9c1ca12b579e3be9de7f0b3d765b7
cabb9ddce1222608668401769754241d2667ac59
81b7527eda1e9db86dc9704173b4e9aa50932eb8c80ea08b23d969899bca9656
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_60_7004.png HTTP/1.1
Host: www.vip3659q.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659q.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:38:01 GMT
Content-Type: image/png
Content-Length: 102160
Connection: keep-alive
Last-Modified: Mon, 15 Jul 2019 12:48:11 GMT
ETag: "5d2c760b-18f10"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:38:01 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-097
Accept-Ranges: bytes
www.vip3659q.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_65_5009.png
150 B URL www.vip3659q.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_65_5009.png
IP
ASN #140227 Hong Kong Communications International Co., Limited
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 597ba0d4396e9c906225140ce907092c
28ae2ba65ccdb583d79f85b8cc9509fae697493b
ee1a27178227546d3dcc49e611a6d72e4f1c30080ee4493ae4085b58a49e28e6
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_65_5009.png HTTP/1.1
Host: www.vip3659q.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659q.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Date: Tue, 03 Oct 2023 13:38:01 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 150
Connection: keep-alive
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
www.vip3659q.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_65_5008.png
150 B URL www.vip3659q.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_65_5008.png
IP
ASN #140227 Hong Kong Communications International Co., Limited
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 597ba0d4396e9c906225140ce907092c
28ae2ba65ccdb583d79f85b8cc9509fae697493b
ee1a27178227546d3dcc49e611a6d72e4f1c30080ee4493ae4085b58a49e28e6
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_65_5008.png HTTP/1.1
Host: www.vip3659q.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659q.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Date: Tue, 03 Oct 2023 13:38:01 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 150
Connection: keep-alive
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
3dsa62.gaokejd.xyz/ftl/bet365-141-2/themes/images/btn.png?wsSecret=6d18a015b668d6873ad8316da6f90bb7&wsTime=1696340278
200 OK 484 B URL GET HTTP/1.1 3dsa62.gaokejd.xyz/ftl/bet365-141-2/themes/images/btn.png?wsSecret=6d18a015b668d6873ad8316da6f90bb7&wsTime=1696340278
IP
ASN #138915 Kaopu Cloud HK Limited
Requested by https://www.vip3659q.com:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type PNG image data, 170 x 28, 8-bit colormap, non-interlaced\012- data
Hash b1ab87f2aa1045cf56bd192752fb20ba
e8b07455934b82eb6c9d1a5d657c582822eb32cc
527228714a2a640b71788550f8dcd2c0964ee13fdfddc1c57ff377134f8fcecb
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/bet365-141-2/themes/images/btn.png?wsSecret=6d18a015b668d6873ad8316da6f90bb7&wsTime=1696340278 HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659q.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 484
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-05
ETag: "613c72a8-1e4"
Date: Thu, 28 Sep 2023 08:02:51 GMT
Last-Modified: Sat, 11 Sep 2021 09:11:04 GMT
Expires: Sat, 28 Oct 2023 08:02:51 GMT
Age: 452110
Cache-Control: max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-05, HIT from KS-CLOUD-XG-FOREIGN-21-15
X-Cdn-Request-ID: 496b49e506c228ef6182b937fb2d5635
3dsa62.gaokejd.xyz/ftl/bet365-141-2/themes/images/sports-infos-bg.png?wsSecret=d8286bccf694e6ba808357102fc02387&wsTime=1696340278
4.3 kB URL 3dsa62.gaokejd.xyz/ftl/bet365-141-2/themes/images/sports-infos-bg.png?wsSecret=d8286bccf694e6ba808357102fc02387&wsTime=1696340278
IP
ASN #138915 Kaopu Cloud HK Limited
File type PNG image data, 414 x 204, 8-bit/color RGB, non-interlaced\012- data
Hash 69957649d4c70d7b7cc0c1aa434c462f
9070128b8ee6a699818e5deb33c926581d5b0b6f
6cff75537c35a2a855cafaf1d2d45767867dbc28774da40ed8c4fd4f4f74a813
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/bet365-141-2/themes/images/sports-infos-bg.png?wsSecret=d8286bccf694e6ba808357102fc02387&wsTime=1696340278 HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659q.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 4311
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-04
ETag: "5d2c7603-10d7"
Date: Thu, 28 Sep 2023 08:02:50 GMT
Last-Modified: Mon, 15 Jul 2019 12:48:03 GMT
Expires: Sat, 28 Oct 2023 08:02:50 GMT
Age: 452111
Cache-Control: max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-04, HIT from KS-CLOUD-XG-FOREIGN-21-19
X-Cdn-Request-ID: db0fd9408d661edc43750706195dead8
www.vip3659q.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_9_HMSH.png
20 kB URL www.vip3659q.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_9_HMSH.png
IP
ASN #140227 Hong Kong Communications International Co., Limited
File type PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Hash 82c905f14c36be0d2fa670516edded31
437546d720284de3982ff79df6a946b81e923371
f3cdfd33e75d6f3877e1e0da0491c2b2a65c66f95d434c6b08950b0b5d5b9cc6
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_9_HMSH.png HTTP/1.1
Host: www.vip3659q.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659q.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:38:02 GMT
Content-Type: image/png
Content-Length: 19597
Connection: keep-alive
Last-Modified: Sat, 11 Sep 2021 09:11:26 GMT
ETag: "613c72be-4c8d"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:38:02 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-097
Accept-Ranges: bytes
www.vip3659q.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_90_at2_060.png
26 kB URL www.vip3659q.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_90_at2_060.png
IP
ASN #140227 Hong Kong Communications International Co., Limited
File type PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Hash 51de7c3b3b21d10f38a0c30ac5e4fd24
106f9a993385ff522dad2b37dbdb3c58f035ac20
9240329d37bd41d53a4f2864a255b9f9aef025474f2965130ed5668f10ee311e
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_90_at2_060.png HTTP/1.1
Host: www.vip3659q.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659q.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:38:02 GMT
Content-Type: image/png
Content-Length: 25785
Connection: keep-alive
Last-Modified: Fri, 07 Apr 2023 02:35:05 GMT
ETag: "642f8159-64b9"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:38:02 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-097
Accept-Ranges: bytes
3dsa62.gaokejd.xyz/ftl/bet365-141-2/themes/images/bg-products.gif?wsSecret=a9d2f519bb8cdf34861adb119ae02bd0&wsTime=1696340278
21 kB URL 3dsa62.gaokejd.xyz/ftl/bet365-141-2/themes/images/bg-products.gif?wsSecret=a9d2f519bb8cdf34861adb119ae02bd0&wsTime=1696340278
IP
ASN #138915 Kaopu Cloud HK Limited
File type GIF image data, version 89a, 271 x 302\012- data
Hash e6c33fd46eacf329da3565adb295287a
79b107df875842fd4e22809f21b60c322d128cce
1694db51d04b5d207f7bc4ca11a7fcd2ca171b2f4c2c2b12d1c75e5cb3dbe20f
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/bet365-141-2/themes/images/bg-products.gif?wsSecret=a9d2f519bb8cdf34861adb119ae02bd0&wsTime=1696340278 HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659q.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/gif
Content-Length: 21028
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-04
ETag: "5d2c7603-5224"
Date: Thu, 28 Sep 2023 08:02:51 GMT
Last-Modified: Mon, 15 Jul 2019 12:48:03 GMT
Expires: Sat, 28 Oct 2023 08:02:51 GMT
Age: 452110
Cache-Control: max-age=86400
Accept-Ranges: bytes
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-04, HIT from KS-CLOUD-XG-FOREIGN-21-09
X-Cdn-Request-ID: 3777938299dee93a49ca38aaca97f297
3dsa62.gaokejd.xyz/ftl/bet365-141-2/themes/images/arrow.png?wsSecret=6d02e68b36c2b930eddf9944fe1f0777&wsTime=1696340278
200 OK 260 B URL GET HTTP/1.1 3dsa62.gaokejd.xyz/ftl/bet365-141-2/themes/images/arrow.png?wsSecret=6d02e68b36c2b930eddf9944fe1f0777&wsTime=1696340278
IP
ASN #138915 Kaopu Cloud HK Limited
Requested by https://www.vip3659q.com:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type PNG image data, 10 x 14, 8-bit colormap, non-interlaced\012- data
Hash e602938a99acc154421381f39d5652d8
e12cb203b3e61b0cae31ad5cb3241555caba6c10
73500ead881aa273814d982b0a0e78dc29ebf04f37b5932667785f6f7c45a664
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/bet365-141-2/themes/images/arrow.png?wsSecret=6d02e68b36c2b930eddf9944fe1f0777&wsTime=1696340278 HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659q.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 260
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-01
ETag: "614d2b23-104"
Date: Thu, 28 Sep 2023 08:02:49 GMT
Last-Modified: Fri, 24 Sep 2021 01:34:27 GMT
Expires: Sat, 28 Oct 2023 08:02:49 GMT
Age: 452112
Cache-Control: max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-01, HIT from KS-CLOUD-XG-FOREIGN-21-07
X-Cdn-Request-ID: 67843ec8913390e55dd21b03866bc118
3dsa62.gaokejd.xyz/ftl/commonPage/themes/images/hongbao/hongbao_type2.png?wsSecret=55e501edb540951e43d1f333da345b16&wsTime=1696340278
97 kB URL 3dsa62.gaokejd.xyz/ftl/commonPage/themes/images/hongbao/hongbao_type2.png?wsSecret=55e501edb540951e43d1f333da345b16&wsTime=1696340278
IP
ASN #138915 Kaopu Cloud HK Limited
File type PNG image data, 250 x 290, 8-bit/color RGBA, non-interlaced\012- data
Hash 7cba82537203f393f21f63f855ecb3a6
5be53b9f8a346d56535ddc1fed69707aec03e2b8
69bfc1a826e8db539aba70f98c11d3cb0f3d9f8f47a9e150c259211e8070f18a
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/commonPage/themes/images/hongbao/hongbao_type2.png?wsSecret=55e501edb540951e43d1f333da345b16&wsTime=1696340278 HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659q.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 96781
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-02
ETag: "61309af5-17a0d"
Date: Thu, 28 Sep 2023 08:06:26 GMT
Last-Modified: Thu, 02 Sep 2021 09:35:49 GMT
Expires: Sat, 28 Oct 2023 08:06:26 GMT
Age: 451895
Cache-Control: max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-02, HIT from KS-CLOUD-XG-FOREIGN-21-13
X-Cdn-Request-ID: be91fb86cf32f5be0074f6cbbcdf06cb
3dsa62.gaokejd.xyz/ftl/commonPage/themes/images/hongbao/hongbao_type2_hover.png?wsSecret=416a2c26b9ee68e434bda1620293fdef&wsTime=1696340278
103 kB URL 3dsa62.gaokejd.xyz/ftl/commonPage/themes/images/hongbao/hongbao_type2_hover.png?wsSecret=416a2c26b9ee68e434bda1620293fdef&wsTime=1696340278
IP
ASN #138915 Kaopu Cloud HK Limited
File type PNG image data, 250 x 290, 8-bit/color RGBA, non-interlaced\012- data
Size 103 kB (103097 bytes)
Hash 22d9895f65b064eedd9f6437e32ece6f
4095a9dc84b4b9477ba88358deaebae434f44b8d
7ba3c90a5fe78b7e5eaab734581c96a33e7293cf1995c22906121de97d35b8a1
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/commonPage/themes/images/hongbao/hongbao_type2_hover.png?wsSecret=416a2c26b9ee68e434bda1620293fdef&wsTime=1696340278 HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659q.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 103097
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-02
ETag: "61309af5-192b9"
Date: Thu, 28 Sep 2023 08:06:26 GMT
Last-Modified: Thu, 02 Sep 2021 09:35:49 GMT
Expires: Sat, 28 Oct 2023 08:06:26 GMT
Age: 451895
Cache-Control: max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-02, HIT from KS-CLOUD-XG-FOREIGN-21-03
X-Cdn-Request-ID: cafce71bed6d3618325896d3dfc02e29
www.vip3659q.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_73_105.png
200 OK 102 kB URL GET HTTP/1.1 www.vip3659q.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_73_105.png
IP
ASN #140227 Hong Kong Communications International Co., Limited
Requested by https://www.vip3659q.com:8989/
Certificate IssuerLet's Encrypt
Subjectvip3659q.com
FingerprintA1:64:6A:6B:41:AC:6F:A2:2E:0A:55:07:A6:52:B1:98:D5:49:7C:90
ValidityMon, 25 Sep 2023 15:15:43 GMT - Sun, 24 Dec 2023 15:15:42 GMT
File type PNG image data, 250 x 215, 8-bit/color RGBA, non-interlaced\012- data
Size 102 kB (102258 bytes)
Hash 8d9aba5a434311f951ac04421c7dc771
9e269ef70b1c650a4177aa6ca8f9b5c8d400be42
282aee25e5c5e665f12f0593297c59ef00dfcbb88b210b4bc9466ab4d0e14bea
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_73_105.png HTTP/1.1
Host: www.vip3659q.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659q.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:38:02 GMT
Content-Type: image/png
Content-Length: 102258
Connection: keep-alive
Last-Modified: Sat, 11 Sep 2021 09:11:25 GMT
ETag: "613c72bd-18f72"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:38:02 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-097
Accept-Ranges: bytes
3dsa62.gaokejd.xyz/fserver/files/gb/141/floatImage/273/1666693826530.png?wsSecret=3265e34df73a31cd0b6bdce1d183bdee&wsTime=1696340278
200 OK 8.6 kB URL GET HTTP/1.1 3dsa62.gaokejd.xyz/fserver/files/gb/141/floatImage/273/1666693826530.png?wsSecret=3265e34df73a31cd0b6bdce1d183bdee&wsTime=1696340278
IP
ASN #138915 Kaopu Cloud HK Limited
Requested by https://www.vip3659q.com:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type PNG image data, 140 x 35, 8-bit/color RGBA, non-interlaced\012- data
Hash e9b65c8ad826f51a6e0d8b30801ebe97
a6b5f8cf0772e12117fe5db956482ed8f15140d5
2a2c01d75b9b60e977fb5a8e535fc8ea4e9146bb499e2af25ccf1bd5ebaaf840
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /fserver/files/gb/141/floatImage/273/1666693826530.png?wsSecret=3265e34df73a31cd0b6bdce1d183bdee&wsTime=1696340278 HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659q.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 8612
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-02
ETag: "6357bac2-21a4"
Date: Thu, 28 Sep 2023 08:06:27 GMT
Last-Modified: Tue, 25 Oct 2022 10:30:26 GMT
Expires: Sat, 28 Oct 2023 08:06:27 GMT
Age: 451894
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-02, HIT from KS-CLOUD-XG-FOREIGN-21-02
X-Cdn-Request-ID: 5e2ad16a4c0260ae5e5ec52d65273816
3dsa62.gaokejd.xyz/fserver/files/gb/141/floatImage/273/1666693826407.png?wsSecret=105aa86ca381c52dc69c8272f91d3cc2&wsTime=1696340278
59 kB URL 3dsa62.gaokejd.xyz/fserver/files/gb/141/floatImage/273/1666693826407.png?wsSecret=105aa86ca381c52dc69c8272f91d3cc2&wsTime=1696340278
IP
ASN #138915 Kaopu Cloud HK Limited
File type PNG image data, 140 x 476, 8-bit/color RGBA, non-interlaced\012- data
Hash 49563d45b49a4be9ca3e47e47abe4922
d3fa0c017818ad83aea64f5aa6665ffde15e69df
f30de132f8c9fea735cb30ab39ace43814273b611b804edbbf8ccd742d3ef531
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /fserver/files/gb/141/floatImage/273/1666693826407.png?wsSecret=105aa86ca381c52dc69c8272f91d3cc2&wsTime=1696340278 HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659q.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 59186
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-05
ETag: "6357bac2-e732"
Date: Thu, 28 Sep 2023 08:06:28 GMT
Last-Modified: Tue, 25 Oct 2022 10:30:26 GMT
Expires: Sat, 28 Oct 2023 08:06:28 GMT
Age: 451893
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-05, HIT from KS-CLOUD-XG-FOREIGN-21-19
X-Cdn-Request-ID: 3da3069ad7f70c00c38912ddd734ca1b
www.vip3659q.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_90_ds_1010.png
104 kB URL www.vip3659q.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_90_ds_1010.png
IP
ASN #140227 Hong Kong Communications International Co., Limited
File type PNG image data, 250 x 215, 8-bit/color RGBA, non-interlaced\012- data
Size 104 kB (103628 bytes)
Hash 8d666e925b25cb11e51e73f93c070f4d
c6ff29c0819e955832f80eb564569cadd6a2b6e9
58377e7130027c1bc0b0d1640be5c18574464c78253ee14a8957586e32f55e0a
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_90_ds_1010.png HTTP/1.1
Host: www.vip3659q.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659q.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:38:02 GMT
Content-Type: image/png
Content-Length: 103628
Connection: keep-alive
Last-Modified: Tue, 10 May 2022 03:35:17 GMT
ETag: "6279dd75-194cc"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:38:02 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-097
Accept-Ranges: bytes
3dsa62.gaokejd.xyz/ftl/commonPage/images/favicon/favicon_141.png?wsSecret=2d7069f8bbcb824d277c6c09803c0048&wsTime=1696340278
4.7 kB URL 3dsa62.gaokejd.xyz/ftl/commonPage/images/favicon/favicon_141.png?wsSecret=2d7069f8bbcb824d277c6c09803c0048&wsTime=1696340278
IP
ASN #138915 Kaopu Cloud HK Limited
File type PNG image data, 64 x 64, 8-bit/color RGB, non-interlaced\012- data
Hash 834417d344a1bd995c78df66fe45edbd
79a5cd12dc1bf06043f38349e6dd492e58144a01
736b8041b08f7ec7a5f5a8e8d4d857dc58f1f03d4e2b6f738a2f1c9ae3892bbb
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/commonPage/images/favicon/favicon_141.png?wsSecret=2d7069f8bbcb824d277c6c09803c0048&wsTime=1696340278 HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659q.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 4704
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-06
ETag: "6311d300-1260"
Date: Thu, 28 Sep 2023 08:10:45 GMT
Last-Modified: Fri, 02 Sep 2022 09:55:12 GMT
Expires: Sat, 28 Oct 2023 08:10:45 GMT
Age: 451637
Cache-Control: max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-06, HIT from KS-CLOUD-XG-FOREIGN-21-01
X-Cdn-Request-ID: 2d41a62b5bbb12181f41c44aa1f143cf
786ad.239tgaaagf.com/visitor.ashx?siteId=65000584
16 kB URL 786ad.239tgaaagf.com/visitor.ashx?siteId=65000584
IP
Hash f0824bfa8a34013b04de0a5f6aaae00d
c71b61ef07140129d43d58d090cc1f87c76e4056
6fdb05a9ad022264c46539abf0c3b4721439a109c50dffaf6ae2c8d4be718973
POST /visitor.ashx?siteId=65000584 HTTP/1.1
Host: 786ad.239tgaaagf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 69
Origin: https://www.vip3659q.com:8989
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659q.com:8989/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 03 Oct 2023 13:38:01 GMT
content-type: text/json
server: nginx
access-control-allow-credentials: true
access-control-allow-origin: https://www.vip3659q.com:8989
arrserver: chatserver2
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-security-policy: default-src 'self'
referrer-policy: no-referrer
X-Firefox-Spdy: h2
154.23.182.108
103.198.200.1
104.18.15.101
0.0.0.0