www.vip3659v.com/
102 B IP
ASN #140227 Hong Kong Communications International Co., Limited
File type HTML document, ASCII text
Hash e8ff623826abd4c3f64fcd3922537dbf
3399797e1a2342fd2d60c89e53e7710e4e04dd88
ab5dcd7bcf5e56e62e45ac74be43868b087e8a1d95eafdaeaa8eef02a27884a0
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
OpenPhish phishing Bet365
GET / HTTP/1.1
Host: www.vip3659v.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:37:23 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
Cache-Control: private, no-store, no-cache, must-revalidate, proxy-revalidate
Content-Encoding: gzip
200 OK 115 kB URL User Request GET HTTP/1.1 IP
ASN #140227 Hong Kong Communications International Co., Limited
Certificate IssuerLet's Encrypt
Subjectvip3659v.com
Fingerprint37:DB:08:60:07:09:DC:B6:2F:F8:39:98:AD:ED:4F:4E:C3:8A:4D:7A
ValidityWed, 30 Aug 2023 15:16:45 GMT - Tue, 28 Nov 2023 15:16:44 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text
Size 115 kB (114975 bytes)
Hash c21c0f18692e0a23bb3a8a7e5a6a43fa
a209f64bb34df6664ecf1635de13b7858d8193b6
cf78b1d36c50b17e2c55d2294c372a77015b23bf7b87b00e671114de3212d557
GET / HTTP/1.1
Host: www.vip3659v.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:37:24 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-html-cache: HIT-3600
X-Frame-Options: SAMEORIGIN
uuid: -
out-line: gb-site-097
Content-Encoding: gzip
ocsp.sectigo.com/
471 B IP
Hash de7314c1d8e4f2b41662ff2a141a1d54
a1e02c00282f63b18b61d420bc48ab9b71c7e059
7ac1c230d8ab43bf84f099d6dcce7a277245d03704a3a922a87815e2c6caecda
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:37:25 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sun, 01 Oct 2023 11:38:15 GMT
Expires: Sun, 08 Oct 2023 11:38:14 GMT
Etag: "a1e02c00282f63b18b61d420bc48ab9b71c7e059"
Cache-Control: max-age=424333,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 81059468ce3056b1-OSL
ocsp.sectigo.com/
471 B IP
Hash de7314c1d8e4f2b41662ff2a141a1d54
a1e02c00282f63b18b61d420bc48ab9b71c7e059
7ac1c230d8ab43bf84f099d6dcce7a277245d03704a3a922a87815e2c6caecda
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:37:25 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sun, 01 Oct 2023 11:38:15 GMT
Expires: Sun, 08 Oct 2023 11:38:14 GMT
Etag: "a1e02c00282f63b18b61d420bc48ab9b71c7e059"
Cache-Control: max-age=424828,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 81059468c86d56b5-OSL
ocsp.sectigo.com/
471 B IP
Hash de7314c1d8e4f2b41662ff2a141a1d54
a1e02c00282f63b18b61d420bc48ab9b71c7e059
7ac1c230d8ab43bf84f099d6dcce7a277245d03704a3a922a87815e2c6caecda
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:37:25 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sun, 01 Oct 2023 11:38:15 GMT
Expires: Sun, 08 Oct 2023 11:38:14 GMT
Etag: "a1e02c00282f63b18b61d420bc48ab9b71c7e059"
Cache-Control: max-age=424828,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 81059468cdaa0b06-OSL
ocsp.sectigo.com/
471 B IP
Hash de7314c1d8e4f2b41662ff2a141a1d54
a1e02c00282f63b18b61d420bc48ab9b71c7e059
7ac1c230d8ab43bf84f099d6dcce7a277245d03704a3a922a87815e2c6caecda
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:37:25 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sun, 01 Oct 2023 11:38:15 GMT
Expires: Sun, 08 Oct 2023 11:38:14 GMT
Etag: "a1e02c00282f63b18b61d420bc48ab9b71c7e059"
Cache-Control: max-age=424828,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 81059468d9585699-OSL
ocsp.sectigo.com/
471 B IP
Hash de7314c1d8e4f2b41662ff2a141a1d54
a1e02c00282f63b18b61d420bc48ab9b71c7e059
7ac1c230d8ab43bf84f099d6dcce7a277245d03704a3a922a87815e2c6caecda
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:37:25 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sun, 01 Oct 2023 11:38:15 GMT
Expires: Sun, 08 Oct 2023 11:38:14 GMT
Etag: "a1e02c00282f63b18b61d420bc48ab9b71c7e059"
Cache-Control: max-age=424828,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 81059468ec475694-OSL
www.vip3659v.com:8989/commonPage/lan/i18n.js?t=1696340244.746
200 OK 814 B URL GET HTTP/1.1 www.vip3659v.com:8989/commonPage/lan/i18n.js?t=1696340244.746
IP
ASN #140227 Hong Kong Communications International Co., Limited
Requested by https://www.vip3659v.com:8989/
Certificate IssuerLet's Encrypt
Subjectvip3659v.com
Fingerprint37:DB:08:60:07:09:DC:B6:2F:F8:39:98:AD:ED:4F:4E:C3:8A:4D:7A
ValidityWed, 30 Aug 2023 15:16:45 GMT - Tue, 28 Nov 2023 15:16:44 GMT
File type ASCII text, with very long lines (1217)
Hash 34995fba2e9d291fb332f0d8727e846c
ae6fb1a47e34048b94b629e8d2e63d4b26ce0721
02422cf08b77493ede1119e82a616246233f74713c3decebf4e6bda9134287b3
GET /commonPage/lan/i18n.js?t=1696340244.746 HTTP/1.1
Host: www.vip3659v.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659v.com:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:37:25 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
uuid: 00141-02-00000000-1696340245470b
out-line: gb-site-097
Content-Encoding: gzip
3dsa62.gaokejd.xyz/ftl/commonPage/themes/gui-skin-default.css
200 OK 6.3 kB URL GET HTTP/1.1 3dsa62.gaokejd.xyz/ftl/commonPage/themes/gui-skin-default.css
IP
ASN #138915 Kaopu Cloud HK Limited
Requested by https://www.vip3659v.com:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type Unicode text, UTF-8 (with BOM) text, with very long lines (7014)
Hash 4f6eba52b6bdba2bd8154d39c61fcaab
11a91e977ab64175dc2ec233d45c6cf9d34798b0
b4ae8f84403e1e8ea7f75cac8491e461ac6e5524260a04d772d53dd912f8e53a
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/commonPage/themes/gui-skin-default.css HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659v.com:8989/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 6253
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-05
ETag: W/"64ad1569-7b6e"
Date: Thu, 28 Sep 2023 08:02:48 GMT
Last-Modified: Tue, 11 Jul 2023 08:40:09 GMT
Expires: Sat, 28 Oct 2023 08:02:48 GMT
Age: 452077
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-05, HIT from KS-CLOUD-XG-FOREIGN-21-01
X-Cdn-Request-ID: a0586cf74f20ceecbb440660ad68dcb9
3dsa62.gaokejd.xyz/ftl/bet365-141-2/themes/style/common.css
200 OK 13 kB URL GET HTTP/1.1 3dsa62.gaokejd.xyz/ftl/bet365-141-2/themes/style/common.css
IP
ASN #138915 Kaopu Cloud HK Limited
Requested by https://www.vip3659v.com:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type assembler source, Unicode text, UTF-8 (with BOM) text, with very long lines (532)
Hash d85714aa13b8df3bbe47562a0a5b0a82
e1dd836dc82ce5c0e8586bf837a90b2efb55916a
02f1ef82366e3bb0fb19f6e5f967e5c63ea857d53803aedcf6cb8f79ee7d4ac2
GET /ftl/bet365-141-2/themes/style/common.css HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659v.com:8989/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 12593
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-01
ETag: W/"65138f5d-d024"
Date: Thu, 28 Sep 2023 08:02:48 GMT
Last-Modified: Wed, 27 Sep 2023 02:11:41 GMT
Expires: Sat, 28 Oct 2023 08:02:48 GMT
Age: 452077
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-01, HIT from KS-CLOUD-XG-FOREIGN-21-12
X-Cdn-Request-ID: 1cbbdebdecfe77116bf9bb50b44b4cf8
3dsa62.gaokejd.xyz/ftl/commonPage/themes/gui-base.css
200 OK 17 kB URL GET HTTP/1.1 3dsa62.gaokejd.xyz/ftl/commonPage/themes/gui-base.css
IP
ASN #138915 Kaopu Cloud HK Limited
Requested by https://www.vip3659v.com:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type Unicode text, UTF-8 text, with very long lines (12023)
Hash abc91330704282873c6755800f5cbf06
8677f67e781c23cadc13d0310eda118ba754339a
f481810dd316265622c2eee91fc349f6ac24367352f74c8fa849ddaf28a5c475
GET /ftl/commonPage/themes/gui-base.css HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659v.com:8989/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 16935
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-01
ETag: W/"650e8aa5-1413b"
Date: Thu, 28 Sep 2023 08:02:47 GMT
Last-Modified: Sat, 23 Sep 2023 06:50:13 GMT
Expires: Sat, 28 Oct 2023 08:02:47 GMT
Age: 452078
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-01, HIT from KS-CLOUD-XG-FOREIGN-21-06
X-Cdn-Request-ID: a759ab3c5b77534f348c2366be6bb378
3dsa62.gaokejd.xyz/ftl/bet365-141-2/themes/style/bootstrap-dialog.min.css
200 OK 630 B URL GET HTTP/1.1 3dsa62.gaokejd.xyz/ftl/bet365-141-2/themes/style/bootstrap-dialog.min.css
IP
ASN #138915 Kaopu Cloud HK Limited
Requested by https://www.vip3659v.com:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
Hash 304eb84809c6637b7cdd0dc6225c5761
e724aff10b16dc82bf1086cd3b70d8396f630d64
cb1d0b332c0218bbb360fd25d693f88293b54389caf88c36ffcfd8adc948d0e4
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/bet365-141-2/themes/style/bootstrap-dialog.min.css HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659v.com:8989/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 630
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-05
ETag: W/"6153e3b6-adc"
Date: Thu, 28 Sep 2023 08:02:48 GMT
Last-Modified: Wed, 29 Sep 2021 03:55:34 GMT
Expires: Sat, 28 Oct 2023 08:02:48 GMT
Age: 452077
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-05, HIT from KS-CLOUD-XG-FOREIGN-21-10
X-Cdn-Request-ID: b5b16d74eba5ae634d3d3ce3a338aeca
www.vip3659v.com:8989/message_zh_CN.js?v=1695807924649
200 9.8 kB URL GET HTTP/1.1 www.vip3659v.com:8989/message_zh_CN.js?v=1695807924649
IP
ASN #140227 Hong Kong Communications International Co., Limited
Requested by https://www.vip3659v.com:8989/
Certificate IssuerLet's Encrypt
Subjectvip3659v.com
Fingerprint37:DB:08:60:07:09:DC:B6:2F:F8:39:98:AD:ED:4F:4E:C3:8A:4D:7A
ValidityWed, 30 Aug 2023 15:16:45 GMT - Tue, 28 Nov 2023 15:16:44 GMT
File type Unicode text, UTF-8 text, with very long lines (17948)
Hash 16d2b39f43c2e63099526eaa0e1bd5de
b9735cecdbc80252aa2bee9a7c86915d746b31ff
142afe35d294149ef6c9f9ad052a085d9bd4b5e18eba50361b1c1f2d26c38e6c
GET /message_zh_CN.js?v=1695807924649 HTTP/1.1
Host: www.vip3659v.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659v.com:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200
Date: Tue, 03 Oct 2023 13:37:26 GMT
Content-Type: application/javascript;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:37:26 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: 00141-02-00000000-169634024606cc
out-line: gb-site-097
3dsa62.gaokejd.xyz/ftl/bet365-141-2/themes/style/swiper-4.3.3.min.css
200 OK 3.1 kB URL GET HTTP/1.1 3dsa62.gaokejd.xyz/ftl/bet365-141-2/themes/style/swiper-4.3.3.min.css
IP
ASN #138915 Kaopu Cloud HK Limited
Requested by https://www.vip3659v.com:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type ASCII text, with very long lines (19512)
Hash f29b1aec530d4ecb1255894948203345
ec15a3a265c1556fae8f9553d371423df9653c50
f476606c821fd23ba0fcae1845e3e45ae39f6040921de2d96698ad7d1e922f3e
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/bet365-141-2/themes/style/swiper-4.3.3.min.css HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659v.com:8989/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 3094
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-01
ETag: W/"6153e3b6-4d3d"
Date: Thu, 28 Sep 2023 08:02:48 GMT
Last-Modified: Wed, 29 Sep 2021 03:55:34 GMT
Expires: Sat, 28 Oct 2023 08:02:48 GMT
Age: 452077
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-01, HIT from KS-CLOUD-XG-FOREIGN-21-07
X-Cdn-Request-ID: e40f9c7df919c807734b2d95021ff84a
3dsa62.gaokejd.xyz/ftl/commonPage/js/jquery/jquery-1.11.3.min.js
200 OK 34 kB URL GET HTTP/1.1 3dsa62.gaokejd.xyz/ftl/commonPage/js/jquery/jquery-1.11.3.min.js
IP
ASN #138915 Kaopu Cloud HK Limited
Requested by https://www.vip3659v.com:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type ASCII text, with very long lines (32038)
Hash b091a47f6b91e26c93a848092c6f3788
52918af2d431e73464060b35d364640c8db75606
329ab92b9276ef4e3148f69be6b208969bebdf2db3121a589caa172453fd9f10
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/commonPage/js/jquery/jquery-1.11.3.min.js HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659v.com:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 33545
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-05
ETag: W/"5d848f4f-176d4"
Date: Thu, 28 Sep 2023 08:02:48 GMT
Last-Modified: Fri, 20 Sep 2019 08:35:27 GMT
Expires: Sat, 28 Oct 2023 08:02:48 GMT
Age: 452077
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-05, HIT from KS-CLOUD-XG-FOREIGN-21-11
X-Cdn-Request-ID: aa607520903472fd90015c94f421eaaa
3dsa62.gaokejd.xyz/ftl/commonPage/js/float.js
200 OK 1.9 kB URL GET HTTP/1.1 3dsa62.gaokejd.xyz/ftl/commonPage/js/float.js
IP
ASN #138915 Kaopu Cloud HK Limited
Requested by https://www.vip3659v.com:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
Hash 829af863b0cdc4a603919824ae046299
1d417b1553e4ecb7125ebf2005b74255291fbf73
1dbe4afbc9ed220c08b9e95577b56f83e2e8e0f7620c5dc18266bb325e5bb271
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/commonPage/js/float.js HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659v.com:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 1929
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-01
ETag: W/"612747ba-1b2f"
Date: Thu, 28 Sep 2023 08:02:49 GMT
Last-Modified: Thu, 26 Aug 2021 07:50:18 GMT
Expires: Sat, 28 Oct 2023 08:02:49 GMT
Age: 452076
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-01, HIT from KS-CLOUD-XG-FOREIGN-21-09
X-Cdn-Request-ID: 6b3d76cfdba53ac5a66171f41d35103d
3dsa62.gaokejd.xyz/ftl/commonPage/js/websocket/Comet.js
200 OK 4.0 kB URL GET HTTP/1.1 3dsa62.gaokejd.xyz/ftl/commonPage/js/websocket/Comet.js
IP
ASN #138915 Kaopu Cloud HK Limited
Requested by https://www.vip3659v.com:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
Hash 4de3e8bcf2f02d60519ca0d3584d3b8e
6323c2bf18b1bbf968e164bdf2e58d7677f67f8a
6cf6e96f51f13834e233bee9a9040f6eff70601dc0b755e60885b20550b35a9f
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/commonPage/js/websocket/Comet.js HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659v.com:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 4031
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-02
ETag: W/"60f60fb5-43bc"
Date: Thu, 28 Sep 2023 08:02:49 GMT
Last-Modified: Mon, 19 Jul 2021 23:50:13 GMT
Expires: Sat, 28 Oct 2023 08:02:49 GMT
Age: 452076
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-02, HIT from KS-CLOUD-XG-FOREIGN-21-17
X-Cdn-Request-ID: 5a073afaaa53038296b88c125e6ab6f2
3dsa62.gaokejd.xyz/ftl/commonPage/js/websocket/CometMarathon.js
200 OK 3.3 kB URL GET HTTP/1.1 3dsa62.gaokejd.xyz/ftl/commonPage/js/websocket/CometMarathon.js
IP
ASN #138915 Kaopu Cloud HK Limited
Requested by https://www.vip3659v.com:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
Hash 3b4680db1e065116488f065419ca9f58
6c646601c5656ff6cb1fdf9d5b95823f41e9bcfa
e2bfb9fc21f2a1a6e33c7c5ed20de13ef2ef4bcf266aa4b2e6f2fee06f8f4eaf
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/commonPage/js/websocket/CometMarathon.js HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659v.com:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 3316
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-02
ETag: W/"6260ddd4-2f13"
Date: Thu, 28 Sep 2023 08:02:49 GMT
Last-Modified: Thu, 21 Apr 2022 04:30:12 GMT
Expires: Sat, 28 Oct 2023 08:02:49 GMT
Age: 452076
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-02, HIT from KS-CLOUD-XG-FOREIGN-21-17
X-Cdn-Request-ID: aa5621a92c923cedc70d3fa1227476de
3dsa62.gaokejd.xyz/ftl/commonPage/js/idangerous.swiper.min.js
200 OK 12 kB URL GET HTTP/1.1 3dsa62.gaokejd.xyz/ftl/commonPage/js/idangerous.swiper.min.js
IP
ASN #138915 Kaopu Cloud HK Limited
Requested by https://www.vip3659v.com:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type ASCII text, with very long lines (32034)
Hash f15409fb02c527ce1f66a2fd3c4aa0e9
1e1e1bcc0f49e99e14ba34991cffe0745178d302
1a1b5d3d6fbfc28abe37a668abd59494208c63c5f0b5d040cf4bbbd137f87c27
GET /ftl/commonPage/js/idangerous.swiper.min.js HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659v.com:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 11957
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-02
ETag: W/"64d5b951-b083"
Date: Thu, 28 Sep 2023 08:02:49 GMT
Last-Modified: Fri, 11 Aug 2023 04:30:09 GMT
Expires: Sat, 28 Oct 2023 08:02:49 GMT
Age: 452076
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-02, HIT from KS-CLOUD-XG-FOREIGN-21-12
X-Cdn-Request-ID: dfaaa7c878b1c88d74b9bb2fec6359da
3dsa62.gaokejd.xyz/ftl/commonPage/js/websocket/PopUp.js
200 OK 797 B URL GET HTTP/1.1 3dsa62.gaokejd.xyz/ftl/commonPage/js/websocket/PopUp.js
IP
ASN #138915 Kaopu Cloud HK Limited
Requested by https://www.vip3659v.com:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
Hash 07864ad2e2759d53f8f2f14dd4295bd9
95144219e2eb702c4c4a707c3622b086876cf41c
871bf30791bb89605b61cea815c3786246274b65ede3b8a8b8c2dd9244cfa89d
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/commonPage/js/websocket/PopUp.js HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659v.com:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 797
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-05
ETag: W/"6260ddd4-828"
Date: Thu, 28 Sep 2023 08:02:49 GMT
Last-Modified: Thu, 21 Apr 2022 04:30:12 GMT
Expires: Sat, 28 Oct 2023 08:02:49 GMT
Age: 452076
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-05, HIT from KS-CLOUD-XG-FOREIGN-21-04
X-Cdn-Request-ID: 5756e52dab8a950492e7ee38d86aeb78
3dsa62.gaokejd.xyz/ftl/commonPage/themes/gui-layer.css
200 OK 6.9 kB URL GET HTTP/1.1 3dsa62.gaokejd.xyz/ftl/commonPage/themes/gui-layer.css
IP
ASN #137280 Kingsoft cloud corporation limited
Requested by https://www.vip3659v.com:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type Unicode text, UTF-8 text, with very long lines (489)
Hash 858eefc3fa70af7d0115c901908471f5
29c181bbbc09a424f7de7cb57629bd8a9e3c679a
9f6a77c93f998e065f1ed52eb9943a3c560a50366bba2c8a34a4a1223c793caf
GET /ftl/commonPage/themes/gui-layer.css HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3dsa62.gaokejd.xyz/ftl/commonPage/themes/gui-base.css
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 6923
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-02
ETag: W/"64ddd5e1-c760"
Date: Thu, 28 Sep 2023 08:02:49 GMT
Last-Modified: Thu, 17 Aug 2023 08:10:09 GMT
Expires: Sat, 28 Oct 2023 08:02:49 GMT
Age: 452077
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg03:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-02, HIT from KS-CLOUD-XG-FOREIGN-03-11
X-Cdn-Request-ID: d178dca83fc488b6738aed2b78d2399b
3dsa62.gaokejd.xyz/ftl/commonPage/themes/hongbao.css
200 OK 5.7 kB URL GET HTTP/1.1 3dsa62.gaokejd.xyz/ftl/commonPage/themes/hongbao.css
IP
ASN #137280 Kingsoft cloud corporation limited
Requested by https://www.vip3659v.com:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type Unicode text, UTF-8 text, with very long lines (336)
Hash 499a3a64bcf22609681f5337a6360c80
fc05a8a391c8375ea4e47183eca56a18bed8fca7
5339bf22971b6400e64154decc06b84fd4be337c2758cc7ca565756c92c97894
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/commonPage/themes/hongbao.css HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3dsa62.gaokejd.xyz/ftl/commonPage/themes/gui-base.css
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 5666
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-06
ETag: W/"64252e4f-d530"
Date: Thu, 28 Sep 2023 08:02:49 GMT
Last-Modified: Thu, 30 Mar 2023 06:38:07 GMT
Expires: Sat, 28 Oct 2023 08:02:49 GMT
Age: 452077
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg03:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-06, HIT from KS-CLOUD-XG-03-03
X-Cdn-Request-ID: c28302c069b3d9017d79d68abb4cecc2
3dsa62.gaokejd.xyz/ftl/commonPage/js/lazyload.js
200 OK 2.7 kB URL GET HTTP/1.1 3dsa62.gaokejd.xyz/ftl/commonPage/js/lazyload.js
IP
ASN #138915 Kaopu Cloud HK Limited
Requested by https://www.vip3659v.com:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
Hash 58f1a7fa1a19b0e5ad0a5bad974b98cf
6963ce7378e6c992de06e7e77d79432a0d38f54d
fb513dceb383ebeda507b1e1cc89ab4d73de071d8aa4fc78bc22f66e7fc5a7e4
GET /ftl/commonPage/js/lazyload.js HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659v.com:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 2731
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-06
ETag: W/"64d05f66-2f79"
Date: Thu, 28 Sep 2023 08:02:48 GMT
Last-Modified: Mon, 07 Aug 2023 03:05:10 GMT
Expires: Sat, 28 Oct 2023 08:02:48 GMT
Age: 452078
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-06, HIT from KS-CLOUD-XG-FOREIGN-21-20
X-Cdn-Request-ID: 7ac64b91a964ddcac10e481d54417825
3dsa62.gaokejd.xyz/ftl/commonPage/js/gui-base.js
200 OK 16 kB URL GET HTTP/1.1 3dsa62.gaokejd.xyz/ftl/commonPage/js/gui-base.js
IP
ASN #138915 Kaopu Cloud HK Limited
Requested by https://www.vip3659v.com:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type HTML document, Unicode text, UTF-8 text, with very long lines (11056)
Hash 4007cfe0a95df1d6a9f4252e636f995f
b0f9a2ad5c49b9b50ac5d025c8e9ce803eb5d7a8
4370313fa317e44140f85bba141ec24c2c9ef674593779d3349d2a44001699d0
GET /ftl/commonPage/js/gui-base.js HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659v.com:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 15779
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-04
ETag: W/"64ddbaed-ee5c"
Date: Thu, 28 Sep 2023 08:02:49 GMT
Last-Modified: Thu, 17 Aug 2023 06:15:09 GMT
Expires: Sat, 28 Oct 2023 08:02:49 GMT
Age: 452076
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-04, HIT from KS-CLOUD-XG-FOREIGN-21-10
X-Cdn-Request-ID: c2b968bad9725bd819baa42aec401651
3dsa62.gaokejd.xyz/ftl/commonPage/js/bootstrap-dialog.min.js
200 OK 5.0 kB URL GET HTTP/1.1 3dsa62.gaokejd.xyz/ftl/commonPage/js/bootstrap-dialog.min.js
IP
ASN #138915 Kaopu Cloud HK Limited
Requested by https://www.vip3659v.com:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type ASCII text, with very long lines (20132), with no line terminators
Hash 5ce8851dc823429a42ab6147554403cc
28f381f0e0aa4f5d56690e65723bd97fb59a38e6
dd1edf5e54071903c4c1e81e33636444899d645df6b18bad22249da07f91c811
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/commonPage/js/bootstrap-dialog.min.js HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659v.com:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 5007
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-02
ETag: W/"5d848f4f-4ea4"
Date: Thu, 28 Sep 2023 08:02:49 GMT
Last-Modified: Fri, 20 Sep 2019 08:35:27 GMT
Expires: Sat, 28 Oct 2023 08:02:49 GMT
Age: 452076
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-02, HIT from KS-CLOUD-XG-FOREIGN-21-10
X-Cdn-Request-ID: 32fdb60b3dade11a8d88c69ea66ee34a
3dsa62.gaokejd.xyz/ftl/commonPage/js/layer.js
200 OK 7.6 kB URL GET HTTP/1.1 3dsa62.gaokejd.xyz/ftl/commonPage/js/layer.js
IP
ASN #138915 Kaopu Cloud HK Limited
Requested by https://www.vip3659v.com:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type Unicode text, UTF-8 text, with very long lines (21922)
Hash c42797aecccd5494e2b747cedf1a890b
b9e06a6d245b6a3c87f2753db0c9c9aa020640b2
56feab66e10b4718de666fc63941b4f36a5e553e8887d663e137e635add8beb3
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/commonPage/js/layer.js HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659v.com:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 7599
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-03
ETag: W/"5d848f4f-55f6"
Date: Thu, 28 Sep 2023 08:02:49 GMT
Last-Modified: Fri, 20 Sep 2019 08:35:27 GMT
Expires: Sat, 28 Oct 2023 08:02:49 GMT
Age: 452077
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-03, HIT from KS-CLOUD-XG-FOREIGN-21-15
X-Cdn-Request-ID: 1214faf5d66111de9fa74364fc54bfa1
3dsa62.gaokejd.xyz/ftl/commonPage/js/jquery/jquery.super-marquee.js
200 OK 1.4 kB URL GET HTTP/1.1 3dsa62.gaokejd.xyz/ftl/commonPage/js/jquery/jquery.super-marquee.js
IP
ASN #137280 Kingsoft cloud corporation limited
Requested by https://www.vip3659v.com:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type ASCII text, with very long lines (4433), with no line terminators
Hash f77d83590bc0a69298f2fbcc5d9911cd
1d6aa25d7052f53ad0181385e5efe72f224bbdb9
1d042b9441e860ddcc01b9e9e5e8d354121ee0e31b47f6e18a321e2e633d22e7
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/commonPage/js/jquery/jquery.super-marquee.js HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659v.com:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 1421
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-06
ETag: W/"5d848f4f-1151"
Date: Thu, 28 Sep 2023 08:02:49 GMT
Last-Modified: Fri, 20 Sep 2019 08:35:27 GMT
Expires: Sat, 28 Oct 2023 08:02:49 GMT
Age: 452077
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg03:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-06, HIT from KS-CLOUD-XG-FOREIGN-03-10
X-Cdn-Request-ID: 46344bbd30ea55bf34f6626215615b79
3dsa62.gaokejd.xyz/ftl/commonPage/js/jquery/jquery.nicescroll.min.js
200 OK 17 kB URL GET HTTP/1.1 3dsa62.gaokejd.xyz/ftl/commonPage/js/jquery/jquery.nicescroll.min.js
IP
ASN #137280 Kingsoft cloud corporation limited
Requested by https://www.vip3659v.com:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type ASCII text, with very long lines (64577)
Hash b5bc8cd626b389bde727a91e6ce79436
3df6c39300ac286cf596b3bda273cb39ff825429
a1eb48eeb3b3f2ba41940d3041464f0b386b7a7c4a8acb42f3017e691f4b116e
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/commonPage/js/jquery/jquery.nicescroll.min.js HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659v.com:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 17446
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-02
ETag: W/"5d848f4f-fc8b"
Date: Thu, 28 Sep 2023 08:02:49 GMT
Last-Modified: Fri, 20 Sep 2019 08:35:27 GMT
Expires: Sat, 28 Oct 2023 08:02:49 GMT
Age: 452077
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding, Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
Content-Encoding: gzip
x-link-via: xg03:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-02, HIT from KS-CLOUD-XG-03-03
X-Cdn-Request-ID: f5f559e240424642b8d359fbcb8d4962
3dsa62.gaokejd.xyz/061410/rcenter/common/js/jquery/plugins/jquery.validate/jquery.validate.js
200 OK 7.7 kB URL GET HTTP/1.1 3dsa62.gaokejd.xyz/061410/rcenter/common/js/jquery/plugins/jquery.validate/jquery.validate.js
IP
ASN #138915 Kaopu Cloud HK Limited
Requested by https://www.vip3659v.com:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type Unicode text, UTF-8 text, with very long lines (27669)
Hash f8c2b37c1dc626eede6a2e3e37aa4504
d4e8419497caa64c8a850ac4808dddb89b5eeb3f
728d63b799ab3d9bee5e987ad13f71aeb9d30ff78ed552c7edc425531c9c0f2a
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /061410/rcenter/common/js/jquery/plugins/jquery.validate/jquery.validate.js HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659v.com:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 7746
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-05
ETag: W/"650aa3e4-6caf"
Date: Thu, 28 Sep 2023 08:04:55 GMT
Last-Modified: Wed, 20 Sep 2023 07:48:52 GMT
Expires: Sat, 28 Oct 2023 08:04:55 GMT
Age: 451951
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-204
x-link-via: xg21:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-05, HIT from KS-CLOUD-XG-FOREIGN-21-13
X-Cdn-Request-ID: fd1c764473188382a835e75dcc1fd829
3dsa62.gaokejd.xyz/061410/rcenter/common/static/js/gb.validation.min.js?v=1695807924649
200 OK 5.2 kB URL GET HTTP/1.1 3dsa62.gaokejd.xyz/061410/rcenter/common/static/js/gb.validation.min.js?v=1695807924649
IP
ASN #137280 Kingsoft cloud corporation limited
Requested by https://www.vip3659v.com:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type Unicode text, UTF-8 text, with very long lines (801)
Hash 30be40425b37bee4158676082cef1f4d
b41ed46721936872d5d7eadf303ce22938240d2a
f5ca5f543161a6b37ca2bf26c4f3c630fe08323108c77dac1fba6ce755ce6f47
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /061410/rcenter/common/static/js/gb.validation.min.js?v=1695807924649 HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659v.com:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 5207
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-01
ETag: W/"633d510e-7fd7"
Date: Thu, 28 Sep 2023 08:04:55 GMT
Last-Modified: Wed, 05 Oct 2022 09:40:30 GMT
Expires: Sat, 28 Oct 2023 08:04:55 GMT
Age: 451951
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-204
x-link-via: xg03:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-01, HIT from KS-CLOUD-XG-03-03
X-Cdn-Request-ID: a25b6791e96e56049d3f67bbb657732f
3dsa62.gaokejd.xyz/061410/rcenter/common/js/gamebox/common/jquery.validate.extend.msites.js
200 OK 4.1 kB URL GET HTTP/1.1 3dsa62.gaokejd.xyz/061410/rcenter/common/js/gamebox/common/jquery.validate.extend.msites.js
IP
ASN #138915 Kaopu Cloud HK Limited
Requested by https://www.vip3659v.com:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type Unicode text, UTF-8 text, with very long lines (14855), with no line terminators
Hash 4fe7dadf050dad2dcfd386d21b880281
07e7feb8dc9309fe66d86d7a9e27f8efd32ab0bd
aa891aafe8e98e1e15d81b2b116e6c3808d0bbbec56cd24818e2e7ac911877c9
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /061410/rcenter/common/js/gamebox/common/jquery.validate.extend.msites.js HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659v.com:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 4126
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-05
ETag: W/"650aa3e4-3a09"
Date: Thu, 28 Sep 2023 08:04:55 GMT
Last-Modified: Wed, 20 Sep 2023 07:48:52 GMT
Expires: Sat, 28 Oct 2023 08:04:55 GMT
Age: 451951
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-05, HIT from KS-CLOUD-XG-FOREIGN-21-18
X-Cdn-Request-ID: 416bf90e1ffe451b564b5e85b258f314
3dsa62.gaokejd.xyz/061410/rcenter/common/static/css/gb.validation.min.css
200 OK 3.8 kB URL GET HTTP/1.1 3dsa62.gaokejd.xyz/061410/rcenter/common/static/css/gb.validation.min.css
IP
ASN #137280 Kingsoft cloud corporation limited
Requested by https://www.vip3659v.com:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type Unicode text, UTF-8 text, with very long lines (2295)
Hash f00ce0554efc5adea6a8e02d5e501cad
388840e376568b37ac0103aa5c87a268778db67a
3043f42fdd97ec607648da79c3abfa6f364404c7594143227c2541d1f0ac6069
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /061410/rcenter/common/static/css/gb.validation.min.css HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659v.com:8989/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 3788
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-02
ETag: W/"633d510e-2d52"
Date: Thu, 28 Sep 2023 08:05:20 GMT
Last-Modified: Wed, 05 Oct 2022 09:40:30 GMT
Expires: Sat, 28 Oct 2023 08:05:20 GMT
Age: 451926
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-204
x-link-via: xg03:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-02, HIT from KS-CLOUD-XG-03-13
X-Cdn-Request-ID: 02aa74c54cf33c8ac34ea600082a4767
3dsa62.gaokejd.xyz/ftl/commonPage/themes/hb/css/pc.css
200 OK 911 B URL GET HTTP/1.1 3dsa62.gaokejd.xyz/ftl/commonPage/themes/hb/css/pc.css
IP
ASN #138915 Kaopu Cloud HK Limited
Requested by https://www.vip3659v.com:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
Hash 1da71520b7a0a61526a8fa8d0feb40d1
ba1bf69dad8783563328054cae58ccabf1b00829
5eb4d895bcb33061cda238c8ff4985ede69a866819b980c732cf3802ec101e8d
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/commonPage/themes/hb/css/pc.css HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659v.com:8989/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 911
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-05
ETag: W/"5d848f4f-b5d"
Date: Thu, 28 Sep 2023 08:02:48 GMT
Last-Modified: Fri, 20 Sep 2019 08:35:27 GMT
Expires: Sat, 28 Oct 2023 08:02:48 GMT
Age: 452078
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-05, HIT from KS-CLOUD-XG-FOREIGN-21-04
X-Cdn-Request-ID: 69dad17746b5e988755b99b0865601a2
3dsa62.gaokejd.xyz/ftl/commonPage/js/theme/default/layer.css?v=3.1.0
200 OK 3.1 kB URL GET HTTP/1.1 3dsa62.gaokejd.xyz/ftl/commonPage/js/theme/default/layer.css?v=3.1.0
IP
ASN #138915 Kaopu Cloud HK Limited
Requested by https://www.vip3659v.com:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
Hash 5cf9259b7dd27aacd46161ec23d261cf
ba0c399616a5ae9cdd8aec5b76ba4aae4822367c
7f73a66b3a9a38576d124b6243a8984d795028e3493b8fa3f688d8dbe10cbccc
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/commonPage/js/theme/default/layer.css?v=3.1.0 HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659v.com:8989/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 3111
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-05
ETag: W/"6131d862-48e4"
Date: Thu, 28 Sep 2023 08:02:49 GMT
Last-Modified: Fri, 03 Sep 2021 08:10:10 GMT
Expires: Sat, 28 Oct 2023 08:02:49 GMT
Age: 452077
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-204
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-05, HIT from KS-CLOUD-XG-FOREIGN-21-03
X-Cdn-Request-ID: dd9112c027a1d36ed28749ab162acfe7
3dsa62.gaokejd.xyz/ftl/commonPage/js/moment.js
200 OK 27 kB URL GET HTTP/1.1 3dsa62.gaokejd.xyz/ftl/commonPage/js/moment.js
IP
ASN #138915 Kaopu Cloud HK Limited
Requested by https://www.vip3659v.com:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type Algol 68 source text\012- Pascal source, Unicode text, UTF-8 text
Hash 36c8f828395a9395549bd6e7307cb7e9
f30a4961558e2d3d4405e7d93aa28fdb63245e78
5d5e32fa1e06a0bc9396f349d142ad248e82086543e438c890e43f41e692db33
GET /ftl/commonPage/js/moment.js HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659v.com:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 26968
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-01
ETag: W/"64b633ca-1cab9"
Date: Thu, 28 Sep 2023 08:02:48 GMT
Last-Modified: Tue, 18 Jul 2023 06:40:10 GMT
Expires: Sat, 28 Oct 2023 08:02:48 GMT
Age: 452078
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-01, HIT from KS-CLOUD-XG-FOREIGN-21-06
X-Cdn-Request-ID: a437ead8afbe06aeaec3a3f2b279d046
www.vip3659v.com:8989/ftl/bet365-141-2/themes/images/hot.gif
200 OK 1.3 kB URL GET HTTP/1.1 www.vip3659v.com:8989/ftl/bet365-141-2/themes/images/hot.gif
IP
ASN #140227 Hong Kong Communications International Co., Limited
Requested by https://www.vip3659v.com:8989/
Certificate IssuerLet's Encrypt
Subjectvip3659v.com
Fingerprint37:DB:08:60:07:09:DC:B6:2F:F8:39:98:AD:ED:4F:4E:C3:8A:4D:7A
ValidityWed, 30 Aug 2023 15:16:45 GMT - Tue, 28 Nov 2023 15:16:44 GMT
File type GIF image data, version 89a, 16 x 21\012- data
Hash 98b6e28b9ec42fb2cfeeb767adf534b0
ec30e424f3b775ad1d9b80e8947a4646ee8c5af9
06011ce85e775ecfeda87eaca9ee6ac75cb9522cefe71448d8b04adc81bd9f67
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/bet365-141-2/themes/images/hot.gif HTTP/1.1
Host: www.vip3659v.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659v.com:8989/
Cookie: sticket=0TkRGaVlpMDVZak5s
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:37:27 GMT
Content-Type: image/gif
Content-Length: 1265
Connection: keep-alive
Last-Modified: Mon, 15 Jul 2019 12:48:03 GMT
ETag: "5d2c7603-4f1"
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:37:27 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-097
Accept-Ranges: bytes
3dsa62.gaokejd.xyz/ftl/bet365-141-2/plugin/js/swiper-4.3.3.min.js
200 OK 32 kB URL GET HTTP/1.1 3dsa62.gaokejd.xyz/ftl/bet365-141-2/plugin/js/swiper-4.3.3.min.js
IP
ASN #138915 Kaopu Cloud HK Limited
Requested by https://www.vip3659v.com:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type ASCII text, with very long lines (65275)
Hash 317fd00903b68a157500b40495e8d74e
29ba73703d5c1d5390551e9fb230a3f1ace1437e
efac6fec2ba437b6a906e249fad9de3c7d3c105a48136b0155376b5989c4d76a
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/bet365-141-2/plugin/js/swiper-4.3.3.min.js HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659v.com:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 31739
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-01
ETag: W/"614d2b23-1df6f"
Date: Thu, 28 Sep 2023 08:02:48 GMT
Last-Modified: Fri, 24 Sep 2021 01:34:27 GMT
Expires: Sat, 28 Oct 2023 08:02:48 GMT
Age: 452079
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-01, HIT from KS-CLOUD-XG-FOREIGN-21-15
X-Cdn-Request-ID: a008607d7bc5506dd4d841a8ad6121e8
3dsa62.gaokejd.xyz/ftl/commonPage/zh_CN/mobileTopic/images/special_3.jpg
200 OK 6.9 kB URL GET HTTP/1.1 3dsa62.gaokejd.xyz/ftl/commonPage/zh_CN/mobileTopic/images/special_3.jpg
IP
ASN #137280 Kingsoft cloud corporation limited
Requested by https://www.vip3659v.com:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 168x168, components 3\012- data
Hash 99be4bfe275809d4e436b77c991b1381
54eadee77394eb62ccf377ae68d9f49acb5b6785
4ca35131972acdf420b94f0d64a5a0f504eb5a7b0e6fb7b8b467916a12aae37d
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/commonPage/zh_CN/mobileTopic/images/special_3.jpg HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659v.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 6871
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-04
ETag: "5d848f4f-1ad7"
Date: Thu, 28 Sep 2023 08:02:48 GMT
Last-Modified: Fri, 20 Sep 2019 08:35:27 GMT
Expires: Sat, 28 Oct 2023 08:02:48 GMT
Age: 452078
Cache-Control: max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg03:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-04, HIT from KS-CLOUD-XG-03-12
X-Cdn-Request-ID: d923f3ef22347396dc0959e5f43b5dd3
ocsp.r2m03.amazontrust.com/
471 B URL ocsp.r2m03.amazontrust.com/
IP
Hash 00aa4324a57d96076bf9ead97e0cd2c4
11bd3f1b68688e934bdb11e0482fe09edffbbe6f
cf53a0bfc3100634116ffed31018be8491f019094800dd4b48b781e6bf51b0e4
POST / HTTP/1.1
Host: ocsp.r2m03.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Tue, 03 Oct 2023 13:37:27 GMT
Last-Modified: Tue, 03 Oct 2023 13:34:08 GMT
Server: ECAcc (ska/F73C)
X-Cache: Miss from cloudfront
Via: 1.1 dbfaae0db03f11cf713bbcbdb25be4a2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: or_YnZEjV_LIjK0AGT3rQz2OSrXMHW9k-gGB-R2iH9efVQNHXNDcww==
Age: 200
www.vip3659v.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_60_7006.png
200 OK 20 kB URL GET HTTP/1.1 www.vip3659v.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_60_7006.png
IP
ASN #140227 Hong Kong Communications International Co., Limited
Requested by https://www.vip3659v.com:8989/
Certificate IssuerLet's Encrypt
Subjectvip3659v.com
Fingerprint37:DB:08:60:07:09:DC:B6:2F:F8:39:98:AD:ED:4F:4E:C3:8A:4D:7A
ValidityWed, 30 Aug 2023 15:16:45 GMT - Tue, 28 Nov 2023 15:16:44 GMT
File type PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Hash 7facd57d474585a0c9e3b2b6d4762969
814362f72beba19c7dfb93b8d2bc760f87a2a00e
3bf01b8e569dbd7060d7dcb2222e7e3ebc9e42f715535df2315c877fed9046bd
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_60_7006.png HTTP/1.1
Host: www.vip3659v.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659v.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:37:27 GMT
Content-Type: image/png
Content-Length: 20484
Connection: keep-alive
Last-Modified: Sat, 11 Sep 2021 09:11:25 GMT
ETag: "613c72bd-5004"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:37:27 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-097
Accept-Ranges: bytes
www.vip3659v.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_65_5011.png
200 OK 23 kB URL GET HTTP/1.1 www.vip3659v.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_65_5011.png
IP
ASN #140227 Hong Kong Communications International Co., Limited
Requested by https://www.vip3659v.com:8989/
Certificate IssuerLet's Encrypt
Subjectvip3659v.com
Fingerprint37:DB:08:60:07:09:DC:B6:2F:F8:39:98:AD:ED:4F:4E:C3:8A:4D:7A
ValidityWed, 30 Aug 2023 15:16:45 GMT - Tue, 28 Nov 2023 15:16:44 GMT
File type PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Hash 2ae6a25328f92bbd4f06bf83f0d64a34
a182c94addc49f545829566f4f87e7cdf5a2b16a
92d81aa551c89d28170300c1d6ae6e5795e33ac101988de54570fae720fa15c9
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_65_5011.png HTTP/1.1
Host: www.vip3659v.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659v.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:37:27 GMT
Content-Type: image/png
Content-Length: 23076
Connection: keep-alive
Last-Modified: Mon, 15 May 2023 01:55:35 GMT
ETag: "64619117-5a24"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:37:27 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-097
Accept-Ranges: bytes
www.vip3659v.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_65_5006.png
200 OK 20 kB URL GET HTTP/1.1 www.vip3659v.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_65_5006.png
IP
ASN #140227 Hong Kong Communications International Co., Limited
Requested by https://www.vip3659v.com:8989/
Certificate IssuerLet's Encrypt
Subjectvip3659v.com
Fingerprint37:DB:08:60:07:09:DC:B6:2F:F8:39:98:AD:ED:4F:4E:C3:8A:4D:7A
ValidityWed, 30 Aug 2023 15:16:45 GMT - Tue, 28 Nov 2023 15:16:44 GMT
File type PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Hash 7769f6a35df5811fbe7fa97b2aea9a1c
2875a7cfef0a8a296374aba27f95a8a8d79b8acf
855a9b3bb8c24ca1ed6cbf42331ff6a243e03b1452d8c2d371df11d861f8712b
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_65_5006.png HTTP/1.1
Host: www.vip3659v.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659v.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:37:27 GMT
Content-Type: image/png
Content-Length: 20434
Connection: keep-alive
Last-Modified: Fri, 09 Aug 2019 09:47:47 GMT
ETag: "5d4d4143-4fd2"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:37:27 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-097
Accept-Ranges: bytes
www.vip3659v.com:8989/index/getAppsUrl.html?device=android
200 912 B URL GET HTTP/1.1 www.vip3659v.com:8989/index/getAppsUrl.html?device=android
IP
ASN #140227 Hong Kong Communications International Co., Limited
Requested by https://www.vip3659v.com:8989/
Certificate IssuerLet's Encrypt
Subjectvip3659v.com
Fingerprint37:DB:08:60:07:09:DC:B6:2F:F8:39:98:AD:ED:4F:4E:C3:8A:4D:7A
ValidityWed, 30 Aug 2023 15:16:45 GMT - Tue, 28 Nov 2023 15:16:44 GMT
File type JSON data\012- , ASCII text, with very long lines (1156), with no line terminators
Hash d29707fec1a447a3091e736b24ca8c90
bf3a428d67b4d1e85e651418572708b977ebfd64
cccf0634439b2d290e5e1618da385a39486361d0beee06775f6fcd17aec478c6
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /index/getAppsUrl.html?device=android HTTP/1.1
Host: www.vip3659v.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659v.com:8989/
Cookie: sticket=0TkRGaVlpMDVZak5s
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200
Date: Tue, 03 Oct 2023 13:37:28 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Set-Cookie: route=f33ee5a1dfc5b32aa468916b583888ca; Path=/
Content-Disposition: inline;filename=f.txt
sub-sys: msite
Content-Encoding: gzip
X-Frame-Options: SAMEORIGIN
uuid: 00141-02-00000000-1696340247585d
out-line: gb-site-097
www.vip3659v.com:8989/mobile-api/v5/origin/getFloat.html
200 2.6 kB URL POST HTTP/1.1 www.vip3659v.com:8989/mobile-api/v5/origin/getFloat.html
IP
ASN #140227 Hong Kong Communications International Co., Limited
Requested by https://www.vip3659v.com:8989/
Certificate IssuerLet's Encrypt
Subjectvip3659v.com
Fingerprint37:DB:08:60:07:09:DC:B6:2F:F8:39:98:AD:ED:4F:4E:C3:8A:4D:7A
ValidityWed, 30 Aug 2023 15:16:45 GMT - Tue, 28 Nov 2023 15:16:44 GMT
File type JSON data\012- HTML document, Unicode text, UTF-8 text, with very long lines (6686), with no line terminators
Hash 3a2ea604ecbba7d4dff15307b40b4484
61f300e5028c65c81db6d6b922f83f70cbeb3de8
4caeda93294300606ea1945c785dfe5b49811c2a17a7eef13a9a86d6a337070d
POST /mobile-api/v5/origin/getFloat.html HTTP/1.1
Host: www.vip3659v.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 68
Origin: https://www.vip3659v.com:8989
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659v.com:8989/
Cookie: sticket=0TkRGaVlpMDVZak5s
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200
Date: Tue, 03 Oct 2023 13:37:28 GMT
Content-Type: text/html;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Set-Cookie: route=608b49d6269bc6506d42172c4da4c169; Path=/
Access-Control-Allow-Origin: https://www.vip3659v.com:8989
Access-Control-Allow-Methods: *
Access-Control-Max-Age: 3600
Access-Control-Allow-Headers: Content-Type,Access-Token,X-Requested-With
Content-Disposition: inline;filename=f.txt
sub-sys: mobile
Content-Encoding: gzip
X-Frame-Options: SAMEORIGIN
uuid: 00141-02-00000000-1696340247f939
out-line: gb-site-097
www.vip3659v.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_65_5009.png
404 Not Found 150 B URL GET HTTP/1.1 www.vip3659v.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_65_5009.png
IP
ASN #140227 Hong Kong Communications International Co., Limited
Requested by https://www.vip3659v.com:8989/
Certificate IssuerLet's Encrypt
Subjectvip3659v.com
Fingerprint37:DB:08:60:07:09:DC:B6:2F:F8:39:98:AD:ED:4F:4E:C3:8A:4D:7A
ValidityWed, 30 Aug 2023 15:16:45 GMT - Tue, 28 Nov 2023 15:16:44 GMT
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 597ba0d4396e9c906225140ce907092c
28ae2ba65ccdb583d79f85b8cc9509fae697493b
ee1a27178227546d3dcc49e611a6d72e4f1c30080ee4493ae4085b58a49e28e6
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_65_5009.png HTTP/1.1
Host: www.vip3659v.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659v.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Date: Tue, 03 Oct 2023 13:37:28 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 150
Connection: keep-alive
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
www.vip3659v.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_65_5008.png
404 Not Found 150 B URL GET HTTP/1.1 www.vip3659v.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_65_5008.png
IP
ASN #140227 Hong Kong Communications International Co., Limited
Requested by https://www.vip3659v.com:8989/
Certificate IssuerLet's Encrypt
Subjectvip3659v.com
Fingerprint37:DB:08:60:07:09:DC:B6:2F:F8:39:98:AD:ED:4F:4E:C3:8A:4D:7A
ValidityWed, 30 Aug 2023 15:16:45 GMT - Tue, 28 Nov 2023 15:16:44 GMT
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 597ba0d4396e9c906225140ce907092c
28ae2ba65ccdb583d79f85b8cc9509fae697493b
ee1a27178227546d3dcc49e611a6d72e4f1c30080ee4493ae4085b58a49e28e6
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_65_5008.png HTTP/1.1
Host: www.vip3659v.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659v.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Date: Tue, 03 Oct 2023 13:37:28 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 150
Connection: keep-alive
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
www.vip3659v.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_65_5002.png
200 OK 21 kB URL GET HTTP/1.1 www.vip3659v.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_65_5002.png
IP
ASN #140227 Hong Kong Communications International Co., Limited
Requested by https://www.vip3659v.com:8989/
Certificate IssuerLet's Encrypt
Subjectvip3659v.com
Fingerprint37:DB:08:60:07:09:DC:B6:2F:F8:39:98:AD:ED:4F:4E:C3:8A:4D:7A
ValidityWed, 30 Aug 2023 15:16:45 GMT - Tue, 28 Nov 2023 15:16:44 GMT
File type PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Hash d73cf218f18362d0a89cb36a4a3303ff
57bf03bb562ca33343b19db1fe5e872335cc1cb2
691d5caeb173c0c0817111fea711d2685d1e0e4e7e19f6aa7282fc525193f40c
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_65_5002.png HTTP/1.1
Host: www.vip3659v.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659v.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:37:28 GMT
Content-Type: image/png
Content-Length: 21363
Connection: keep-alive
Last-Modified: Fri, 11 Feb 2022 05:28:08 GMT
ETag: "6205f3e8-5373"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:37:28 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-097
Accept-Ranges: bytes
www.vip3659v.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_65_5005.png
200 OK 22 kB URL GET HTTP/1.1 www.vip3659v.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_65_5005.png
IP
ASN #140227 Hong Kong Communications International Co., Limited
Requested by https://www.vip3659v.com:8989/
Certificate IssuerLet's Encrypt
Subjectvip3659v.com
Fingerprint37:DB:08:60:07:09:DC:B6:2F:F8:39:98:AD:ED:4F:4E:C3:8A:4D:7A
ValidityWed, 30 Aug 2023 15:16:45 GMT - Tue, 28 Nov 2023 15:16:44 GMT
File type PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Hash 2acb631ee46633c2bb57645aa0062b24
7ebc60e9519805119574b600d0400278fb02ea7f
c026010b4e9ba86b7dd1670e242e42a1e4fec0547b7fecc3b37feddd0c21d46b
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_65_5005.png HTTP/1.1
Host: www.vip3659v.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659v.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:37:28 GMT
Content-Type: image/png
Content-Length: 21850
Connection: keep-alive
Last-Modified: Fri, 09 Aug 2019 09:47:47 GMT
ETag: "5d4d4143-555a"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:37:28 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-097
Accept-Ranges: bytes
vue.livehelp100service.com/visitorside/js/vendor.23e85dcd.js
200 OK 25 kB URL GET HTTP/2 vue.livehelp100service.com/visitorside/js/vendor.23e85dcd.js
IP
Requested by https://www.vip3659v.com:8989/
Certificate IssuerAmazon
Subject*.livehelp100service.com
Fingerprint64:45:EC:14:03:13:80:70:27:C3:0D:CA:0D:28:F6:FA:05:0E:D3:D0
ValidityTue, 15 Aug 2023 00:00:00 GMT - Thu, 12 Sep 2024 23:59:59 GMT
File type Unicode text, UTF-8 text, with very long lines (65421)
Hash 4b2709ff844ec41f3936fabb7fc84dec
3f0a1aa752f1786ce70a827034f2a7d286125de4
e6d51460a671fce5447dc8c24310fc4ef681699de7053889be4677af7636c19f
GET /visitorside/js/vendor.23e85dcd.js HTTP/1.1
Host: vue.livehelp100service.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.vip3659v.com:8989
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659v.com:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
date: Tue, 03 Oct 2023 02:20:19 GMT
server: nginx/1.22.1
last-modified: Wed, 20 Sep 2023 11:00:35 GMT
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
access-control-expose-headers: Content-Length,Content-Range
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: br
etag: W/"650ad0d3-120cd"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 475d4ecb64796af058573c6f1048e898.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: nZGCzPial6_ttlnvC_lMFBsStUsr3w98P6UUfQqzUPhWujFmoDjsuw==
age: 40629
X-Firefox-Spdy: h2
www.vip3659v.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_65_5003.png
200 OK 21 kB URL GET HTTP/1.1 www.vip3659v.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_65_5003.png
IP
ASN #140227 Hong Kong Communications International Co., Limited
Requested by https://www.vip3659v.com:8989/
Certificate IssuerLet's Encrypt
Subjectvip3659v.com
Fingerprint37:DB:08:60:07:09:DC:B6:2F:F8:39:98:AD:ED:4F:4E:C3:8A:4D:7A
ValidityWed, 30 Aug 2023 15:16:45 GMT - Tue, 28 Nov 2023 15:16:44 GMT
File type PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Hash a03861df13ee208fcb22c604bc412484
9d5925012e3eb16bb86bbe0b0febd3941847172d
a9a4c50c7e2f04fcfdf467f4b3a6697a2a359c84000b8e38c1b5e3ab3115ab8d
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_65_5003.png HTTP/1.1
Host: www.vip3659v.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659v.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:37:28 GMT
Content-Type: image/png
Content-Length: 21009
Connection: keep-alive
Last-Modified: Fri, 09 Aug 2019 09:47:47 GMT
ETag: "5d4d4143-5211"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:37:28 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-097
Accept-Ranges: bytes
www.vip3659v.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_3_8673.png
200 OK 25 kB URL GET HTTP/1.1 www.vip3659v.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_3_8673.png
IP
ASN #140227 Hong Kong Communications International Co., Limited
Requested by https://www.vip3659v.com:8989/
Certificate IssuerLet's Encrypt
Subjectvip3659v.com
Fingerprint37:DB:08:60:07:09:DC:B6:2F:F8:39:98:AD:ED:4F:4E:C3:8A:4D:7A
ValidityWed, 30 Aug 2023 15:16:45 GMT - Tue, 28 Nov 2023 15:16:44 GMT
File type PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Hash 230a3ba266ae64dee8f70d0ff2f3b0e0
e5bd5defc0486a69adf7d8b187c2100e015260a2
c38424550af0abe01c532bcfdb9d3985a006a2f50ebe65da95b5a4afd2495449
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_3_8673.png HTTP/1.1
Host: www.vip3659v.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659v.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:37:28 GMT
Content-Type: image/png
Content-Length: 25030
Connection: keep-alive
Last-Modified: Mon, 19 Dec 2022 03:01:08 GMT
ETag: "639fd3f4-61c6"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:37:28 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-097
Accept-Ranges: bytes
www.vip3659v.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_73_105.png
200 OK 102 kB URL GET HTTP/1.1 www.vip3659v.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_73_105.png
IP
ASN #140227 Hong Kong Communications International Co., Limited
Requested by https://www.vip3659v.com:8989/
Certificate IssuerLet's Encrypt
Subjectvip3659v.com
Fingerprint37:DB:08:60:07:09:DC:B6:2F:F8:39:98:AD:ED:4F:4E:C3:8A:4D:7A
ValidityWed, 30 Aug 2023 15:16:45 GMT - Tue, 28 Nov 2023 15:16:44 GMT
File type PNG image data, 250 x 215, 8-bit/color RGBA, non-interlaced\012- data
Size 102 kB (102258 bytes)
Hash 8d9aba5a434311f951ac04421c7dc771
9e269ef70b1c650a4177aa6ca8f9b5c8d400be42
282aee25e5c5e665f12f0593297c59ef00dfcbb88b210b4bc9466ab4d0e14bea
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_73_105.png HTTP/1.1
Host: www.vip3659v.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659v.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:37:28 GMT
Content-Type: image/png
Content-Length: 102258
Connection: keep-alive
Last-Modified: Sat, 11 Sep 2021 09:11:25 GMT
ETag: "613c72bd-18f72"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:37:28 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-097
Accept-Ranges: bytes
www.vip3659v.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_88_1jeqx59c7ztqg.png
200 OK 24 kB URL GET HTTP/1.1 www.vip3659v.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_88_1jeqx59c7ztqg.png
IP
ASN #140227 Hong Kong Communications International Co., Limited
Requested by https://www.vip3659v.com:8989/
Certificate IssuerLet's Encrypt
Subjectvip3659v.com
Fingerprint37:DB:08:60:07:09:DC:B6:2F:F8:39:98:AD:ED:4F:4E:C3:8A:4D:7A
ValidityWed, 30 Aug 2023 15:16:45 GMT - Tue, 28 Nov 2023 15:16:44 GMT
File type PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Hash 19e16d0cf5c005f3fd798e8f0131db7d
ebb9c520f4047172662991c689a2e07015680dcd
57c3d3bf827de223898f46813f9bd0fd2296cc21a61f3f77d03ba6cee265c78d
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_88_1jeqx59c7ztqg.png HTTP/1.1
Host: www.vip3659v.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659v.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:37:28 GMT
Content-Type: image/png
Content-Length: 23771
Connection: keep-alive
Last-Modified: Sat, 11 Sep 2021 09:11:25 GMT
ETag: "613c72bd-5cdb"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:37:28 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-097
Accept-Ranges: bytes
www.vip3659v.com:8989/ftl/commonPage/themes/images/hongbao/icon-close-1.png
200 OK 6.1 kB URL GET HTTP/1.1 www.vip3659v.com:8989/ftl/commonPage/themes/images/hongbao/icon-close-1.png
IP
ASN #140227 Hong Kong Communications International Co., Limited
Requested by https://www.vip3659v.com:8989/
Certificate IssuerLet's Encrypt
Subjectvip3659v.com
Fingerprint37:DB:08:60:07:09:DC:B6:2F:F8:39:98:AD:ED:4F:4E:C3:8A:4D:7A
ValidityWed, 30 Aug 2023 15:16:45 GMT - Tue, 28 Nov 2023 15:16:44 GMT
File type PNG image data, 60 x 60, 8-bit/color RGBA, non-interlaced\012- data
Hash 30eb0e841ea47a1f05854ebca3f9e9c1
0cb9874c32ff8837c1ffaf89cba502ceb3483b2b
382670ae61fc81522b190a0536d7b993058183aea2ffe81d197ded6af07d2183
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/commonPage/themes/images/hongbao/icon-close-1.png HTTP/1.1
Host: www.vip3659v.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659v.com:8989/
Cookie: sticket=0TkRGaVlpMDVZak5s; route=f33ee5a1dfc5b32aa468916b583888ca
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:37:28 GMT
Content-Type: image/png
Content-Length: 6087
Connection: keep-alive
Last-Modified: Wed, 11 Aug 2021 06:10:54 GMT
ETag: "611369ee-17c7"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:37:28 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-097
Accept-Ranges: bytes
www.vip3659v.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_65_5004.png
200 OK 23 kB URL GET HTTP/1.1 www.vip3659v.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_65_5004.png
IP
ASN #140227 Hong Kong Communications International Co., Limited
Requested by https://www.vip3659v.com:8989/
Certificate IssuerLet's Encrypt
Subjectvip3659v.com
Fingerprint37:DB:08:60:07:09:DC:B6:2F:F8:39:98:AD:ED:4F:4E:C3:8A:4D:7A
ValidityWed, 30 Aug 2023 15:16:45 GMT - Tue, 28 Nov 2023 15:16:44 GMT
File type PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Hash 20cd47483388f1e46ed9c2304f2c60ea
1c09b695620a64ae94ba7807a41e95733c6211f9
8f091a2a4dd3a918c15d7692aeb343f3d8e8d673541411e74256a48865735448
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_65_5004.png HTTP/1.1
Host: www.vip3659v.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659v.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:37:28 GMT
Content-Type: image/png
Content-Length: 23021
Connection: keep-alive
Last-Modified: Fri, 09 Aug 2019 09:47:47 GMT
ETag: "5d4d4143-59ed"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:37:28 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-097
Accept-Ranges: bytes
www.vip3659v.com:8989/headerInfo.html?t=lnad6p5d
200 118 B URL GET HTTP/1.1 www.vip3659v.com:8989/headerInfo.html?t=lnad6p5d
IP
ASN #140227 Hong Kong Communications International Co., Limited
Requested by https://www.vip3659v.com:8989/
Certificate IssuerLet's Encrypt
Subjectvip3659v.com
Fingerprint37:DB:08:60:07:09:DC:B6:2F:F8:39:98:AD:ED:4F:4E:C3:8A:4D:7A
ValidityWed, 30 Aug 2023 15:16:45 GMT - Tue, 28 Nov 2023 15:16:44 GMT
File type JSON data\012- , ASCII text, with no line terminators
Hash 163d2852a6ab74a4263db890925cc31a
2d90c65d88a5abe867d623e81d1b4896fc070426
81528f2b988997b638b99c1a102ccdf803cc0f15f4dfd4b1dccbf4ba98fe0a6f
GET /headerInfo.html?t=lnad6p5d HTTP/1.1
Host: www.vip3659v.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659v.com:8989/
Cookie: sticket=0TkRGaVlpMDVZak5s; route=f33ee5a1dfc5b32aa468916b583888ca
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200
Date: Tue, 03 Oct 2023 13:37:28 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Disposition: inline;filename=f.txt
sub-sys: msite
Content-Encoding: gzip
X-Frame-Options: SAMEORIGIN
uuid: 00141-02-00000000-16963402480fed
out-line: gb-site-097
www.vip3659v.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_88_b8rzo7uzqt4sw.png
200 OK 24 kB URL GET HTTP/1.1 www.vip3659v.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_88_b8rzo7uzqt4sw.png
IP
ASN #140227 Hong Kong Communications International Co., Limited
Requested by https://www.vip3659v.com:8989/
Certificate IssuerLet's Encrypt
Subjectvip3659v.com
Fingerprint37:DB:08:60:07:09:DC:B6:2F:F8:39:98:AD:ED:4F:4E:C3:8A:4D:7A
ValidityWed, 30 Aug 2023 15:16:45 GMT - Tue, 28 Nov 2023 15:16:44 GMT
File type PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Hash d7c26fb9503ab2caf040730495a59f32
06f8414b2709fac132dd2b3071843a86ab745b51
8d437af3cea1d4efc2bf19c763c17c3487f9a76db3a287a975a18f90dffea630
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_88_b8rzo7uzqt4sw.png HTTP/1.1
Host: www.vip3659v.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659v.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:37:28 GMT
Content-Type: image/png
Content-Length: 23806
Connection: keep-alive
Last-Modified: Sat, 11 Sep 2021 09:11:25 GMT
ETag: "613c72bd-5cfe"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:37:28 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-097
Accept-Ranges: bytes
www.vip3659v.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_3_7583.png
200 OK 20 kB URL GET HTTP/1.1 www.vip3659v.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_3_7583.png
IP
ASN #140227 Hong Kong Communications International Co., Limited
Requested by https://www.vip3659v.com:8989/
Certificate IssuerLet's Encrypt
Subjectvip3659v.com
Fingerprint37:DB:08:60:07:09:DC:B6:2F:F8:39:98:AD:ED:4F:4E:C3:8A:4D:7A
ValidityWed, 30 Aug 2023 15:16:45 GMT - Tue, 28 Nov 2023 15:16:44 GMT
File type PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Hash a33f52ea5bd6275e21267f80791ef78a
8c628b103599834a360c53bbb3fbc9e01c5878c6
bb5a4afcdc59886a05b426337bdc6480c07742c0d06ca7bb3a03f66d904731e7
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_3_7583.png HTTP/1.1
Host: www.vip3659v.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659v.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:37:28 GMT
Content-Type: image/png
Content-Length: 20322
Connection: keep-alive
Last-Modified: Tue, 29 Mar 2022 10:22:55 GMT
ETag: "6242ddff-4f62"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:37:28 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-097
Accept-Ranges: bytes
www.vip3659v.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_73_411.png
200 OK 107 kB URL GET HTTP/1.1 www.vip3659v.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_73_411.png
IP
ASN #140227 Hong Kong Communications International Co., Limited
Requested by https://www.vip3659v.com:8989/
Certificate IssuerLet's Encrypt
Subjectvip3659v.com
Fingerprint37:DB:08:60:07:09:DC:B6:2F:F8:39:98:AD:ED:4F:4E:C3:8A:4D:7A
ValidityWed, 30 Aug 2023 15:16:45 GMT - Tue, 28 Nov 2023 15:16:44 GMT
File type PNG image data, 250 x 215, 8-bit/color RGBA, non-interlaced\012- data
Size 107 kB (107367 bytes)
Hash f391a00c7ca4a801c7c46431f6949f3e
392e698fcd6b15c2397eb576de33134e7abae702
1ffd1f9416cc641e5c5659de5a2f1530bbe7ddeeb71c91af2db8129c6624f64f
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_73_411.png HTTP/1.1
Host: www.vip3659v.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659v.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:37:28 GMT
Content-Type: image/png
Content-Length: 107367
Connection: keep-alive
Last-Modified: Sat, 11 Sep 2021 09:11:25 GMT
ETag: "613c72bd-1a367"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:37:28 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-097
Accept-Ranges: bytes
vue.livehelp100service.com/visitorside/js/common.80370cb8.js
200 OK 130 kB URL GET HTTP/2 vue.livehelp100service.com/visitorside/js/common.80370cb8.js
IP
Requested by https://www.vip3659v.com:8989/
Certificate IssuerAmazon
Subject*.livehelp100service.com
Fingerprint64:45:EC:14:03:13:80:70:27:C3:0D:CA:0D:28:F6:FA:05:0E:D3:D0
ValidityTue, 15 Aug 2023 00:00:00 GMT - Thu, 12 Sep 2024 23:59:59 GMT
File type Unicode text, UTF-8 text, with very long lines (62098)
Size 130 kB (129695 bytes)
Hash 97304dbfaa07b3fefbc7b8d8049c7585
6591ec921e4e391977d0340f6f4520a3cf5f3e2d
f436d2d7a39d26a2c9e615d69d28facd8826ce128b167497c290e0d0b1ecdc99
GET /visitorside/js/common.80370cb8.js HTTP/1.1
Host: vue.livehelp100service.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.vip3659v.com:8989
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659v.com:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript
date: Tue, 03 Oct 2023 02:20:18 GMT
server: nginx/1.22.1
last-modified: Wed, 20 Sep 2023 11:00:35 GMT
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
access-control-expose-headers: Content-Length,Content-Range
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: br
etag: W/"650ad0d3-10474"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 475d4ecb64796af058573c6f1048e898.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: YQ3K5ZlxAQyt28M__aQZ0-BXeluIAn6efpsjp13n-EHdEepah5PGTg==
age: 40630
X-Firefox-Spdy: h2
www.vip3659v.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_3_7695.png
200 OK 23 kB URL GET HTTP/1.1 www.vip3659v.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_3_7695.png
IP
ASN #140227 Hong Kong Communications International Co., Limited
Requested by https://www.vip3659v.com:8989/
Certificate IssuerLet's Encrypt
Subjectvip3659v.com
Fingerprint37:DB:08:60:07:09:DC:B6:2F:F8:39:98:AD:ED:4F:4E:C3:8A:4D:7A
ValidityWed, 30 Aug 2023 15:16:45 GMT - Tue, 28 Nov 2023 15:16:44 GMT
File type PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Hash 3c3c588128385827b532946ac86d0a6d
7d84bebb554df6b3c699352d83d640368903ceff
206c91c826cef5d9db409283a0c439a4322211588ecc14b6abb0af9d4573b328
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_3_7695.png HTTP/1.1
Host: www.vip3659v.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659v.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:37:29 GMT
Content-Type: image/png
Content-Length: 22623
Connection: keep-alive
Last-Modified: Tue, 29 Mar 2022 10:22:55 GMT
ETag: "6242ddff-585f"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:37:29 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-097
Accept-Ranges: bytes
www.vip3659v.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_90_at2_060.png
200 OK 26 kB URL GET HTTP/1.1 www.vip3659v.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_90_at2_060.png
IP
ASN #140227 Hong Kong Communications International Co., Limited
Requested by https://www.vip3659v.com:8989/
Certificate IssuerLet's Encrypt
Subjectvip3659v.com
Fingerprint37:DB:08:60:07:09:DC:B6:2F:F8:39:98:AD:ED:4F:4E:C3:8A:4D:7A
ValidityWed, 30 Aug 2023 15:16:45 GMT - Tue, 28 Nov 2023 15:16:44 GMT
File type PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Hash 51de7c3b3b21d10f38a0c30ac5e4fd24
106f9a993385ff522dad2b37dbdb3c58f035ac20
9240329d37bd41d53a4f2864a255b9f9aef025474f2965130ed5668f10ee311e
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_90_at2_060.png HTTP/1.1
Host: www.vip3659v.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659v.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:37:29 GMT
Content-Type: image/png
Content-Length: 25785
Connection: keep-alive
Last-Modified: Fri, 07 Apr 2023 02:35:05 GMT
ETag: "642f8159-64b9"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:37:29 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-097
Accept-Ranges: bytes
www.vip3659v.com:8989/mobile-api/v5/chess/getActivityMsg.html?function=sign
200 140 B URL GET HTTP/1.1 www.vip3659v.com:8989/mobile-api/v5/chess/getActivityMsg.html?function=sign
IP
ASN #140227 Hong Kong Communications International Co., Limited
Requested by https://www.vip3659v.com:8989/
Certificate IssuerLet's Encrypt
Subjectvip3659v.com
Fingerprint37:DB:08:60:07:09:DC:B6:2F:F8:39:98:AD:ED:4F:4E:C3:8A:4D:7A
ValidityWed, 30 Aug 2023 15:16:45 GMT - Tue, 28 Nov 2023 15:16:44 GMT
File type JSON data\012- , Unicode text, UTF-8 text, with no line terminators
Hash 5d062bc93ef9d75b27e852ed745d170f
1ecf82a0589608b26ee6a29b2cc3229916596626
26e77aa8c61c230db13c8fd74d4ab3adf8be54c3192c4e16f94e633a71efc2e1
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /mobile-api/v5/chess/getActivityMsg.html?function=sign HTTP/1.1
Host: www.vip3659v.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659v.com:8989/
Cookie: sticket=0TkRGaVlpMDVZak5s; route=f33ee5a1dfc5b32aa468916b583888ca
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200
Date: Tue, 03 Oct 2023 13:37:29 GMT
Content-Type: text/html;charset=utf-8
Content-Length: 140
Connection: keep-alive
Set-Cookie: route=e4e732c52e31521cf093adea5bf44bc6; Path=/
Access-Control-Allow-Methods: *
Access-Control-Max-Age: 3600
Access-Control-Allow-Headers: Content-Type,Access-Token,X-Requested-With
Content-Disposition: inline;filename=f.txt
sub-sys: mobile
X-Frame-Options: SAMEORIGIN
uuid: 00141-02-00000000-1696340249e169
out-line: gb-site-097
www.vip3659v.com:8989/mobile-api/v5/origin/loginSwitchCheck.html
200 174 B URL GET HTTP/1.1 www.vip3659v.com:8989/mobile-api/v5/origin/loginSwitchCheck.html
IP
ASN #140227 Hong Kong Communications International Co., Limited
Requested by https://www.vip3659v.com:8989/
Certificate IssuerLet's Encrypt
Subjectvip3659v.com
Fingerprint37:DB:08:60:07:09:DC:B6:2F:F8:39:98:AD:ED:4F:4E:C3:8A:4D:7A
ValidityWed, 30 Aug 2023 15:16:45 GMT - Tue, 28 Nov 2023 15:16:44 GMT
File type JSON data\012- , Unicode text, UTF-8 text, with no line terminators
Hash 1452cebf3e2bb129b06762f43f09e5c8
0ec65f1e79233e8c59f76c55fb89ac8637cfb070
99a31cd18b8ce37d3725d0a77d5e314452d2906ed2b54b8b19d4de849d1bf13d
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /mobile-api/v5/origin/loginSwitchCheck.html HTTP/1.1
Host: www.vip3659v.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659v.com:8989/
Cookie: sticket=0TkRGaVlpMDVZak5s; route=f33ee5a1dfc5b32aa468916b583888ca
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200
Date: Tue, 03 Oct 2023 13:37:29 GMT
Content-Type: text/html;charset=utf-8
Content-Length: 174
Connection: keep-alive
Set-Cookie: route=21c20bedba26b78ebec8dc5df8d96c86; Path=/
Access-Control-Allow-Methods: *
Access-Control-Max-Age: 3600
Access-Control-Allow-Headers: Content-Type,Access-Token,X-Requested-With
Content-Disposition: inline;filename=f.txt
sub-sys: mobile
X-Frame-Options: SAMEORIGIN
uuid: 00141-02-00000000-169634024978de
out-line: gb-site-097
www.vip3659v.com:8989/index/getUserTimeZoneDate.html?t=lnad6pif
200 119 B URL GET HTTP/1.1 www.vip3659v.com:8989/index/getUserTimeZoneDate.html?t=lnad6pif
IP
ASN #140227 Hong Kong Communications International Co., Limited
Requested by https://www.vip3659v.com:8989/
Certificate IssuerLet's Encrypt
Subjectvip3659v.com
Fingerprint37:DB:08:60:07:09:DC:B6:2F:F8:39:98:AD:ED:4F:4E:C3:8A:4D:7A
ValidityWed, 30 Aug 2023 15:16:45 GMT - Tue, 28 Nov 2023 15:16:44 GMT
File type JSON data\012- , ASCII text, with no line terminators
Hash 26bd1e72921ab334b77974441de75e9d
4a32fbb5d69eec6452e39b0ccf6760cd2a9a3b63
082462632fb02993cc310f328bf95d94b7bd8acd0e21188f237ab32229e81583
GET /index/getUserTimeZoneDate.html?t=lnad6pif HTTP/1.1
Host: www.vip3659v.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659v.com:8989/
Cookie: sticket=0TkRGaVlpMDVZak5s; route=f33ee5a1dfc5b32aa468916b583888ca
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200
Date: Tue, 03 Oct 2023 13:37:29 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 119
Connection: keep-alive
Content-Disposition: inline;filename=f.txt
sub-sys: msite
cachettl: 3
X-Frame-Options: SAMEORIGIN
uuid: 00141-02-00000000-169634024936f5
out-line: gb-site-097
www.vip3659v.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_3_7696.png
200 OK 23 kB URL GET HTTP/1.1 www.vip3659v.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_3_7696.png
IP
ASN #140227 Hong Kong Communications International Co., Limited
Requested by https://www.vip3659v.com:8989/
Certificate IssuerLet's Encrypt
Subjectvip3659v.com
Fingerprint37:DB:08:60:07:09:DC:B6:2F:F8:39:98:AD:ED:4F:4E:C3:8A:4D:7A
ValidityWed, 30 Aug 2023 15:16:45 GMT - Tue, 28 Nov 2023 15:16:44 GMT
File type PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Hash 8443275571f203acae6b53207ed73b9f
c3d112abe5edbacb300b321b54cdc9c7d4666bbf
c54b7cdaf70e87778fc4d9c645d5c0296184f7f67793a2b777c194599700882c
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_3_7696.png HTTP/1.1
Host: www.vip3659v.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659v.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:37:29 GMT
Content-Type: image/png
Content-Length: 22876
Connection: keep-alive
Last-Modified: Tue, 29 Mar 2022 10:22:55 GMT
ETag: "6242ddff-595c"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:37:29 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-097
Accept-Ranges: bytes
www.vip3659v.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_9_HMSH.png
200 OK 20 kB URL GET HTTP/1.1 www.vip3659v.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_9_HMSH.png
IP
ASN #140227 Hong Kong Communications International Co., Limited
Requested by https://www.vip3659v.com:8989/
Certificate IssuerLet's Encrypt
Subjectvip3659v.com
Fingerprint37:DB:08:60:07:09:DC:B6:2F:F8:39:98:AD:ED:4F:4E:C3:8A:4D:7A
ValidityWed, 30 Aug 2023 15:16:45 GMT - Tue, 28 Nov 2023 15:16:44 GMT
File type PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Hash 82c905f14c36be0d2fa670516edded31
437546d720284de3982ff79df6a946b81e923371
f3cdfd33e75d6f3877e1e0da0491c2b2a65c66f95d434c6b08950b0b5d5b9cc6
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_9_HMSH.png HTTP/1.1
Host: www.vip3659v.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659v.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:37:29 GMT
Content-Type: image/png
Content-Length: 19597
Connection: keep-alive
Last-Modified: Sat, 11 Sep 2021 09:11:26 GMT
ETag: "613c72be-4c8d"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:37:29 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-097
Accept-Ranges: bytes
www.vip3659v.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_3_7697.png
200 OK 27 kB URL GET HTTP/1.1 www.vip3659v.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_3_7697.png
IP
ASN #140227 Hong Kong Communications International Co., Limited
Requested by https://www.vip3659v.com:8989/
Certificate IssuerLet's Encrypt
Subjectvip3659v.com
Fingerprint37:DB:08:60:07:09:DC:B6:2F:F8:39:98:AD:ED:4F:4E:C3:8A:4D:7A
ValidityWed, 30 Aug 2023 15:16:45 GMT - Tue, 28 Nov 2023 15:16:44 GMT
File type PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Hash 6806dc9c36ddfc927f9814ab1f8a021c
fee37bf769af8a26bf58ed70405100bfee39e867
1455e15577781e784863594804797d19c9edb69c6aaa32fe86f9268b9847d6c0
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_3_7697.png HTTP/1.1
Host: www.vip3659v.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659v.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:37:29 GMT
Content-Type: image/png
Content-Length: 26952
Connection: keep-alive
Last-Modified: Tue, 29 Mar 2022 10:22:55 GMT
ETag: "6242ddff-6948"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:37:29 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-097
Accept-Ranges: bytes
www.vip3659v.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_10_30593.png
200 OK 87 kB URL GET HTTP/1.1 www.vip3659v.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_10_30593.png
IP
ASN #140227 Hong Kong Communications International Co., Limited
Requested by https://www.vip3659v.com:8989/
Certificate IssuerLet's Encrypt
Subjectvip3659v.com
Fingerprint37:DB:08:60:07:09:DC:B6:2F:F8:39:98:AD:ED:4F:4E:C3:8A:4D:7A
ValidityWed, 30 Aug 2023 15:16:45 GMT - Tue, 28 Nov 2023 15:16:44 GMT
File type PNG image data, 250 x 215, 8-bit/color RGBA, non-interlaced\012- data
Hash c851a15f25d8a0c556c7a56b75aebf6f
90dd4c3169383ee12aea9e93ce8fdfb6f3146f51
655efce4a9020abae7117b5e296b181b1ffbd3f9b9dece49f1e547cf6b9396b3
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_10_30593.png HTTP/1.1
Host: www.vip3659v.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659v.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:37:29 GMT
Content-Type: image/png
Content-Length: 86675
Connection: keep-alive
Last-Modified: Wed, 06 Oct 2021 05:11:57 GMT
ETag: "615d301d-15293"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:37:29 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-097
Accept-Ranges: bytes
www.vip3659v.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_90_ds_1010.png
200 OK 104 kB URL GET HTTP/1.1 www.vip3659v.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_90_ds_1010.png
IP
ASN #140227 Hong Kong Communications International Co., Limited
Requested by https://www.vip3659v.com:8989/
Certificate IssuerLet's Encrypt
Subjectvip3659v.com
Fingerprint37:DB:08:60:07:09:DC:B6:2F:F8:39:98:AD:ED:4F:4E:C3:8A:4D:7A
ValidityWed, 30 Aug 2023 15:16:45 GMT - Tue, 28 Nov 2023 15:16:44 GMT
File type PNG image data, 250 x 215, 8-bit/color RGBA, non-interlaced\012- data
Size 104 kB (103628 bytes)
Hash 8d666e925b25cb11e51e73f93c070f4d
c6ff29c0819e955832f80eb564569cadd6a2b6e9
58377e7130027c1bc0b0d1640be5c18574464c78253ee14a8957586e32f55e0a
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_90_ds_1010.png HTTP/1.1
Host: www.vip3659v.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659v.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:37:29 GMT
Content-Type: image/png
Content-Length: 103628
Connection: keep-alive
Last-Modified: Tue, 10 May 2022 03:35:17 GMT
ETag: "6279dd75-194cc"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:37:29 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-097
Accept-Ranges: bytes
www.vip3659v.com:8989/mobile-api/v5/origin/getThirdParam.html
200 103 B URL GET HTTP/1.1 www.vip3659v.com:8989/mobile-api/v5/origin/getThirdParam.html
IP
ASN #140227 Hong Kong Communications International Co., Limited
Requested by https://www.vip3659v.com:8989/
Certificate IssuerLet's Encrypt
Subjectvip3659v.com
Fingerprint37:DB:08:60:07:09:DC:B6:2F:F8:39:98:AD:ED:4F:4E:C3:8A:4D:7A
ValidityWed, 30 Aug 2023 15:16:45 GMT - Tue, 28 Nov 2023 15:16:44 GMT
File type JSON data\012- , Unicode text, UTF-8 text, with no line terminators
Hash 9ac55fe189e4f53f37156e563e0f542e
18b13b1360ce9fbd973e046d2652be38d58a15e0
d7e02321006e1520d4c3e8d26428462419388e022cc89f3c974d0b87ad83af7b
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /mobile-api/v5/origin/getThirdParam.html HTTP/1.1
Host: www.vip3659v.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659v.com:8989/
Cookie: sticket=0TkRGaVlpMDVZak5s; route=21c20bedba26b78ebec8dc5df8d96c86
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200
Date: Tue, 03 Oct 2023 13:37:29 GMT
Content-Type: text/html;charset=utf-8
Content-Length: 103
Connection: keep-alive
Access-Control-Allow-Methods: *
Access-Control-Max-Age: 3600
Access-Control-Allow-Headers: Content-Type,Access-Token,X-Requested-With
Content-Disposition: inline;filename=f.txt
sub-sys: mobile
X-Frame-Options: SAMEORIGIN
uuid: 00141-02-00000000-1696340249b923
out-line: gb-site-097
3dsa62.gaokejd.xyz/ftl/bet365-141-2/images/index-casino.jpg?wsSecret=d4a13d384f607f176772230e1429040c&wsTime=1696340248
200 OK 12 kB URL GET HTTP/1.1 3dsa62.gaokejd.xyz/ftl/bet365-141-2/images/index-casino.jpg?wsSecret=d4a13d384f607f176772230e1429040c&wsTime=1696340248
IP
ASN #137280 Kingsoft cloud corporation limited
Requested by https://www.vip3659v.com:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 271x81, components 3\012- data
Hash 62f912bb32aecad4ab710243a04a4ba9
f8a22eaaf6dc17329932db9c19484907332ea800
ecc11913678af89246c957fae2eaf6cbb07316f7ad24bdcc3e2b115293e46f60
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/bet365-141-2/images/index-casino.jpg?wsSecret=d4a13d384f607f176772230e1429040c&wsTime=1696340248 HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659v.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 11660
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-05
ETag: "5d2c7603-2d8c"
Date: Thu, 28 Sep 2023 08:02:49 GMT
Last-Modified: Mon, 15 Jul 2019 12:48:03 GMT
Expires: Sat, 28 Oct 2023 08:02:49 GMT
Age: 452079
Cache-Control: max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xg03:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-05, HIT from KS-CLOUD-XG-03-12
X-Cdn-Request-ID: b4e0a2d0d0994fcb3cba0b272b729872
3dsa62.gaokejd.xyz/ftl/bet365-141-2/images/index-lottery.jpg?wsSecret=f90e28e21c1bca8d1129f8a0c20fdd75&wsTime=1696340248
200 OK 7.9 kB URL GET HTTP/1.1 3dsa62.gaokejd.xyz/ftl/bet365-141-2/images/index-lottery.jpg?wsSecret=f90e28e21c1bca8d1129f8a0c20fdd75&wsTime=1696340248
IP
ASN #137280 Kingsoft cloud corporation limited
Requested by https://www.vip3659v.com:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 270x81, components 3\012- data
Hash 90dfcd159d726929aa2e8140ac0a43cd
dae58fb59b64ca2922198f64c87762d10dbd161a
cd548d38e7e22e8597da17809e9dd1ee020cfe72288ac55fdb14c9b4130d9e92
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/bet365-141-2/images/index-lottery.jpg?wsSecret=f90e28e21c1bca8d1129f8a0c20fdd75&wsTime=1696340248 HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659v.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 7926
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-06
ETag: "5d2c7603-1ef6"
Date: Thu, 28 Sep 2023 08:02:50 GMT
Last-Modified: Mon, 15 Jul 2019 12:48:03 GMT
Expires: Sat, 28 Oct 2023 08:02:50 GMT
Age: 452079
Cache-Control: max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg03:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-06, HIT from KS-CLOUD-XG-FOREIGN-03-10
X-Cdn-Request-ID: 58c360692657b50165de006a1282ac02
3dsa62.gaokejd.xyz/ftl/commonPage/themes/images/layer-dialog/gui-layer-close-bg.png
200 OK 1.3 kB URL GET HTTP/1.1 3dsa62.gaokejd.xyz/ftl/commonPage/themes/images/layer-dialog/gui-layer-close-bg.png
IP
ASN #138915 Kaopu Cloud HK Limited
Requested by https://www.vip3659v.com:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type PNG image data, 34 x 34, 8-bit/color RGBA, non-interlaced\012- data
Hash a2e938202c0287b9c82461a6fd94dee9
b5e2adc7cb07c18a70a88af314e56b946ec1a1b6
df9ce20db277ad8302c704a73aff5024683a0d38aff0d3e7e884a67a24439936
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/commonPage/themes/images/layer-dialog/gui-layer-close-bg.png HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3dsa62.gaokejd.xyz/ftl/commonPage/themes/gui-layer.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 1321
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-02
ETag: "5d848f4f-529"
Date: Thu, 28 Sep 2023 08:06:23 GMT
Last-Modified: Fri, 20 Sep 2019 08:35:27 GMT
Expires: Sat, 28 Oct 2023 08:06:23 GMT
Age: 451866
Cache-Control: max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-02, HIT from KS-CLOUD-XG-FOREIGN-21-11
X-Cdn-Request-ID: f1989b28e42d4c9f958e78e16c674dbf
www.vip3659v.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_9_6.png
200 OK 22 kB URL GET HTTP/1.1 www.vip3659v.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_9_6.png
IP
ASN #140227 Hong Kong Communications International Co., Limited
Requested by https://www.vip3659v.com:8989/
Certificate IssuerLet's Encrypt
Subjectvip3659v.com
Fingerprint37:DB:08:60:07:09:DC:B6:2F:F8:39:98:AD:ED:4F:4E:C3:8A:4D:7A
ValidityWed, 30 Aug 2023 15:16:45 GMT - Tue, 28 Nov 2023 15:16:44 GMT
File type PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Hash 18fc529cc0b071eee9ab764c7b3cebf2
e79958322824752ee3be995515d242f3a65dbd15
7dc7c033a2391b021f70e5576b15806c1e3e73b2bf5a0beda751bbdff7513b7b
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_9_6.png HTTP/1.1
Host: www.vip3659v.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659v.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:37:29 GMT
Content-Type: image/png
Content-Length: 21622
Connection: keep-alive
Last-Modified: Mon, 15 Jul 2019 12:48:11 GMT
ETag: "5d2c760b-5476"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:37:29 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-097
Accept-Ranges: bytes
www.vip3659v.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_35_1050.png
200 OK 22 kB URL GET HTTP/1.1 www.vip3659v.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_35_1050.png
IP
ASN #140227 Hong Kong Communications International Co., Limited
Requested by https://www.vip3659v.com:8989/
Certificate IssuerLet's Encrypt
Subjectvip3659v.com
Fingerprint37:DB:08:60:07:09:DC:B6:2F:F8:39:98:AD:ED:4F:4E:C3:8A:4D:7A
ValidityWed, 30 Aug 2023 15:16:45 GMT - Tue, 28 Nov 2023 15:16:44 GMT
File type PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Hash 0445397f922bcef3252bedd6877d8668
f4d265e0774ed0dbda4d4548863cd852c48c570f
3069757649a24fe38937eebf84c12b959ec4e58edf10cf2c661cc2ae433a40c0
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_35_1050.png HTTP/1.1
Host: www.vip3659v.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659v.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:37:29 GMT
Content-Type: image/png
Content-Length: 21792
Connection: keep-alive
Last-Modified: Sat, 11 Sep 2021 09:11:25 GMT
ETag: "613c72bd-5520"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:37:29 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-097
Accept-Ranges: bytes
3dsa62.gaokejd.xyz/ftl/bet365-141-2/themes/images/body-bg.gif?wsSecret=80ed57ff09d0e55fd3963ee05dab03b1&wsTime=1696340248
200 OK 758 B URL GET HTTP/1.1 3dsa62.gaokejd.xyz/ftl/bet365-141-2/themes/images/body-bg.gif?wsSecret=80ed57ff09d0e55fd3963ee05dab03b1&wsTime=1696340248
IP
ASN #137280 Kingsoft cloud corporation limited
Requested by https://www.vip3659v.com:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type GIF image data, version 89a, 1 x 500\012- data
Hash 41a9eebb99ba7c3b2a905aaa45726923
abf17115c33bdea05313ce6bcebe3fe4d7da935a
f9b50670a93fcef81c4f838f7da60d397994bea07f83af0f51ae89d670f1189c
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/bet365-141-2/themes/images/body-bg.gif?wsSecret=80ed57ff09d0e55fd3963ee05dab03b1&wsTime=1696340248 HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659v.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/gif
Content-Length: 758
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-04
ETag: "5d2c7603-2f6"
Date: Thu, 28 Sep 2023 08:02:50 GMT
Last-Modified: Mon, 15 Jul 2019 12:48:03 GMT
Expires: Sat, 28 Oct 2023 08:02:50 GMT
Age: 452079
Cache-Control: max-age=86400
Accept-Ranges: bytes
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg03:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-04, HIT from KS-CLOUD-XG-03-09
X-Cdn-Request-ID: a94ba43591bc7ec4f6050e1c69cb9c55
3dsa62.gaokejd.xyz/ftl/bet365-141-2/images/index-game.jpg?wsSecret=3b620cf5e7364016c2e2ff54d465387b&wsTime=1696340248
200 OK 12 kB URL GET HTTP/1.1 3dsa62.gaokejd.xyz/ftl/bet365-141-2/images/index-game.jpg?wsSecret=3b620cf5e7364016c2e2ff54d465387b&wsTime=1696340248
IP
ASN #137280 Kingsoft cloud corporation limited
Requested by https://www.vip3659v.com:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 271x81, components 3\012- data
Hash 6274335f5e37fb7e3aa19dba05a07ef3
d54c0b0cccf2158aee56d7f1f465d5bb907edf06
39d9bd9e19956bb52c4c880dc6987383c34dc0873aadaa6b3763e3421e06def7
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/bet365-141-2/images/index-game.jpg?wsSecret=3b620cf5e7364016c2e2ff54d465387b&wsTime=1696340248 HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659v.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 11478
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-01
ETag: "5d2c7603-2cd6"
Date: Thu, 28 Sep 2023 08:02:49 GMT
Last-Modified: Mon, 15 Jul 2019 12:48:03 GMT
Expires: Sat, 28 Oct 2023 08:02:49 GMT
Age: 452079
Cache-Control: max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg03:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-01, HIT from KS-CLOUD-XG-03-02
X-Cdn-Request-ID: d7ae9d39a3809f451e580e3fb0bc04a1
www.vip3659v.com:8989/game-api/v5/content/sportRecommended.html?t=lnad6psg
200 755 B URL GET HTTP/1.1 www.vip3659v.com:8989/game-api/v5/content/sportRecommended.html?t=lnad6psg
IP
ASN #140227 Hong Kong Communications International Co., Limited
Requested by https://www.vip3659v.com:8989/
Certificate IssuerLet's Encrypt
Subjectvip3659v.com
Fingerprint37:DB:08:60:07:09:DC:B6:2F:F8:39:98:AD:ED:4F:4E:C3:8A:4D:7A
ValidityWed, 30 Aug 2023 15:16:45 GMT - Tue, 28 Nov 2023 15:16:44 GMT
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (2759), with no line terminators
Hash 1a8ea2eba6062801d6e96d38028ddb48
db6ac927d3a44bc3c1309a3358f095cc7b0be514
31413276ebe4e6cfee64debf63b81ec30787f7457382a6324b1c1eefd7073b2f
GET /game-api/v5/content/sportRecommended.html?t=lnad6psg HTTP/1.1
Host: www.vip3659v.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659v.com:8989/
Cookie: sticket=0TkRGaVlpMDVZak5s; route=21c20bedba26b78ebec8dc5df8d96c86
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200
Date: Tue, 03 Oct 2023 13:37:29 GMT
Content-Type: text/html;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Set-Cookie: route=6fc16a063046d21fc2e5f5c026f90787; Path=/
Content-Disposition: inline;filename=f.txt
sub-sys: mobile
Content-Encoding: gzip
X-Frame-Options: SAMEORIGIN
uuid: 00141-02-00000000-169634024938f6
out-line: gb-site-097
www.vip3659v.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_3_8339.png
200 OK 96 kB URL GET HTTP/1.1 www.vip3659v.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_3_8339.png
IP
ASN #140227 Hong Kong Communications International Co., Limited
Requested by https://www.vip3659v.com:8989/
Certificate IssuerLet's Encrypt
Subjectvip3659v.com
Fingerprint37:DB:08:60:07:09:DC:B6:2F:F8:39:98:AD:ED:4F:4E:C3:8A:4D:7A
ValidityWed, 30 Aug 2023 15:16:45 GMT - Tue, 28 Nov 2023 15:16:44 GMT
File type PNG image data, 250 x 215, 8-bit/color RGBA, non-interlaced\012- data
Hash 852c361c9460f489e179f3d34edab1dd
c981b28bbab1500869ff9aa937c3f17e67262ad8
97538b6351173a03757ff751ee08d62cf615b8e01725bc60ec299a2b54a6859b
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_3_8339.png HTTP/1.1
Host: www.vip3659v.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659v.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:37:29 GMT
Content-Type: image/png
Content-Length: 95973
Connection: keep-alive
Last-Modified: Mon, 20 Jun 2022 03:50:04 GMT
ETag: "62afee6c-176e5"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:37:29 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-097
Accept-Ranges: bytes
www.vip3659v.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_10_30598.png
200 OK 20 kB URL GET HTTP/1.1 www.vip3659v.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_10_30598.png
IP
ASN #140227 Hong Kong Communications International Co., Limited
Requested by https://www.vip3659v.com:8989/
Certificate IssuerLet's Encrypt
Subjectvip3659v.com
Fingerprint37:DB:08:60:07:09:DC:B6:2F:F8:39:98:AD:ED:4F:4E:C3:8A:4D:7A
ValidityWed, 30 Aug 2023 15:16:45 GMT - Tue, 28 Nov 2023 15:16:44 GMT
File type PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Hash 06b42bc87015b1f21a614c47bd914859
533e764dcc3ae171ac0c8f51a7fbcca10f26072f
dbcc205b41e6eec3484c66381d57bd921175da6e5936ade916c42e8bd1110eb3
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_10_30598.png HTTP/1.1
Host: www.vip3659v.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659v.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:37:29 GMT
Content-Type: image/png
Content-Length: 20250
Connection: keep-alive
Last-Modified: Mon, 15 Jul 2019 12:48:11 GMT
ETag: "5d2c760b-4f1a"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:37:29 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-097
Accept-Ranges: bytes
www.vip3659v.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_10_30599.png
200 OK 22 kB URL GET HTTP/1.1 www.vip3659v.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_10_30599.png
IP
ASN #140227 Hong Kong Communications International Co., Limited
Requested by https://www.vip3659v.com:8989/
Certificate IssuerLet's Encrypt
Subjectvip3659v.com
Fingerprint37:DB:08:60:07:09:DC:B6:2F:F8:39:98:AD:ED:4F:4E:C3:8A:4D:7A
ValidityWed, 30 Aug 2023 15:16:45 GMT - Tue, 28 Nov 2023 15:16:44 GMT
File type PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Hash a83dc10b4e607a2685552e62c61e28ba
0f879b68bd5690faa0577ec9335ad219468e2670
3983d86b32d2cba092eea2e69dbdd3e6739824505d27c3ed04c892b28861a6e7
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_10_30599.png HTTP/1.1
Host: www.vip3659v.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659v.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:37:29 GMT
Content-Type: image/png
Content-Length: 22499
Connection: keep-alive
Last-Modified: Mon, 15 Jul 2019 12:48:11 GMT
ETag: "5d2c760b-57e3"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:37:29 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-097
Accept-Ranges: bytes
www.vip3659v.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_10_38001.png
200 OK 23 kB URL GET HTTP/1.1 www.vip3659v.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_10_38001.png
IP
ASN #140227 Hong Kong Communications International Co., Limited
Requested by https://www.vip3659v.com:8989/
Certificate IssuerLet's Encrypt
Subjectvip3659v.com
Fingerprint37:DB:08:60:07:09:DC:B6:2F:F8:39:98:AD:ED:4F:4E:C3:8A:4D:7A
ValidityWed, 30 Aug 2023 15:16:45 GMT - Tue, 28 Nov 2023 15:16:44 GMT
File type PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Hash 14f7dbafc1472fa05db8eb17ae826f30
991915b5ae07c7a47e93dce0c6c82d0d0b690993
7287fcb933e5bf3eba0d13e7312cf5ba90f94c0593310090fdc521f866b0b134
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_10_38001.png HTTP/1.1
Host: www.vip3659v.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659v.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:37:29 GMT
Content-Type: image/png
Content-Length: 23355
Connection: keep-alive
Last-Modified: Mon, 15 Jul 2019 12:48:11 GMT
ETag: "5d2c760b-5b3b"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:37:29 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-097
Accept-Ranges: bytes
www.vip3659v.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_25_F-SF01.png
200 OK 23 kB URL GET HTTP/1.1 www.vip3659v.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_25_F-SF01.png
IP
ASN #140227 Hong Kong Communications International Co., Limited
Requested by https://www.vip3659v.com:8989/
Certificate IssuerLet's Encrypt
Subjectvip3659v.com
Fingerprint37:DB:08:60:07:09:DC:B6:2F:F8:39:98:AD:ED:4F:4E:C3:8A:4D:7A
ValidityWed, 30 Aug 2023 15:16:45 GMT - Tue, 28 Nov 2023 15:16:44 GMT
File type PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Hash 2fbcb4a692fc6b41699f7e60ecf26a63
da35d134b38413040316f5cf1e5f76d75fd941c7
ccdecdf7de01b3b3513596f7c4555266473805551702685e14299770ae8bed26
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_25_F-SF01.png HTTP/1.1
Host: www.vip3659v.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659v.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:37:29 GMT
Content-Type: image/png
Content-Length: 22679
Connection: keep-alive
Last-Modified: Mon, 15 Jul 2019 12:48:11 GMT
ETag: "5d2c760b-5897"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:37:29 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-097
Accept-Ranges: bytes
www.vip3659v.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_10_30595.png
200 OK 28 kB URL GET HTTP/1.1 www.vip3659v.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_10_30595.png
IP
ASN #140227 Hong Kong Communications International Co., Limited
Requested by https://www.vip3659v.com:8989/
Certificate IssuerLet's Encrypt
Subjectvip3659v.com
Fingerprint37:DB:08:60:07:09:DC:B6:2F:F8:39:98:AD:ED:4F:4E:C3:8A:4D:7A
ValidityWed, 30 Aug 2023 15:16:45 GMT - Tue, 28 Nov 2023 15:16:44 GMT
File type PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Hash b2c524e4d0297da3203c6d45d2f07115
e91bac7336aabae38e8038d2fd931a2f42fe3c84
91c4128aa7b5fa411efae3f85e25b618c0e83958b984a0460dc5e51cb83ccdd1
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_10_30595.png HTTP/1.1
Host: www.vip3659v.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659v.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:37:30 GMT
Content-Type: image/png
Content-Length: 27580
Connection: keep-alive
Last-Modified: Tue, 21 Dec 2021 09:55:47 GMT
ETag: "61c1a4a3-6bbc"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:37:30 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-097
Accept-Ranges: bytes
www.vip3659v.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_10_30592.png
200 OK 18 kB URL GET HTTP/1.1 www.vip3659v.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_10_30592.png
IP
ASN #140227 Hong Kong Communications International Co., Limited
Requested by https://www.vip3659v.com:8989/
Certificate IssuerLet's Encrypt
Subjectvip3659v.com
Fingerprint37:DB:08:60:07:09:DC:B6:2F:F8:39:98:AD:ED:4F:4E:C3:8A:4D:7A
ValidityWed, 30 Aug 2023 15:16:45 GMT - Tue, 28 Nov 2023 15:16:44 GMT
File type PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Hash 2a8b9275fdec775b8d1ec6e4b0c5df8f
d1d297beee93861fd031fa9e66ddfbe8f7822e28
d2e8ae7ed84c4081f1aa6e15229af593354b571a2097b506a489a0bc1eeea8ec
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_10_30592.png HTTP/1.1
Host: www.vip3659v.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659v.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:37:30 GMT
Content-Type: image/png
Content-Length: 17796
Connection: keep-alive
Last-Modified: Fri, 10 Mar 2023 09:30:12 GMT
ETag: "640af8a4-4584"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:37:30 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-097
Accept-Ranges: bytes
www.vip3659v.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_48_AT05.png
200 OK 23 kB URL GET HTTP/1.1 www.vip3659v.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_48_AT05.png
IP
ASN #140227 Hong Kong Communications International Co., Limited
Requested by https://www.vip3659v.com:8989/
Certificate IssuerLet's Encrypt
Subjectvip3659v.com
Fingerprint37:DB:08:60:07:09:DC:B6:2F:F8:39:98:AD:ED:4F:4E:C3:8A:4D:7A
ValidityWed, 30 Aug 2023 15:16:45 GMT - Tue, 28 Nov 2023 15:16:44 GMT
File type PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Hash 993bbfdbad1c48f514367407a17d2a77
7d3db06be9d7912432c768fa5b23335264db002c
df044589914265a7b02cca67f876c01d20e5eb0d9e50bdb2e8af8e0994daeab7
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_48_AT05.png HTTP/1.1
Host: www.vip3659v.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659v.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:37:30 GMT
Content-Type: image/png
Content-Length: 23286
Connection: keep-alive
Last-Modified: Mon, 14 Aug 2023 10:05:04 GMT
ETag: "64d9fc50-5af6"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:37:30 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-097
Accept-Ranges: bytes
www.vip3659v.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_10_30594.png
200 OK 25 kB URL GET HTTP/1.1 www.vip3659v.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_10_30594.png
IP
ASN #140227 Hong Kong Communications International Co., Limited
Requested by https://www.vip3659v.com:8989/
Certificate IssuerLet's Encrypt
Subjectvip3659v.com
Fingerprint37:DB:08:60:07:09:DC:B6:2F:F8:39:98:AD:ED:4F:4E:C3:8A:4D:7A
ValidityWed, 30 Aug 2023 15:16:45 GMT - Tue, 28 Nov 2023 15:16:44 GMT
File type PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Hash 7b497cfccdf85cf3a934c4d61e80d55a
2ed0898ac3b002f53b99dd5b059509098078295e
210370587be2eff0fbd4e3f29dd8114da568e50ef60f94912bd6b37eb657be72
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_10_30594.png HTTP/1.1
Host: www.vip3659v.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659v.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:37:29 GMT
Content-Type: image/png
Content-Length: 24721
Connection: keep-alive
Last-Modified: Mon, 04 Jul 2022 02:26:45 GMT
ETag: "62c24fe5-6091"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:37:29 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-097
Accept-Ranges: bytes
www.vip3659v.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_10_30588.png
200 OK 20 kB URL GET HTTP/1.1 www.vip3659v.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_10_30588.png
IP
ASN #140227 Hong Kong Communications International Co., Limited
Requested by https://www.vip3659v.com:8989/
Certificate IssuerLet's Encrypt
Subjectvip3659v.com
Fingerprint37:DB:08:60:07:09:DC:B6:2F:F8:39:98:AD:ED:4F:4E:C3:8A:4D:7A
ValidityWed, 30 Aug 2023 15:16:45 GMT - Tue, 28 Nov 2023 15:16:44 GMT
File type PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Hash f5a323409d6eeca58e65b88d3d0bdd15
6b60c6305e3065a1e9641865eb20243526444f17
b895770db7a902a14119dae3f32bb5622b8e0ae8ddb181f5b4e833e6cd535fb2
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_10_30588.png HTTP/1.1
Host: www.vip3659v.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659v.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:37:30 GMT
Content-Type: image/png
Content-Length: 19724
Connection: keep-alive
Last-Modified: Mon, 05 Jun 2023 01:35:42 GMT
ETag: "647d3bee-4d0c"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:37:30 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-097
Accept-Ranges: bytes
3dsa62.gaokejd.xyz/fserver/files/gb/141/carousel/10311/1658375599529.png?wsSecret=ecec17a1fd40bef972b4477283de42a2&wsTime=1696340248
200 OK 279 kB URL GET HTTP/1.1 3dsa62.gaokejd.xyz/fserver/files/gb/141/carousel/10311/1658375599529.png?wsSecret=ecec17a1fd40bef972b4477283de42a2&wsTime=1696340248
IP
ASN #137280 Kingsoft cloud corporation limited
Requested by https://www.vip3659v.com:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type PNG image data, 1384 x 961, 8-bit colormap, non-interlaced\012- data
Size 279 kB (278659 bytes)
Hash a494db53e3ad3d19a85e330e33b6a182
315a19514103494c6cf60a8d91545e1944206047
1c32a585655c4d7d56b66a7e578c240d7a0d3808b16bc15a2f30b97ce02aa275
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /fserver/files/gb/141/carousel/10311/1658375599529.png?wsSecret=ecec17a1fd40bef972b4477283de42a2&wsTime=1696340248 HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659v.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 278659
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-06
ETag: "6379d6df-44083"
Date: Thu, 28 Sep 2023 08:09:32 GMT
Last-Modified: Sun, 20 Nov 2022 07:27:27 GMT
Expires: Sat, 28 Oct 2023 08:09:32 GMT
Age: 451676
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xg03:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-06, HIT from KS-CLOUD-XG-FOREIGN-03-07
X-Cdn-Request-ID: 8c2447092b4c8f1f55ddc4cb5720c230
3dsa62.gaokejd.xyz/fserver/files/gb/141/carousel/10289/1639550762197.png?wsSecret=03b3c46a04ad38d6c19bdf20cd649464&wsTime=1696340248
200 OK 218 kB URL GET HTTP/1.1 3dsa62.gaokejd.xyz/fserver/files/gb/141/carousel/10289/1639550762197.png?wsSecret=03b3c46a04ad38d6c19bdf20cd649464&wsTime=1696340248
IP
ASN #137280 Kingsoft cloud corporation limited
Requested by https://www.vip3659v.com:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type PNG image data, 1400 x 1047, 8-bit colormap, non-interlaced\012- data
Size 218 kB (217791 bytes)
Hash 749eb8a1547b3e80185b25a86f3f8dac
bd345cbbb9f96c74a8165ccb31db3e4c1fb88ca9
9ebf68db59bfe23f21efe6711f3cfdba4859e5a874a9587928d20a288daf13a0
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /fserver/files/gb/141/carousel/10289/1639550762197.png?wsSecret=03b3c46a04ad38d6c19bdf20cd649464&wsTime=1696340248 HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659v.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 217791
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-05
ETag: "6379d6a0-352bf"
Date: Thu, 28 Sep 2023 08:09:43 GMT
Last-Modified: Sun, 20 Nov 2022 07:26:24 GMT
Expires: Sat, 28 Oct 2023 08:09:43 GMT
Age: 451666
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xg03:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-05, HIT from KS-CLOUD-XG-FOREIGN-03-11
X-Cdn-Request-ID: 2ed482ebd4c87254c9dd6f80dd6d75fd
www.vip3659v.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_49_10.png
200 OK 22 kB URL GET HTTP/1.1 www.vip3659v.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_49_10.png
IP
ASN #140227 Hong Kong Communications International Co., Limited
Requested by https://www.vip3659v.com:8989/
Certificate IssuerLet's Encrypt
Subjectvip3659v.com
Fingerprint37:DB:08:60:07:09:DC:B6:2F:F8:39:98:AD:ED:4F:4E:C3:8A:4D:7A
ValidityWed, 30 Aug 2023 15:16:45 GMT - Tue, 28 Nov 2023 15:16:44 GMT
File type PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Hash 548f74b6fbacfdafac2d13982ea01f5b
62056e33bd99fdb7a26ed1eb6e0d34baae75ab4b
8d23af5f64406af80c5f00bbe2806c0a696eee1b9fa144135a679cf7d15c27a9
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_49_10.png HTTP/1.1
Host: www.vip3659v.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659v.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:37:30 GMT
Content-Type: image/png
Content-Length: 21502
Connection: keep-alive
Last-Modified: Sat, 11 Sep 2021 09:11:25 GMT
ETag: "613c72bd-53fe"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:37:30 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-097
Accept-Ranges: bytes
www.vip3659v.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_48_AT01.png
200 OK 26 kB URL GET HTTP/1.1 www.vip3659v.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_48_AT01.png
IP
ASN #140227 Hong Kong Communications International Co., Limited
Requested by https://www.vip3659v.com:8989/
Certificate IssuerLet's Encrypt
Subjectvip3659v.com
Fingerprint37:DB:08:60:07:09:DC:B6:2F:F8:39:98:AD:ED:4F:4E:C3:8A:4D:7A
ValidityWed, 30 Aug 2023 15:16:45 GMT - Tue, 28 Nov 2023 15:16:44 GMT
File type PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Hash f7637fd9fb8b0dd130560efe9dfcc5ac
c6a6b30f73923175a88fb0c5685c7943ef934c2e
a647abf9fc56228cf6ab783115c113b35479dce89ff1dc4db61efb0bf3234cb4
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_48_AT01.png HTTP/1.1
Host: www.vip3659v.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659v.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:37:30 GMT
Content-Type: image/png
Content-Length: 25819
Connection: keep-alive
Last-Modified: Mon, 14 Aug 2023 10:05:04 GMT
ETag: "64d9fc50-64db"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:37:30 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-097
Accept-Ranges: bytes
www.vip3659v.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_48_CC1001.png
200 OK 21 kB URL GET HTTP/1.1 www.vip3659v.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_48_CC1001.png
IP
ASN #140227 Hong Kong Communications International Co., Limited
Requested by https://www.vip3659v.com:8989/
Certificate IssuerLet's Encrypt
Subjectvip3659v.com
Fingerprint37:DB:08:60:07:09:DC:B6:2F:F8:39:98:AD:ED:4F:4E:C3:8A:4D:7A
ValidityWed, 30 Aug 2023 15:16:45 GMT - Tue, 28 Nov 2023 15:16:44 GMT
File type PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Hash 07db342d71e455736e0e8b5656ed7174
2d9bb7427a73a28f4bfec2a70dc227af4555968c
c1a35508763b061947ad0ea9eb9972b92b079c9510a2a746979dbffd84efde0f
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_48_CC1001.png HTTP/1.1
Host: www.vip3659v.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659v.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:37:30 GMT
Content-Type: image/png
Content-Length: 20993
Connection: keep-alive
Last-Modified: Wed, 30 Mar 2022 02:50:04 GMT
ETag: "6243c55c-5201"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:37:30 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-097
Accept-Ranges: bytes
www.vip3659v.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_35_1051.png
200 OK 23 kB URL GET HTTP/1.1 www.vip3659v.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_35_1051.png
IP
ASN #140227 Hong Kong Communications International Co., Limited
Requested by https://www.vip3659v.com:8989/
Certificate IssuerLet's Encrypt
Subjectvip3659v.com
Fingerprint37:DB:08:60:07:09:DC:B6:2F:F8:39:98:AD:ED:4F:4E:C3:8A:4D:7A
ValidityWed, 30 Aug 2023 15:16:45 GMT - Tue, 28 Nov 2023 15:16:44 GMT
File type PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Hash c2bad36f7d90b3d9d5077df183c0a80b
7890000fd16f911c2aa5223af3cddf3ed6c5f702
90b7d091ece32c042a2866eb7d6943d7e88148d3bb474eaff988a78942d6d3aa
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_35_1051.png HTTP/1.1
Host: www.vip3659v.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659v.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:37:30 GMT
Content-Type: image/png
Content-Length: 23172
Connection: keep-alive
Last-Modified: Mon, 15 Jul 2019 12:48:11 GMT
ETag: "5d2c760b-5a84"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:37:30 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-097
Accept-Ranges: bytes
3dsa62.gaokejd.xyz/ftl/commonPage/themes/images/hongbao/hongbao_type2.png?wsSecret=f5fa3b9e31735b022b51431c03033e15&wsTime=1696340248
200 OK 97 kB URL GET HTTP/1.1 3dsa62.gaokejd.xyz/ftl/commonPage/themes/images/hongbao/hongbao_type2.png?wsSecret=f5fa3b9e31735b022b51431c03033e15&wsTime=1696340248
IP
ASN #137280 Kingsoft cloud corporation limited
Requested by https://www.vip3659v.com:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type PNG image data, 250 x 290, 8-bit/color RGBA, non-interlaced\012- data
Hash 7cba82537203f393f21f63f855ecb3a6
5be53b9f8a346d56535ddc1fed69707aec03e2b8
69bfc1a826e8db539aba70f98c11d3cb0f3d9f8f47a9e150c259211e8070f18a
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/commonPage/themes/images/hongbao/hongbao_type2.png?wsSecret=f5fa3b9e31735b022b51431c03033e15&wsTime=1696340248 HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659v.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 96781
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-02
ETag: "61309af5-17a0d"
Date: Thu, 28 Sep 2023 08:06:27 GMT
Last-Modified: Thu, 02 Sep 2021 09:35:49 GMT
Expires: Sat, 28 Oct 2023 08:06:27 GMT
Age: 451862
Cache-Control: max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xg03:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-02, HIT from KS-CLOUD-XG-03-09
X-Cdn-Request-ID: fc57344a08a3df473d640876c3a3d431
www.vip3659v.com:8989/fserver/files/sportTeam/football/de26.png
200 OK 13 kB URL GET HTTP/1.1 www.vip3659v.com:8989/fserver/files/sportTeam/football/de26.png
IP
ASN #140227 Hong Kong Communications International Co., Limited
Requested by https://www.vip3659v.com:8989/
Certificate IssuerLet's Encrypt
Subjectvip3659v.com
Fingerprint37:DB:08:60:07:09:DC:B6:2F:F8:39:98:AD:ED:4F:4E:C3:8A:4D:7A
ValidityWed, 30 Aug 2023 15:16:45 GMT - Tue, 28 Nov 2023 15:16:44 GMT
File type PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced\012- data
Hash 7273ff05ae6c6d5db14481285d7cb1ab
9ae6fa365a825510b87aba8ccc3b3602717adcbe
27c7d0d420d1e700862dc781ab2da7a09cf4adf9f920894333969221683bb357
GET /fserver/files/sportTeam/football/de26.png HTTP/1.1
Host: www.vip3659v.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659v.com:8989/
Cookie: sticket=0TkRGaVlpMDVZak5s; route=6fc16a063046d21fc2e5f5c026f90787
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:37:30 GMT
Content-Type: image/png
Content-Length: 13375
Connection: keep-alive
Last-Modified: Wed, 24 Jul 2019 08:37:10 GMT
Vary: Accept-Encoding
ETag: "5d3818b6-343f"
Expires: Wed, 04 Oct 2023 13:37:30 GMT
Cache-Control: max-age=86400
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-site-097
Accept-Ranges: bytes
3dsa62.gaokejd.xyz/fserver/files/gb/141/carousel/10322/1663577476020.png?wsSecret=fabdef77a1c9ef1d333fada9250b781f&wsTime=1696340248
200 OK 122 kB URL GET HTTP/1.1 3dsa62.gaokejd.xyz/fserver/files/gb/141/carousel/10322/1663577476020.png?wsSecret=fabdef77a1c9ef1d333fada9250b781f&wsTime=1696340248
IP
ASN #138915 Kaopu Cloud HK Limited
Requested by https://www.vip3659v.com:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type PNG image data, 694 x 500, 8-bit colormap, non-interlaced\012- data
Size 122 kB (121611 bytes)
Hash 9b4d417046a78dcf8e12a51376905624
162c19341237baf7d2107461a954e4451321b55f
0bd1ed2e44971103548fd5ba76ecd6a8b8903b011e5715e869989be81e613341
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /fserver/files/gb/141/carousel/10322/1663577476020.png?wsSecret=fabdef77a1c9ef1d333fada9250b781f&wsTime=1696340248 HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659v.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 121611
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-03
ETag: "6379d70d-1db0b"
Date: Thu, 28 Sep 2023 08:09:32 GMT
Last-Modified: Sun, 20 Nov 2022 07:28:13 GMT
Expires: Sat, 28 Oct 2023 08:09:32 GMT
Age: 451676
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-03, HIT from KS-CLOUD-XG-FOREIGN-21-18
X-Cdn-Request-ID: f8fe5fc0df71a9734283237e2ec93a0e
www.vip3659v.com:8989/fserver/files/sportTeam/football/pt03.png
200 OK 7.0 kB URL GET HTTP/1.1 www.vip3659v.com:8989/fserver/files/sportTeam/football/pt03.png
IP
ASN #140227 Hong Kong Communications International Co., Limited
Requested by https://www.vip3659v.com:8989/
Certificate IssuerLet's Encrypt
Subjectvip3659v.com
Fingerprint37:DB:08:60:07:09:DC:B6:2F:F8:39:98:AD:ED:4F:4E:C3:8A:4D:7A
ValidityWed, 30 Aug 2023 15:16:45 GMT - Tue, 28 Nov 2023 15:16:44 GMT
File type PNG image data, 150 x 150, 8-bit colormap, non-interlaced\012- data
Hash 43f500c22dc35cdc7584ff070476a37f
7fffd6464cc1b90efa0dd96e2cbb19d9fd4f8c58
44697b36473e1eebef6bf419d50f4d937676932d6d2a2cc3b65919661adf8a82
GET /fserver/files/sportTeam/football/pt03.png HTTP/1.1
Host: www.vip3659v.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659v.com:8989/
Cookie: sticket=0TkRGaVlpMDVZak5s; route=6fc16a063046d21fc2e5f5c026f90787
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:37:30 GMT
Content-Type: image/png
Content-Length: 6961
Connection: keep-alive
Last-Modified: Mon, 19 Nov 2018 03:48:52 GMT
Vary: Accept-Encoding
ETag: "5bf232a4-1b31"
Expires: Wed, 04 Oct 2023 13:37:30 GMT
Cache-Control: max-age=86400
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-site-097
Accept-Ranges: bytes
ocsp.r2m01.amazontrust.com/
471 B URL ocsp.r2m01.amazontrust.com/
IP
Hash eed471c91a532b4ec94cec539985a73c
eeff32f763201ff0586026afb07618bcc791eae3
92c2092ea534a94a9f558862dca11c1bd1c94ed5410e591176134680510f2dcd
POST / HTTP/1.1
Host: ocsp.r2m01.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Tue, 03 Oct 2023 13:37:30 GMT
Last-Modified: Tue, 03 Oct 2023 11:52:03 GMT
Server: ECAcc (ska/F75B)
X-Cache: Miss from cloudfront
Via: 1.1 a64b49e5551565c12c7314b5e4419ba4.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: HEL51-P1
X-Amz-Cf-Id: vjb-T5bSmZM7ecLw6UQMa4eZZl2Y5v3x9jD-lQJzUlfHUODHhD37KA==
Age: 6327
3dsa62.gaokejd.xyz/fserver/files/gb/141/floatImage/273/1666693826407.png?wsSecret=3a6f3b7e7313a94658313423f78c67e1&wsTime=1696340248
200 OK 59 kB URL GET HTTP/1.1 3dsa62.gaokejd.xyz/fserver/files/gb/141/floatImage/273/1666693826407.png?wsSecret=3a6f3b7e7313a94658313423f78c67e1&wsTime=1696340248
IP
ASN #138915 Kaopu Cloud HK Limited
Requested by https://www.vip3659v.com:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type PNG image data, 140 x 476, 8-bit/color RGBA, non-interlaced\012- data
Hash 49563d45b49a4be9ca3e47e47abe4922
d3fa0c017818ad83aea64f5aa6665ffde15e69df
f30de132f8c9fea735cb30ab39ace43814273b611b804edbbf8ccd742d3ef531
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /fserver/files/gb/141/floatImage/273/1666693826407.png?wsSecret=3a6f3b7e7313a94658313423f78c67e1&wsTime=1696340248 HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659v.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 59186
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-05
ETag: "6357bac2-e732"
Date: Thu, 28 Sep 2023 08:06:28 GMT
Last-Modified: Tue, 25 Oct 2022 10:30:26 GMT
Expires: Sat, 28 Oct 2023 08:06:28 GMT
Age: 451861
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-05, HIT from KS-CLOUD-XG-FOREIGN-21-19
X-Cdn-Request-ID: 9c5013297a15e0c6e73168b23837abe1
3dsa62.gaokejd.xyz/ftl/commonPage/themes/images/hongbao/hongbao_type2_hover.png?wsSecret=a45389467b970361524536f820e77012&wsTime=1696340248
200 OK 103 kB URL GET HTTP/1.1 3dsa62.gaokejd.xyz/ftl/commonPage/themes/images/hongbao/hongbao_type2_hover.png?wsSecret=a45389467b970361524536f820e77012&wsTime=1696340248
IP
ASN #137280 Kingsoft cloud corporation limited
Requested by https://www.vip3659v.com:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type PNG image data, 250 x 290, 8-bit/color RGBA, non-interlaced\012- data
Size 103 kB (103097 bytes)
Hash 22d9895f65b064eedd9f6437e32ece6f
4095a9dc84b4b9477ba88358deaebae434f44b8d
7ba3c90a5fe78b7e5eaab734581c96a33e7293cf1995c22906121de97d35b8a1
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/commonPage/themes/images/hongbao/hongbao_type2_hover.png?wsSecret=a45389467b970361524536f820e77012&wsTime=1696340248 HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659v.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 103097
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-02
ETag: "61309af5-192b9"
Date: Thu, 28 Sep 2023 08:06:27 GMT
Last-Modified: Thu, 02 Sep 2021 09:35:49 GMT
Expires: Sat, 28 Oct 2023 08:06:27 GMT
Age: 451862
Cache-Control: max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xg03:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-02, HIT from KS-CLOUD-XG-FOREIGN-03-10
X-Cdn-Request-ID: 6ac8c70705976cb04fff2052406c54d4
www.vip3659v.com:8989/fserver/files/sportTeam/football/en07.png
200 OK 5.9 kB URL GET HTTP/1.1 www.vip3659v.com:8989/fserver/files/sportTeam/football/en07.png
IP
ASN #140227 Hong Kong Communications International Co., Limited
Requested by https://www.vip3659v.com:8989/
Certificate IssuerLet's Encrypt
Subjectvip3659v.com
Fingerprint37:DB:08:60:07:09:DC:B6:2F:F8:39:98:AD:ED:4F:4E:C3:8A:4D:7A
ValidityWed, 30 Aug 2023 15:16:45 GMT - Tue, 28 Nov 2023 15:16:44 GMT
File type PNG image data, 150 x 150, 8-bit colormap, non-interlaced\012- data
Hash 991514091de72a099ae947c7e0bd2c9d
446770ed35c0570b9cac57d5728cc33ba55f6046
393e067c36af1ce4084aa6d758c20f57db38ed68c9ffee331899cf9a1c5b703f
GET /fserver/files/sportTeam/football/en07.png HTTP/1.1
Host: www.vip3659v.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659v.com:8989/
Cookie: sticket=0TkRGaVlpMDVZak5s; route=6fc16a063046d21fc2e5f5c026f90787
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:37:30 GMT
Content-Type: image/png
Content-Length: 5916
Connection: keep-alive
Last-Modified: Wed, 14 Nov 2018 05:42:00 GMT
Vary: Accept-Encoding
ETag: "5bebb5a8-171c"
Expires: Wed, 04 Oct 2023 13:37:30 GMT
Cache-Control: max-age=86400
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-site-097
Accept-Ranges: bytes
3dsa62.gaokejd.xyz/fserver/files/gb/141/carousel/10402/1694933395297.jpg?wsSecret=13d69d9be1eb73a58801a63fa79f9799&wsTime=1696340248
200 OK 396 kB URL GET HTTP/1.1 3dsa62.gaokejd.xyz/fserver/files/gb/141/carousel/10402/1694933395297.jpg?wsSecret=13d69d9be1eb73a58801a63fa79f9799&wsTime=1696340248
IP
ASN #138915 Kaopu Cloud HK Limited
Requested by https://www.vip3659v.com:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 694x520, components 3\012- data
Size 396 kB (395791 bytes)
Hash 3b5db1903355f4bf7f91129ceae9d1be
06e7ee5a32d3824415680395548f5265e2e9efe9
ad7d8e59e738426389ed5023b09a1fb1960dafb371a03e9ea06b6120327e403d
GET /fserver/files/gb/141/carousel/10402/1694933395297.jpg?wsSecret=13d69d9be1eb73a58801a63fa79f9799&wsTime=1696340248 HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659v.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 395791
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-05
ETag: "6506a193-60a0f"
Date: Thu, 28 Sep 2023 08:09:32 GMT
Last-Modified: Sun, 17 Sep 2023 06:49:55 GMT
Expires: Sat, 28 Oct 2023 08:09:32 GMT
Age: 451676
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-05, HIT from KS-CLOUD-XG-FOREIGN-21-01
X-Cdn-Request-ID: 311d3964947a76234c4de28f874f7188
www.vip3659v.com:8989/fserver/files/gb/0/siteGameNavigation/0/1663921259266.png
200 OK 9.9 kB URL GET HTTP/1.1 www.vip3659v.com:8989/fserver/files/gb/0/siteGameNavigation/0/1663921259266.png
IP
ASN #140227 Hong Kong Communications International Co., Limited
Requested by https://www.vip3659v.com:8989/
Certificate IssuerLet's Encrypt
Subjectvip3659v.com
Fingerprint37:DB:08:60:07:09:DC:B6:2F:F8:39:98:AD:ED:4F:4E:C3:8A:4D:7A
ValidityWed, 30 Aug 2023 15:16:45 GMT - Tue, 28 Nov 2023 15:16:44 GMT
File type PNG image data, 150 x 150, 8-bit colormap, non-interlaced\012- data
Hash bde2ef956bc333150f06f11a82e09aad
6a45da232d31fcb04c53ea9a57221c08fd176d08
c7bfe52050bcafc68a7b080e141cf5826761b67bc40fb89825b645eff5e8b3df
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /fserver/files/gb/0/siteGameNavigation/0/1663921259266.png HTTP/1.1
Host: www.vip3659v.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659v.com:8989/
Cookie: sticket=0TkRGaVlpMDVZak5s; route=6fc16a063046d21fc2e5f5c026f90787
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:37:30 GMT
Content-Type: image/png
Content-Length: 9903
Connection: keep-alive
Last-Modified: Fri, 23 Sep 2022 08:20:59 GMT
Vary: Accept-Encoding
ETag: "632d6c6b-26af"
Expires: Wed, 04 Oct 2023 13:37:30 GMT
Cache-Control: max-age=86400
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-site-097
Accept-Ranges: bytes
www.vip3659v.com:8989/fserver/files/sportTeam/football/tr02.png
200 OK 14 kB URL GET HTTP/1.1 www.vip3659v.com:8989/fserver/files/sportTeam/football/tr02.png
IP
ASN #140227 Hong Kong Communications International Co., Limited
Requested by https://www.vip3659v.com:8989/
Certificate IssuerLet's Encrypt
Subjectvip3659v.com
Fingerprint37:DB:08:60:07:09:DC:B6:2F:F8:39:98:AD:ED:4F:4E:C3:8A:4D:7A
ValidityWed, 30 Aug 2023 15:16:45 GMT - Tue, 28 Nov 2023 15:16:44 GMT
File type PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced\012- data
Hash 4cbe63f38066cee6b0e8b16257f7c96b
73682979e803d37cdf73951116065d7c4e9d8fa6
4a0ca58eab43500034c98e96aac47f1733fe688580dabdf06f4919385534abf0
GET /fserver/files/sportTeam/football/tr02.png HTTP/1.1
Host: www.vip3659v.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659v.com:8989/
Cookie: sticket=0TkRGaVlpMDVZak5s; route=6fc16a063046d21fc2e5f5c026f90787
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:37:30 GMT
Content-Type: image/png
Content-Length: 14282
Connection: keep-alive
Last-Modified: Fri, 16 Nov 2018 11:58:10 GMT
Vary: Accept-Encoding
ETag: "5beeb0d2-37ca"
Expires: Wed, 04 Oct 2023 13:37:30 GMT
Cache-Control: max-age=86400
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-site-097
Accept-Ranges: bytes
www.vip3659v.com:8989/fserver/files/gb/1272/sportTeam/1/1620130580209.png
200 OK 85 kB URL GET HTTP/1.1 www.vip3659v.com:8989/fserver/files/gb/1272/sportTeam/1/1620130580209.png
IP
ASN #140227 Hong Kong Communications International Co., Limited
Requested by https://www.vip3659v.com:8989/
Certificate IssuerLet's Encrypt
Subjectvip3659v.com
Fingerprint37:DB:08:60:07:09:DC:B6:2F:F8:39:98:AD:ED:4F:4E:C3:8A:4D:7A
ValidityWed, 30 Aug 2023 15:16:45 GMT - Tue, 28 Nov 2023 15:16:44 GMT
File type PNG image data, 256 x 260, 8-bit/color RGB, non-interlaced\012- data
Hash 7eaced594befc61e2ddbbbc55b771cf0
9e1a5ad65af14be29cb96508c18c28c64c829809
fb1e0d4a9f5f6723173afe5f99d94a8b45b07472f2d17ee2c8d7a4cef639713d
GET /fserver/files/gb/1272/sportTeam/1/1620130580209.png HTTP/1.1
Host: www.vip3659v.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659v.com:8989/
Cookie: sticket=0TkRGaVlpMDVZak5s; route=6fc16a063046d21fc2e5f5c026f90787
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:37:30 GMT
Content-Type: image/png
Content-Length: 84999
Connection: keep-alive
Last-Modified: Tue, 04 May 2021 12:16:20 GMT
Vary: Accept-Encoding
ETag: "60913b14-14c07"
Expires: Wed, 04 Oct 2023 13:37:30 GMT
Cache-Control: max-age=86400
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-site-097
Accept-Ranges: bytes
www.vip3659v.com:8989/fserver/files/sportTeam/football/en06.png
200 OK 8.3 kB URL GET HTTP/1.1 www.vip3659v.com:8989/fserver/files/sportTeam/football/en06.png
IP
ASN #140227 Hong Kong Communications International Co., Limited
Requested by https://www.vip3659v.com:8989/
Certificate IssuerLet's Encrypt
Subjectvip3659v.com
Fingerprint37:DB:08:60:07:09:DC:B6:2F:F8:39:98:AD:ED:4F:4E:C3:8A:4D:7A
ValidityWed, 30 Aug 2023 15:16:45 GMT - Tue, 28 Nov 2023 15:16:44 GMT
File type PNG image data, 150 x 150, 8-bit colormap, non-interlaced\012- data
Hash 8c597c02135fc6dd1fcd25fbb155bf64
1766765d593b2cfbd199e178d95a4257a6d23fd5
4307d34ec5c483ad4cb5e09b33691f5725a301a68eea661243ce89110587646c
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /fserver/files/sportTeam/football/en06.png HTTP/1.1
Host: www.vip3659v.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659v.com:8989/
Cookie: sticket=0TkRGaVlpMDVZak5s; route=6fc16a063046d21fc2e5f5c026f90787
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:37:30 GMT
Content-Type: image/png
Content-Length: 8266
Connection: keep-alive
Last-Modified: Wed, 14 Nov 2018 03:28:40 GMT
Vary: Accept-Encoding
ETag: "5beb9668-204a"
Expires: Wed, 04 Oct 2023 13:37:30 GMT
Cache-Control: max-age=86400
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-site-097
Accept-Ranges: bytes
www.vip3659v.com:8989/fserver/files/sportTeam/football/fr27.png
200 OK 5.3 kB URL GET HTTP/1.1 www.vip3659v.com:8989/fserver/files/sportTeam/football/fr27.png
IP
ASN #140227 Hong Kong Communications International Co., Limited
Requested by https://www.vip3659v.com:8989/
Certificate IssuerLet's Encrypt
Subjectvip3659v.com
Fingerprint37:DB:08:60:07:09:DC:B6:2F:F8:39:98:AD:ED:4F:4E:C3:8A:4D:7A
ValidityWed, 30 Aug 2023 15:16:45 GMT - Tue, 28 Nov 2023 15:16:44 GMT
File type PNG image data, 150 x 150, 8-bit colormap, non-interlaced\012- data
Hash 8ebade574cca1f25cfe97bfc609e552d
49cd04b18560d6224a6fe1752294673d30140136
3894228ba3704c8980366724fb4e140d256ed9429ee1b83d4741dfef13a39492
GET /fserver/files/sportTeam/football/fr27.png HTTP/1.1
Host: www.vip3659v.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659v.com:8989/
Cookie: sticket=0TkRGaVlpMDVZak5s; route=6fc16a063046d21fc2e5f5c026f90787
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:37:30 GMT
Content-Type: image/png
Content-Length: 5291
Connection: keep-alive
Last-Modified: Wed, 14 Nov 2018 04:11:32 GMT
Vary: Accept-Encoding
ETag: "5beba074-14ab"
Expires: Wed, 04 Oct 2023 13:37:30 GMT
Cache-Control: max-age=86400
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-site-097
Accept-Ranges: bytes
www.vip3659v.com:8989/fserver/files/sportTeam/football/it04.png
200 OK 7.1 kB URL GET HTTP/1.1 www.vip3659v.com:8989/fserver/files/sportTeam/football/it04.png
IP
ASN #140227 Hong Kong Communications International Co., Limited
Requested by https://www.vip3659v.com:8989/
Certificate IssuerLet's Encrypt
Subjectvip3659v.com
Fingerprint37:DB:08:60:07:09:DC:B6:2F:F8:39:98:AD:ED:4F:4E:C3:8A:4D:7A
ValidityWed, 30 Aug 2023 15:16:45 GMT - Tue, 28 Nov 2023 15:16:44 GMT
File type PNG image data, 150 x 150, 8-bit colormap, non-interlaced\012- data
Hash bebb28464026e982f3247044bc244cda
6850144ff65e2a30807efe71e0c0abffd9d18224
e2d458bab2e5d027c190a9d710e4d74d717435fe731c44fc4aa2e50b95f2e388
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /fserver/files/sportTeam/football/it04.png HTTP/1.1
Host: www.vip3659v.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659v.com:8989/
Cookie: sticket=0TkRGaVlpMDVZak5s; route=6fc16a063046d21fc2e5f5c026f90787
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:37:30 GMT
Content-Type: image/png
Content-Length: 7140
Connection: keep-alive
Last-Modified: Thu, 15 Nov 2018 08:56:28 GMT
Vary: Accept-Encoding
ETag: "5bed34bc-1be4"
Expires: Wed, 04 Oct 2023 13:37:30 GMT
Cache-Control: max-age=86400
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-site-097
Accept-Ranges: bytes
vue.livehelp100service.com/visitorside/js/bundle.43270ed0.js
200 OK 126 kB URL GET HTTP/2 vue.livehelp100service.com/visitorside/js/bundle.43270ed0.js
IP
Requested by https://www.vip3659v.com:8989/
Certificate IssuerAmazon
Subject*.livehelp100service.com
Fingerprint64:45:EC:14:03:13:80:70:27:C3:0D:CA:0D:28:F6:FA:05:0E:D3:D0
ValidityTue, 15 Aug 2023 00:00:00 GMT - Thu, 12 Sep 2024 23:59:59 GMT
File type ASCII text, with very long lines (65422)
Size 126 kB (126471 bytes)
Hash b8205f42724de492210a5f391b9b0acb
e6508d42ca10d6dcfc5dab15687d801aa67a7468
1d4b6474cb0428fcba5fb4ced99a3724a72aa14cb10d2325274fde4aba412028
GET /visitorside/js/bundle.43270ed0.js HTTP/1.1
Host: vue.livehelp100service.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.vip3659v.com:8989
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659v.com:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
date: Tue, 03 Oct 2023 02:22:30 GMT
server: nginx/1.22.1
last-modified: Wed, 20 Sep 2023 11:00:34 GMT
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
access-control-expose-headers: Content-Length,Content-Range
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: br
etag: W/"650ad0d2-844ac"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 475d4ecb64796af058573c6f1048e898.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: KypQ1hCpGSHXZLJYosCk0-NxwJO3N1MKUqTKQ38YEYIMstWQ7esjUw==
age: 40498
X-Firefox-Spdy: h2
3dsa62.gaokejd.xyz/ftl/bet365-141-2/themes/images/head1.jpg?wsSecret=c743b97850f407f0bb79604dd243c0c5&wsTime=1696340248
200 OK 7.7 kB URL GET HTTP/1.1 3dsa62.gaokejd.xyz/ftl/bet365-141-2/themes/images/head1.jpg?wsSecret=c743b97850f407f0bb79604dd243c0c5&wsTime=1696340248
IP
ASN #137280 Kingsoft cloud corporation limited
Requested by https://www.vip3659v.com:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 960x72, components 3\012- data
Hash 4e7da730a5cbfe4a7ce573ddcea0e60a
ac31a27a6d71a7a297905c195a6434f043f7f0a7
fe5506589506db3c8dad8b544636c2794a764f28a9ab79215714d5cfe2d866c0
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/bet365-141-2/themes/images/head1.jpg?wsSecret=c743b97850f407f0bb79604dd243c0c5&wsTime=1696340248 HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659v.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 7727
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-01
ETag: "613c72a8-1e2f"
Date: Thu, 28 Sep 2023 08:02:50 GMT
Last-Modified: Sat, 11 Sep 2021 09:11:04 GMT
Expires: Sat, 28 Oct 2023 08:02:50 GMT
Age: 452080
Cache-Control: max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xg03:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-01, HIT from KS-CLOUD-XG-FOREIGN-03-11
X-Cdn-Request-ID: 46d7a91940740f3fbece864eac0d048a
www.vip3659v.com:8989/fserver/files/sportTeam/football/pt04.png
200 OK 8.4 kB URL GET HTTP/1.1 www.vip3659v.com:8989/fserver/files/sportTeam/football/pt04.png
IP
ASN #140227 Hong Kong Communications International Co., Limited
Requested by https://www.vip3659v.com:8989/
Certificate IssuerLet's Encrypt
Subjectvip3659v.com
Fingerprint37:DB:08:60:07:09:DC:B6:2F:F8:39:98:AD:ED:4F:4E:C3:8A:4D:7A
ValidityWed, 30 Aug 2023 15:16:45 GMT - Tue, 28 Nov 2023 15:16:44 GMT
File type PNG image data, 150 x 150, 8-bit colormap, non-interlaced\012- data
Hash d2832f699ffdb194deca17f797598a02
17f4672c28448e39ffddc28f8d0cf4b6fa2c1d85
6c7d81e599fbfdad66a39133aa5c4380bd011522143698f46667ce1f4f7b79eb
GET /fserver/files/sportTeam/football/pt04.png HTTP/1.1
Host: www.vip3659v.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659v.com:8989/
Cookie: sticket=0TkRGaVlpMDVZak5s; route=6fc16a063046d21fc2e5f5c026f90787
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:37:30 GMT
Content-Type: image/png
Content-Length: 8366
Connection: keep-alive
Last-Modified: Mon, 19 Nov 2018 03:48:52 GMT
Vary: Accept-Encoding
ETag: "5bf232a4-20ae"
Expires: Wed, 04 Oct 2023 13:37:30 GMT
Cache-Control: max-age=86400
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-site-097
Accept-Ranges: bytes
www.vip3659v.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_48_GO02.png
200 OK 22 kB URL GET HTTP/1.1 www.vip3659v.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_48_GO02.png
IP
ASN #140227 Hong Kong Communications International Co., Limited
Requested by https://www.vip3659v.com:8989/
Certificate IssuerLet's Encrypt
Subjectvip3659v.com
Fingerprint37:DB:08:60:07:09:DC:B6:2F:F8:39:98:AD:ED:4F:4E:C3:8A:4D:7A
ValidityWed, 30 Aug 2023 15:16:45 GMT - Tue, 28 Nov 2023 15:16:44 GMT
File type PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Hash 12f4870c1a8e51e39a6c8bfdd11ed804
47eb5ed8af8ae69595b8743e7a61d3fe825cc048
1f6c135cc810d561e52ad5ba9ca5cfda82897c82db0863ab366e62d5970b3883
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_48_GO02.png HTTP/1.1
Host: www.vip3659v.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659v.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:37:30 GMT
Content-Type: image/png
Content-Length: 21953
Connection: keep-alive
Last-Modified: Thu, 23 Dec 2021 07:42:29 GMT
ETag: "61c42865-55c1"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:37:30 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-097
Accept-Ranges: bytes
www.vip3659v.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_49_14.png
200 OK 20 kB URL GET HTTP/1.1 www.vip3659v.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_49_14.png
IP
ASN #140227 Hong Kong Communications International Co., Limited
Requested by https://www.vip3659v.com:8989/
Certificate IssuerLet's Encrypt
Subjectvip3659v.com
Fingerprint37:DB:08:60:07:09:DC:B6:2F:F8:39:98:AD:ED:4F:4E:C3:8A:4D:7A
ValidityWed, 30 Aug 2023 15:16:45 GMT - Tue, 28 Nov 2023 15:16:44 GMT
File type PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Hash 86f136869bc81df2a646e873bd23b46d
c40c25bbe820c39731d1c679653b28e119cbbadc
bfebb7307f1858837e6b61be64e46352b1ccd29bf982e9975886c9feda9f637f
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_49_14.png HTTP/1.1
Host: www.vip3659v.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659v.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:37:30 GMT
Content-Type: image/png
Content-Length: 20462
Connection: keep-alive
Last-Modified: Fri, 03 Feb 2023 02:46:55 GMT
ETag: "63dc759f-4fee"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:37:30 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-097
Accept-Ranges: bytes
www.vip3659v.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_60_31006.png
200 OK 20 kB URL GET HTTP/1.1 www.vip3659v.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_60_31006.png
IP
ASN #140227 Hong Kong Communications International Co., Limited
Requested by https://www.vip3659v.com:8989/
Certificate IssuerLet's Encrypt
Subjectvip3659v.com
Fingerprint37:DB:08:60:07:09:DC:B6:2F:F8:39:98:AD:ED:4F:4E:C3:8A:4D:7A
ValidityWed, 30 Aug 2023 15:16:45 GMT - Tue, 28 Nov 2023 15:16:44 GMT
File type PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Hash a678f783e25a467193ee4fa0252d5bf4
ffadbf4388ce2dc312c720e75f9b9d73c05e93cd
1421dad09cedb4c186e8b4ac1cc027955d52a9d268b29144d3d8f0d60d5ed075
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_60_31006.png HTTP/1.1
Host: www.vip3659v.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659v.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:37:30 GMT
Content-Type: image/png
Content-Length: 19766
Connection: keep-alive
Last-Modified: Wed, 10 May 2023 06:20:23 GMT
ETag: "645b37a7-4d36"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:37:30 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-097
Accept-Ranges: bytes
3dsa62.gaokejd.xyz/fserver/files/gb/141/carousel/10307/1658300326348.png?wsSecret=ad13f0b35bc57a0c52efba4aaa8522dc&wsTime=1696340248
200 OK 328 kB URL GET HTTP/1.1 3dsa62.gaokejd.xyz/fserver/files/gb/141/carousel/10307/1658300326348.png?wsSecret=ad13f0b35bc57a0c52efba4aaa8522dc&wsTime=1696340248
IP
ASN #138915 Kaopu Cloud HK Limited
Requested by https://www.vip3659v.com:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type PNG image data, 1400 x 1047, 8-bit colormap, non-interlaced\012- data
Size 328 kB (328303 bytes)
Hash 535172ad3a435afe80c33ed17cc592f9
7d8bc3efa5a46e12b54ee07d0428c5e3d0662fc4
f7b20469f299a0722ccc52bbecdba656f73435b4c827add798de38797a2c266e
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /fserver/files/gb/141/carousel/10307/1658300326348.png?wsSecret=ad13f0b35bc57a0c52efba4aaa8522dc&wsTime=1696340248 HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659v.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 328303
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-06
ETag: "6379d6d4-5026f"
Date: Thu, 28 Sep 2023 08:09:42 GMT
Last-Modified: Sun, 20 Nov 2022 07:27:16 GMT
Expires: Sat, 28 Oct 2023 08:09:42 GMT
Age: 451666
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-06, HIT from KS-CLOUD-XG-FOREIGN-21-03
X-Cdn-Request-ID: 1a0b32219db87ece9add55f8ac21dd1c
3dsa62.gaokejd.xyz/fserver/files/gb/141/carousel/10381/1687412906249.jpg?wsSecret=3526fa726635b5a4d580168c09dbe58c&wsTime=1696340248
200 OK 369 kB URL GET HTTP/1.1 3dsa62.gaokejd.xyz/fserver/files/gb/141/carousel/10381/1687412906249.jpg?wsSecret=3526fa726635b5a4d580168c09dbe58c&wsTime=1696340248
IP
ASN #138915 Kaopu Cloud HK Limited
Requested by https://www.vip3659v.com:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 694x520, components 3\012- data
Size 369 kB (368702 bytes)
Hash de11f3b1d817b150ad03f39aaedd0017
3b6dcfd2d2d5fa19397144ef3c8e1734b1635542
10ff505bcab9d3bc20bbe02032a4b5bb474368cc164c60cbc9f3f59701503a6e
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /fserver/files/gb/141/carousel/10381/1687412906249.jpg?wsSecret=3526fa726635b5a4d580168c09dbe58c&wsTime=1696340248 HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659v.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 368702
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-05
ETag: "6493e0aa-5a03e"
Date: Thu, 28 Sep 2023 08:09:43 GMT
Last-Modified: Thu, 22 Jun 2023 05:48:26 GMT
Expires: Sat, 28 Oct 2023 08:09:43 GMT
Age: 451665
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-05, HIT from KS-CLOUD-XG-FOREIGN-21-13
X-Cdn-Request-ID: 2c96a70ddb1b610591c0084a6cd22f9f
3dsa62.gaokejd.xyz/fserver/files/gb/141/carousel/10366/1678507559237.jpg?wsSecret=d208406edd5b883015ef6d245529bc9d&wsTime=1696340248
200 OK 386 kB URL GET HTTP/1.1 3dsa62.gaokejd.xyz/fserver/files/gb/141/carousel/10366/1678507559237.jpg?wsSecret=d208406edd5b883015ef6d245529bc9d&wsTime=1696340248
IP
ASN #138915 Kaopu Cloud HK Limited
Requested by https://www.vip3659v.com:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 694x520, components 3\012- data
Size 386 kB (386527 bytes)
Hash 81a5f65507df89f605fbf600872099fe
791d238960719ed5e3dd17b592c868d029dbc7a4
656130b23da3fb9ce75eee3708b6f22f7c160f1640f7e858ffa64bc054856519
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /fserver/files/gb/141/carousel/10366/1678507559237.jpg?wsSecret=d208406edd5b883015ef6d245529bc9d&wsTime=1696340248 HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659v.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 386527
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-04
ETag: "640bfe27-5e5df"
Date: Thu, 28 Sep 2023 08:09:32 GMT
Last-Modified: Sat, 11 Mar 2023 04:05:59 GMT
Expires: Sat, 28 Oct 2023 08:09:32 GMT
Age: 451677
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xg21:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-04, HIT from KS-CLOUD-XG-FOREIGN-21-20
X-Cdn-Request-ID: 8d2c47db0cd4f16a49f37fc4d43e6698
www.vip3659v.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_49_13.png
200 OK 26 kB URL GET HTTP/1.1 www.vip3659v.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_49_13.png
IP
ASN #140227 Hong Kong Communications International Co., Limited
Requested by https://www.vip3659v.com:8989/
Certificate IssuerLet's Encrypt
Subjectvip3659v.com
Fingerprint37:DB:08:60:07:09:DC:B6:2F:F8:39:98:AD:ED:4F:4E:C3:8A:4D:7A
ValidityWed, 30 Aug 2023 15:16:45 GMT - Tue, 28 Nov 2023 15:16:44 GMT
File type PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Hash 1ac91d4dfd52f26f9c5682cf67ac3f49
6ca58050b81ce1be80d3b0c749b60a79d8413b98
021c28d7d369afa39f3aeac128f91dd3f377fc910a35d76a2e9d2463093e3b44
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_49_13.png HTTP/1.1
Host: www.vip3659v.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659v.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:37:30 GMT
Content-Type: image/png
Content-Length: 26179
Connection: keep-alive
Last-Modified: Mon, 25 Apr 2022 07:55:46 GMT
ETag: "62665402-6643"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:37:30 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-097
Accept-Ranges: bytes
3dsa62.gaokejd.xyz/ftl/bet365-141-2/themes/images/sports-infos-bg.png?wsSecret=8229fb00720169016dd312a252caa697&wsTime=1696340248
200 OK 4.3 kB URL GET HTTP/1.1 3dsa62.gaokejd.xyz/ftl/bet365-141-2/themes/images/sports-infos-bg.png?wsSecret=8229fb00720169016dd312a252caa697&wsTime=1696340248
IP
ASN #138915 Kaopu Cloud HK Limited
Requested by https://www.vip3659v.com:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type PNG image data, 414 x 204, 8-bit/color RGB, non-interlaced\012- data
Hash 69957649d4c70d7b7cc0c1aa434c462f
9070128b8ee6a699818e5deb33c926581d5b0b6f
6cff75537c35a2a855cafaf1d2d45767867dbc28774da40ed8c4fd4f4f74a813
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/bet365-141-2/themes/images/sports-infos-bg.png?wsSecret=8229fb00720169016dd312a252caa697&wsTime=1696340248 HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659v.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 4311
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-04
ETag: "5d2c7603-10d7"
Date: Thu, 28 Sep 2023 08:02:50 GMT
Last-Modified: Mon, 15 Jul 2019 12:48:03 GMT
Expires: Sat, 28 Oct 2023 08:02:50 GMT
Age: 452080
Cache-Control: max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-04, HIT from KS-CLOUD-XG-FOREIGN-21-19
X-Cdn-Request-ID: 35156b538a48714f3d4715ec3fac7e06
3dsa62.gaokejd.xyz/ftl/bet365-141-2/themes/images/btn.png?wsSecret=f8067811d2214a563fd5dedc0a7a5e6f&wsTime=1696340248
200 OK 484 B URL GET HTTP/1.1 3dsa62.gaokejd.xyz/ftl/bet365-141-2/themes/images/btn.png?wsSecret=f8067811d2214a563fd5dedc0a7a5e6f&wsTime=1696340248
IP
ASN #137280 Kingsoft cloud corporation limited
Requested by https://www.vip3659v.com:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type PNG image data, 170 x 28, 8-bit colormap, non-interlaced\012- data
Hash b1ab87f2aa1045cf56bd192752fb20ba
e8b07455934b82eb6c9d1a5d657c582822eb32cc
527228714a2a640b71788550f8dcd2c0964ee13fdfddc1c57ff377134f8fcecb
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/bet365-141-2/themes/images/btn.png?wsSecret=f8067811d2214a563fd5dedc0a7a5e6f&wsTime=1696340248 HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659v.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 484
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-05
ETag: "613c72a8-1e4"
Date: Thu, 28 Sep 2023 08:02:49 GMT
Last-Modified: Sat, 11 Sep 2021 09:11:04 GMT
Expires: Sat, 28 Oct 2023 08:02:49 GMT
Age: 452081
Cache-Control: max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xg03:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-05, HIT from KS-CLOUD-XG-03-02
X-Cdn-Request-ID: 7b47b15fd5fffaeb11435a469a8d8b27
www.vip3659v.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_49_12.png
200 OK 26 kB URL GET HTTP/1.1 www.vip3659v.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_49_12.png
IP
ASN #140227 Hong Kong Communications International Co., Limited
Requested by https://www.vip3659v.com:8989/
Certificate IssuerLet's Encrypt
Subjectvip3659v.com
Fingerprint37:DB:08:60:07:09:DC:B6:2F:F8:39:98:AD:ED:4F:4E:C3:8A:4D:7A
ValidityWed, 30 Aug 2023 15:16:45 GMT - Tue, 28 Nov 2023 15:16:44 GMT
File type PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Hash dc21406f53974241a6ea9d1ba342a0a3
d98181158619aa5993f35dc4821c26ea657c9c35
656f550c68b469776ebe40713d8556d43af391da6cc881918da5f6c983ba823f
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_49_12.png HTTP/1.1
Host: www.vip3659v.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659v.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:37:31 GMT
Content-Type: image/png
Content-Length: 26500
Connection: keep-alive
Last-Modified: Tue, 30 Nov 2021 08:28:44 GMT
ETag: "61a5e0bc-6784"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:37:31 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-097
Accept-Ranges: bytes
www.vip3659v.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_49_11.png
200 OK 20 kB URL GET HTTP/1.1 www.vip3659v.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_49_11.png
IP
ASN #140227 Hong Kong Communications International Co., Limited
Requested by https://www.vip3659v.com:8989/
Certificate IssuerLet's Encrypt
Subjectvip3659v.com
Fingerprint37:DB:08:60:07:09:DC:B6:2F:F8:39:98:AD:ED:4F:4E:C3:8A:4D:7A
ValidityWed, 30 Aug 2023 15:16:45 GMT - Tue, 28 Nov 2023 15:16:44 GMT
File type PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Hash d495fdd61d29ff61ff34fdccc5597d0f
95a2b5b377a239ccf2d5e5cc81534f79dbbbe033
08097b5ebe2de4f6d295aeb64fc72170c766ea81851e9baf96ff4de926fc678b
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_49_11.png HTTP/1.1
Host: www.vip3659v.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659v.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:37:31 GMT
Content-Type: image/png
Content-Length: 19964
Connection: keep-alive
Last-Modified: Sat, 11 Sep 2021 09:11:25 GMT
ETag: "613c72bd-4dfc"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:37:31 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-097
Accept-Ranges: bytes
www.vip3659v.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_65_5007.png
200 OK 22 kB URL GET HTTP/1.1 www.vip3659v.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_65_5007.png
IP
ASN #140227 Hong Kong Communications International Co., Limited
Requested by https://www.vip3659v.com:8989/
Certificate IssuerLet's Encrypt
Subjectvip3659v.com
Fingerprint37:DB:08:60:07:09:DC:B6:2F:F8:39:98:AD:ED:4F:4E:C3:8A:4D:7A
ValidityWed, 30 Aug 2023 15:16:45 GMT - Tue, 28 Nov 2023 15:16:44 GMT
File type PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Hash feaff8384a2780bf50a660b657928245
eb492cee9a7d13b8114aa1c75c6db75742d7ef4a
ec33d957ba07daa21a098bc096b1c643ae64420e1924f0691b6b75fd4e8707f2
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_65_5007.png HTTP/1.1
Host: www.vip3659v.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659v.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:37:31 GMT
Content-Type: image/png
Content-Length: 21877
Connection: keep-alive
Last-Modified: Fri, 09 Aug 2019 09:47:47 GMT
ETag: "5d4d4143-5575"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:37:31 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-097
Accept-Ranges: bytes
3dsa62.gaokejd.xyz/fserver/files/gb/141/carousel/10316/1659084716430.png?wsSecret=3548978c3442ec0017f59c857b4fd8a8&wsTime=1696340248
200 OK 70 kB URL GET HTTP/1.1 3dsa62.gaokejd.xyz/fserver/files/gb/141/carousel/10316/1659084716430.png?wsSecret=3548978c3442ec0017f59c857b4fd8a8&wsTime=1696340248
IP
ASN #138915 Kaopu Cloud HK Limited
Requested by https://www.vip3659v.com:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type PNG image data, 750 x 190, 8-bit colormap, non-interlaced\012- data
Hash 3cec45bced128357804406f23fdb94d1
2e300c18f2c721f4d8580098b46829ef2be4ce1e
36d46701f11f890e85341c03a1381dd46dce7c1be4c2582ebfa67b0e39101d15
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /fserver/files/gb/141/carousel/10316/1659084716430.png?wsSecret=3548978c3442ec0017f59c857b4fd8a8&wsTime=1696340248 HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659v.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 70362
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-01
ETag: "62e39fac-112da"
Date: Thu, 28 Sep 2023 08:09:45 GMT
Last-Modified: Fri, 29 Jul 2022 08:51:56 GMT
Expires: Sat, 28 Oct 2023 08:09:45 GMT
Age: 451665
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-01, HIT from KS-CLOUD-XG-FOREIGN-21-15
X-Cdn-Request-ID: 91036112b54449e7cd5b8d18fbda07a5
www.vip3659v.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_60_31008.png
200 OK 20 kB URL GET HTTP/1.1 www.vip3659v.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_60_31008.png
IP
ASN #140227 Hong Kong Communications International Co., Limited
Requested by https://www.vip3659v.com:8989/
Certificate IssuerLet's Encrypt
Subjectvip3659v.com
Fingerprint37:DB:08:60:07:09:DC:B6:2F:F8:39:98:AD:ED:4F:4E:C3:8A:4D:7A
ValidityWed, 30 Aug 2023 15:16:45 GMT - Tue, 28 Nov 2023 15:16:44 GMT
File type PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Hash 37070ea9397e4c9bfa4c6fa5e499de59
fd2237d48600d3a6acba5c8982c1d594962418d4
f3d50d3f597d6a23e42d069971e80a14851d7c996bbce674ed591c6e87b64bda
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_60_31008.png HTTP/1.1
Host: www.vip3659v.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659v.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:37:31 GMT
Content-Type: image/png
Content-Length: 20172
Connection: keep-alive
Last-Modified: Wed, 10 May 2023 06:20:23 GMT
ETag: "645b37a7-4ecc"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:37:31 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-097
Accept-Ranges: bytes
www.vip3659v.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_65_5001.png
200 OK 20 kB URL GET HTTP/1.1 www.vip3659v.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_65_5001.png
IP
ASN #140227 Hong Kong Communications International Co., Limited
Requested by https://www.vip3659v.com:8989/
Certificate IssuerLet's Encrypt
Subjectvip3659v.com
Fingerprint37:DB:08:60:07:09:DC:B6:2F:F8:39:98:AD:ED:4F:4E:C3:8A:4D:7A
ValidityWed, 30 Aug 2023 15:16:45 GMT - Tue, 28 Nov 2023 15:16:44 GMT
File type PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Hash 45d0f5934f7f664e4fb397fbe69c0bec
72a5c4e823954ec0111709b6aec71c1f0b08fe43
3e9fedb5bbb6caac2dfc16278ba5d0c26483aa3efb5508374eeec9de7b9f9cd4
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_65_5001.png HTTP/1.1
Host: www.vip3659v.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659v.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:37:31 GMT
Content-Type: image/png
Content-Length: 20254
Connection: keep-alive
Last-Modified: Fri, 09 Aug 2019 09:47:47 GMT
ETag: "5d4d4143-4f1e"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:37:31 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-097
Accept-Ranges: bytes
3dsa62.gaokejd.xyz/ftl/bet365-141-2/themes/images/bg-products.gif?wsSecret=dcc24ee5a728d5a5db54916b1e9b435a&wsTime=1696340248
200 OK 21 kB URL GET HTTP/1.1 3dsa62.gaokejd.xyz/ftl/bet365-141-2/themes/images/bg-products.gif?wsSecret=dcc24ee5a728d5a5db54916b1e9b435a&wsTime=1696340248
IP
ASN #138915 Kaopu Cloud HK Limited
Requested by https://www.vip3659v.com:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type GIF image data, version 89a, 271 x 302\012- data
Hash e6c33fd46eacf329da3565adb295287a
79b107df875842fd4e22809f21b60c322d128cce
1694db51d04b5d207f7bc4ca11a7fcd2ca171b2f4c2c2b12d1c75e5cb3dbe20f
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/bet365-141-2/themes/images/bg-products.gif?wsSecret=dcc24ee5a728d5a5db54916b1e9b435a&wsTime=1696340248 HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659v.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/gif
Content-Length: 21028
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-04
ETag: "5d2c7603-5224"
Date: Thu, 28 Sep 2023 08:02:51 GMT
Last-Modified: Mon, 15 Jul 2019 12:48:03 GMT
Expires: Sat, 28 Oct 2023 08:02:51 GMT
Age: 452079
Cache-Control: max-age=86400
Accept-Ranges: bytes
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-04, HIT from KS-CLOUD-XG-FOREIGN-21-09
X-Cdn-Request-ID: 9743a5cc13efb8f6988a517f07c50b6f
3dsa62.gaokejd.xyz/ftl/bet365-141-2/themes/images/arrow.png?wsSecret=1b0ad2174e8824e683b1980a52c9f4c9&wsTime=1696340248
200 OK 260 B URL GET HTTP/1.1 3dsa62.gaokejd.xyz/ftl/bet365-141-2/themes/images/arrow.png?wsSecret=1b0ad2174e8824e683b1980a52c9f4c9&wsTime=1696340248
IP
ASN #138915 Kaopu Cloud HK Limited
Requested by https://www.vip3659v.com:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type PNG image data, 10 x 14, 8-bit colormap, non-interlaced\012- data
Hash e602938a99acc154421381f39d5652d8
e12cb203b3e61b0cae31ad5cb3241555caba6c10
73500ead881aa273814d982b0a0e78dc29ebf04f37b5932667785f6f7c45a664
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/bet365-141-2/themes/images/arrow.png?wsSecret=1b0ad2174e8824e683b1980a52c9f4c9&wsTime=1696340248 HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659v.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 260
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-01
ETag: "614d2b23-104"
Date: Thu, 28 Sep 2023 08:02:49 GMT
Last-Modified: Fri, 24 Sep 2021 01:34:27 GMT
Expires: Sat, 28 Oct 2023 08:02:49 GMT
Age: 452081
Cache-Control: max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-01, HIT from KS-CLOUD-XG-FOREIGN-21-07
X-Cdn-Request-ID: 6f2a1aa4f8f1dea85cc5309097429433
www.vip3659v.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_60_7004.png
200 OK 102 kB URL GET HTTP/1.1 www.vip3659v.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_60_7004.png
IP
ASN #140227 Hong Kong Communications International Co., Limited
Requested by https://www.vip3659v.com:8989/
Certificate IssuerLet's Encrypt
Subjectvip3659v.com
Fingerprint37:DB:08:60:07:09:DC:B6:2F:F8:39:98:AD:ED:4F:4E:C3:8A:4D:7A
ValidityWed, 30 Aug 2023 15:16:45 GMT - Tue, 28 Nov 2023 15:16:44 GMT
File type PNG image data, 250 x 215, 8-bit/color RGBA, non-interlaced\012- data
Size 102 kB (102160 bytes)
Hash 18b9c1ca12b579e3be9de7f0b3d765b7
cabb9ddce1222608668401769754241d2667ac59
81b7527eda1e9db86dc9704173b4e9aa50932eb8c80ea08b23d969899bca9656
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_60_7004.png HTTP/1.1
Host: www.vip3659v.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659v.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:37:31 GMT
Content-Type: image/png
Content-Length: 102160
Connection: keep-alive
Last-Modified: Mon, 15 Jul 2019 12:48:11 GMT
ETag: "5d2c760b-18f10"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:37:31 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-097
Accept-Ranges: bytes
3dsa62.gaokejd.xyz/fserver/files/gb/141/floatImage/273/1666693826530.png?wsSecret=a91e8d08635aacfb84d1f8d82bed5939&wsTime=1696340248
200 OK 8.6 kB URL GET HTTP/1.1 3dsa62.gaokejd.xyz/fserver/files/gb/141/floatImage/273/1666693826530.png?wsSecret=a91e8d08635aacfb84d1f8d82bed5939&wsTime=1696340248
IP
ASN #138915 Kaopu Cloud HK Limited
Requested by https://www.vip3659v.com:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type PNG image data, 140 x 35, 8-bit/color RGBA, non-interlaced\012- data
Hash e9b65c8ad826f51a6e0d8b30801ebe97
a6b5f8cf0772e12117fe5db956482ed8f15140d5
2a2c01d75b9b60e977fb5a8e535fc8ea4e9146bb499e2af25ccf1bd5ebaaf840
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /fserver/files/gb/141/floatImage/273/1666693826530.png?wsSecret=a91e8d08635aacfb84d1f8d82bed5939&wsTime=1696340248 HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659v.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 8612
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-02
ETag: "6357bac2-21a4"
Date: Thu, 28 Sep 2023 08:06:27 GMT
Last-Modified: Tue, 25 Oct 2022 10:30:26 GMT
Expires: Sat, 28 Oct 2023 08:06:27 GMT
Age: 451863
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-02, HIT from KS-CLOUD-XG-FOREIGN-21-02
X-Cdn-Request-ID: 106045efa5292ea66bf2b7310b70f29f
www.vip3659v.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_60_7003.png
200 OK 105 kB URL GET HTTP/1.1 www.vip3659v.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_60_7003.png
IP
ASN #140227 Hong Kong Communications International Co., Limited
Requested by https://www.vip3659v.com:8989/
Certificate IssuerLet's Encrypt
Subjectvip3659v.com
Fingerprint37:DB:08:60:07:09:DC:B6:2F:F8:39:98:AD:ED:4F:4E:C3:8A:4D:7A
ValidityWed, 30 Aug 2023 15:16:45 GMT - Tue, 28 Nov 2023 15:16:44 GMT
File type PNG image data, 250 x 215, 8-bit/color RGBA, non-interlaced\012- data
Size 105 kB (105068 bytes)
Hash c421c976cf701cd806a7ebeb8575e0a3
cb84123cde62bcad60f34b5a5703f7bfafca1906
e797e57325c453e7ca7e56e634ada214b51ab9298ba5aea4d183fea859857d60
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_60_7003.png HTTP/1.1
Host: www.vip3659v.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659v.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:37:31 GMT
Content-Type: image/png
Content-Length: 105068
Connection: keep-alive
Last-Modified: Mon, 15 Jul 2019 12:48:11 GMT
ETag: "5d2c760b-19a6c"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:37:31 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-097
Accept-Ranges: bytes
www.vip3659v.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_48_AB3.png
200 OK 77 kB URL GET HTTP/1.1 www.vip3659v.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_48_AB3.png
IP
ASN #140227 Hong Kong Communications International Co., Limited
Requested by https://www.vip3659v.com:8989/
Certificate IssuerLet's Encrypt
Subjectvip3659v.com
Fingerprint37:DB:08:60:07:09:DC:B6:2F:F8:39:98:AD:ED:4F:4E:C3:8A:4D:7A
ValidityWed, 30 Aug 2023 15:16:45 GMT - Tue, 28 Nov 2023 15:16:44 GMT
File type PNG image data, 249 x 215, 8-bit/color RGBA, non-interlaced\012- data
Hash 4efe93bd780474540b29c662acef4d68
2d588f15315c28feef52d101bff05d5a2071929d
e52983bbd04e43f83dccc17ccff1064098ae925ae651f753e59b1530a0e4d733
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_48_AB3.png HTTP/1.1
Host: www.vip3659v.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659v.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:37:30 GMT
Content-Type: image/png
Content-Length: 76813
Connection: keep-alive
Last-Modified: Mon, 14 Aug 2023 10:05:04 GMT
ETag: "64d9fc50-12c0d"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:37:30 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-097
Accept-Ranges: bytes
3dsa62.gaokejd.xyz/ftl/commonPage/images/favicon/favicon_141.png?wsSecret=c72f5380d27ab6cfad9db645d59cf8da&wsTime=1696340248
200 OK 4.7 kB URL GET HTTP/1.1 3dsa62.gaokejd.xyz/ftl/commonPage/images/favicon/favicon_141.png?wsSecret=c72f5380d27ab6cfad9db645d59cf8da&wsTime=1696340248
IP
ASN #138915 Kaopu Cloud HK Limited
Requested by https://www.vip3659v.com:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type PNG image data, 64 x 64, 8-bit/color RGB, non-interlaced\012- data
Hash 834417d344a1bd995c78df66fe45edbd
79a5cd12dc1bf06043f38349e6dd492e58144a01
736b8041b08f7ec7a5f5a8e8d4d857dc58f1f03d4e2b6f738a2f1c9ae3892bbb
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/commonPage/images/favicon/favicon_141.png?wsSecret=c72f5380d27ab6cfad9db645d59cf8da&wsTime=1696340248 HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659v.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 4704
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-06
ETag: "6311d300-1260"
Date: Thu, 28 Sep 2023 08:10:45 GMT
Last-Modified: Fri, 02 Sep 2022 09:55:12 GMT
Expires: Sat, 28 Oct 2023 08:10:45 GMT
Age: 451606
Cache-Control: max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-06, HIT from KS-CLOUD-XG-FOREIGN-21-01
X-Cdn-Request-ID: 769a47e6ada1d0c1f92117b079f167e5
vue.livehelp100service.com/visitorside/js/Button.fa84d0c8.js
200 OK 9.7 kB URL GET HTTP/2 vue.livehelp100service.com/visitorside/js/Button.fa84d0c8.js
IP
Requested by https://www.vip3659v.com:8989/
Certificate IssuerAmazon
Subject*.livehelp100service.com
Fingerprint64:45:EC:14:03:13:80:70:27:C3:0D:CA:0D:28:F6:FA:05:0E:D3:D0
ValidityTue, 15 Aug 2023 00:00:00 GMT - Thu, 12 Sep 2024 23:59:59 GMT
File type ASCII text, with very long lines (9846), with no line terminators
Hash f4b75a65708568ed20cb1c0c5ff526b5
fcc8b2cc155327433213703a0b3ce4a564b2dd45
95e6c40191a50b016b493df94625397c9766dccc6ae7b5b0d5e051663916a61b
GET /visitorside/js/Button.fa84d0c8.js HTTP/1.1
Host: vue.livehelp100service.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.vip3659v.com:8989
DNT: 1
Connection: keep-alive
Referer: https://vue.livehelp100service.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript
date: Tue, 03 Oct 2023 02:21:03 GMT
server: nginx/1.22.1
last-modified: Wed, 20 Sep 2023 11:00:34 GMT
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
access-control-expose-headers: Content-Length,Content-Range
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: br
etag: W/"650ad0d2-25cd"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 475d4ecb64796af058573c6f1048e898.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: M8JhbyXQ2YSCbVhppIFeF95QOqtF_VrdBE4dbAVtONsAZDgoWDhMQw==
age: 40589
X-Firefox-Spdy: h2
vue.livehelp100service.com/livechat.ashx?siteId=65000584
200 OK 1.9 kB URL GET HTTP/2 vue.livehelp100service.com/livechat.ashx?siteId=65000584
IP
Requested by https://www.vip3659v.com:8989/
Certificate IssuerAmazon
Subject*.livehelp100service.com
Fingerprint64:45:EC:14:03:13:80:70:27:C3:0D:CA:0D:28:F6:FA:05:0E:D3:D0
ValidityTue, 15 Aug 2023 00:00:00 GMT - Thu, 12 Sep 2024 23:59:59 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2045), with no line terminators
Hash 5b633e2af4f4d8d5d24a6cf843c0cafd
df50fd4c9cd113b803384174d0f738a8b6be400b
a8313f20124cadd528d8d5320f34695304ead51490241ae87595a5afbd9aaafb
GET /livechat.ashx?siteId=65000584 HTTP/1.1
Host: vue.livehelp100service.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659v.com:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/x-javascript; charset=utf-8
date: Tue, 03 Oct 2023 02:30:45 GMT
server: Kestrel
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 71c98156ae29b36a903974f9dd2568f8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: kvuFZVqWeCiDFa3wGna9j3KkBQgOm2JoBLXoQ1xgA4ev_QfwpEzYqQ==
age: 40001
X-Firefox-Spdy: h2
786ad.239tgaaagf.com/campaign.ashx?siteId=65000584&campaignId=10b42444-f030-4724-9472-c5b49997c716&lastUpdateTime=000000000B173E4B
200 OK 14 kB URL GET HTTP/2 786ad.239tgaaagf.com/campaign.ashx?siteId=65000584&campaignId=10b42444-f030-4724-9472-c5b49997c716&lastUpdateTime=000000000B173E4B
IP
Requested by https://www.vip3659v.com:8989/
Certificate IssuerAmazon
Subject*.livehelp100service.com
Fingerprint30:5B:92:F8:D3:3F:D6:BC:AB:CB:92:F8:DB:62:DE:57:A3:32:FC:AC
ValidityFri, 11 Aug 2023 00:00:00 GMT - Sun, 08 Sep 2024 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /campaign.ashx?siteId=65000584&campaignId=10b42444-f030-4724-9472-c5b49997c716&lastUpdateTime=000000000B173E4B HTTP/1.1
Host: 786ad.239tgaaagf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.vip3659v.com:8989
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659v.com:8989/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 03 Oct 2023 13:37:32 GMT
content-type: text/json
server: nginx
access-control-allow-origin: *
cache-control: max-age=31536000
arrserver: chatserver2
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-security-policy: default-src 'self'
referrer-policy: no-referrer
X-Firefox-Spdy: h2
3dsa62.gaokejd.xyz/fserver/files/gb/141/carousel/10315/1659084673947.png?wsSecret=5a9a044d6bc0e50751713be1e8d1b067&wsTime=1696340248
200 OK 107 kB URL GET HTTP/1.1 3dsa62.gaokejd.xyz/fserver/files/gb/141/carousel/10315/1659084673947.png?wsSecret=5a9a044d6bc0e50751713be1e8d1b067&wsTime=1696340248
IP
ASN #138915 Kaopu Cloud HK Limited
Requested by https://www.vip3659v.com:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type PNG image data, 850 x 214, 8-bit colormap, non-interlaced\012- data
Size 107 kB (106746 bytes)
Hash e575f7f68ace5718a733ce9a735dba27
2a2aff13696be1b051eb7c78e7153db8c1ecaea4
144dfdb1a20d96a0eeef856bcacb63396dce907b5291196a2ea89f3b96543544
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /fserver/files/gb/141/carousel/10315/1659084673947.png?wsSecret=5a9a044d6bc0e50751713be1e8d1b067&wsTime=1696340248 HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659v.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 106746
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-04
ETag: "6379d708-1a0fa"
Date: Thu, 28 Sep 2023 08:09:30 GMT
Last-Modified: Sun, 20 Nov 2022 07:28:08 GMT
Expires: Sat, 28 Oct 2023 08:09:30 GMT
Age: 451677
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-04, HIT from KS-CLOUD-XG-FOREIGN-21-13
X-Cdn-Request-ID: dce9f98296fa920b5b618a3aa9ae1fc5
786ad.239tgaaagf.com/visitor.ashx?siteId=65000584
200 OK 1.3 kB URL POST HTTP/2 786ad.239tgaaagf.com/visitor.ashx?siteId=65000584
IP
Requested by https://www.vip3659v.com:8989/
Certificate IssuerAmazon
Subject*.livehelp100service.com
Fingerprint30:5B:92:F8:D3:3F:D6:BC:AB:CB:92:F8:DB:62:DE:57:A3:32:FC:AC
ValidityFri, 11 Aug 2023 00:00:00 GMT - Sun, 08 Sep 2024 23:59:59 GMT
File type HTML document, ASCII text, with very long lines (1405), with no line terminators
Hash 07aec707a9be30fd34d401b0980c1053
52bc9d27748972e500b931f87fe131a320ed3d96
dc29cc96fb32ffa7aeb5dcb290da778d4d253d04abc42e8f11ab98ad403399d2
POST /visitor.ashx?siteId=65000584 HTTP/1.1
Host: 786ad.239tgaaagf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 69
Origin: https://www.vip3659v.com:8989
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659v.com:8989/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 03 Oct 2023 13:37:30 GMT
content-type: text/json
server: nginx
access-control-allow-credentials: true
access-control-allow-origin: https://www.vip3659v.com:8989
arrserver: chatserver2
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-security-policy: default-src 'self'
referrer-policy: no-referrer
X-Firefox-Spdy: h2
www.vip3659v.com:8989/index/getUserTimeZoneDate.html?t=lnad6ow6
200 119 B URL GET HTTP/1.1 www.vip3659v.com:8989/index/getUserTimeZoneDate.html?t=lnad6ow6
IP
ASN #140227 Hong Kong Communications International Co., Limited
Requested by https://www.vip3659v.com:8989/
Certificate IssuerLet's Encrypt
Subjectvip3659v.com
Fingerprint37:DB:08:60:07:09:DC:B6:2F:F8:39:98:AD:ED:4F:4E:C3:8A:4D:7A
ValidityWed, 30 Aug 2023 15:16:45 GMT - Tue, 28 Nov 2023 15:16:44 GMT
File type troff or preprocessor input, ASCII text, with no line terminators
Hash 4b9eaccb1020f2cf40957602fe6a7c68
ac3dcb490e0860534ecb9b18ca06ebb87bd5f9a8
d717a797639e3216c74ad2d860999fe2086be3002cc2f1f3e434954165c0e815
GET /index/getUserTimeZoneDate.html?t=lnad6ow6 HTTP/1.1
Host: www.vip3659v.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659v.com:8989/
Cookie: sticket=0TkRGaVlpMDVZak5s; route=608b49d6269bc6506d42172c4da4c169
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200
Date: Tue, 03 Oct 2023 13:37:28 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 119
Connection: keep-alive
Set-Cookie: route=f33ee5a1dfc5b32aa468916b583888ca; Path=/
Content-Disposition: inline;filename=f.txt
sub-sys: msite
cachettl: 3
X-Frame-Options: SAMEORIGIN
uuid: 00141-02-00000000-16963402489b9a
out-line: gb-site-097
3dsa62.gaokejd.xyz/ftl/bet365-141-2/themes/images//sec-nav-bg-grad.gif?wsSecret=c08cefbf8f33e9b73537cc7b24b3f808&wsTime=1696340248
200 OK 376 B URL GET HTTP/1.1 3dsa62.gaokejd.xyz/ftl/bet365-141-2/themes/images//sec-nav-bg-grad.gif?wsSecret=c08cefbf8f33e9b73537cc7b24b3f808&wsTime=1696340248
IP
ASN #137280 Kingsoft cloud corporation limited
Requested by https://www.vip3659v.com:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type GIF image data, version 89a, 1 x 594\012- data
Hash 355b2cb853d78ae262c093065eaa6e70
3e8d2a456204e635cfe5bd959cff47faf63023fc
cd58d657e3d79583a5722257d8770e3b5f620f1d58e392f1d9460cc89ac485fa
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/bet365-141-2/themes/images//sec-nav-bg-grad.gif?wsSecret=c08cefbf8f33e9b73537cc7b24b3f808&wsTime=1696340248 HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659v.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/gif
Content-Length: 376
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-03
ETag: "5d2c7603-178"
Date: Thu, 28 Sep 2023 08:02:50 GMT
Last-Modified: Mon, 15 Jul 2019 12:48:03 GMT
Expires: Sat, 28 Oct 2023 08:02:50 GMT
Age: 452080
Cache-Control: max-age=86400
Accept-Ranges: bytes
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg03:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-03, HIT from KS-CLOUD-XG-FOREIGN-03-07
X-Cdn-Request-ID: cdd4effafa6b4e75714b7739412db353
786ad.239tgaaagf.com/visitor.ashx?siteId=65000584
200 OK 1.4 kB URL POST HTTP/2 786ad.239tgaaagf.com/visitor.ashx?siteId=65000584
IP
Requested by https://www.vip3659v.com:8989/
Certificate IssuerAmazon
Subject*.livehelp100service.com
Fingerprint30:5B:92:F8:D3:3F:D6:BC:AB:CB:92:F8:DB:62:DE:57:A3:32:FC:AC
ValidityFri, 11 Aug 2023 00:00:00 GMT - Sun, 08 Sep 2024 23:59:59 GMT
File type Unicode text, UTF-8 text, with very long lines (1464), with no line terminators
Hash 986f0cb3375e57a1e563a53805671b29
f2d7ed89b0b45d44c3b3e6c527b60b88d62d7555
5cb94b8baa2a0ab4a2edd0412d20fbdd15e2b80a2a5273d97693110e25be8316
POST /visitor.ashx?siteId=65000584 HTTP/1.1
Host: 786ad.239tgaaagf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1347
Origin: https://www.vip3659v.com:8989
DNT: 1
Connection: keep-alive
Referer: https://www.vip3659v.com:8989/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 03 Oct 2023 13:37:31 GMT
content-type: text/json
server: nginx
access-control-allow-credentials: true
access-control-allow-origin: https://www.vip3659v.com:8989
set-cookie: visitorGuid_65000584=77d5a4b7-410e-4615-b1cc-d4c9673694f4; expires=Mon, 03 Feb 3023 13:37:31 GMT; path=/; secure; samesite=none
arrserver: chatserver2
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-security-policy: default-src 'self'
referrer-policy: no-referrer
X-Firefox-Spdy: h2
43.198.190.53
143.204.48.16
104.18.14.101
103.198.200.1