Report - 3659vip6.com/

Report Overview

Visited public
2023-10-03 13:34:52
Tags
bet365 gambling phishing
URL
3659vip6.com/
Finishing URL
3659vip6.com:8989/
IP / ASN
154.23.182.108
#140227 Hong Kong Communications International Co., Limited
Title
bet365 -No.1 体育投注，世界锦标赛斯诺克赔率，百家乐娱乐场，扑克牌，电子游戏
Phishing - Bet365

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
ocsp.sectigo.com	487	2018-08-16	2019-11-29 12:50:24	2023-10-02 21:05:15	330 B	963 B	104.18.15.101
3dsa62.gaokejd.xyz	unknown	unknown	No data	No data	26 kB	2.9 MB	104.250.33.35
ocsp.r2m03.amazontrust.com	unknown	2007-05-11	2023-02-21 01:06:24	2023-10-03 00:14:01	340 B	863 B	143.204.48.16
ocsp.r2m01.amazontrust.com	unknown	2007-05-11	2022-10-12 22:43:53	2023-10-02 23:17:37	340 B	942 B	108.156.15.108
786ad.239tgaaagf.com	unknown	2023-07-24	2023-07-25 10:35:06	2023-10-01 15:11:05	1.6 kB	18 kB	75.2.42.240
vue.livehelp100service.com	unknown	2021-12-08	2022-07-27 10:08:54	2023-10-01 15:11:03	2.3 kB	698 kB	143.204.55.81
3659vip6.com	unknown	2021-02-15	2021-02-15 08:52:17	2023-10-02 08:45:38	469 B	400 B	43.198.190.53
3659vip6.com:8989	unknown	unknown	No data	No data	37 kB	2.0 MB	43.198.190.53

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2023-10-02	medium	3659vip6.com/	Bet365

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (49)

	URL	From	Size	First Seen	Last Seen
	3659vip6.com:8989/	ScriptElement	48 B	2023-03-07	2025-05-07
Pretty URL 3659vip6.com:8989/ IP 43.198.190.53 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:14 Last Seen2025-05-07 23:01 Times Seen6880 Hash 37f0336a6fe3f56c661b149ecf659efe 9aff4163d5da3b8d760f0593c583dd8d1f6dfc14 f33f7afadc5c318efdd57d35da2dc2aebe39fd166a61905ce37b9f7363f51c2f Loading...

	vue.livehelp100service.com/livechat.ashx?siteId=65000584	ScriptElement	1.9 kB	2023-09-28	2024-08-21
Pretty URL vue.livehelp100service.com/livechat.ashx?siteId=65000584 IP 143.204.55.81 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-28 10:36 Last Seen2024-08-21 05:37 Times Seen191 Hash d6d2eb369a66e440a82ef2f34e5908b6 5a7801ae6fa3f58af95fad4d0eb804a399095930 ceb6f8501bcc1bfcb104e8d3e33a03e19cf78416c31b749733f23fb967744d9b Loading...

	vue.livehelp100service.com/visitorside/js/Button.fa84d0c8.js	ScriptElement	9.7 kB	2023-09-22	2024-08-21
Pretty URL vue.livehelp100service.com/visitorside/js/Button.fa84d0c8.js IP 143.204.55.81 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-22 07:21 Last Seen2024-08-21 06:06 Times Seen196 Hash 0baa5f1b488b7a93bd37a2b500342328 35dfcf4b9c18a3899643a69336512423ffb0ab78 ba9bdd4d88b22e078d6271b30d87e1aef63f3ab3ce7cbbdd47e770130b718944 Loading...

	3659vip6.com:8989/commonPage/lan/i18n.js?t=1696340068.677	ScriptElement	1.3 kB	2023-10-03	2023-10-03
Pretty URL 3659vip6.com:8989/commonPage/lan/i18n.js?t=1696340068.677 IP 43.198.190.53 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-03 15:35 Last Seen2023-10-03 15:35 Times Seen1 Hash c6816f830a012005dea7a18215ea48fe 0c97a9a98cbf1d9a6114071345aad8dc24255db7 b89a6b723d1d51b8593cc7d270c85a5010846fa390cd5ca7a22a89b1e0b33730 Loading...

	3dsa62.gaokejd.xyz/ftl/commonPage/js/jquery/jquery-1.11.3.min.js	ScriptElement	96 kB	2023-03-07	2025-05-07
Pretty URL 3dsa62.gaokejd.xyz/ftl/commonPage/js/jquery/jquery-1.11.3.min.js IP 104.250.33.35 ASN #137280 Kingsoft cloud corporation limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:10 Last Seen2025-05-07 23:01 Times Seen7335 Hash b091a47f6b91e26c93a848092c6f3788 52918af2d431e73464060b35d364640c8db75606 329ab92b9276ef4e3148f69be6b208969bebdf2db3121a589caa172453fd9f10 Loading...

	3dsa62.gaokejd.xyz/ftl/commonPage/js/jquery/jquery.super-marquee.js	ScriptElement	4.4 kB	2023-03-07	2025-05-07
Pretty URL 3dsa62.gaokejd.xyz/ftl/commonPage/js/jquery/jquery.super-marquee.js IP 104.250.33.35 ASN #137280 Kingsoft cloud corporation limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:14 Last Seen2025-05-07 23:01 Times Seen7079 Hash f77d83590bc0a69298f2fbcc5d9911cd 1d6aa25d7052f53ad0181385e5efe72f224bbdb9 1d042b9441e860ddcc01b9e9e5e8d354121ee0e31b47f6e18a321e2e633d22e7 Loading...

	3dsa62.gaokejd.xyz/061410/rcenter/common/static/js/gb.validation.min.js?v=1695807924649	ScriptElement	33 kB	2023-04-05	2025-05-07
Pretty URL 3dsa62.gaokejd.xyz/061410/rcenter/common/static/js/gb.validation.min.js?v=1695807924649 IP 104.250.33.35 ASN #137280 Kingsoft cloud corporation limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-05 18:30 Last Seen2025-05-07 23:01 Times Seen7154 Hash a55780dc13cbf1a8d375f14ebb659cf2 9548cc269bcde0dc48e166fa6bab37af8a649e57 35d147a863ab8828e073ca1ae89d476a9cede797c410ac555597c1f442452cc8 Loading...

	3659vip6.com:8989/	ScriptElement	906 B	2023-09-24	2024-08-21
Pretty URL 3659vip6.com:8989/ IP 43.198.190.53 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-09-24 20:29 Last Seen2024-08-21 05:50 Times Seen108 Hash 350088ccd3438672fcf4a12cdbbaa34a a4d13a7c33550b42d3e11f735776f0d8b42b2fb1 f0df85825f3ed3dbe582edea2e98bb634706e90350a9d795e7b74ac031b32db1 Loading...

	vue.livehelp100service.com/visitorside/js/common.80370cb8.js	ScriptElement	67 kB	2023-09-22	2023-10-19
Pretty URL vue.livehelp100service.com/visitorside/js/common.80370cb8.js IP 143.204.55.81 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-22 07:21 Last Seen2023-10-19 05:46 Times Seen196 Hash 97304dbfaa07b3fefbc7b8d8049c7585 6591ec921e4e391977d0340f6f4520a3cf5f3e2d f436d2d7a39d26a2c9e615d69d28facd8826ce128b167497c290e0d0b1ecdc99 Loading...

	3659vip6.com:8989/	ScriptElement	709 B	2023-10-03	2024-08-21
Pretty URL 3659vip6.com:8989/ IP 43.198.190.53 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-10-03 13:36 Last Seen2024-08-21 05:18 Times Seen452 Hash ec5552657de7540d7b409f6dbe53ede8 7ee24fe3947c5f873f6ffa035fd2738422b77455 8699acefc2704c2111fc179e5175c3a30c034d62fc1e49aed6c85c094520a0f2 Loading...

	3659vip6.com:8989/	ScriptElement	36 kB	2023-10-03	2024-08-21
Pretty URL 3659vip6.com:8989/ IP 43.198.190.53 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-10-03 13:36 Last Seen2024-08-21 05:18 Times Seen62 Hash a0d00f34fb52281068aaba75d37e8854 e42f7f220df192d833d1f588a7597afb75742d0d 4464b09ee9843b7c73f0458343042c219e89ee065d7468026a894bce16e78182 Loading...

	3659vip6.com:8989/	ScriptElement	13 kB	2023-04-05	2024-08-21
Pretty URL 3659vip6.com:8989/ IP 43.198.190.53 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-04-05 18:30 Last Seen2024-08-21 22:41 Times Seen4653 Hash 109d40ff6f9b3510b169fac4b8e845ce 4ce0fc768718f555487159ddd745e728a0c74c64 7b782f2e9589aa72ddadf4546c0f09709c73bea1339cd0ce893dfc40f6252949 Loading...

	3659vip6.com:8989/	ScriptElement	11 kB	2023-04-05	2025-05-07
Pretty URL 3659vip6.com:8989/ IP 43.198.190.53 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-04-05 18:30 Last Seen2025-05-07 23:01 Times Seen6993 Hash 6681856885ee92601b7711c11d19553f 95ab4437869df8c790cad28e0753a4c9ea362e73 ce52fd46b2a5cfd741a2f0c39bc2d5218271b5690bdf8ec33af94f1062e98d23 Loading...

	3659vip6.com:8989/message_zh_CN.js?v=1695807924649	ScriptElement	32 kB	2023-09-16	2024-08-21
Pretty URL 3659vip6.com:8989/message_zh_CN.js?v=1695807924649 IP 43.198.190.53 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-16 06:47 Last Seen2024-08-21 06:45 Times Seen156 Hash dbd8f3cb39a714f630fa6a61d4809d4f f61d34413fe68334b2370eeff32e3daeafec93da dbd72c90bfc14aa785656fc3164e27ece7f4ce337a6896cdafd42712f34fc2bb Loading...

	3659vip6.com:8989/	ScriptElement	3.6 kB	2023-04-05	2025-05-07
Pretty URL 3659vip6.com:8989/ IP 43.198.190.53 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-04-05 18:30 Last Seen2025-05-07 23:01 Times Seen6989 Hash d15a9b513acdcf3e9b08901384511565 f1fe72392137895e4952f835c0330f76aacfecdf 9fa644edfd9af9be6b244016e8f4f0eaee414732edc6ba3641e8647253359995 Loading...

	3659vip6.com:8989/	ScriptElement	39 kB	2023-10-03	2024-08-21
Pretty URL 3659vip6.com:8989/ IP 43.198.190.53 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-10-03 13:36 Last Seen2024-08-21 05:18 Times Seen62 Hash f51066f0c4476be3e8e9d610c6ee63e2 dcf97bff32417e11fb2a30c7c8d0484045bc737b 00ce9ac0b1b38bd443410e336e74779a033485c347a9bb581143c007176f1269 Loading...

	3dsa62.gaokejd.xyz/ftl/commonPage/js/lazyload.js	ScriptElement	12 kB	2023-08-15	2025-05-07
Pretty URL 3dsa62.gaokejd.xyz/ftl/commonPage/js/lazyload.js IP 104.250.33.35 ASN #137280 Kingsoft cloud corporation limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-15 12:01 Last Seen2025-05-07 23:01 Times Seen6810 Hash d87854586672bff7f886a47da85da5ed 8d0537030dc7a81ade87a41a75fd5a75e4e33da1 17859187f895c27de8869fb6bfec579fd68c4588d0af71d08d334be92d144ada Loading...

	3dsa62.gaokejd.xyz/ftl/commonPage/js/gui-base.js	ScriptElement	61 kB	2023-08-26	2025-05-07
Pretty URL 3dsa62.gaokejd.xyz/ftl/commonPage/js/gui-base.js IP 104.250.33.35 ASN #137280 Kingsoft cloud corporation limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-26 00:19 Last Seen2025-05-07 23:01 Times Seen6270 Hash e6ce47d880d7a50ddf91b074c8572edf 6a3657c67209136e5b544859daecf16f2d153b72 c49e04c7ecfd07c74b58cf161ef2b58f2bc837a9091ed1ae090a33734cdaa734 Loading...

	3dsa62.gaokejd.xyz/ftl/commonPage/js/bootstrap-dialog.min.js	ScriptElement	20 kB	2023-03-07	2025-05-07
Pretty URL 3dsa62.gaokejd.xyz/ftl/commonPage/js/bootstrap-dialog.min.js IP 104.250.33.35 ASN #137280 Kingsoft cloud corporation limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:14 Last Seen2025-05-07 23:01 Times Seen7093 Hash 5ce8851dc823429a42ab6147554403cc 28f381f0e0aa4f5d56690e65723bd97fb59a38e6 dd1edf5e54071903c4c1e81e33636444899d645df6b18bad22249da07f91c811 Loading...

	3659vip6.com:8989/	ScriptElement	20 kB	2023-04-05	2025-05-07
Pretty URL 3659vip6.com:8989/ IP 43.198.190.53 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-04-05 18:30 Last Seen2025-05-07 23:01 Times Seen6978 Hash 9f5bce1aa50f72fd0834901c70db4f43 41771079bee5eb45539e694a5eff580732ab26b0 a50724b65a2657f6e67adbf98a3dd135de52b4786350f0b1bd142adff38c7ffd Loading...

	3659vip6.com:8989/	ScriptElement	6 B	2023-03-07	2025-05-07
Pretty URL 3659vip6.com:8989/ IP 43.198.190.53 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:14 Last Seen2025-05-07 23:01 Times Seen8326 Hash edaddb8132e9e0880252c5b6c47bf1c1 dc08b5b6ca432b46cca94f1f297491e1b08736ea b98809417c0240085bf70f2a1127f0b622c1514651737e7e4ffac4b39e4da17e Loading...

	3dsa62.gaokejd.xyz/ftl/commonPage/js/idangerous.swiper.min.js	ScriptElement	45 kB	2023-08-15	2025-05-07
Pretty URL 3dsa62.gaokejd.xyz/ftl/commonPage/js/idangerous.swiper.min.js IP 104.250.33.35 ASN #137280 Kingsoft cloud corporation limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-15 12:01 Last Seen2025-05-07 23:01 Times Seen6877 Hash f15409fb02c527ce1f66a2fd3c4aa0e9 1e1e1bcc0f49e99e14ba34991cffe0745178d302 1a1b5d3d6fbfc28abe37a668abd59494208c63c5f0b5d040cf4bbbd137f87c27 Loading...

	3dsa62.gaokejd.xyz/ftl/commonPage/js/websocket/Comet.js	ScriptElement	17 kB	2023-04-05	2025-05-07
Pretty URL 3dsa62.gaokejd.xyz/ftl/commonPage/js/websocket/Comet.js IP 104.250.33.35 ASN #137280 Kingsoft cloud corporation limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-05 18:30 Last Seen2025-05-07 23:01 Times Seen7026 Hash 1008fe6a5e1a182d7775963b85405bb2 e174a7b08cc3cb5545af1cd33d2814e604119392 7479f6f22194ac37dd6d3f5a579b4682ac8dcb6389fb961cf4140f3fcc707a20 Loading...

	3dsa62.gaokejd.xyz/ftl/commonPage/js/websocket/CometMarathon.js	ScriptElement	12 kB	2023-04-05	2025-05-07
Pretty URL 3dsa62.gaokejd.xyz/ftl/commonPage/js/websocket/CometMarathon.js IP 104.250.33.35 ASN #137280 Kingsoft cloud corporation limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-05 18:30 Last Seen2025-05-07 23:01 Times Seen7019 Hash 466a7ed7d00986d45375c0cbffb5233c 68845ead668e9abd29c24b491dbf97b219226c08 7ddafae5a0a552d2d56101cdc8306403e8fb9570759d66c48b25893b409f0123 Loading...

	3659vip6.com:8989/	ScriptElement	1.8 kB	2023-04-05	2025-05-07
Pretty URL 3659vip6.com:8989/ IP 43.198.190.53 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-04-05 18:30 Last Seen2025-05-07 23:01 Times Seen6966 Hash 9f1681b5a72417b33c2869aab85af152 b40a6d9c6d058c2bd6e126a1b0191182926b9d04 eabdfd0c5237f406e0acbef879968e72e5e3d62dd8e8b6bcee48e5ab7f4d0154 Loading...

	3dsa62.gaokejd.xyz/ftl/bet365-141-2/plugin/js/swiper-4.3.3.min.js	ScriptElement	123 kB	2023-03-07	2025-05-09
Pretty URL 3dsa62.gaokejd.xyz/ftl/bet365-141-2/plugin/js/swiper-4.3.3.min.js IP 104.250.33.35 ASN #137280 Kingsoft cloud corporation limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:07 Last Seen2025-05-09 08:32 Times Seen4910 Hash 317fd00903b68a157500b40495e8d74e 29ba73703d5c1d5390551e9fb230a3f1ace1437e efac6fec2ba437b6a906e249fad9de3c7d3c105a48136b0155376b5989c4d76a Loading...

	vue.livehelp100service.com/visitorside/js/vendor.23e85dcd.js	ScriptElement	74 kB	2023-09-22	2023-10-19
Pretty URL vue.livehelp100service.com/visitorside/js/vendor.23e85dcd.js IP 143.204.55.81 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-22 07:21 Last Seen2023-10-19 05:46 Times Seen195 Hash 4b2709ff844ec41f3936fabb7fc84dec 3f0a1aa752f1786ce70a827034f2a7d286125de4 e6d51460a671fce5447dc8c24310fc4ef681699de7053889be4677af7636c19f Loading...

	3659vip6.com:8989/	ScriptElement	2.4 kB	2023-05-18	2024-08-21
Pretty URL 3659vip6.com:8989/ IP 43.198.190.53 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-05-18 01:25 Last Seen2024-08-21 09:44 Times Seen2018 Hash 91354abf0f62578b55d4dc04437f8866 22eb91f9ead6e7634670722da74d4a61b3c08150 035fec121949808f22f48133184d8fd307c2535912d140df791987de106c44d9 Loading...

	3659vip6.com:8989/	ScriptElement	123 kB	2023-10-03	2024-08-21
Pretty URL 3659vip6.com:8989/ IP 43.198.190.53 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-10-03 13:36 Last Seen2024-08-21 05:18 Times Seen62 Hash 7790267d99a3800cd5a3159f424b2751 3a80ca0d0bed70b12fe162a57623d67b8ef2d213 df97ab3a0775f3ba81db7a8f7a48eb4c578f1c5958e56e789ec85efafff5da77 Loading...

	3659vip6.com:8989/	ScriptElement	1.4 kB	2023-08-21	2025-05-07
Pretty URL 3659vip6.com:8989/ IP 43.198.190.53 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-08-21 11:10 Last Seen2025-05-07 23:01 Times Seen6632 Hash 479c01001c455527cf2aafec087accad 230c5d853a00977d890c25cb56b5a07c5e0acd0e 0ad2a7081ff475ce3a2068fe69547248166c0fd39f26fbf03f2ac5db073a16cf Loading...

	3659vip6.com:8989/	ScriptElement	2.4 kB	2023-09-28	2024-08-21
Pretty URL 3659vip6.com:8989/ IP 43.198.190.53 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-09-28 11:44 Last Seen2024-08-21 05:37 Times Seen391 Hash 04f634d738f931ac879d9d4d7c361344 8772cdb2348b98f0d7dacadac9da93d0285aab6d 6620e9446da696c76c5f93a655b90319b42a6c1fdc82348a4ad4bc07617ac1fb Loading...

	3dsa62.gaokejd.xyz/ftl/commonPage/js/float.js	ScriptElement	7.0 kB	2023-03-07	2025-05-07
Pretty URL 3dsa62.gaokejd.xyz/ftl/commonPage/js/float.js IP 104.250.33.35 ASN #137280 Kingsoft cloud corporation limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:14 Last Seen2025-05-07 23:01 Times Seen7073 Hash 829af863b0cdc4a603919824ae046299 1d417b1553e4ecb7125ebf2005b74255291fbf73 1dbe4afbc9ed220c08b9e95577b56f83e2e8e0f7620c5dc18266bb325e5bb271 Loading...

	3dsa62.gaokejd.xyz/ftl/commonPage/js/layer.js	ScriptElement	22 kB	2023-04-05	2025-05-07
Pretty URL 3dsa62.gaokejd.xyz/ftl/commonPage/js/layer.js IP 104.250.33.35 ASN #137280 Kingsoft cloud corporation limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-05 18:30 Last Seen2025-05-07 23:01 Times Seen7016 Hash cb96339625e9d456e32f86cdb3c7a7a1 1301165c58bbb13c542cba493b7ab5774e87e31f 17fb047ba6828fcbdf2ca226fa4594cfded2b2fdfeaff89a5bd81c7cf0359919 Loading...

	3dsa62.gaokejd.xyz/ftl/commonPage/js/jquery/jquery.nicescroll.min.js	ScriptElement	65 kB	2023-03-07	2025-05-07
Pretty URL 3dsa62.gaokejd.xyz/ftl/commonPage/js/jquery/jquery.nicescroll.min.js IP 103.198.200.1 ASN #138915 Kaopu Cloud HK Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:14 Last Seen2025-05-07 23:01 Times Seen7177 Hash b5bc8cd626b389bde727a91e6ce79436 3df6c39300ac286cf596b3bda273cb39ff825429 a1eb48eeb3b3f2ba41940d3041464f0b386b7a7c4a8acb42f3017e691f4b116e Loading...

	3dsa62.gaokejd.xyz/ftl/commonPage/js/moment.js	ScriptElement	117 kB	2023-07-29	2025-05-07
Pretty URL 3dsa62.gaokejd.xyz/ftl/commonPage/js/moment.js IP 104.250.33.35 ASN #137280 Kingsoft cloud corporation limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-07-29 10:21 Last Seen2025-05-07 23:01 Times Seen7073 Hash 36c8f828395a9395549bd6e7307cb7e9 f30a4961558e2d3d4405e7d93aa28fdb63245e78 5d5e32fa1e06a0bc9396f349d142ad248e82086543e438c890e43f41e692db33 Loading...

	3659vip6.com:8989/	ScriptElement	670 B	2023-03-13	2024-08-21
Pretty URL 3659vip6.com:8989/ IP 43.198.190.53 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-13 22:03 Last Seen2024-08-21 09:42 Times Seen658 Hash 7efee0000e2aff5b32e62b7db0849a40 26cb4ec84240ffeb29d0786d2c6846b35e64f129 f342e58445840e28eac2b59151d0f86726e46e91b770b1b0f20e647e52493e23 Loading...

	3659vip6.com:8989/	ScriptElement	6.0 kB	2023-08-02	2025-05-07
Pretty URL 3659vip6.com:8989/ IP 43.198.190.53 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-08-02 04:42 Last Seen2025-05-07 23:01 Times Seen6940 Hash e6ea297058f6d52d83390d9ea7f914aa 349df987c3c4c50687d993b31f83cfea7f796730 2f21ca2376a9112f70c12ecc46d75ff792b067f5edceae5ea06011c13cf14e56 Loading...

	3659vip6.com:8989/	ScriptElement	390 B	2023-04-05	2025-05-07
Pretty URL 3659vip6.com:8989/ IP 43.198.190.53 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-04-05 18:30 Last Seen2025-05-07 23:01 Times Seen6601 Hash 4e6bbb84979a27014e74be230fe8440f aafe0c1dba07e91354abfb25d154c0acbed24d61 03e9af072f4db23c6c6cd74a89c796a3c764731da4734682f3ccfc07e0e54e74 Loading...

	3659vip6.com:8989/	ScriptElement	3.2 kB	2023-10-03	2024-08-21
Pretty URL 3659vip6.com:8989/ IP 43.198.190.53 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-10-03 13:36 Last Seen2024-08-21 05:18 Times Seen403 Hash ed6f1d55e023fb46f1a0069cd8db0661 6981f371ac4d5e676a0dd8b03773e8288819864e 80632a2d55947d5da990c992ab5182ae3819d4cb13576d0566fb30f458b71c8b Loading...

	unknown	Function	278 B	2023-04-14	2025-04-26
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-14 20:29 Last Seen2025-04-26 09:57 Times Seen5508 Hash cf0aad09d2e7287c48d72501c4ed8cbd 7950b8c00d5a278b662dbccd11af31398a408e51 72512199b29d971b5fe854b1f610604dcbdec2c38666c106f1d15863e0df32db Loading...

	3659vip6.com:8989/	ScriptElement	3.1 kB	2023-04-14	2025-04-26
Pretty URL 3659vip6.com:8989/ IP 43.198.190.53 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-04-14 20:29 Last Seen2025-04-26 09:57 Times Seen1104 Hash f700df2334d8195b4584feded7648cdf 18a3fea50c79783ab326011e6f1ad66492e48e09 be1f7d35fed5603c06720e019aec71584c1ca16caa2591641f8c515f7b141a4d Loading...

	3dsa62.gaokejd.xyz/061410/rcenter/common/js/jquery/plugins/jquery.validate/jquery.validate.js	ScriptElement	28 kB	2023-04-05	2025-05-07
Pretty URL 3dsa62.gaokejd.xyz/061410/rcenter/common/js/jquery/plugins/jquery.validate/jquery.validate.js IP 103.198.200.1 ASN #138915 Kaopu Cloud HK Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-05 18:30 Last Seen2025-05-07 23:01 Times Seen7007 Hash 9c41709c2b64126b909c101a27f39153 4ab666b36c092577acb41390ad90e96d5fea7711 c1963697eeafb63b6c29e95da2d38d91dd907ab656e130e6e1c34d1dcd149f60 Loading...

	3dsa62.gaokejd.xyz/061410/rcenter/common/js/gamebox/common/jquery.validate.extend.msites.js	ScriptElement	15 kB	2023-03-07	2025-05-07
Pretty URL 3dsa62.gaokejd.xyz/061410/rcenter/common/js/gamebox/common/jquery.validate.extend.msites.js IP 104.250.33.35 ASN #137280 Kingsoft cloud corporation limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:14 Last Seen2025-05-07 23:01 Times Seen7074 Hash 4fe7dadf050dad2dcfd386d21b880281 07e7feb8dc9309fe66d86d7a9e27f8efd32ab0bd aa891aafe8e98e1e15d81b2b116e6c3808d0bbbec56cd24818e2e7ac911877c9 Loading...

	3659vip6.com:8989/	ScriptElement	120 kB	2023-10-03	2024-08-21
Pretty URL 3659vip6.com:8989/ IP 43.198.190.53 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-10-03 13:36 Last Seen2024-08-21 05:18 Times Seen402 Hash c70f04423e5b142ca2f8dec03b290c1d 7cd50e2dd55272211257b67720f0ae50c00d043b 339695c34f3678a3d5cebdf2eea6d85ab26eb90b3d576fb9038bfbe36f77938b Loading...

	3dsa62.gaokejd.xyz/ftl/commonPage/js/websocket/PopUp.js	ScriptElement	2.1 kB	2023-03-07	2025-05-07
Pretty URL 3dsa62.gaokejd.xyz/ftl/commonPage/js/websocket/PopUp.js IP 104.250.33.35 ASN #137280 Kingsoft cloud corporation limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:14 Last Seen2025-05-07 23:01 Times Seen7082 Hash 07864ad2e2759d53f8f2f14dd4295bd9 95144219e2eb702c4c4a707c3622b086876cf41c 871bf30791bb89605b61cea815c3786246274b65ede3b8a8b8c2dd9244cfa89d Loading...

	3659vip6.com:8989/	ScriptElement	0 B	0001-01-01	2025-05-09
Pretty URL 3659vip6.com:8989/ IP 43.198.190.53 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen0001-01-01 00:00 Last Seen2025-05-09 13:29 Times Seen4636207 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	vue.livehelp100service.com/visitorside/js/bundle.43270ed0.js	ScriptElement	542 kB	2023-09-22	2023-10-19
Pretty URL vue.livehelp100service.com/visitorside/js/bundle.43270ed0.js IP 143.204.55.81 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-22 07:21 Last Seen2023-10-19 05:46 Times Seen196 Hash b8205f42724de492210a5f391b9b0acb e6508d42ca10d6dcfc5dab15687d801aa67a7468 1d4b6474cb0428fcba5fb4ced99a3724a72aa14cb10d2325274fde4aba412028 Loading...

		Size	First Seen	Last Seen
	#1 Write - 230b17f753e5781bc950ea8efe9c468c	377 B	2023-09-22 07:21	2024-08-21 06:06
Pretty Observations First Seen2023-09-22 07:21 Last Seen2024-08-21 06:06 Times Seen194 Hash 230b17f753e5781bc950ea8efe9c468c b8ed583da962dcb3d57de8037e3f768f2011b06c ad778013e09cbaa37636022027c255b72144c923db481e80d67493617d6ccdd5 Loading...

	#2 Write - d6984d3d96b020b0be0c099cb1999cee	234 B	2023-06-30 02:57	2025-04-29 17:29
Pretty Observations First Seen2023-06-30 02:57 Last Seen2025-04-29 17:29 Times Seen4052 Hash d6984d3d96b020b0be0c099cb1999cee 02de24d58a40ec3791f5f300e5101645d8635466 fc8efc42d8db0b2f6266e3524aea080b058eda5827e736cc37db95fd0f3547e4 Loading...

HTTP Transactions (139)

URL IP Response Size

3659vip6.com/

43.198.190.53

99 B

URL
3659vip6.com/
IP
43.198.190.53:0
ASN
#16509 AMAZON-02

File type
HTML document, ASCII text
Size
99 B (99 bytes)
Hash
bf98b62ae4c9824789199b8b5210fa47
50bf052e3d7a171d1c090ad55ead2a5649c1b622
67404cfd7c96d6595268779d926ee1561f43b62d81e0f67378af9b4f967c9046

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Bet365

HTTP Headers

GET / HTTP/1.1
Host: 3659vip6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:34:27 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
Cache-Control: private, no-store, no-cache, must-revalidate, proxy-revalidate
Content-Encoding: gzip

3659vip6.com:8989/commonPage/lan/i18n.js?t=1696340068.677

43.198.190.53

200 OK

815 B

URL GET HTTP/1.1
3659vip6.com:8989/commonPage/lan/i18n.js?t=1696340068.677
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://3659vip6.com:8989/
Certificate
IssuerLet's Encrypt
Subject3659vip6.com
Fingerprint0A:87:4F:14:C3:10:2A:06:6E:19:04:99:A1:38:A0:CD:46:81:DB:53
ValidityWed, 06 Sep 2023 15:16:47 GMT - Tue, 05 Dec 2023 15:16:46 GMT

File type
ASCII text, with very long lines (1217)
Size
815 B (815 bytes)
Hash
c6816f830a012005dea7a18215ea48fe
0c97a9a98cbf1d9a6114071345aad8dc24255db7
b89a6b723d1d51b8593cc7d270c85a5010846fa390cd5ca7a22a89b1e0b33730

HTTP Headers

GET /commonPage/lan/i18n.js?t=1696340068.677 HTTP/1.1
Host: 3659vip6.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3659vip6.com:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:34:29 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
uuid: 00141-02-00000000-169634006902f9
out-line: gb-site-133
Content-Encoding: gzip

3659vip6.com:8989/

43.198.190.53

200 OK

115 kB

URL User Request GET HTTP/1.1
3659vip6.com:8989/
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Certificate
IssuerLet's Encrypt
Subject3659vip6.com
Fingerprint0A:87:4F:14:C3:10:2A:06:6E:19:04:99:A1:38:A0:CD:46:81:DB:53
ValidityWed, 06 Sep 2023 15:16:47 GMT - Tue, 05 Dec 2023 15:16:46 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text
Size
115 kB (114976 bytes)
Hash
3a1abeb29fd07e7b6468980a1de92d2f
d0488f0021e9fff3f5df687c3afb8ee51edd774c
95552c40cd4cdd258d168bfe150088d7be5951be43885cc6c9dd146229564503

HTTP Headers

GET / HTTP/1.1
Host: 3659vip6.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:34:28 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-html-cache: HIT-3600
X-Frame-Options: SAMEORIGIN
uuid: -
out-line: gb-site-133
Content-Encoding: gzip

3659vip6.com:8989/message_zh_CN.js?v=1695807924649

43.198.190.53

200

9.8 kB

URL GET HTTP/1.1
3659vip6.com:8989/message_zh_CN.js?v=1695807924649
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://3659vip6.com:8989/
Certificate
IssuerLet's Encrypt
Subject3659vip6.com
Fingerprint0A:87:4F:14:C3:10:2A:06:6E:19:04:99:A1:38:A0:CD:46:81:DB:53
ValidityWed, 06 Sep 2023 15:16:47 GMT - Tue, 05 Dec 2023 15:16:46 GMT

File type
Unicode text, UTF-8 text, with very long lines (17948)
Size
9.8 kB (9838 bytes)
Hash
16d2b39f43c2e63099526eaa0e1bd5de
b9735cecdbc80252aa2bee9a7c86915d746b31ff
142afe35d294149ef6c9f9ad052a085d9bd4b5e18eba50361b1c1f2d26c38e6c

HTTP Headers

GET /message_zh_CN.js?v=1695807924649 HTTP/1.1
Host: 3659vip6.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3659vip6.com:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Date: Tue, 03 Oct 2023 13:34:29 GMT
Content-Type: application/javascript;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:34:29 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: 00141-02-00000000-16963400698bd7
out-line: gb-site-133

ocsp.sectigo.com/

104.18.15.101

471 B

URL
ocsp.sectigo.com/
IP
104.18.15.101:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
de7314c1d8e4f2b41662ff2a141a1d54
a1e02c00282f63b18b61d420bc48ab9b71c7e059
7ac1c230d8ab43bf84f099d6dcce7a277245d03704a3a922a87815e2c6caecda

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:34:29 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sun, 01 Oct 2023 11:38:15 GMT
Expires: Sun, 08 Oct 2023 11:38:14 GMT
Etag: "a1e02c00282f63b18b61d420bc48ab9b71c7e059"
Cache-Control: max-age=424828,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 8105901c488c5696-OSL

3dsa62.gaokejd.xyz/ftl/commonPage/themes/gui-base.css

104.250.33.35

200 OK

17 kB

URL GET HTTP/1.1
3dsa62.gaokejd.xyz/ftl/commonPage/themes/gui-base.css
IP
104.250.33.35:443
ASN
#137280 Kingsoft cloud corporation limited

Requested by
https://3659vip6.com:8989/
Certificate
IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT

File type
Unicode text, UTF-8 text, with very long lines (12023)
Size
17 kB (16935 bytes)
Hash
abc91330704282873c6755800f5cbf06
8677f67e781c23cadc13d0310eda118ba754339a
f481810dd316265622c2eee91fc349f6ac24367352f74c8fa849ddaf28a5c475

HTTP Headers

GET /ftl/commonPage/themes/gui-base.css HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3659vip6.com:8989/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 16935
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-01
ETag: W/"650e8aa5-1413b"
Date: Thu, 28 Sep 2023 08:02:49 GMT
Last-Modified: Sat, 23 Sep 2023 06:50:13 GMT
Expires: Sat, 28 Oct 2023 08:02:49 GMT
Age: 451900
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg03:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-01, HIT from KS-CLOUD-XG-FOREIGN-03-11
X-Cdn-Request-ID: c80cbd082a3561ecae1357d74d80fbd3

3dsa62.gaokejd.xyz/ftl/bet365-141-2/themes/style/bootstrap-dialog.min.css

104.250.33.35

200 OK

630 B

URL GET HTTP/1.1
3dsa62.gaokejd.xyz/ftl/bet365-141-2/themes/style/bootstrap-dialog.min.css
IP
104.250.33.35:443
ASN
#137280 Kingsoft cloud corporation limited

Requested by
https://3659vip6.com:8989/
Certificate
IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT

File type
ASCII text
Size
630 B (630 bytes)
Hash
304eb84809c6637b7cdd0dc6225c5761
e724aff10b16dc82bf1086cd3b70d8396f630d64
cb1d0b332c0218bbb360fd25d693f88293b54389caf88c36ffcfd8adc948d0e4

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/bet365-141-2/themes/style/bootstrap-dialog.min.css HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3659vip6.com:8989/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 630
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-05
ETag: W/"6153e3b6-adc"
Date: Thu, 28 Sep 2023 08:02:49 GMT
Last-Modified: Wed, 29 Sep 2021 03:55:34 GMT
Expires: Sat, 28 Oct 2023 08:02:49 GMT
Age: 451900
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg03:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-05, HIT from KS-CLOUD-XG-FOREIGN-03-11
X-Cdn-Request-ID: 3cd7e807694315279ad038f3633e7ed2

3dsa62.gaokejd.xyz/ftl/bet365-141-2/themes/style/common.css

104.250.33.35

200 OK

13 kB

URL GET HTTP/1.1
3dsa62.gaokejd.xyz/ftl/bet365-141-2/themes/style/common.css
IP
104.250.33.35:443
ASN
#137280 Kingsoft cloud corporation limited

Requested by
https://3659vip6.com:8989/
Certificate
IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT

File type
assembler source, Unicode text, UTF-8 (with BOM) text, with very long lines (532)
Size
13 kB (12593 bytes)
Hash
d85714aa13b8df3bbe47562a0a5b0a82
e1dd836dc82ce5c0e8586bf837a90b2efb55916a
02f1ef82366e3bb0fb19f6e5f967e5c63ea857d53803aedcf6cb8f79ee7d4ac2

HTTP Headers

GET /ftl/bet365-141-2/themes/style/common.css HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3659vip6.com:8989/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 12593
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-01
ETag: W/"65138f5d-d024"
Date: Thu, 28 Sep 2023 08:02:48 GMT
Last-Modified: Wed, 27 Sep 2023 02:11:41 GMT
Expires: Sat, 28 Oct 2023 08:02:48 GMT
Age: 451901
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg03:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-01, HIT from KS-CLOUD-XG-03-03
X-Cdn-Request-ID: dfa1206dcad8aad178326d63dad5046e

3dsa62.gaokejd.xyz/ftl/commonPage/themes/gui-skin-default.css

104.250.33.35

200 OK

6.3 kB

URL GET HTTP/1.1
3dsa62.gaokejd.xyz/ftl/commonPage/themes/gui-skin-default.css
IP
104.250.33.35:443
ASN
#137280 Kingsoft cloud corporation limited

Requested by
https://3659vip6.com:8989/
Certificate
IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT

File type
Unicode text, UTF-8 (with BOM) text, with very long lines (7014)
Size
6.3 kB (6253 bytes)
Hash
4f6eba52b6bdba2bd8154d39c61fcaab
11a91e977ab64175dc2ec233d45c6cf9d34798b0
b4ae8f84403e1e8ea7f75cac8491e461ac6e5524260a04d772d53dd912f8e53a

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/commonPage/themes/gui-skin-default.css HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3659vip6.com:8989/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 6253
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-05
ETag: W/"64ad1569-7b6e"
Date: Thu, 28 Sep 2023 08:02:48 GMT
Last-Modified: Tue, 11 Jul 2023 08:40:09 GMT
Expires: Sat, 28 Oct 2023 08:02:48 GMT
Age: 451901
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg03:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-05, HIT from KS-CLOUD-XG-FOREIGN-03-05
X-Cdn-Request-ID: 694dcfe908e55a27e700067c7b43cb72

3dsa62.gaokejd.xyz/ftl/bet365-141-2/themes/style/swiper-4.3.3.min.css

104.250.33.35

200 OK

3.1 kB

URL GET HTTP/1.1
3dsa62.gaokejd.xyz/ftl/bet365-141-2/themes/style/swiper-4.3.3.min.css
IP
104.250.33.35:443
ASN
#137280 Kingsoft cloud corporation limited

Requested by
https://3659vip6.com:8989/
Certificate
IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT

File type
ASCII text, with very long lines (19512)
Size
3.1 kB (3094 bytes)
Hash
f29b1aec530d4ecb1255894948203345
ec15a3a265c1556fae8f9553d371423df9653c50
f476606c821fd23ba0fcae1845e3e45ae39f6040921de2d96698ad7d1e922f3e

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/bet365-141-2/themes/style/swiper-4.3.3.min.css HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3659vip6.com:8989/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 3094
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-01
ETag: W/"6153e3b6-4d3d"
Date: Thu, 28 Sep 2023 08:02:48 GMT
Last-Modified: Wed, 29 Sep 2021 03:55:34 GMT
Expires: Sat, 28 Oct 2023 08:02:48 GMT
Age: 451901
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg03:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-01, HIT from KS-CLOUD-XG-FOREIGN-03-07
X-Cdn-Request-ID: ac71db8eb7c08bc950cd9f8698a54f4b

3dsa62.gaokejd.xyz/ftl/commonPage/js/jquery/jquery-1.11.3.min.js

104.250.33.35

200 OK

34 kB

URL GET HTTP/1.1
3dsa62.gaokejd.xyz/ftl/commonPage/js/jquery/jquery-1.11.3.min.js
IP
104.250.33.35:443
ASN
#137280 Kingsoft cloud corporation limited

Requested by
https://3659vip6.com:8989/
Certificate
IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT

File type
ASCII text, with very long lines (32038)
Size
34 kB (33545 bytes)
Hash
b091a47f6b91e26c93a848092c6f3788
52918af2d431e73464060b35d364640c8db75606
329ab92b9276ef4e3148f69be6b208969bebdf2db3121a589caa172453fd9f10

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/commonPage/js/jquery/jquery-1.11.3.min.js HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3659vip6.com:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 33545
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-05
ETag: W/"5d848f4f-176d4"
Date: Thu, 28 Sep 2023 08:02:48 GMT
Last-Modified: Fri, 20 Sep 2019 08:35:27 GMT
Expires: Sat, 28 Oct 2023 08:02:48 GMT
Age: 451901
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg03:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-05, HIT from KS-CLOUD-XG-03-12
X-Cdn-Request-ID: 7645530fa4354baf1c2a42f3a4846430

3dsa62.gaokejd.xyz/ftl/commonPage/js/idangerous.swiper.min.js

104.250.33.35

200 OK

12 kB

URL GET HTTP/1.1
3dsa62.gaokejd.xyz/ftl/commonPage/js/idangerous.swiper.min.js
IP
104.250.33.35:443
ASN
#137280 Kingsoft cloud corporation limited

Requested by
https://3659vip6.com:8989/
Certificate
IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT

File type
ASCII text, with very long lines (32034)
Size
12 kB (11957 bytes)
Hash
f15409fb02c527ce1f66a2fd3c4aa0e9
1e1e1bcc0f49e99e14ba34991cffe0745178d302
1a1b5d3d6fbfc28abe37a668abd59494208c63c5f0b5d040cf4bbbd137f87c27

HTTP Headers

GET /ftl/commonPage/js/idangerous.swiper.min.js HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3659vip6.com:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 11957
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-02
ETag: W/"64d5b951-b083"
Date: Thu, 28 Sep 2023 08:02:49 GMT
Last-Modified: Fri, 11 Aug 2023 04:30:09 GMT
Expires: Sat, 28 Oct 2023 08:02:49 GMT
Age: 451900
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg03:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-02, HIT from KS-CLOUD-XG-03-09
X-Cdn-Request-ID: de28163e9f4da2d74483333c43935ae5

3dsa62.gaokejd.xyz/ftl/commonPage/js/float.js

104.250.33.35

200 OK

1.9 kB

URL GET HTTP/1.1
3dsa62.gaokejd.xyz/ftl/commonPage/js/float.js
IP
104.250.33.35:443
ASN
#137280 Kingsoft cloud corporation limited

Requested by
https://3659vip6.com:8989/
Certificate
IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT

File type
Unicode text, UTF-8 text
Size
1.9 kB (1929 bytes)
Hash
829af863b0cdc4a603919824ae046299
1d417b1553e4ecb7125ebf2005b74255291fbf73
1dbe4afbc9ed220c08b9e95577b56f83e2e8e0f7620c5dc18266bb325e5bb271

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/commonPage/js/float.js HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3659vip6.com:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 1929
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-01
ETag: W/"612747ba-1b2f"
Date: Thu, 28 Sep 2023 08:02:49 GMT
Last-Modified: Thu, 26 Aug 2021 07:50:18 GMT
Expires: Sat, 28 Oct 2023 08:02:49 GMT
Age: 451901
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg03:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-01, HIT from KS-CLOUD-XG-03-03
X-Cdn-Request-ID: 5fc8cc3975e7a66951734584676d87ce

3dsa62.gaokejd.xyz/ftl/commonPage/js/websocket/Comet.js

104.250.33.35

200 OK

4.0 kB

URL GET HTTP/1.1
3dsa62.gaokejd.xyz/ftl/commonPage/js/websocket/Comet.js
IP
104.250.33.35:443
ASN
#137280 Kingsoft cloud corporation limited

Requested by
https://3659vip6.com:8989/
Certificate
IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT

File type
Unicode text, UTF-8 text
Size
4.0 kB (4031 bytes)
Hash
4de3e8bcf2f02d60519ca0d3584d3b8e
6323c2bf18b1bbf968e164bdf2e58d7677f67f8a
6cf6e96f51f13834e233bee9a9040f6eff70601dc0b755e60885b20550b35a9f

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/commonPage/js/websocket/Comet.js HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3659vip6.com:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 4031
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-02
ETag: W/"60f60fb5-43bc"
Date: Thu, 28 Sep 2023 08:02:48 GMT
Last-Modified: Mon, 19 Jul 2021 23:50:13 GMT
Expires: Sat, 28 Oct 2023 08:02:48 GMT
Age: 451901
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg03:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-02, HIT from KS-CLOUD-XG-FOREIGN-03-05
X-Cdn-Request-ID: fd89213e0767117c2637d2b305f6700a

3dsa62.gaokejd.xyz/ftl/commonPage/js/websocket/CometMarathon.js

104.250.33.35

200 OK

3.3 kB

URL GET HTTP/1.1
3dsa62.gaokejd.xyz/ftl/commonPage/js/websocket/CometMarathon.js
IP
104.250.33.35:443
ASN
#137280 Kingsoft cloud corporation limited

Requested by
https://3659vip6.com:8989/
Certificate
IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT

File type
Unicode text, UTF-8 text
Size
3.3 kB (3316 bytes)
Hash
3b4680db1e065116488f065419ca9f58
6c646601c5656ff6cb1fdf9d5b95823f41e9bcfa
e2bfb9fc21f2a1a6e33c7c5ed20de13ef2ef4bcf266aa4b2e6f2fee06f8f4eaf

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/commonPage/js/websocket/CometMarathon.js HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3659vip6.com:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 3316
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-02
ETag: W/"6260ddd4-2f13"
Date: Thu, 28 Sep 2023 08:02:49 GMT
Last-Modified: Thu, 21 Apr 2022 04:30:12 GMT
Expires: Sat, 28 Oct 2023 08:02:49 GMT
Age: 451900
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg03:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-02, HIT from KS-CLOUD-XG-03-09
X-Cdn-Request-ID: 81220b0ed5d18ccee546e424a143c8c8

3dsa62.gaokejd.xyz/ftl/commonPage/js/websocket/PopUp.js

104.250.33.35

200 OK

797 B

URL GET HTTP/1.1
3dsa62.gaokejd.xyz/ftl/commonPage/js/websocket/PopUp.js
IP
104.250.33.35:443
ASN
#137280 Kingsoft cloud corporation limited

Requested by
https://3659vip6.com:8989/
Certificate
IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT

File type
Unicode text, UTF-8 text
Size
797 B (797 bytes)
Hash
07864ad2e2759d53f8f2f14dd4295bd9
95144219e2eb702c4c4a707c3622b086876cf41c
871bf30791bb89605b61cea815c3786246274b65ede3b8a8b8c2dd9244cfa89d

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/commonPage/js/websocket/PopUp.js HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3659vip6.com:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 797
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-05
ETag: W/"6260ddd4-828"
Date: Thu, 28 Sep 2023 08:02:49 GMT
Last-Modified: Thu, 21 Apr 2022 04:30:12 GMT
Expires: Sat, 28 Oct 2023 08:02:49 GMT
Age: 451901
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg03:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-05, HIT from KS-CLOUD-XG-FOREIGN-03-10
X-Cdn-Request-ID: 24fe26dd175b9a1643a1d56c7fcceea9

3dsa62.gaokejd.xyz/ftl/commonPage/js/lazyload.js

104.250.33.35

200 OK

2.7 kB

URL GET HTTP/1.1
3dsa62.gaokejd.xyz/ftl/commonPage/js/lazyload.js
IP
104.250.33.35:443
ASN
#137280 Kingsoft cloud corporation limited

Requested by
https://3659vip6.com:8989/
Certificate
IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT

File type
Unicode text, UTF-8 text
Size
2.7 kB (2731 bytes)
Hash
58f1a7fa1a19b0e5ad0a5bad974b98cf
6963ce7378e6c992de06e7e77d79432a0d38f54d
fb513dceb383ebeda507b1e1cc89ab4d73de071d8aa4fc78bc22f66e7fc5a7e4

HTTP Headers

GET /ftl/commonPage/js/lazyload.js HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3659vip6.com:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 2731
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-06
ETag: W/"64d05f66-2f79"
Date: Thu, 28 Sep 2023 08:02:49 GMT
Last-Modified: Mon, 07 Aug 2023 03:05:10 GMT
Expires: Sat, 28 Oct 2023 08:02:49 GMT
Age: 451901
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg03:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-06, HIT from KS-CLOUD-XG-03-03
X-Cdn-Request-ID: 857f8a77e95851bbafcb9fbefaa1d439

3dsa62.gaokejd.xyz/ftl/commonPage/themes/hongbao.css

103.198.200.1

200 OK

5.7 kB

URL GET HTTP/1.1
3dsa62.gaokejd.xyz/ftl/commonPage/themes/hongbao.css
IP
103.198.200.1:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://3659vip6.com:8989/
Certificate
IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT

File type
Unicode text, UTF-8 text, with very long lines (336)
Size
5.7 kB (5666 bytes)
Hash
499a3a64bcf22609681f5337a6360c80
fc05a8a391c8375ea4e47183eca56a18bed8fca7
5339bf22971b6400e64154decc06b84fd4be337c2758cc7ca565756c92c97894

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/commonPage/themes/hongbao.css HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3dsa62.gaokejd.xyz/ftl/commonPage/themes/gui-base.css
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 5666
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-06
ETag: W/"64252e4f-d530"
Date: Thu, 28 Sep 2023 08:02:48 GMT
Last-Modified: Thu, 30 Mar 2023 06:38:07 GMT
Expires: Sat, 28 Oct 2023 08:02:48 GMT
Age: 451901
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-06, HIT from KS-CLOUD-XG-FOREIGN-21-20
X-Cdn-Request-ID: c1896502e5d6c501c7481c01291d9e3c

3dsa62.gaokejd.xyz/ftl/commonPage/themes/gui-layer.css

103.198.200.1

200 OK

6.9 kB

URL GET HTTP/1.1
3dsa62.gaokejd.xyz/ftl/commonPage/themes/gui-layer.css
IP
103.198.200.1:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://3659vip6.com:8989/
Certificate
IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT

File type
Unicode text, UTF-8 text, with very long lines (489)
Size
6.9 kB (6923 bytes)
Hash
858eefc3fa70af7d0115c901908471f5
29c181bbbc09a424f7de7cb57629bd8a9e3c679a
9f6a77c93f998e065f1ed52eb9943a3c560a50366bba2c8a34a4a1223c793caf

HTTP Headers

GET /ftl/commonPage/themes/gui-layer.css HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3dsa62.gaokejd.xyz/ftl/commonPage/themes/gui-base.css
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 6923
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-02
ETag: W/"64ddd5e1-c760"
Date: Thu, 28 Sep 2023 08:02:49 GMT
Last-Modified: Thu, 17 Aug 2023 08:10:09 GMT
Expires: Sat, 28 Oct 2023 08:02:49 GMT
Age: 451900
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-02, HIT from KS-CLOUD-XG-FOREIGN-21-04
X-Cdn-Request-ID: 34c5e4c478b9f3cd6adbcdda35225860

3dsa62.gaokejd.xyz/ftl/commonPage/js/gui-base.js

104.250.33.35

200 OK

16 kB

URL GET HTTP/1.1
3dsa62.gaokejd.xyz/ftl/commonPage/js/gui-base.js
IP
104.250.33.35:443
ASN
#137280 Kingsoft cloud corporation limited

Requested by
https://3659vip6.com:8989/
Certificate
IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (11056)
Size
16 kB (15779 bytes)
Hash
4007cfe0a95df1d6a9f4252e636f995f
b0f9a2ad5c49b9b50ac5d025c8e9ce803eb5d7a8
4370313fa317e44140f85bba141ec24c2c9ef674593779d3349d2a44001699d0

HTTP Headers

GET /ftl/commonPage/js/gui-base.js HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3659vip6.com:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 15779
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-04
ETag: W/"64ddbaed-ee5c"
Date: Thu, 28 Sep 2023 08:02:48 GMT
Last-Modified: Thu, 17 Aug 2023 06:15:09 GMT
Expires: Sat, 28 Oct 2023 08:02:48 GMT
Age: 451901
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg03:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-04, HIT from KS-CLOUD-XG-03-12
X-Cdn-Request-ID: 090f1d6e91bff9006cdf9d91c22e7819

3dsa62.gaokejd.xyz/ftl/commonPage/js/bootstrap-dialog.min.js

104.250.33.35

200 OK

5.0 kB

URL GET HTTP/1.1
3dsa62.gaokejd.xyz/ftl/commonPage/js/bootstrap-dialog.min.js
IP
104.250.33.35:443
ASN
#137280 Kingsoft cloud corporation limited

Requested by
https://3659vip6.com:8989/
Certificate
IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT

File type
ASCII text, with very long lines (20132), with no line terminators
Size
5.0 kB (5007 bytes)
Hash
5ce8851dc823429a42ab6147554403cc
28f381f0e0aa4f5d56690e65723bd97fb59a38e6
dd1edf5e54071903c4c1e81e33636444899d645df6b18bad22249da07f91c811

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/commonPage/js/bootstrap-dialog.min.js HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3659vip6.com:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 5007
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-02
ETag: W/"5d848f4f-4ea4"
Date: Thu, 28 Sep 2023 08:02:49 GMT
Last-Modified: Fri, 20 Sep 2019 08:35:27 GMT
Expires: Sat, 28 Oct 2023 08:02:49 GMT
Age: 451901
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg03:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-02, HIT from KS-CLOUD-XG-FOREIGN-03-07
X-Cdn-Request-ID: 6d38d0b057619d454a5d2972ea04d3d3

3dsa62.gaokejd.xyz/ftl/commonPage/js/layer.js

104.250.33.35

200 OK

7.6 kB

URL GET HTTP/1.1
3dsa62.gaokejd.xyz/ftl/commonPage/js/layer.js
IP
104.250.33.35:443
ASN
#137280 Kingsoft cloud corporation limited

Requested by
https://3659vip6.com:8989/
Certificate
IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT

File type
Unicode text, UTF-8 text, with very long lines (21922)
Size
7.6 kB (7599 bytes)
Hash
c42797aecccd5494e2b747cedf1a890b
b9e06a6d245b6a3c87f2753db0c9c9aa020640b2
56feab66e10b4718de666fc63941b4f36a5e553e8887d663e137e635add8beb3

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/commonPage/js/layer.js HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3659vip6.com:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 7599
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-03
ETag: W/"5d848f4f-55f6"
Date: Thu, 28 Sep 2023 08:02:48 GMT
Last-Modified: Fri, 20 Sep 2019 08:35:27 GMT
Expires: Sat, 28 Oct 2023 08:02:48 GMT
Age: 451901
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg03:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-03, HIT from KS-CLOUD-XG-03-02
X-Cdn-Request-ID: 8692f607a202060a930fdce635bba9b5

3dsa62.gaokejd.xyz/ftl/commonPage/js/jquery/jquery.super-marquee.js

104.250.33.35

200 OK

1.4 kB

URL GET HTTP/1.1
3dsa62.gaokejd.xyz/ftl/commonPage/js/jquery/jquery.super-marquee.js
IP
104.250.33.35:443
ASN
#137280 Kingsoft cloud corporation limited

Requested by
https://3659vip6.com:8989/
Certificate
IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT

File type
ASCII text, with very long lines (4433), with no line terminators
Size
1.4 kB (1421 bytes)
Hash
f77d83590bc0a69298f2fbcc5d9911cd
1d6aa25d7052f53ad0181385e5efe72f224bbdb9
1d042b9441e860ddcc01b9e9e5e8d354121ee0e31b47f6e18a321e2e633d22e7

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/commonPage/js/jquery/jquery.super-marquee.js HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3659vip6.com:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 1421
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-06
ETag: W/"5d848f4f-1151"
Date: Thu, 28 Sep 2023 08:02:49 GMT
Last-Modified: Fri, 20 Sep 2019 08:35:27 GMT
Expires: Sat, 28 Oct 2023 08:02:49 GMT
Age: 451901
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg03:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-06, HIT from KS-CLOUD-XG-FOREIGN-03-10
X-Cdn-Request-ID: 77b85dac36ae301641430a9e761ff4ac

3dsa62.gaokejd.xyz/ftl/commonPage/js/jquery/jquery.nicescroll.min.js

103.198.200.1

200 OK

17 kB

URL GET HTTP/1.1
3dsa62.gaokejd.xyz/ftl/commonPage/js/jquery/jquery.nicescroll.min.js
IP
103.198.200.1:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://3659vip6.com:8989/
Certificate
IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT

File type
ASCII text, with very long lines (64577)
Size
17 kB (17446 bytes)
Hash
b5bc8cd626b389bde727a91e6ce79436
3df6c39300ac286cf596b3bda273cb39ff825429
a1eb48eeb3b3f2ba41940d3041464f0b386b7a7c4a8acb42f3017e691f4b116e

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/commonPage/js/jquery/jquery.nicescroll.min.js HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3659vip6.com:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 17446
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-02
ETag: W/"5d848f4f-fc8b"
Date: Thu, 28 Sep 2023 08:02:49 GMT
Last-Modified: Fri, 20 Sep 2019 08:35:27 GMT
Expires: Sat, 28 Oct 2023 08:02:49 GMT
Age: 451901
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding, Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
Content-Encoding: gzip
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-02, HIT from KS-CLOUD-XG-FOREIGN-21-12
X-Cdn-Request-ID: 2fc157ceabed5392862f77e150735bc5

3dsa62.gaokejd.xyz/061410/rcenter/common/js/jquery/plugins/jquery.validate/jquery.validate.js

103.198.200.1

200 OK

7.7 kB

URL GET HTTP/1.1
3dsa62.gaokejd.xyz/061410/rcenter/common/js/jquery/plugins/jquery.validate/jquery.validate.js
IP
103.198.200.1:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://3659vip6.com:8989/
Certificate
IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT

File type
Unicode text, UTF-8 text, with very long lines (27669)
Size
7.7 kB (7746 bytes)
Hash
f8c2b37c1dc626eede6a2e3e37aa4504
d4e8419497caa64c8a850ac4808dddb89b5eeb3f
728d63b799ab3d9bee5e987ad13f71aeb9d30ff78ed552c7edc425531c9c0f2a

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /061410/rcenter/common/js/jquery/plugins/jquery.validate/jquery.validate.js HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3659vip6.com:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 7746
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-05
ETag: W/"650aa3e4-6caf"
Date: Thu, 28 Sep 2023 08:04:55 GMT
Last-Modified: Wed, 20 Sep 2023 07:48:52 GMT
Expires: Sat, 28 Oct 2023 08:04:55 GMT
Age: 451774
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-204
x-link-via: xg21:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-05, HIT from KS-CLOUD-XG-FOREIGN-21-13
X-Cdn-Request-ID: 1ab573a4cd1d9200f3a53d826f11427d

3dsa62.gaokejd.xyz/061410/rcenter/common/js/gamebox/common/jquery.validate.extend.msites.js

104.250.33.35

200 OK

4.1 kB

URL GET HTTP/1.1
3dsa62.gaokejd.xyz/061410/rcenter/common/js/gamebox/common/jquery.validate.extend.msites.js
IP
104.250.33.35:443
ASN
#137280 Kingsoft cloud corporation limited

Requested by
https://3659vip6.com:8989/
Certificate
IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT

File type
Unicode text, UTF-8 text, with very long lines (14855), with no line terminators
Size
4.1 kB (4126 bytes)
Hash
4fe7dadf050dad2dcfd386d21b880281
07e7feb8dc9309fe66d86d7a9e27f8efd32ab0bd
aa891aafe8e98e1e15d81b2b116e6c3808d0bbbec56cd24818e2e7ac911877c9

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /061410/rcenter/common/js/gamebox/common/jquery.validate.extend.msites.js HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3659vip6.com:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 4126
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-05
ETag: W/"650aa3e4-3a09"
Date: Thu, 28 Sep 2023 08:04:55 GMT
Last-Modified: Wed, 20 Sep 2023 07:48:52 GMT
Expires: Sat, 28 Oct 2023 08:04:55 GMT
Age: 451774
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg03:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-05, HIT from KS-CLOUD-XG-FOREIGN-03-08
X-Cdn-Request-ID: b71d4fc1b5830aaeb8d774ad68fd817a

3dsa62.gaokejd.xyz/ftl/commonPage/js/moment.js

104.250.33.35

200 OK

27 kB

URL GET HTTP/1.1
3dsa62.gaokejd.xyz/ftl/commonPage/js/moment.js
IP
104.250.33.35:443
ASN
#137280 Kingsoft cloud corporation limited

Requested by
https://3659vip6.com:8989/
Certificate
IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT

File type
Algol 68 source text\012- Pascal source, Unicode text, UTF-8 text
Size
27 kB (26968 bytes)
Hash
36c8f828395a9395549bd6e7307cb7e9
f30a4961558e2d3d4405e7d93aa28fdb63245e78
5d5e32fa1e06a0bc9396f349d142ad248e82086543e438c890e43f41e692db33

HTTP Headers

GET /ftl/commonPage/js/moment.js HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3659vip6.com:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 26968
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-01
ETag: W/"64b633ca-1cab9"
Date: Thu, 28 Sep 2023 08:02:49 GMT
Last-Modified: Tue, 18 Jul 2023 06:40:10 GMT
Expires: Sat, 28 Oct 2023 08:02:49 GMT
Age: 451901
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg03:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-01, HIT from KS-CLOUD-XG-FOREIGN-03-07
X-Cdn-Request-ID: f5c6b6365f340aaab124b8f0b2fae5a4

3dsa62.gaokejd.xyz/ftl/commonPage/themes/hb/css/pc.css

104.250.33.35

200 OK

911 B

URL GET HTTP/1.1
3dsa62.gaokejd.xyz/ftl/commonPage/themes/hb/css/pc.css
IP
104.250.33.35:443
ASN
#137280 Kingsoft cloud corporation limited

Requested by
https://3659vip6.com:8989/
Certificate
IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT

File type
ASCII text
Size
911 B (911 bytes)
Hash
1da71520b7a0a61526a8fa8d0feb40d1
ba1bf69dad8783563328054cae58ccabf1b00829
5eb4d895bcb33061cda238c8ff4985ede69a866819b980c732cf3802ec101e8d

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/commonPage/themes/hb/css/pc.css HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3659vip6.com:8989/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 911
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-05
ETag: W/"5d848f4f-b5d"
Date: Thu, 28 Sep 2023 08:02:49 GMT
Last-Modified: Fri, 20 Sep 2019 08:35:27 GMT
Expires: Sat, 28 Oct 2023 08:02:49 GMT
Age: 451901
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg03:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-05, HIT from KS-CLOUD-XG-FOREIGN-03-10
X-Cdn-Request-ID: eed690ebf9cc13268241aca578015f6a

3dsa62.gaokejd.xyz/061410/rcenter/common/static/js/gb.validation.min.js?v=1695807924649

104.250.33.35

200 OK

5.2 kB

URL GET HTTP/1.1
3dsa62.gaokejd.xyz/061410/rcenter/common/static/js/gb.validation.min.js?v=1695807924649
IP
104.250.33.35:443
ASN
#137280 Kingsoft cloud corporation limited

Requested by
https://3659vip6.com:8989/
Certificate
IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT

File type
Unicode text, UTF-8 text, with very long lines (801)
Size
5.2 kB (5207 bytes)
Hash
30be40425b37bee4158676082cef1f4d
b41ed46721936872d5d7eadf303ce22938240d2a
f5ca5f543161a6b37ca2bf26c4f3c630fe08323108c77dac1fba6ce755ce6f47

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /061410/rcenter/common/static/js/gb.validation.min.js?v=1695807924649 HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3659vip6.com:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 5207
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-01
ETag: W/"633d510e-7fd7"
Date: Thu, 28 Sep 2023 08:04:55 GMT
Last-Modified: Wed, 05 Oct 2022 09:40:30 GMT
Expires: Sat, 28 Oct 2023 08:04:55 GMT
Age: 451775
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-204
x-link-via: xg03:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-01, HIT from KS-CLOUD-XG-03-03
X-Cdn-Request-ID: 2c966c2bd096d97f6bce38e2ce0a45d8

3dsa62.gaokejd.xyz/ftl/commonPage/js/theme/default/layer.css?v=3.1.0

104.250.33.35

200 OK

3.1 kB

URL GET HTTP/1.1
3dsa62.gaokejd.xyz/ftl/commonPage/js/theme/default/layer.css?v=3.1.0
IP
104.250.33.35:443
ASN
#137280 Kingsoft cloud corporation limited

Requested by
https://3659vip6.com:8989/
Certificate
IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT

File type
ASCII text
Size
3.1 kB (3111 bytes)
Hash
5cf9259b7dd27aacd46161ec23d261cf
ba0c399616a5ae9cdd8aec5b76ba4aae4822367c
7f73a66b3a9a38576d124b6243a8984d795028e3493b8fa3f688d8dbe10cbccc

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/commonPage/js/theme/default/layer.css?v=3.1.0 HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3659vip6.com:8989/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 3111
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-05
ETag: W/"6131d862-48e4"
Date: Thu, 28 Sep 2023 08:02:48 GMT
Last-Modified: Fri, 03 Sep 2021 08:10:10 GMT
Expires: Sat, 28 Oct 2023 08:02:48 GMT
Age: 451902
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-204
x-link-via: xg03:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-05, HIT from KS-CLOUD-XG-03-02
X-Cdn-Request-ID: 9d04cff3ae772e5e44d0e2cf07ac15a8

3dsa62.gaokejd.xyz/061410/rcenter/common/static/css/gb.validation.min.css

103.198.200.1

200 OK

3.8 kB

URL GET HTTP/1.1
3dsa62.gaokejd.xyz/061410/rcenter/common/static/css/gb.validation.min.css
IP
103.198.200.1:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://3659vip6.com:8989/
Certificate
IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT

File type
Unicode text, UTF-8 text, with very long lines (2295)
Size
3.8 kB (3788 bytes)
Hash
f00ce0554efc5adea6a8e02d5e501cad
388840e376568b37ac0103aa5c87a268778db67a
3043f42fdd97ec607648da79c3abfa6f364404c7594143227c2541d1f0ac6069

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /061410/rcenter/common/static/css/gb.validation.min.css HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3659vip6.com:8989/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 3788
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-02
ETag: W/"633d510e-2d52"
Date: Thu, 28 Sep 2023 08:05:21 GMT
Last-Modified: Wed, 05 Oct 2022 09:40:30 GMT
Expires: Sat, 28 Oct 2023 08:05:21 GMT
Age: 451749
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-204
x-link-via: xg21:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-02, HIT from KS-CLOUD-XG-FOREIGN-21-17
X-Cdn-Request-ID: f9f4378715b21d449d725308f3c97d7f

3dsa62.gaokejd.xyz/ftl/bet365-141-2/plugin/js/swiper-4.3.3.min.js

104.250.33.35

200 OK

32 kB

URL GET HTTP/1.1
3dsa62.gaokejd.xyz/ftl/bet365-141-2/plugin/js/swiper-4.3.3.min.js
IP
104.250.33.35:443
ASN
#137280 Kingsoft cloud corporation limited

Requested by
https://3659vip6.com:8989/
Certificate
IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT

File type
ASCII text, with very long lines (65275)
Size
32 kB (31739 bytes)
Hash
317fd00903b68a157500b40495e8d74e
29ba73703d5c1d5390551e9fb230a3f1ace1437e
efac6fec2ba437b6a906e249fad9de3c7d3c105a48136b0155376b5989c4d76a

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/bet365-141-2/plugin/js/swiper-4.3.3.min.js HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3659vip6.com:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 31739
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-01
ETag: W/"614d2b23-1df6f"
Date: Thu, 28 Sep 2023 08:02:48 GMT
Last-Modified: Fri, 24 Sep 2021 01:34:27 GMT
Expires: Sat, 28 Oct 2023 08:02:48 GMT
Age: 451902
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg03:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-01, HIT from KS-CLOUD-XG-03-02
X-Cdn-Request-ID: 69055baf9c748e31f2ac2365515f683d

3659vip6.com:8989/mobile-api/v5/origin/getFloat.html

43.198.190.53

200

2.6 kB

URL POST HTTP/1.1
3659vip6.com:8989/mobile-api/v5/origin/getFloat.html
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://3659vip6.com:8989/
Certificate
IssuerLet's Encrypt
Subject3659vip6.com
Fingerprint0A:87:4F:14:C3:10:2A:06:6E:19:04:99:A1:38:A0:CD:46:81:DB:53
ValidityWed, 06 Sep 2023 15:16:47 GMT - Tue, 05 Dec 2023 15:16:46 GMT

File type
JSON data\012- HTML document, Unicode text, UTF-8 text, with very long lines (6686), with no line terminators
Size
2.6 kB (2556 bytes)
Hash
3a2ea604ecbba7d4dff15307b40b4484
61f300e5028c65c81db6d6b922f83f70cbeb3de8
4caeda93294300606ea1945c785dfe5b49811c2a17a7eef13a9a86d6a337070d

HTTP Headers

POST /mobile-api/v5/origin/getFloat.html HTTP/1.1
Host: 3659vip6.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 68
Origin: https://3659vip6.com:8989
DNT: 1
Connection: keep-alive
Referer: https://3659vip6.com:8989/
Cookie: sticket=9UQXVOREl1TVRVME9
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Date: Tue, 03 Oct 2023 13:34:31 GMT
Content-Type: text/html;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Set-Cookie: route=608b49d6269bc6506d42172c4da4c169; Path=/
Access-Control-Allow-Origin: https://3659vip6.com:8989
Access-Control-Allow-Methods: *
Access-Control-Max-Age: 3600
Access-Control-Allow-Headers: Content-Type,Access-Token,X-Requested-With
Content-Disposition: inline;filename=f.txt
sub-sys: mobile
Content-Encoding: gzip
X-Frame-Options: SAMEORIGIN
uuid: 00141-02-00000000-16963400719bae
out-line: gb-site-133

3659vip6.com:8989/ftl/bet365-141-2/themes/images/hot.gif

43.198.190.53

200 OK

1.3 kB

URL GET HTTP/1.1
3659vip6.com:8989/ftl/bet365-141-2/themes/images/hot.gif
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://3659vip6.com:8989/
Certificate
IssuerLet's Encrypt
Subject3659vip6.com
Fingerprint0A:87:4F:14:C3:10:2A:06:6E:19:04:99:A1:38:A0:CD:46:81:DB:53
ValidityWed, 06 Sep 2023 15:16:47 GMT - Tue, 05 Dec 2023 15:16:46 GMT

File type
GIF image data, version 89a, 16 x 21\012- data
Size
1.3 kB (1265 bytes)
Hash
98b6e28b9ec42fb2cfeeb767adf534b0
ec30e424f3b775ad1d9b80e8947a4646ee8c5af9
06011ce85e775ecfeda87eaca9ee6ac75cb9522cefe71448d8b04adc81bd9f67

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/bet365-141-2/themes/images/hot.gif HTTP/1.1
Host: 3659vip6.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3659vip6.com:8989/
Cookie: sticket=9UQXVOREl1TVRVME9
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:34:31 GMT
Content-Type: image/gif
Content-Length: 1265
Connection: keep-alive
Last-Modified: Mon, 15 Jul 2019 12:48:03 GMT
ETag: "5d2c7603-4f1"
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:34:31 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-133
Accept-Ranges: bytes

3dsa62.gaokejd.xyz/ftl/commonPage/zh_CN/mobileTopic/images/special_3.jpg

104.250.33.35

200 OK

6.9 kB

URL GET HTTP/1.1
3dsa62.gaokejd.xyz/ftl/commonPage/zh_CN/mobileTopic/images/special_3.jpg
IP
104.250.33.35:443
ASN
#137280 Kingsoft cloud corporation limited

Requested by
https://3659vip6.com:8989/
Certificate
IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 168x168, components 3\012- data
Size
6.9 kB (6871 bytes)
Hash
99be4bfe275809d4e436b77c991b1381
54eadee77394eb62ccf377ae68d9f49acb5b6785
4ca35131972acdf420b94f0d64a5a0f504eb5a7b0e6fb7b8b467916a12aae37d

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/commonPage/zh_CN/mobileTopic/images/special_3.jpg HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3659vip6.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 6871
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-04
ETag: "5d848f4f-1ad7"
Date: Thu, 28 Sep 2023 08:02:48 GMT
Last-Modified: Fri, 20 Sep 2019 08:35:27 GMT
Expires: Sat, 28 Oct 2023 08:02:48 GMT
Age: 451902
Cache-Control: max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg03:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-04, HIT from KS-CLOUD-XG-03-12
X-Cdn-Request-ID: e28ed460ce757a89a6240fe7188f5e62

ocsp.r2m03.amazontrust.com/

143.204.48.16

471 B

URL
ocsp.r2m03.amazontrust.com/
IP
143.204.48.16:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
00aa4324a57d96076bf9ead97e0cd2c4
11bd3f1b68688e934bdb11e0482fe09edffbbe6f
cf53a0bfc3100634116ffed31018be8491f019094800dd4b48b781e6bf51b0e4

HTTP Headers

POST / HTTP/1.1
Host: ocsp.r2m03.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Cache-Control: max-age=7200
Date: Tue, 03 Oct 2023 13:34:31 GMT
Server: ECAcc (amb/6B04)
X-Cache: Miss from cloudfront
Via: 1.1 f66e3db0f0449307dba3fbf72bbf3bac.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: jgxxhkB_RBr-5iHynYdOJ5kRB9kqSyzwsyftIrDAnvbPVUMu6-NXlw==

3659vip6.com:8989/index/getAppsUrl.html?device=android

43.198.190.53

200

878 B

URL GET HTTP/1.1
3659vip6.com:8989/index/getAppsUrl.html?device=android
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://3659vip6.com:8989/
Certificate
IssuerLet's Encrypt
Subject3659vip6.com
Fingerprint0A:87:4F:14:C3:10:2A:06:6E:19:04:99:A1:38:A0:CD:46:81:DB:53
ValidityWed, 06 Sep 2023 15:16:47 GMT - Tue, 05 Dec 2023 15:16:46 GMT

File type
JSON data\012- , ASCII text, with very long lines (1112), with no line terminators
Size
878 B (878 bytes)
Hash
191e4e28b40dcc05e14e31bb5de63f17
dfa31a1f7429f3de04040bd55e7d81e0872aba97
e03c0343c9fd6893d0da9bfcf974992926de5e7bde7d629a4e4bcba32c13932a

HTTP Headers

GET /index/getAppsUrl.html?device=android HTTP/1.1
Host: 3659vip6.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://3659vip6.com:8989/
Cookie: sticket=9UQXVOREl1TVRVME9
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Date: Tue, 03 Oct 2023 13:34:31 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Set-Cookie: route=4dc7dfeabaa1977335671c9d813ff1f9; Path=/
Content-Disposition: inline;filename=f.txt
sub-sys: msite
Content-Encoding: gzip
X-Frame-Options: SAMEORIGIN
uuid: 00141-02-00000000-1696340071e081
out-line: gb-site-133

3659vip6.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_3_7583.png

43.198.190.53

200 OK

20 kB

URL GET HTTP/1.1
3659vip6.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_3_7583.png
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://3659vip6.com:8989/
Certificate
IssuerLet's Encrypt
Subject3659vip6.com
Fingerprint0A:87:4F:14:C3:10:2A:06:6E:19:04:99:A1:38:A0:CD:46:81:DB:53
ValidityWed, 06 Sep 2023 15:16:47 GMT - Tue, 05 Dec 2023 15:16:46 GMT

File type
PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Size
20 kB (20322 bytes)
Hash
a33f52ea5bd6275e21267f80791ef78a
8c628b103599834a360c53bbb3fbc9e01c5878c6
bb5a4afcdc59886a05b426337bdc6480c07742c0d06ca7bb3a03f66d904731e7

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_3_7583.png HTTP/1.1
Host: 3659vip6.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3659vip6.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:34:31 GMT
Content-Type: image/png
Content-Length: 20322
Connection: keep-alive
Last-Modified: Tue, 29 Mar 2022 10:22:55 GMT
ETag: "6242ddff-4f62"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:34:31 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-133
Accept-Ranges: bytes

3659vip6.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_3_7697.png

43.198.190.53

200 OK

27 kB

URL GET HTTP/1.1
3659vip6.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_3_7697.png
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://3659vip6.com:8989/
Certificate
IssuerLet's Encrypt
Subject3659vip6.com
Fingerprint0A:87:4F:14:C3:10:2A:06:6E:19:04:99:A1:38:A0:CD:46:81:DB:53
ValidityWed, 06 Sep 2023 15:16:47 GMT - Tue, 05 Dec 2023 15:16:46 GMT

File type
PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Size
27 kB (26952 bytes)
Hash
6806dc9c36ddfc927f9814ab1f8a021c
fee37bf769af8a26bf58ed70405100bfee39e867
1455e15577781e784863594804797d19c9edb69c6aaa32fe86f9268b9847d6c0

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_3_7697.png HTTP/1.1
Host: 3659vip6.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3659vip6.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:34:31 GMT
Content-Type: image/png
Content-Length: 26952
Connection: keep-alive
Last-Modified: Tue, 29 Mar 2022 10:22:55 GMT
ETag: "6242ddff-6948"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:34:31 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-133
Accept-Ranges: bytes

3659vip6.com:8989/ftl/commonPage/themes/images/hongbao/icon-close-1.png

43.198.190.53

200 OK

6.1 kB

URL GET HTTP/1.1
3659vip6.com:8989/ftl/commonPage/themes/images/hongbao/icon-close-1.png
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://3659vip6.com:8989/
Certificate
IssuerLet's Encrypt
Subject3659vip6.com
Fingerprint0A:87:4F:14:C3:10:2A:06:6E:19:04:99:A1:38:A0:CD:46:81:DB:53
ValidityWed, 06 Sep 2023 15:16:47 GMT - Tue, 05 Dec 2023 15:16:46 GMT

File type
PNG image data, 60 x 60, 8-bit/color RGBA, non-interlaced\012- data
Size
6.1 kB (6087 bytes)
Hash
30eb0e841ea47a1f05854ebca3f9e9c1
0cb9874c32ff8837c1ffaf89cba502ceb3483b2b
382670ae61fc81522b190a0536d7b993058183aea2ffe81d197ded6af07d2183

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/commonPage/themes/images/hongbao/icon-close-1.png HTTP/1.1
Host: 3659vip6.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3659vip6.com:8989/
Cookie: sticket=9UQXVOREl1TVRVME9; route=4dc7dfeabaa1977335671c9d813ff1f9
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:34:32 GMT
Content-Type: image/png
Content-Length: 6087
Connection: keep-alive
Last-Modified: Wed, 11 Aug 2021 06:10:54 GMT
ETag: "611369ee-17c7"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:34:32 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-133
Accept-Ranges: bytes

3659vip6.com:8989/index/getUserTimeZoneDate.html?t=lnad2wu3

43.198.190.53

200

119 B

URL GET HTTP/1.1
3659vip6.com:8989/index/getUserTimeZoneDate.html?t=lnad2wu3
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://3659vip6.com:8989/
Certificate
IssuerLet's Encrypt
Subject3659vip6.com
Fingerprint0A:87:4F:14:C3:10:2A:06:6E:19:04:99:A1:38:A0:CD:46:81:DB:53
ValidityWed, 06 Sep 2023 15:16:47 GMT - Tue, 05 Dec 2023 15:16:46 GMT

File type
JSON data\012- , ASCII text, with no line terminators
Size
119 B (119 bytes)
Hash
8c9cfc8e082437d7ae629c36f126056d
8d9ea3ab52d1638d113eb9ebcc6cc37c43d464c8
53d35913b478b3d6ee5dc0c4330a1df28683602cbde901788486061e25222c8b

HTTP Headers

GET /index/getUserTimeZoneDate.html?t=lnad2wu3 HTTP/1.1
Host: 3659vip6.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://3659vip6.com:8989/
Cookie: sticket=9UQXVOREl1TVRVME9; route=4dc7dfeabaa1977335671c9d813ff1f9
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Date: Tue, 03 Oct 2023 13:34:32 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 119
Connection: keep-alive
Content-Disposition: inline;filename=f.txt
sub-sys: msite
cachettl: 3
X-Frame-Options: SAMEORIGIN
uuid: 00141-02-00000000-1696340072bae5
out-line: gb-site-133

3dsa62.gaokejd.xyz/fserver/files/gb/141/carousel/10315/1659084673947.png?wsSecret=fa06b01f936b7cfad3dbb4caa0d3cab2&wsTime=1696340071

104.250.33.35

200 OK

107 kB

URL GET HTTP/1.1
3dsa62.gaokejd.xyz/fserver/files/gb/141/carousel/10315/1659084673947.png?wsSecret=fa06b01f936b7cfad3dbb4caa0d3cab2&wsTime=1696340071
IP
104.250.33.35:443
ASN
#137280 Kingsoft cloud corporation limited

Requested by
https://3659vip6.com:8989/
Certificate
IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT

File type
PNG image data, 850 x 214, 8-bit colormap, non-interlaced\012- data
Size
107 kB (106746 bytes)
Hash
e575f7f68ace5718a733ce9a735dba27
2a2aff13696be1b051eb7c78e7153db8c1ecaea4
144dfdb1a20d96a0eeef856bcacb63396dce907b5291196a2ea89f3b96543544

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /fserver/files/gb/141/carousel/10315/1659084673947.png?wsSecret=fa06b01f936b7cfad3dbb4caa0d3cab2&wsTime=1696340071 HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3659vip6.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 106746
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-04
ETag: "6379d708-1a0fa"
Date: Thu, 28 Sep 2023 08:09:30 GMT
Last-Modified: Sun, 20 Nov 2022 07:28:08 GMT
Expires: Sat, 28 Oct 2023 08:09:30 GMT
Age: 451501
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xg03:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-04, HIT from KS-CLOUD-XG-03-14
X-Cdn-Request-ID: 3e279af2d9b1474d6f32404273079e95

3659vip6.com:8989/headerInfo.html?t=lnad2x44

43.198.190.53

200

118 B

URL GET HTTP/1.1
3659vip6.com:8989/headerInfo.html?t=lnad2x44
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://3659vip6.com:8989/
Certificate
IssuerLet's Encrypt
Subject3659vip6.com
Fingerprint0A:87:4F:14:C3:10:2A:06:6E:19:04:99:A1:38:A0:CD:46:81:DB:53
ValidityWed, 06 Sep 2023 15:16:47 GMT - Tue, 05 Dec 2023 15:16:46 GMT

File type
JSON data\012- , ASCII text, with no line terminators
Size
118 B (118 bytes)
Hash
cf53eaedec1897ffb05734cee857a6cc
75af0377eed65848dbc96c7ddd67bd71510f23dd
eb7f07a0c59d8f56d0a2584b9023811977862c48f3164e21628d4c8972fb62ba

HTTP Headers

GET /headerInfo.html?t=lnad2x44 HTTP/1.1
Host: 3659vip6.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://3659vip6.com:8989/
Cookie: sticket=9UQXVOREl1TVRVME9; route=4dc7dfeabaa1977335671c9d813ff1f9
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Date: Tue, 03 Oct 2023 13:34:32 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Disposition: inline;filename=f.txt
sub-sys: msite
Content-Encoding: gzip
X-Frame-Options: SAMEORIGIN
uuid: 00141-02-00000000-1696340072c06f
out-line: gb-site-133

3659vip6.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_88_1jeqx59c7ztqg.png

43.198.190.53

200 OK

24 kB

URL GET HTTP/1.1
3659vip6.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_88_1jeqx59c7ztqg.png
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://3659vip6.com:8989/
Certificate
IssuerLet's Encrypt
Subject3659vip6.com
Fingerprint0A:87:4F:14:C3:10:2A:06:6E:19:04:99:A1:38:A0:CD:46:81:DB:53
ValidityWed, 06 Sep 2023 15:16:47 GMT - Tue, 05 Dec 2023 15:16:46 GMT

File type
PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Size
24 kB (23771 bytes)
Hash
19e16d0cf5c005f3fd798e8f0131db7d
ebb9c520f4047172662991c689a2e07015680dcd
57c3d3bf827de223898f46813f9bd0fd2296cc21a61f3f77d03ba6cee265c78d

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_88_1jeqx59c7ztqg.png HTTP/1.1
Host: 3659vip6.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3659vip6.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:34:32 GMT
Content-Type: image/png
Content-Length: 23771
Connection: keep-alive
Last-Modified: Sat, 11 Sep 2021 09:11:25 GMT
ETag: "613c72bd-5cdb"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:34:32 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-133
Accept-Ranges: bytes

3659vip6.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_3_7695.png

43.198.190.53

200 OK

23 kB

URL GET HTTP/1.1
3659vip6.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_3_7695.png
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://3659vip6.com:8989/
Certificate
IssuerLet's Encrypt
Subject3659vip6.com
Fingerprint0A:87:4F:14:C3:10:2A:06:6E:19:04:99:A1:38:A0:CD:46:81:DB:53
ValidityWed, 06 Sep 2023 15:16:47 GMT - Tue, 05 Dec 2023 15:16:46 GMT

File type
PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Size
23 kB (22623 bytes)
Hash
3c3c588128385827b532946ac86d0a6d
7d84bebb554df6b3c699352d83d640368903ceff
206c91c826cef5d9db409283a0c439a4322211588ecc14b6abb0af9d4573b328

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_3_7695.png HTTP/1.1
Host: 3659vip6.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3659vip6.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:34:32 GMT
Content-Type: image/png
Content-Length: 22623
Connection: keep-alive
Last-Modified: Tue, 29 Mar 2022 10:22:55 GMT
ETag: "6242ddff-585f"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:34:32 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-133
Accept-Ranges: bytes

3659vip6.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_10_38001.png

43.198.190.53

200 OK

23 kB

URL GET HTTP/1.1
3659vip6.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_10_38001.png
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://3659vip6.com:8989/
Certificate
IssuerLet's Encrypt
Subject3659vip6.com
Fingerprint0A:87:4F:14:C3:10:2A:06:6E:19:04:99:A1:38:A0:CD:46:81:DB:53
ValidityWed, 06 Sep 2023 15:16:47 GMT - Tue, 05 Dec 2023 15:16:46 GMT

File type
PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Size
23 kB (23355 bytes)
Hash
14f7dbafc1472fa05db8eb17ae826f30
991915b5ae07c7a47e93dce0c6c82d0d0b690993
7287fcb933e5bf3eba0d13e7312cf5ba90f94c0593310090fdc521f866b0b134

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_10_38001.png HTTP/1.1
Host: 3659vip6.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3659vip6.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:34:32 GMT
Content-Type: image/png
Content-Length: 23355
Connection: keep-alive
Last-Modified: Mon, 15 Jul 2019 12:48:11 GMT
ETag: "5d2c760b-5b3b"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:34:32 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-133
Accept-Ranges: bytes

3659vip6.com:8989/mobile-api/v5/chess/getActivityMsg.html?function=sign

43.198.190.53

200

140 B

URL GET HTTP/1.1
3659vip6.com:8989/mobile-api/v5/chess/getActivityMsg.html?function=sign
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://3659vip6.com:8989/
Certificate
IssuerLet's Encrypt
Subject3659vip6.com
Fingerprint0A:87:4F:14:C3:10:2A:06:6E:19:04:99:A1:38:A0:CD:46:81:DB:53
ValidityWed, 06 Sep 2023 15:16:47 GMT - Tue, 05 Dec 2023 15:16:46 GMT

File type
JSON data\012- , Unicode text, UTF-8 text, with no line terminators
Size
140 B (140 bytes)
Hash
5d062bc93ef9d75b27e852ed745d170f
1ecf82a0589608b26ee6a29b2cc3229916596626
26e77aa8c61c230db13c8fd74d4ab3adf8be54c3192c4e16f94e633a71efc2e1

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /mobile-api/v5/chess/getActivityMsg.html?function=sign HTTP/1.1
Host: 3659vip6.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://3659vip6.com:8989/
Cookie: sticket=9UQXVOREl1TVRVME9; route=4dc7dfeabaa1977335671c9d813ff1f9
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Date: Tue, 03 Oct 2023 13:34:32 GMT
Content-Type: text/html;charset=utf-8
Content-Length: 140
Connection: keep-alive
Set-Cookie: route=e4e732c52e31521cf093adea5bf44bc6; Path=/
Access-Control-Allow-Methods: *
Access-Control-Max-Age: 3600
Access-Control-Allow-Headers: Content-Type,Access-Token,X-Requested-With
Content-Disposition: inline;filename=f.txt
sub-sys: mobile
X-Frame-Options: SAMEORIGIN
uuid: 00141-02-00000000-16963400724888
out-line: gb-site-133

3659vip6.com:8989/mobile-api/v5/origin/loginSwitchCheck.html

43.198.190.53

200

174 B

URL GET HTTP/1.1
3659vip6.com:8989/mobile-api/v5/origin/loginSwitchCheck.html
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://3659vip6.com:8989/
Certificate
IssuerLet's Encrypt
Subject3659vip6.com
Fingerprint0A:87:4F:14:C3:10:2A:06:6E:19:04:99:A1:38:A0:CD:46:81:DB:53
ValidityWed, 06 Sep 2023 15:16:47 GMT - Tue, 05 Dec 2023 15:16:46 GMT

File type
JSON data\012- , Unicode text, UTF-8 text, with no line terminators
Size
174 B (174 bytes)
Hash
1452cebf3e2bb129b06762f43f09e5c8
0ec65f1e79233e8c59f76c55fb89ac8637cfb070
99a31cd18b8ce37d3725d0a77d5e314452d2906ed2b54b8b19d4de849d1bf13d

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /mobile-api/v5/origin/loginSwitchCheck.html HTTP/1.1
Host: 3659vip6.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://3659vip6.com:8989/
Cookie: sticket=9UQXVOREl1TVRVME9; route=4dc7dfeabaa1977335671c9d813ff1f9
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Date: Tue, 03 Oct 2023 13:34:32 GMT
Content-Type: text/html;charset=utf-8
Content-Length: 174
Connection: keep-alive
Set-Cookie: route=e4e732c52e31521cf093adea5bf44bc6; Path=/
Access-Control-Allow-Methods: *
Access-Control-Max-Age: 3600
Access-Control-Allow-Headers: Content-Type,Access-Token,X-Requested-With
Content-Disposition: inline;filename=f.txt
sub-sys: mobile
X-Frame-Options: SAMEORIGIN
uuid: 00141-02-00000000-16963400722a19
out-line: gb-site-133

3659vip6.com:8989/index/getUserTimeZoneDate.html?t=lnad2xg2

43.198.190.53

200

119 B

URL GET HTTP/1.1
3659vip6.com:8989/index/getUserTimeZoneDate.html?t=lnad2xg2
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://3659vip6.com:8989/
Certificate
IssuerLet's Encrypt
Subject3659vip6.com
Fingerprint0A:87:4F:14:C3:10:2A:06:6E:19:04:99:A1:38:A0:CD:46:81:DB:53
ValidityWed, 06 Sep 2023 15:16:47 GMT - Tue, 05 Dec 2023 15:16:46 GMT

File type
JSON data\012- , ASCII text, with no line terminators
Size
119 B (119 bytes)
Hash
c3b75e682c5d689cebef79988b99a698
dbe25dcdeda715e837fa79a64cb49a5f9e237dff
bb5e0fb9b6972bb0615e2898930b8c4e0377d914cb2454e3250d9a51f5e47769

HTTP Headers

GET /index/getUserTimeZoneDate.html?t=lnad2xg2 HTTP/1.1
Host: 3659vip6.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://3659vip6.com:8989/
Cookie: sticket=9UQXVOREl1TVRVME9; route=4dc7dfeabaa1977335671c9d813ff1f9
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Date: Tue, 03 Oct 2023 13:34:32 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 119
Connection: keep-alive
Content-Disposition: inline;filename=f.txt
sub-sys: msite
cachettl: 3
X-Frame-Options: SAMEORIGIN
uuid: 00141-02-00000000-169634007299c2
out-line: gb-site-133

3659vip6.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_3_8673.png

43.198.190.53

200 OK

25 kB

URL GET HTTP/1.1
3659vip6.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_3_8673.png
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://3659vip6.com:8989/
Certificate
IssuerLet's Encrypt
Subject3659vip6.com
Fingerprint0A:87:4F:14:C3:10:2A:06:6E:19:04:99:A1:38:A0:CD:46:81:DB:53
ValidityWed, 06 Sep 2023 15:16:47 GMT - Tue, 05 Dec 2023 15:16:46 GMT

File type
PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Size
25 kB (25030 bytes)
Hash
230a3ba266ae64dee8f70d0ff2f3b0e0
e5bd5defc0486a69adf7d8b187c2100e015260a2
c38424550af0abe01c532bcfdb9d3985a006a2f50ebe65da95b5a4afd2495449

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_3_8673.png HTTP/1.1
Host: 3659vip6.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3659vip6.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:34:32 GMT
Content-Type: image/png
Content-Length: 25030
Connection: keep-alive
Last-Modified: Mon, 19 Dec 2022 03:01:08 GMT
ETag: "639fd3f4-61c6"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:34:32 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-133
Accept-Ranges: bytes

3659vip6.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_90_ds_1010.png

43.198.190.53

200 OK

104 kB

URL GET HTTP/1.1
3659vip6.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_90_ds_1010.png
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://3659vip6.com:8989/
Certificate
IssuerLet's Encrypt
Subject3659vip6.com
Fingerprint0A:87:4F:14:C3:10:2A:06:6E:19:04:99:A1:38:A0:CD:46:81:DB:53
ValidityWed, 06 Sep 2023 15:16:47 GMT - Tue, 05 Dec 2023 15:16:46 GMT

File type
PNG image data, 250 x 215, 8-bit/color RGBA, non-interlaced\012- data
Size
104 kB (103628 bytes)
Hash
8d666e925b25cb11e51e73f93c070f4d
c6ff29c0819e955832f80eb564569cadd6a2b6e9
58377e7130027c1bc0b0d1640be5c18574464c78253ee14a8957586e32f55e0a

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_90_ds_1010.png HTTP/1.1
Host: 3659vip6.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3659vip6.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:34:32 GMT
Content-Type: image/png
Content-Length: 103628
Connection: keep-alive
Last-Modified: Tue, 10 May 2022 03:35:17 GMT
ETag: "6279dd75-194cc"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:34:32 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-133
Accept-Ranges: bytes

3659vip6.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_10_30598.png

43.198.190.53

200 OK

20 kB

URL GET HTTP/1.1
3659vip6.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_10_30598.png
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://3659vip6.com:8989/
Certificate
IssuerLet's Encrypt
Subject3659vip6.com
Fingerprint0A:87:4F:14:C3:10:2A:06:6E:19:04:99:A1:38:A0:CD:46:81:DB:53
ValidityWed, 06 Sep 2023 15:16:47 GMT - Tue, 05 Dec 2023 15:16:46 GMT

File type
PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Size
20 kB (20250 bytes)
Hash
06b42bc87015b1f21a614c47bd914859
533e764dcc3ae171ac0c8f51a7fbcca10f26072f
dbcc205b41e6eec3484c66381d57bd921175da6e5936ade916c42e8bd1110eb3

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_10_30598.png HTTP/1.1
Host: 3659vip6.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3659vip6.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:34:33 GMT
Content-Type: image/png
Content-Length: 20250
Connection: keep-alive
Last-Modified: Mon, 15 Jul 2019 12:48:11 GMT
ETag: "5d2c760b-4f1a"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:34:33 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-133
Accept-Ranges: bytes

3dsa62.gaokejd.xyz/ftl/commonPage/themes/images/layer-dialog/gui-layer-close-bg.png

104.250.33.35

200 OK

1.3 kB

URL GET HTTP/1.1
3dsa62.gaokejd.xyz/ftl/commonPage/themes/images/layer-dialog/gui-layer-close-bg.png
IP
104.250.33.35:443
ASN
#137280 Kingsoft cloud corporation limited

Requested by
https://3659vip6.com:8989/
Certificate
IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT

File type
PNG image data, 34 x 34, 8-bit/color RGBA, non-interlaced\012- data
Size
1.3 kB (1321 bytes)
Hash
a2e938202c0287b9c82461a6fd94dee9
b5e2adc7cb07c18a70a88af314e56b946ec1a1b6
df9ce20db277ad8302c704a73aff5024683a0d38aff0d3e7e884a67a24439936

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/commonPage/themes/images/layer-dialog/gui-layer-close-bg.png HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3dsa62.gaokejd.xyz/ftl/commonPage/themes/gui-layer.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 1321
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-02
ETag: "5d848f4f-529"
Date: Thu, 28 Sep 2023 08:06:23 GMT
Last-Modified: Fri, 20 Sep 2019 08:35:27 GMT
Expires: Sat, 28 Oct 2023 08:06:23 GMT
Age: 451690
Cache-Control: max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg03:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-02, HIT from KS-CLOUD-XG-03-03
X-Cdn-Request-ID: ed1cc80a076311036d455cc7a1db339d

3659vip6.com:8989/mobile-api/v5/origin/getThirdParam.html

43.198.190.53

200

103 B

URL GET HTTP/1.1
3659vip6.com:8989/mobile-api/v5/origin/getThirdParam.html
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://3659vip6.com:8989/
Certificate
IssuerLet's Encrypt
Subject3659vip6.com
Fingerprint0A:87:4F:14:C3:10:2A:06:6E:19:04:99:A1:38:A0:CD:46:81:DB:53
ValidityWed, 06 Sep 2023 15:16:47 GMT - Tue, 05 Dec 2023 15:16:46 GMT

File type
JSON data\012- , Unicode text, UTF-8 text, with no line terminators
Size
103 B (103 bytes)
Hash
9ac55fe189e4f53f37156e563e0f542e
18b13b1360ce9fbd973e046d2652be38d58a15e0
d7e02321006e1520d4c3e8d26428462419388e022cc89f3c974d0b87ad83af7b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /mobile-api/v5/origin/getThirdParam.html HTTP/1.1
Host: 3659vip6.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://3659vip6.com:8989/
Cookie: sticket=9UQXVOREl1TVRVME9; route=e4e732c52e31521cf093adea5bf44bc6
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Date: Tue, 03 Oct 2023 13:34:33 GMT
Content-Type: text/html;charset=utf-8
Content-Length: 103
Connection: keep-alive
Access-Control-Allow-Methods: *
Access-Control-Max-Age: 3600
Access-Control-Allow-Headers: Content-Type,Access-Token,X-Requested-With
Content-Disposition: inline;filename=f.txt
sub-sys: mobile
X-Frame-Options: SAMEORIGIN
uuid: 00141-02-00000000-16963400731d28
out-line: gb-site-133

3dsa62.gaokejd.xyz/ftl/bet365-141-2/images/index-lottery.jpg?wsSecret=10148a17bb8704c7425b73035117ea96&wsTime=1696340071

103.198.200.1

200 OK

7.9 kB

URL GET HTTP/1.1
3dsa62.gaokejd.xyz/ftl/bet365-141-2/images/index-lottery.jpg?wsSecret=10148a17bb8704c7425b73035117ea96&wsTime=1696340071
IP
103.198.200.1:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://3659vip6.com:8989/
Certificate
IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 270x81, components 3\012- data
Size
7.9 kB (7926 bytes)
Hash
90dfcd159d726929aa2e8140ac0a43cd
dae58fb59b64ca2922198f64c87762d10dbd161a
cd548d38e7e22e8597da17809e9dd1ee020cfe72288ac55fdb14c9b4130d9e92

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/bet365-141-2/images/index-lottery.jpg?wsSecret=10148a17bb8704c7425b73035117ea96&wsTime=1696340071 HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3659vip6.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 7926
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-06
ETag: "5d2c7603-1ef6"
Date: Thu, 28 Sep 2023 08:02:50 GMT
Last-Modified: Mon, 15 Jul 2019 12:48:03 GMT
Expires: Sat, 28 Oct 2023 08:02:50 GMT
Age: 451903
Cache-Control: max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-06, HIT from KS-CLOUD-XG-FOREIGN-21-16
X-Cdn-Request-ID: 51d5e32820d1e8624b1fcf019ac0c783

3659vip6.com:8989/game-api/v5/content/sportRecommended.html?t=lnad2xr6

43.198.190.53

200

755 B

URL GET HTTP/1.1
3659vip6.com:8989/game-api/v5/content/sportRecommended.html?t=lnad2xr6
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://3659vip6.com:8989/
Certificate
IssuerLet's Encrypt
Subject3659vip6.com
Fingerprint0A:87:4F:14:C3:10:2A:06:6E:19:04:99:A1:38:A0:CD:46:81:DB:53
ValidityWed, 06 Sep 2023 15:16:47 GMT - Tue, 05 Dec 2023 15:16:46 GMT

File type
JSON data\012- , Unicode text, UTF-8 text, with very long lines (2759), with no line terminators
Size
755 B (755 bytes)
Hash
1a8ea2eba6062801d6e96d38028ddb48
db6ac927d3a44bc3c1309a3358f095cc7b0be514
31413276ebe4e6cfee64debf63b81ec30787f7457382a6324b1c1eefd7073b2f

HTTP Headers

GET /game-api/v5/content/sportRecommended.html?t=lnad2xr6 HTTP/1.1
Host: 3659vip6.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://3659vip6.com:8989/
Cookie: sticket=9UQXVOREl1TVRVME9; route=e4e732c52e31521cf093adea5bf44bc6
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Date: Tue, 03 Oct 2023 13:34:33 GMT
Content-Type: text/html;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Set-Cookie: route=290ce78404a5215f66d3621e56fad2b8; Path=/
Content-Disposition: inline;filename=f.txt
sub-sys: mobile
Content-Encoding: gzip
X-Frame-Options: SAMEORIGIN
uuid: 00141-02-00000000-16963400731099
out-line: gb-site-133

3659vip6.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_10_30593.png

43.198.190.53

200 OK

87 kB

URL GET HTTP/1.1
3659vip6.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_10_30593.png
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://3659vip6.com:8989/
Certificate
IssuerLet's Encrypt
Subject3659vip6.com
Fingerprint0A:87:4F:14:C3:10:2A:06:6E:19:04:99:A1:38:A0:CD:46:81:DB:53
ValidityWed, 06 Sep 2023 15:16:47 GMT - Tue, 05 Dec 2023 15:16:46 GMT

File type
PNG image data, 250 x 215, 8-bit/color RGBA, non-interlaced\012- data
Size
87 kB (86675 bytes)
Hash
c851a15f25d8a0c556c7a56b75aebf6f
90dd4c3169383ee12aea9e93ce8fdfb6f3146f51
655efce4a9020abae7117b5e296b181b1ffbd3f9b9dece49f1e547cf6b9396b3

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_10_30593.png HTTP/1.1
Host: 3659vip6.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3659vip6.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:34:33 GMT
Content-Type: image/png
Content-Length: 86675
Connection: keep-alive
Last-Modified: Wed, 06 Oct 2021 05:11:57 GMT
ETag: "615d301d-15293"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:34:33 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-133
Accept-Ranges: bytes

3dsa62.gaokejd.xyz/ftl/bet365-141-2/images/index-casino.jpg?wsSecret=ee4acecb715b97fa4832f4799afe9e06&wsTime=1696340071

103.198.200.1

200 OK

12 kB

URL GET HTTP/1.1
3dsa62.gaokejd.xyz/ftl/bet365-141-2/images/index-casino.jpg?wsSecret=ee4acecb715b97fa4832f4799afe9e06&wsTime=1696340071
IP
103.198.200.1:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://3659vip6.com:8989/
Certificate
IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 271x81, components 3\012- data
Size
12 kB (11660 bytes)
Hash
62f912bb32aecad4ab710243a04a4ba9
f8a22eaaf6dc17329932db9c19484907332ea800
ecc11913678af89246c957fae2eaf6cbb07316f7ad24bdcc3e2b115293e46f60

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/bet365-141-2/images/index-casino.jpg?wsSecret=ee4acecb715b97fa4832f4799afe9e06&wsTime=1696340071 HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3659vip6.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 11660
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-05
ETag: "5d2c7603-2d8c"
Date: Thu, 28 Sep 2023 08:02:50 GMT
Last-Modified: Mon, 15 Jul 2019 12:48:03 GMT
Expires: Sat, 28 Oct 2023 08:02:50 GMT
Age: 451902
Cache-Control: max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-05, HIT from KS-CLOUD-XG-FOREIGN-21-12
X-Cdn-Request-ID: 6a36673a098483dee3606b6a30ce2655

3659vip6.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_73_411.png

43.198.190.53

200 OK

107 kB

URL GET HTTP/1.1
3659vip6.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_73_411.png
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://3659vip6.com:8989/
Certificate
IssuerLet's Encrypt
Subject3659vip6.com
Fingerprint0A:87:4F:14:C3:10:2A:06:6E:19:04:99:A1:38:A0:CD:46:81:DB:53
ValidityWed, 06 Sep 2023 15:16:47 GMT - Tue, 05 Dec 2023 15:16:46 GMT

File type
PNG image data, 250 x 215, 8-bit/color RGBA, non-interlaced\012- data
Size
107 kB (107367 bytes)
Hash
f391a00c7ca4a801c7c46431f6949f3e
392e698fcd6b15c2397eb576de33134e7abae702
1ffd1f9416cc641e5c5659de5a2f1530bbe7ddeeb71c91af2db8129c6624f64f

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_73_411.png HTTP/1.1
Host: 3659vip6.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3659vip6.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:34:32 GMT
Content-Type: image/png
Content-Length: 107367
Connection: keep-alive
Last-Modified: Sat, 11 Sep 2021 09:11:25 GMT
ETag: "613c72bd-1a367"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:34:32 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-133
Accept-Ranges: bytes

3dsa62.gaokejd.xyz/ftl/bet365-141-2/images/index-game.jpg?wsSecret=20cbc62b9f8c30a75ee657981341abf3&wsTime=1696340071

103.198.200.1

200 OK

12 kB

URL GET HTTP/1.1
3dsa62.gaokejd.xyz/ftl/bet365-141-2/images/index-game.jpg?wsSecret=20cbc62b9f8c30a75ee657981341abf3&wsTime=1696340071
IP
103.198.200.1:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://3659vip6.com:8989/
Certificate
IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 271x81, components 3\012- data
Size
12 kB (11478 bytes)
Hash
6274335f5e37fb7e3aa19dba05a07ef3
d54c0b0cccf2158aee56d7f1f465d5bb907edf06
39d9bd9e19956bb52c4c880dc6987383c34dc0873aadaa6b3763e3421e06def7

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/bet365-141-2/images/index-game.jpg?wsSecret=20cbc62b9f8c30a75ee657981341abf3&wsTime=1696340071 HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3659vip6.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 11478
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-01
ETag: "5d2c7603-2cd6"
Date: Thu, 28 Sep 2023 08:02:49 GMT
Last-Modified: Mon, 15 Jul 2019 12:48:03 GMT
Expires: Sat, 28 Oct 2023 08:02:49 GMT
Age: 451903
Cache-Control: max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-01, HIT from KS-CLOUD-XG-FOREIGN-21-03
X-Cdn-Request-ID: ccdcf253214bc40968f855ecfdb84c5e

3dsa62.gaokejd.xyz/ftl/bet365-141-2/themes/images/body-bg.gif?wsSecret=8e6098fac43223b14f9e0fc110234f29&wsTime=1696340071

103.198.200.1

200 OK

758 B

URL GET HTTP/1.1
3dsa62.gaokejd.xyz/ftl/bet365-141-2/themes/images/body-bg.gif?wsSecret=8e6098fac43223b14f9e0fc110234f29&wsTime=1696340071
IP
103.198.200.1:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://3659vip6.com:8989/
Certificate
IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT

File type
GIF image data, version 89a, 1 x 500\012- data
Size
758 B (758 bytes)
Hash
41a9eebb99ba7c3b2a905aaa45726923
abf17115c33bdea05313ce6bcebe3fe4d7da935a
f9b50670a93fcef81c4f838f7da60d397994bea07f83af0f51ae89d670f1189c

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/bet365-141-2/themes/images/body-bg.gif?wsSecret=8e6098fac43223b14f9e0fc110234f29&wsTime=1696340071 HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3659vip6.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/gif
Content-Length: 758
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-04
ETag: "5d2c7603-2f6"
Date: Thu, 28 Sep 2023 08:02:50 GMT
Last-Modified: Mon, 15 Jul 2019 12:48:03 GMT
Expires: Sat, 28 Oct 2023 08:02:50 GMT
Age: 451902
Cache-Control: max-age=86400
Accept-Ranges: bytes
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-04, HIT from KS-CLOUD-XG-FOREIGN-21-04
X-Cdn-Request-ID: 9b3aeffbf89b376fde29d93f23409fbc

3659vip6.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_3_7696.png

43.198.190.53

200 OK

23 kB

URL GET HTTP/1.1
3659vip6.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_3_7696.png
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://3659vip6.com:8989/
Certificate
IssuerLet's Encrypt
Subject3659vip6.com
Fingerprint0A:87:4F:14:C3:10:2A:06:6E:19:04:99:A1:38:A0:CD:46:81:DB:53
ValidityWed, 06 Sep 2023 15:16:47 GMT - Tue, 05 Dec 2023 15:16:46 GMT

File type
PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Size
23 kB (22876 bytes)
Hash
8443275571f203acae6b53207ed73b9f
c3d112abe5edbacb300b321b54cdc9c7d4666bbf
c54b7cdaf70e87778fc4d9c645d5c0296184f7f67793a2b777c194599700882c

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_3_7696.png HTTP/1.1
Host: 3659vip6.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3659vip6.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:34:33 GMT
Content-Type: image/png
Content-Length: 22876
Connection: keep-alive
Last-Modified: Tue, 29 Mar 2022 10:22:55 GMT
ETag: "6242ddff-595c"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:34:33 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-133
Accept-Ranges: bytes

3dsa62.gaokejd.xyz/fserver/files/gb/141/carousel/10322/1663577476020.png?wsSecret=06f1c698e60176d16e1b52e13c8291e7&wsTime=1696340071

104.250.33.35

200 OK

122 kB

URL GET HTTP/1.1
3dsa62.gaokejd.xyz/fserver/files/gb/141/carousel/10322/1663577476020.png?wsSecret=06f1c698e60176d16e1b52e13c8291e7&wsTime=1696340071
IP
104.250.33.35:443
ASN
#137280 Kingsoft cloud corporation limited

Requested by
https://3659vip6.com:8989/
Certificate
IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT

File type
PNG image data, 694 x 500, 8-bit colormap, non-interlaced\012- data
Size
122 kB (121611 bytes)
Hash
9b4d417046a78dcf8e12a51376905624
162c19341237baf7d2107461a954e4451321b55f
0bd1ed2e44971103548fd5ba76ecd6a8b8903b011e5715e869989be81e613341

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /fserver/files/gb/141/carousel/10322/1663577476020.png?wsSecret=06f1c698e60176d16e1b52e13c8291e7&wsTime=1696340071 HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3659vip6.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 121611
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-03
ETag: "6379d70d-1db0b"
Date: Thu, 28 Sep 2023 08:09:32 GMT
Last-Modified: Sun, 20 Nov 2022 07:28:13 GMT
Expires: Sat, 28 Oct 2023 08:09:32 GMT
Age: 451500
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xg03:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-03, HIT from KS-CLOUD-XG-FOREIGN-03-10
X-Cdn-Request-ID: af201e58ae69f06d17dfcfebb21b5f57

3659vip6.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_10_30592.png

43.198.190.53

200 OK

18 kB

URL GET HTTP/1.1
3659vip6.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_10_30592.png
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://3659vip6.com:8989/
Certificate
IssuerLet's Encrypt
Subject3659vip6.com
Fingerprint0A:87:4F:14:C3:10:2A:06:6E:19:04:99:A1:38:A0:CD:46:81:DB:53
ValidityWed, 06 Sep 2023 15:16:47 GMT - Tue, 05 Dec 2023 15:16:46 GMT

File type
PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Size
18 kB (17796 bytes)
Hash
2a8b9275fdec775b8d1ec6e4b0c5df8f
d1d297beee93861fd031fa9e66ddfbe8f7822e28
d2e8ae7ed84c4081f1aa6e15229af593354b571a2097b506a489a0bc1eeea8ec

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_10_30592.png HTTP/1.1
Host: 3659vip6.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3659vip6.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:34:33 GMT
Content-Type: image/png
Content-Length: 17796
Connection: keep-alive
Last-Modified: Fri, 10 Mar 2023 09:30:12 GMT
ETag: "640af8a4-4584"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:34:33 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-133
Accept-Ranges: bytes

3659vip6.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_3_8339.png

43.198.190.53

200 OK

96 kB

URL GET HTTP/1.1
3659vip6.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_3_8339.png
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://3659vip6.com:8989/
Certificate
IssuerLet's Encrypt
Subject3659vip6.com
Fingerprint0A:87:4F:14:C3:10:2A:06:6E:19:04:99:A1:38:A0:CD:46:81:DB:53
ValidityWed, 06 Sep 2023 15:16:47 GMT - Tue, 05 Dec 2023 15:16:46 GMT

File type
PNG image data, 250 x 215, 8-bit/color RGBA, non-interlaced\012- data
Size
96 kB (95973 bytes)
Hash
852c361c9460f489e179f3d34edab1dd
c981b28bbab1500869ff9aa937c3f17e67262ad8
97538b6351173a03757ff751ee08d62cf615b8e01725bc60ec299a2b54a6859b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_3_8339.png HTTP/1.1
Host: 3659vip6.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3659vip6.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:34:33 GMT
Content-Type: image/png
Content-Length: 95973
Connection: keep-alive
Last-Modified: Mon, 20 Jun 2022 03:50:04 GMT
ETag: "62afee6c-176e5"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:34:33 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-133
Accept-Ranges: bytes

3659vip6.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_10_30595.png

43.198.190.53

200 OK

28 kB

URL GET HTTP/1.1
3659vip6.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_10_30595.png
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://3659vip6.com:8989/
Certificate
IssuerLet's Encrypt
Subject3659vip6.com
Fingerprint0A:87:4F:14:C3:10:2A:06:6E:19:04:99:A1:38:A0:CD:46:81:DB:53
ValidityWed, 06 Sep 2023 15:16:47 GMT - Tue, 05 Dec 2023 15:16:46 GMT

File type
PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Size
28 kB (27580 bytes)
Hash
b2c524e4d0297da3203c6d45d2f07115
e91bac7336aabae38e8038d2fd931a2f42fe3c84
91c4128aa7b5fa411efae3f85e25b618c0e83958b984a0460dc5e51cb83ccdd1

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_10_30595.png HTTP/1.1
Host: 3659vip6.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3659vip6.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:34:33 GMT
Content-Type: image/png
Content-Length: 27580
Connection: keep-alive
Last-Modified: Tue, 21 Dec 2021 09:55:47 GMT
ETag: "61c1a4a3-6bbc"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:34:33 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-133
Accept-Ranges: bytes

3659vip6.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_10_30588.png

43.198.190.53

200 OK

20 kB

URL GET HTTP/1.1
3659vip6.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_10_30588.png
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://3659vip6.com:8989/
Certificate
IssuerLet's Encrypt
Subject3659vip6.com
Fingerprint0A:87:4F:14:C3:10:2A:06:6E:19:04:99:A1:38:A0:CD:46:81:DB:53
ValidityWed, 06 Sep 2023 15:16:47 GMT - Tue, 05 Dec 2023 15:16:46 GMT

File type
PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Size
20 kB (19724 bytes)
Hash
f5a323409d6eeca58e65b88d3d0bdd15
6b60c6305e3065a1e9641865eb20243526444f17
b895770db7a902a14119dae3f32bb5622b8e0ae8ddb181f5b4e833e6cd535fb2

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_10_30588.png HTTP/1.1
Host: 3659vip6.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3659vip6.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:34:33 GMT
Content-Type: image/png
Content-Length: 19724
Connection: keep-alive
Last-Modified: Mon, 05 Jun 2023 01:35:42 GMT
ETag: "647d3bee-4d0c"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:34:33 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-133
Accept-Ranges: bytes

3dsa62.gaokejd.xyz/fserver/files/gb/141/carousel/10402/1694933395297.jpg?wsSecret=537c72ca51a6784856d7966c27e1ca1f&wsTime=1696340071

104.250.33.35

200 OK

396 kB

URL GET HTTP/1.1
3dsa62.gaokejd.xyz/fserver/files/gb/141/carousel/10402/1694933395297.jpg?wsSecret=537c72ca51a6784856d7966c27e1ca1f&wsTime=1696340071
IP
104.250.33.35:443
ASN
#137280 Kingsoft cloud corporation limited

Requested by
https://3659vip6.com:8989/
Certificate
IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 694x520, components 3\012- data
Size
396 kB (395791 bytes)
Hash
3b5db1903355f4bf7f91129ceae9d1be
06e7ee5a32d3824415680395548f5265e2e9efe9
ad7d8e59e738426389ed5023b09a1fb1960dafb371a03e9ea06b6120327e403d

HTTP Headers

GET /fserver/files/gb/141/carousel/10402/1694933395297.jpg?wsSecret=537c72ca51a6784856d7966c27e1ca1f&wsTime=1696340071 HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3659vip6.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 395791
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-05
ETag: "6506a193-60a0f"
Date: Thu, 28 Sep 2023 08:09:32 GMT
Last-Modified: Sun, 17 Sep 2023 06:49:55 GMT
Expires: Sat, 28 Oct 2023 08:09:32 GMT
Age: 451500
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xg03:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-05, HIT from KS-CLOUD-XG-FOREIGN-03-05
X-Cdn-Request-ID: f4b6cf1019828614d312c7499cc55fc9

3659vip6.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_9_6.png

43.198.190.53

200 OK

22 kB

URL GET HTTP/1.1
3659vip6.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_9_6.png
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://3659vip6.com:8989/
Certificate
IssuerLet's Encrypt
Subject3659vip6.com
Fingerprint0A:87:4F:14:C3:10:2A:06:6E:19:04:99:A1:38:A0:CD:46:81:DB:53
ValidityWed, 06 Sep 2023 15:16:47 GMT - Tue, 05 Dec 2023 15:16:46 GMT

File type
PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Size
22 kB (21622 bytes)
Hash
18fc529cc0b071eee9ab764c7b3cebf2
e79958322824752ee3be995515d242f3a65dbd15
7dc7c033a2391b021f70e5576b15806c1e3e73b2bf5a0beda751bbdff7513b7b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_9_6.png HTTP/1.1
Host: 3659vip6.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3659vip6.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:34:33 GMT
Content-Type: image/png
Content-Length: 21622
Connection: keep-alive
Last-Modified: Mon, 15 Jul 2019 12:48:11 GMT
ETag: "5d2c760b-5476"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:34:33 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-133
Accept-Ranges: bytes

3659vip6.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_9_HMSH.png

43.198.190.53

200 OK

20 kB

URL GET HTTP/1.1
3659vip6.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_9_HMSH.png
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://3659vip6.com:8989/
Certificate
IssuerLet's Encrypt
Subject3659vip6.com
Fingerprint0A:87:4F:14:C3:10:2A:06:6E:19:04:99:A1:38:A0:CD:46:81:DB:53
ValidityWed, 06 Sep 2023 15:16:47 GMT - Tue, 05 Dec 2023 15:16:46 GMT

File type
PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Size
20 kB (19597 bytes)
Hash
82c905f14c36be0d2fa670516edded31
437546d720284de3982ff79df6a946b81e923371
f3cdfd33e75d6f3877e1e0da0491c2b2a65c66f95d434c6b08950b0b5d5b9cc6

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_9_HMSH.png HTTP/1.1
Host: 3659vip6.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3659vip6.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:34:33 GMT
Content-Type: image/png
Content-Length: 19597
Connection: keep-alive
Last-Modified: Sat, 11 Sep 2021 09:11:26 GMT
ETag: "613c72be-4c8d"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:34:33 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-133
Accept-Ranges: bytes

3659vip6.com:8989/fserver/files/sportTeam/football/pt03.png

43.198.190.53

200 OK

7.0 kB

URL GET HTTP/1.1
3659vip6.com:8989/fserver/files/sportTeam/football/pt03.png
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://3659vip6.com:8989/
Certificate
IssuerLet's Encrypt
Subject3659vip6.com
Fingerprint0A:87:4F:14:C3:10:2A:06:6E:19:04:99:A1:38:A0:CD:46:81:DB:53
ValidityWed, 06 Sep 2023 15:16:47 GMT - Tue, 05 Dec 2023 15:16:46 GMT

File type
PNG image data, 150 x 150, 8-bit colormap, non-interlaced\012- data
Size
7.0 kB (6961 bytes)
Hash
43f500c22dc35cdc7584ff070476a37f
7fffd6464cc1b90efa0dd96e2cbb19d9fd4f8c58
44697b36473e1eebef6bf419d50f4d937676932d6d2a2cc3b65919661adf8a82

HTTP Headers

GET /fserver/files/sportTeam/football/pt03.png HTTP/1.1
Host: 3659vip6.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3659vip6.com:8989/
Cookie: sticket=9UQXVOREl1TVRVME9; route=290ce78404a5215f66d3621e56fad2b8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:34:33 GMT
Content-Type: image/png
Content-Length: 6961
Connection: keep-alive
Last-Modified: Mon, 19 Nov 2018 03:48:52 GMT
Vary: Accept-Encoding
ETag: "5bf232a4-1b31"
Expires: Wed, 04 Oct 2023 13:34:33 GMT
Cache-Control: max-age=86400
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-site-133
Accept-Ranges: bytes

3659vip6.com:8989/fserver/files/sportTeam/football/de26.png

43.198.190.53

200 OK

13 kB

URL GET HTTP/1.1
3659vip6.com:8989/fserver/files/sportTeam/football/de26.png
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://3659vip6.com:8989/
Certificate
IssuerLet's Encrypt
Subject3659vip6.com
Fingerprint0A:87:4F:14:C3:10:2A:06:6E:19:04:99:A1:38:A0:CD:46:81:DB:53
ValidityWed, 06 Sep 2023 15:16:47 GMT - Tue, 05 Dec 2023 15:16:46 GMT

File type
PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced\012- data
Size
13 kB (13375 bytes)
Hash
7273ff05ae6c6d5db14481285d7cb1ab
9ae6fa365a825510b87aba8ccc3b3602717adcbe
27c7d0d420d1e700862dc781ab2da7a09cf4adf9f920894333969221683bb357

HTTP Headers

GET /fserver/files/sportTeam/football/de26.png HTTP/1.1
Host: 3659vip6.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3659vip6.com:8989/
Cookie: sticket=9UQXVOREl1TVRVME9; route=290ce78404a5215f66d3621e56fad2b8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:34:33 GMT
Content-Type: image/png
Content-Length: 13375
Connection: keep-alive
Last-Modified: Wed, 24 Jul 2019 08:37:10 GMT
Vary: Accept-Encoding
ETag: "5d3818b6-343f"
Expires: Wed, 04 Oct 2023 13:34:33 GMT
Cache-Control: max-age=86400
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-site-133
Accept-Ranges: bytes

3dsa62.gaokejd.xyz/fserver/files/gb/141/carousel/10289/1639550762197.png?wsSecret=76e257471fa45399020fd92863dfed79&wsTime=1696340071

104.250.33.35

200 OK

218 kB

URL GET HTTP/1.1
3dsa62.gaokejd.xyz/fserver/files/gb/141/carousel/10289/1639550762197.png?wsSecret=76e257471fa45399020fd92863dfed79&wsTime=1696340071
IP
104.250.33.35:443
ASN
#137280 Kingsoft cloud corporation limited

Requested by
https://3659vip6.com:8989/
Certificate
IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT

File type
PNG image data, 1400 x 1047, 8-bit colormap, non-interlaced\012- data
Size
218 kB (217791 bytes)
Hash
749eb8a1547b3e80185b25a86f3f8dac
bd345cbbb9f96c74a8165ccb31db3e4c1fb88ca9
9ebf68db59bfe23f21efe6711f3cfdba4859e5a874a9587928d20a288daf13a0

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /fserver/files/gb/141/carousel/10289/1639550762197.png?wsSecret=76e257471fa45399020fd92863dfed79&wsTime=1696340071 HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3659vip6.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 217791
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-05
ETag: "6379d6a0-352bf"
Date: Thu, 28 Sep 2023 08:09:43 GMT
Last-Modified: Sun, 20 Nov 2022 07:26:24 GMT
Expires: Sat, 28 Oct 2023 08:09:43 GMT
Age: 451490
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xg03:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-05, HIT from KS-CLOUD-XG-FOREIGN-03-11
X-Cdn-Request-ID: dd0ef34227511c2feb988390c11219c5

ocsp.r2m01.amazontrust.com/

108.156.15.108

471 B

URL
ocsp.r2m01.amazontrust.com/
IP
108.156.15.108:0
ASN
#0

File type
data
Size
471 B (471 bytes)
Hash
eed471c91a532b4ec94cec539985a73c
eeff32f763201ff0586026afb07618bcc791eae3
92c2092ea534a94a9f558862dca11c1bd1c94ed5410e591176134680510f2dcd

HTTP Headers

POST / HTTP/1.1
Host: ocsp.r2m01.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Tue, 03 Oct 2023 13:34:33 GMT
Last-Modified: Tue, 03 Oct 2023 13:10:46 GMT
Server: ECAcc (amb/6AC3)
X-Cache: Miss from cloudfront
Via: 1.1 15f101bbbd2c0af1fa1038ce000605c6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: HEL51-P1
X-Amz-Cf-Id: 9ow7LLkpUGhHADdqtO4DbI94GWQ3R8CQtCSztcYEbDItnO7GnAy71g==
Age: 1428

3dsa62.gaokejd.xyz/fserver/files/gb/141/carousel/10311/1658375599529.png?wsSecret=b3db7847d007bd4c28a59a0d54993bcc&wsTime=1696340071

104.250.33.35

200 OK

279 kB

URL GET HTTP/1.1
3dsa62.gaokejd.xyz/fserver/files/gb/141/carousel/10311/1658375599529.png?wsSecret=b3db7847d007bd4c28a59a0d54993bcc&wsTime=1696340071
IP
104.250.33.35:443
ASN
#137280 Kingsoft cloud corporation limited

Requested by
https://3659vip6.com:8989/
Certificate
IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT

File type
PNG image data, 1384 x 961, 8-bit colormap, non-interlaced\012- data
Size
279 kB (278659 bytes)
Hash
a494db53e3ad3d19a85e330e33b6a182
315a19514103494c6cf60a8d91545e1944206047
1c32a585655c4d7d56b66a7e578c240d7a0d3808b16bc15a2f30b97ce02aa275

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /fserver/files/gb/141/carousel/10311/1658375599529.png?wsSecret=b3db7847d007bd4c28a59a0d54993bcc&wsTime=1696340071 HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3659vip6.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 278659
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-06
ETag: "6379d6df-44083"
Date: Thu, 28 Sep 2023 08:09:32 GMT
Last-Modified: Sun, 20 Nov 2022 07:27:27 GMT
Expires: Sat, 28 Oct 2023 08:09:32 GMT
Age: 451500
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xg03:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-06, HIT from KS-CLOUD-XG-FOREIGN-03-07
X-Cdn-Request-ID: 97b9849e052eb3487dc7e28fd7f96a97

3dsa62.gaokejd.xyz/ftl/bet365-141-2/themes/images/head1.jpg?wsSecret=14f5673850d36167854332105d5bc636&wsTime=1696340071

104.250.33.35

200 OK

7.7 kB

URL GET HTTP/1.1
3dsa62.gaokejd.xyz/ftl/bet365-141-2/themes/images/head1.jpg?wsSecret=14f5673850d36167854332105d5bc636&wsTime=1696340071
IP
104.250.33.35:443
ASN
#137280 Kingsoft cloud corporation limited

Requested by
https://3659vip6.com:8989/
Certificate
IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 960x72, components 3\012- data
Size
7.7 kB (7727 bytes)
Hash
4e7da730a5cbfe4a7ce573ddcea0e60a
ac31a27a6d71a7a297905c195a6434f043f7f0a7
fe5506589506db3c8dad8b544636c2794a764f28a9ab79215714d5cfe2d866c0

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/bet365-141-2/themes/images/head1.jpg?wsSecret=14f5673850d36167854332105d5bc636&wsTime=1696340071 HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3659vip6.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 7727
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-01
ETag: "613c72a8-1e2f"
Date: Thu, 28 Sep 2023 08:02:50 GMT
Last-Modified: Sat, 11 Sep 2021 09:11:04 GMT
Expires: Sat, 28 Oct 2023 08:02:50 GMT
Age: 451903
Cache-Control: max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xg03:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-01, HIT from KS-CLOUD-XG-FOREIGN-03-11
X-Cdn-Request-ID: 70a6133e416f251db3f68fc82384c5f6

3659vip6.com:8989/fserver/files/gb/0/siteGameNavigation/0/1663921259266.png

43.198.190.53

200 OK

9.9 kB

URL GET HTTP/1.1
3659vip6.com:8989/fserver/files/gb/0/siteGameNavigation/0/1663921259266.png
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://3659vip6.com:8989/
Certificate
IssuerLet's Encrypt
Subject3659vip6.com
Fingerprint0A:87:4F:14:C3:10:2A:06:6E:19:04:99:A1:38:A0:CD:46:81:DB:53
ValidityWed, 06 Sep 2023 15:16:47 GMT - Tue, 05 Dec 2023 15:16:46 GMT

File type
PNG image data, 150 x 150, 8-bit colormap, non-interlaced\012- data
Size
9.9 kB (9903 bytes)
Hash
bde2ef956bc333150f06f11a82e09aad
6a45da232d31fcb04c53ea9a57221c08fd176d08
c7bfe52050bcafc68a7b080e141cf5826761b67bc40fb89825b645eff5e8b3df

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /fserver/files/gb/0/siteGameNavigation/0/1663921259266.png HTTP/1.1
Host: 3659vip6.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3659vip6.com:8989/
Cookie: sticket=9UQXVOREl1TVRVME9; route=290ce78404a5215f66d3621e56fad2b8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:34:33 GMT
Content-Type: image/png
Content-Length: 9903
Connection: keep-alive
Last-Modified: Fri, 23 Sep 2022 08:20:59 GMT
Vary: Accept-Encoding
ETag: "632d6c6b-26af"
Expires: Wed, 04 Oct 2023 13:34:33 GMT
Cache-Control: max-age=86400
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-site-133
Accept-Ranges: bytes

3659vip6.com:8989/fserver/files/sportTeam/football/en07.png

43.198.190.53

200 OK

5.9 kB

URL GET HTTP/1.1
3659vip6.com:8989/fserver/files/sportTeam/football/en07.png
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://3659vip6.com:8989/
Certificate
IssuerLet's Encrypt
Subject3659vip6.com
Fingerprint0A:87:4F:14:C3:10:2A:06:6E:19:04:99:A1:38:A0:CD:46:81:DB:53
ValidityWed, 06 Sep 2023 15:16:47 GMT - Tue, 05 Dec 2023 15:16:46 GMT

File type
PNG image data, 150 x 150, 8-bit colormap, non-interlaced\012- data
Size
5.9 kB (5916 bytes)
Hash
991514091de72a099ae947c7e0bd2c9d
446770ed35c0570b9cac57d5728cc33ba55f6046
393e067c36af1ce4084aa6d758c20f57db38ed68c9ffee331899cf9a1c5b703f

HTTP Headers

GET /fserver/files/sportTeam/football/en07.png HTTP/1.1
Host: 3659vip6.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3659vip6.com:8989/
Cookie: sticket=9UQXVOREl1TVRVME9; route=290ce78404a5215f66d3621e56fad2b8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:34:33 GMT
Content-Type: image/png
Content-Length: 5916
Connection: keep-alive
Last-Modified: Wed, 14 Nov 2018 05:42:00 GMT
Vary: Accept-Encoding
ETag: "5bebb5a8-171c"
Expires: Wed, 04 Oct 2023 13:34:33 GMT
Cache-Control: max-age=86400
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-site-133
Accept-Ranges: bytes

3659vip6.com:8989/fserver/files/sportTeam/football/tr02.png

43.198.190.53

200 OK

14 kB

URL GET HTTP/1.1
3659vip6.com:8989/fserver/files/sportTeam/football/tr02.png
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://3659vip6.com:8989/
Certificate
IssuerLet's Encrypt
Subject3659vip6.com
Fingerprint0A:87:4F:14:C3:10:2A:06:6E:19:04:99:A1:38:A0:CD:46:81:DB:53
ValidityWed, 06 Sep 2023 15:16:47 GMT - Tue, 05 Dec 2023 15:16:46 GMT

File type
PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced\012- data
Size
14 kB (14282 bytes)
Hash
4cbe63f38066cee6b0e8b16257f7c96b
73682979e803d37cdf73951116065d7c4e9d8fa6
4a0ca58eab43500034c98e96aac47f1733fe688580dabdf06f4919385534abf0

HTTP Headers

GET /fserver/files/sportTeam/football/tr02.png HTTP/1.1
Host: 3659vip6.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3659vip6.com:8989/
Cookie: sticket=9UQXVOREl1TVRVME9; route=290ce78404a5215f66d3621e56fad2b8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:34:34 GMT
Content-Type: image/png
Content-Length: 14282
Connection: keep-alive
Last-Modified: Fri, 16 Nov 2018 11:58:10 GMT
Vary: Accept-Encoding
ETag: "5beeb0d2-37ca"
Expires: Wed, 04 Oct 2023 13:34:34 GMT
Cache-Control: max-age=86400
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-site-133
Accept-Ranges: bytes

3659vip6.com:8989/fserver/files/sportTeam/football/fr27.png

43.198.190.53

200 OK

5.3 kB

URL GET HTTP/1.1
3659vip6.com:8989/fserver/files/sportTeam/football/fr27.png
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://3659vip6.com:8989/
Certificate
IssuerLet's Encrypt
Subject3659vip6.com
Fingerprint0A:87:4F:14:C3:10:2A:06:6E:19:04:99:A1:38:A0:CD:46:81:DB:53
ValidityWed, 06 Sep 2023 15:16:47 GMT - Tue, 05 Dec 2023 15:16:46 GMT

File type
PNG image data, 150 x 150, 8-bit colormap, non-interlaced\012- data
Size
5.3 kB (5291 bytes)
Hash
8ebade574cca1f25cfe97bfc609e552d
49cd04b18560d6224a6fe1752294673d30140136
3894228ba3704c8980366724fb4e140d256ed9429ee1b83d4741dfef13a39492

HTTP Headers

GET /fserver/files/sportTeam/football/fr27.png HTTP/1.1
Host: 3659vip6.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3659vip6.com:8989/
Cookie: sticket=9UQXVOREl1TVRVME9; route=290ce78404a5215f66d3621e56fad2b8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:34:34 GMT
Content-Type: image/png
Content-Length: 5291
Connection: keep-alive
Last-Modified: Wed, 14 Nov 2018 04:11:32 GMT
Vary: Accept-Encoding
ETag: "5beba074-14ab"
Expires: Wed, 04 Oct 2023 13:34:34 GMT
Cache-Control: max-age=86400
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-site-133
Accept-Ranges: bytes

3dsa62.gaokejd.xyz/fserver/files/gb/141/carousel/10381/1687412906249.jpg?wsSecret=d02e6727b058ea72b041ef5d03da0020&wsTime=1696340071

104.250.33.35

200 OK

369 kB

URL GET HTTP/1.1
3dsa62.gaokejd.xyz/fserver/files/gb/141/carousel/10381/1687412906249.jpg?wsSecret=d02e6727b058ea72b041ef5d03da0020&wsTime=1696340071
IP
104.250.33.35:443
ASN
#137280 Kingsoft cloud corporation limited

Requested by
https://3659vip6.com:8989/
Certificate
IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 694x520, components 3\012- data
Size
369 kB (368702 bytes)
Hash
de11f3b1d817b150ad03f39aaedd0017
3b6dcfd2d2d5fa19397144ef3c8e1734b1635542
10ff505bcab9d3bc20bbe02032a4b5bb474368cc164c60cbc9f3f59701503a6e

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /fserver/files/gb/141/carousel/10381/1687412906249.jpg?wsSecret=d02e6727b058ea72b041ef5d03da0020&wsTime=1696340071 HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3659vip6.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 368702
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-05
ETag: "6493e0aa-5a03e"
Date: Thu, 28 Sep 2023 08:09:43 GMT
Last-Modified: Thu, 22 Jun 2023 05:48:26 GMT
Expires: Sat, 28 Oct 2023 08:09:43 GMT
Age: 451489
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xg03:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-05, HIT from KS-CLOUD-XG-FOREIGN-03-07
X-Cdn-Request-ID: 560479f36b91d10944f2c7d0e15c229f

3659vip6.com:8989/fserver/files/sportTeam/football/en06.png

43.198.190.53

200 OK

8.3 kB

URL GET HTTP/1.1
3659vip6.com:8989/fserver/files/sportTeam/football/en06.png
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://3659vip6.com:8989/
Certificate
IssuerLet's Encrypt
Subject3659vip6.com
Fingerprint0A:87:4F:14:C3:10:2A:06:6E:19:04:99:A1:38:A0:CD:46:81:DB:53
ValidityWed, 06 Sep 2023 15:16:47 GMT - Tue, 05 Dec 2023 15:16:46 GMT

File type
PNG image data, 150 x 150, 8-bit colormap, non-interlaced\012- data
Size
8.3 kB (8266 bytes)
Hash
8c597c02135fc6dd1fcd25fbb155bf64
1766765d593b2cfbd199e178d95a4257a6d23fd5
4307d34ec5c483ad4cb5e09b33691f5725a301a68eea661243ce89110587646c

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /fserver/files/sportTeam/football/en06.png HTTP/1.1
Host: 3659vip6.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3659vip6.com:8989/
Cookie: sticket=9UQXVOREl1TVRVME9; route=290ce78404a5215f66d3621e56fad2b8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:34:34 GMT
Content-Type: image/png
Content-Length: 8266
Connection: keep-alive
Last-Modified: Wed, 14 Nov 2018 03:28:40 GMT
Vary: Accept-Encoding
ETag: "5beb9668-204a"
Expires: Wed, 04 Oct 2023 13:34:34 GMT
Cache-Control: max-age=86400
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-site-133
Accept-Ranges: bytes

3dsa62.gaokejd.xyz/ftl/bet365-141-2/themes/images//sec-nav-bg-grad.gif?wsSecret=72ea7eef5282c234eb96bacf48021b85&wsTime=1696340071

104.250.33.35

200 OK

376 B

URL GET HTTP/1.1
3dsa62.gaokejd.xyz/ftl/bet365-141-2/themes/images//sec-nav-bg-grad.gif?wsSecret=72ea7eef5282c234eb96bacf48021b85&wsTime=1696340071
IP
104.250.33.35:443
ASN
#137280 Kingsoft cloud corporation limited

Requested by
https://3659vip6.com:8989/
Certificate
IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT

File type
GIF image data, version 89a, 1 x 594\012- data
Size
376 B (376 bytes)
Hash
355b2cb853d78ae262c093065eaa6e70
3e8d2a456204e635cfe5bd959cff47faf63023fc
cd58d657e3d79583a5722257d8770e3b5f620f1d58e392f1d9460cc89ac485fa

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/bet365-141-2/themes/images//sec-nav-bg-grad.gif?wsSecret=72ea7eef5282c234eb96bacf48021b85&wsTime=1696340071 HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3659vip6.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/gif
Content-Length: 376
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-03
ETag: "5d2c7603-178"
Date: Thu, 28 Sep 2023 08:02:50 GMT
Last-Modified: Mon, 15 Jul 2019 12:48:03 GMT
Expires: Sat, 28 Oct 2023 08:02:50 GMT
Age: 451903
Cache-Control: max-age=86400
Accept-Ranges: bytes
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg03:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-03, HIT from KS-CLOUD-XG-FOREIGN-03-07
X-Cdn-Request-ID: ed612cec0c67376155161fa7148cbb43

3dsa62.gaokejd.xyz/ftl/bet365-141-2/themes/images/btn.png?wsSecret=fa175b813317cd230d66b31ac2cc6ad7&wsTime=1696340071

104.250.33.35

200 OK

484 B

URL GET HTTP/1.1
3dsa62.gaokejd.xyz/ftl/bet365-141-2/themes/images/btn.png?wsSecret=fa175b813317cd230d66b31ac2cc6ad7&wsTime=1696340071
IP
104.250.33.35:443
ASN
#137280 Kingsoft cloud corporation limited

Requested by
https://3659vip6.com:8989/
Certificate
IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT

File type
PNG image data, 170 x 28, 8-bit colormap, non-interlaced\012- data
Size
484 B (484 bytes)
Hash
b1ab87f2aa1045cf56bd192752fb20ba
e8b07455934b82eb6c9d1a5d657c582822eb32cc
527228714a2a640b71788550f8dcd2c0964ee13fdfddc1c57ff377134f8fcecb

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/bet365-141-2/themes/images/btn.png?wsSecret=fa175b813317cd230d66b31ac2cc6ad7&wsTime=1696340071 HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3659vip6.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 484
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-05
ETag: "613c72a8-1e4"
Date: Thu, 28 Sep 2023 08:02:49 GMT
Last-Modified: Sat, 11 Sep 2021 09:11:04 GMT
Expires: Sat, 28 Oct 2023 08:02:49 GMT
Age: 451904
Cache-Control: max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xg03:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-05, HIT from KS-CLOUD-XG-03-02
X-Cdn-Request-ID: a5fdecc55b53ff578381c80a4d1120f2

3dsa62.gaokejd.xyz/ftl/bet365-141-2/themes/images/sports-infos-bg.png?wsSecret=3b296427b8239d5136bd35bcfa24ae2e&wsTime=1696340071

104.250.33.35

200 OK

4.3 kB

URL GET HTTP/1.1
3dsa62.gaokejd.xyz/ftl/bet365-141-2/themes/images/sports-infos-bg.png?wsSecret=3b296427b8239d5136bd35bcfa24ae2e&wsTime=1696340071
IP
104.250.33.35:443
ASN
#137280 Kingsoft cloud corporation limited

Requested by
https://3659vip6.com:8989/
Certificate
IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT

File type
PNG image data, 414 x 204, 8-bit/color RGB, non-interlaced\012- data
Size
4.3 kB (4311 bytes)
Hash
69957649d4c70d7b7cc0c1aa434c462f
9070128b8ee6a699818e5deb33c926581d5b0b6f
6cff75537c35a2a855cafaf1d2d45767867dbc28774da40ed8c4fd4f4f74a813

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/bet365-141-2/themes/images/sports-infos-bg.png?wsSecret=3b296427b8239d5136bd35bcfa24ae2e&wsTime=1696340071 HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3659vip6.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 4311
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-04
ETag: "5d2c7603-10d7"
Date: Thu, 28 Sep 2023 08:02:50 GMT
Last-Modified: Mon, 15 Jul 2019 12:48:03 GMT
Expires: Sat, 28 Oct 2023 08:02:50 GMT
Age: 451903
Cache-Control: max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg03:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-04, HIT from KS-CLOUD-XG-FOREIGN-03-07
X-Cdn-Request-ID: b0ba7345baa16c6ee0a9f43c6239a793

3659vip6.com:8989/fserver/files/sportTeam/football/it04.png

43.198.190.53

200 OK

7.1 kB

URL GET HTTP/1.1
3659vip6.com:8989/fserver/files/sportTeam/football/it04.png
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://3659vip6.com:8989/
Certificate
IssuerLet's Encrypt
Subject3659vip6.com
Fingerprint0A:87:4F:14:C3:10:2A:06:6E:19:04:99:A1:38:A0:CD:46:81:DB:53
ValidityWed, 06 Sep 2023 15:16:47 GMT - Tue, 05 Dec 2023 15:16:46 GMT

File type
PNG image data, 150 x 150, 8-bit colormap, non-interlaced\012- data
Size
7.1 kB (7140 bytes)
Hash
bebb28464026e982f3247044bc244cda
6850144ff65e2a30807efe71e0c0abffd9d18224
e2d458bab2e5d027c190a9d710e4d74d717435fe731c44fc4aa2e50b95f2e388

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /fserver/files/sportTeam/football/it04.png HTTP/1.1
Host: 3659vip6.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3659vip6.com:8989/
Cookie: sticket=9UQXVOREl1TVRVME9; route=290ce78404a5215f66d3621e56fad2b8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:34:34 GMT
Content-Type: image/png
Content-Length: 7140
Connection: keep-alive
Last-Modified: Thu, 15 Nov 2018 08:56:28 GMT
Vary: Accept-Encoding
ETag: "5bed34bc-1be4"
Expires: Wed, 04 Oct 2023 13:34:34 GMT
Cache-Control: max-age=86400
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-site-133
Accept-Ranges: bytes

3659vip6.com:8989/fserver/files/sportTeam/football/pt04.png

43.198.190.53

200 OK

8.4 kB

URL GET HTTP/1.1
3659vip6.com:8989/fserver/files/sportTeam/football/pt04.png
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://3659vip6.com:8989/
Certificate
IssuerLet's Encrypt
Subject3659vip6.com
Fingerprint0A:87:4F:14:C3:10:2A:06:6E:19:04:99:A1:38:A0:CD:46:81:DB:53
ValidityWed, 06 Sep 2023 15:16:47 GMT - Tue, 05 Dec 2023 15:16:46 GMT

File type
PNG image data, 150 x 150, 8-bit colormap, non-interlaced\012- data
Size
8.4 kB (8366 bytes)
Hash
d2832f699ffdb194deca17f797598a02
17f4672c28448e39ffddc28f8d0cf4b6fa2c1d85
6c7d81e599fbfdad66a39133aa5c4380bd011522143698f46667ce1f4f7b79eb

HTTP Headers

GET /fserver/files/sportTeam/football/pt04.png HTTP/1.1
Host: 3659vip6.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3659vip6.com:8989/
Cookie: sticket=9UQXVOREl1TVRVME9; route=290ce78404a5215f66d3621e56fad2b8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:34:34 GMT
Content-Type: image/png
Content-Length: 8366
Connection: keep-alive
Last-Modified: Mon, 19 Nov 2018 03:48:52 GMT
Vary: Accept-Encoding
ETag: "5bf232a4-20ae"
Expires: Wed, 04 Oct 2023 13:34:34 GMT
Cache-Control: max-age=86400
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-site-133
Accept-Ranges: bytes

3659vip6.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_35_1051.png

43.198.190.53

200 OK

23 kB

URL GET HTTP/1.1
3659vip6.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_35_1051.png
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://3659vip6.com:8989/
Certificate
IssuerLet's Encrypt
Subject3659vip6.com
Fingerprint0A:87:4F:14:C3:10:2A:06:6E:19:04:99:A1:38:A0:CD:46:81:DB:53
ValidityWed, 06 Sep 2023 15:16:47 GMT - Tue, 05 Dec 2023 15:16:46 GMT

File type
PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Size
23 kB (23172 bytes)
Hash
c2bad36f7d90b3d9d5077df183c0a80b
7890000fd16f911c2aa5223af3cddf3ed6c5f702
90b7d091ece32c042a2866eb7d6943d7e88148d3bb474eaff988a78942d6d3aa

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_35_1051.png HTTP/1.1
Host: 3659vip6.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3659vip6.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:34:34 GMT
Content-Type: image/png
Content-Length: 23172
Connection: keep-alive
Last-Modified: Mon, 15 Jul 2019 12:48:11 GMT
ETag: "5d2c760b-5a84"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:34:34 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-133
Accept-Ranges: bytes

3659vip6.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_10_30594.png

43.198.190.53

200 OK

25 kB

URL GET HTTP/1.1
3659vip6.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_10_30594.png
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://3659vip6.com:8989/
Certificate
IssuerLet's Encrypt
Subject3659vip6.com
Fingerprint0A:87:4F:14:C3:10:2A:06:6E:19:04:99:A1:38:A0:CD:46:81:DB:53
ValidityWed, 06 Sep 2023 15:16:47 GMT - Tue, 05 Dec 2023 15:16:46 GMT

File type
PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Size
25 kB (24721 bytes)
Hash
7b497cfccdf85cf3a934c4d61e80d55a
2ed0898ac3b002f53b99dd5b059509098078295e
210370587be2eff0fbd4e3f29dd8114da568e50ef60f94912bd6b37eb657be72

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_10_30594.png HTTP/1.1
Host: 3659vip6.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3659vip6.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:34:34 GMT
Content-Type: image/png
Content-Length: 24721
Connection: keep-alive
Last-Modified: Mon, 04 Jul 2022 02:26:45 GMT
ETag: "62c24fe5-6091"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:34:34 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-133
Accept-Ranges: bytes

3dsa62.gaokejd.xyz/ftl/bet365-141-2/themes/images/bg-products.gif?wsSecret=ba502c52079ed597d6a4f4a9550a7ea4&wsTime=1696340071

104.250.33.35

200 OK

21 kB

URL GET HTTP/1.1
3dsa62.gaokejd.xyz/ftl/bet365-141-2/themes/images/bg-products.gif?wsSecret=ba502c52079ed597d6a4f4a9550a7ea4&wsTime=1696340071
IP
104.250.33.35:443
ASN
#137280 Kingsoft cloud corporation limited

Requested by
https://3659vip6.com:8989/
Certificate
IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT

File type
GIF image data, version 89a, 271 x 302\012- data
Size
21 kB (21028 bytes)
Hash
e6c33fd46eacf329da3565adb295287a
79b107df875842fd4e22809f21b60c322d128cce
1694db51d04b5d207f7bc4ca11a7fcd2ca171b2f4c2c2b12d1c75e5cb3dbe20f

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/bet365-141-2/themes/images/bg-products.gif?wsSecret=ba502c52079ed597d6a4f4a9550a7ea4&wsTime=1696340071 HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3659vip6.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/gif
Content-Length: 21028
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-04
ETag: "5d2c7603-5224"
Date: Thu, 28 Sep 2023 08:02:49 GMT
Last-Modified: Mon, 15 Jul 2019 12:48:03 GMT
Expires: Sat, 28 Oct 2023 08:02:49 GMT
Age: 451904
Cache-Control: max-age=86400
Accept-Ranges: bytes
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg03:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-04, HIT from KS-CLOUD-XG-03-02
X-Cdn-Request-ID: 7054bd360561293e806c92ddb641354b

3659vip6.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_35_1050.png

43.198.190.53

200 OK

22 kB

URL GET HTTP/1.1
3659vip6.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_35_1050.png
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://3659vip6.com:8989/
Certificate
IssuerLet's Encrypt
Subject3659vip6.com
Fingerprint0A:87:4F:14:C3:10:2A:06:6E:19:04:99:A1:38:A0:CD:46:81:DB:53
ValidityWed, 06 Sep 2023 15:16:47 GMT - Tue, 05 Dec 2023 15:16:46 GMT

File type
PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Size
22 kB (21792 bytes)
Hash
0445397f922bcef3252bedd6877d8668
f4d265e0774ed0dbda4d4548863cd852c48c570f
3069757649a24fe38937eebf84c12b959ec4e58edf10cf2c661cc2ae433a40c0

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_35_1050.png HTTP/1.1
Host: 3659vip6.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3659vip6.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:34:34 GMT
Content-Type: image/png
Content-Length: 21792
Connection: keep-alive
Last-Modified: Sat, 11 Sep 2021 09:11:25 GMT
ETag: "613c72bd-5520"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:34:34 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-133
Accept-Ranges: bytes

3dsa62.gaokejd.xyz/ftl/bet365-141-2/themes/images/arrow.png?wsSecret=62ca452b750f0f857193947fa71ef004&wsTime=1696340071

104.250.33.35

200 OK

260 B

URL GET HTTP/1.1
3dsa62.gaokejd.xyz/ftl/bet365-141-2/themes/images/arrow.png?wsSecret=62ca452b750f0f857193947fa71ef004&wsTime=1696340071
IP
104.250.33.35:443
ASN
#137280 Kingsoft cloud corporation limited

Requested by
https://3659vip6.com:8989/
Certificate
IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT

File type
PNG image data, 10 x 14, 8-bit colormap, non-interlaced\012- data
Size
260 B (260 bytes)
Hash
e602938a99acc154421381f39d5652d8
e12cb203b3e61b0cae31ad5cb3241555caba6c10
73500ead881aa273814d982b0a0e78dc29ebf04f37b5932667785f6f7c45a664

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/bet365-141-2/themes/images/arrow.png?wsSecret=62ca452b750f0f857193947fa71ef004&wsTime=1696340071 HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3659vip6.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 260
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-01
ETag: "614d2b23-104"
Date: Thu, 28 Sep 2023 08:02:50 GMT
Last-Modified: Fri, 24 Sep 2021 01:34:27 GMT
Expires: Sat, 28 Oct 2023 08:02:50 GMT
Age: 451903
Cache-Control: max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg03:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-01, HIT from KS-CLOUD-XG-FOREIGN-03-07
X-Cdn-Request-ID: efafa16dc767650864795a41ec61b277

3659vip6.com:8989/fserver/files/gb/1272/sportTeam/1/1620130580209.png

43.198.190.53

200 OK

85 kB

URL GET HTTP/1.1
3659vip6.com:8989/fserver/files/gb/1272/sportTeam/1/1620130580209.png
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://3659vip6.com:8989/
Certificate
IssuerLet's Encrypt
Subject3659vip6.com
Fingerprint0A:87:4F:14:C3:10:2A:06:6E:19:04:99:A1:38:A0:CD:46:81:DB:53
ValidityWed, 06 Sep 2023 15:16:47 GMT - Tue, 05 Dec 2023 15:16:46 GMT

File type
PNG image data, 256 x 260, 8-bit/color RGB, non-interlaced\012- data
Size
85 kB (84999 bytes)
Hash
7eaced594befc61e2ddbbbc55b771cf0
9e1a5ad65af14be29cb96508c18c28c64c829809
fb1e0d4a9f5f6723173afe5f99d94a8b45b07472f2d17ee2c8d7a4cef639713d

HTTP Headers

GET /fserver/files/gb/1272/sportTeam/1/1620130580209.png HTTP/1.1
Host: 3659vip6.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3659vip6.com:8989/
Cookie: sticket=9UQXVOREl1TVRVME9; route=290ce78404a5215f66d3621e56fad2b8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:34:33 GMT
Content-Type: image/png
Content-Length: 84999
Connection: keep-alive
Last-Modified: Tue, 04 May 2021 12:16:20 GMT
Vary: Accept-Encoding
ETag: "60913b14-14c07"
Expires: Wed, 04 Oct 2023 13:34:33 GMT
Cache-Control: max-age=86400
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-site-133
Accept-Ranges: bytes

3dsa62.gaokejd.xyz/fserver/files/gb/141/carousel/10307/1658300326348.png?wsSecret=05e63a765884b330b45f3a6910703f68&wsTime=1696340071

103.198.200.1

200 OK

328 kB

URL GET HTTP/1.1
3dsa62.gaokejd.xyz/fserver/files/gb/141/carousel/10307/1658300326348.png?wsSecret=05e63a765884b330b45f3a6910703f68&wsTime=1696340071
IP
103.198.200.1:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://3659vip6.com:8989/
Certificate
IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT

File type
PNG image data, 1400 x 1047, 8-bit colormap, non-interlaced\012- data
Size
328 kB (328303 bytes)
Hash
535172ad3a435afe80c33ed17cc592f9
7d8bc3efa5a46e12b54ee07d0428c5e3d0662fc4
f7b20469f299a0722ccc52bbecdba656f73435b4c827add798de38797a2c266e

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /fserver/files/gb/141/carousel/10307/1658300326348.png?wsSecret=05e63a765884b330b45f3a6910703f68&wsTime=1696340071 HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3659vip6.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 328303
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-06
ETag: "6379d6d4-5026f"
Date: Thu, 28 Sep 2023 08:09:42 GMT
Last-Modified: Sun, 20 Nov 2022 07:27:16 GMT
Expires: Sat, 28 Oct 2023 08:09:42 GMT
Age: 451490
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-06, HIT from KS-CLOUD-XG-FOREIGN-21-03
X-Cdn-Request-ID: 0e23e9d4966d9151f28f693a8c0638f7

3dsa62.gaokejd.xyz/fserver/files/gb/141/carousel/10366/1678507559237.jpg?wsSecret=62af5d651745da989583c36fcedf43b3&wsTime=1696340071

103.198.200.1

200 OK

386 kB

URL GET HTTP/1.1
3dsa62.gaokejd.xyz/fserver/files/gb/141/carousel/10366/1678507559237.jpg?wsSecret=62af5d651745da989583c36fcedf43b3&wsTime=1696340071
IP
103.198.200.1:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://3659vip6.com:8989/
Certificate
IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 694x520, components 3\012- data
Size
386 kB (386527 bytes)
Hash
81a5f65507df89f605fbf600872099fe
791d238960719ed5e3dd17b592c868d029dbc7a4
656130b23da3fb9ce75eee3708b6f22f7c160f1640f7e858ffa64bc054856519

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /fserver/files/gb/141/carousel/10366/1678507559237.jpg?wsSecret=62af5d651745da989583c36fcedf43b3&wsTime=1696340071 HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3659vip6.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 386527
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-04
ETag: "640bfe27-5e5df"
Date: Thu, 28 Sep 2023 08:09:32 GMT
Last-Modified: Sat, 11 Mar 2023 04:05:59 GMT
Expires: Sat, 28 Oct 2023 08:09:32 GMT
Age: 451500
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xg21:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-04, HIT from KS-CLOUD-XG-FOREIGN-21-20
X-Cdn-Request-ID: f13de4df5993d747115ef6ab27681788

3659vip6.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_25_F-SF01.png

43.198.190.53

200 OK

23 kB

URL GET HTTP/1.1
3659vip6.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_25_F-SF01.png
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://3659vip6.com:8989/
Certificate
IssuerLet's Encrypt
Subject3659vip6.com
Fingerprint0A:87:4F:14:C3:10:2A:06:6E:19:04:99:A1:38:A0:CD:46:81:DB:53
ValidityWed, 06 Sep 2023 15:16:47 GMT - Tue, 05 Dec 2023 15:16:46 GMT

File type
PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Size
23 kB (22679 bytes)
Hash
2fbcb4a692fc6b41699f7e60ecf26a63
da35d134b38413040316f5cf1e5f76d75fd941c7
ccdecdf7de01b3b3513596f7c4555266473805551702685e14299770ae8bed26

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_25_F-SF01.png HTTP/1.1
Host: 3659vip6.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3659vip6.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:34:34 GMT
Content-Type: image/png
Content-Length: 22679
Connection: keep-alive
Last-Modified: Mon, 15 Jul 2019 12:48:11 GMT
ETag: "5d2c760b-5897"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:34:34 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-133
Accept-Ranges: bytes

3dsa62.gaokejd.xyz/ftl/commonPage/themes/images/hongbao/hongbao_type2.png?wsSecret=b87fd29bf6a12eef1125eb967c25c083&wsTime=1696340071

104.250.33.35

200 OK

97 kB

URL GET HTTP/1.1
3dsa62.gaokejd.xyz/ftl/commonPage/themes/images/hongbao/hongbao_type2.png?wsSecret=b87fd29bf6a12eef1125eb967c25c083&wsTime=1696340071
IP
104.250.33.35:443
ASN
#137280 Kingsoft cloud corporation limited

Requested by
https://3659vip6.com:8989/
Certificate
IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT

File type
PNG image data, 250 x 290, 8-bit/color RGBA, non-interlaced\012- data
Size
97 kB (96781 bytes)
Hash
7cba82537203f393f21f63f855ecb3a6
5be53b9f8a346d56535ddc1fed69707aec03e2b8
69bfc1a826e8db539aba70f98c11d3cb0f3d9f8f47a9e150c259211e8070f18a

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/commonPage/themes/images/hongbao/hongbao_type2.png?wsSecret=b87fd29bf6a12eef1125eb967c25c083&wsTime=1696340071 HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3659vip6.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 96781
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-02
ETag: "61309af5-17a0d"
Date: Thu, 28 Sep 2023 08:06:27 GMT
Last-Modified: Thu, 02 Sep 2021 09:35:49 GMT
Expires: Sat, 28 Oct 2023 08:06:27 GMT
Age: 451687
Cache-Control: max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xg03:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-02, HIT from KS-CLOUD-XG-03-09
X-Cdn-Request-ID: 372974d3b4fa68c66f21bff83e1b77ef

3659vip6.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_49_11.png

43.198.190.53

200 OK

20 kB

URL GET HTTP/1.1
3659vip6.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_49_11.png
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://3659vip6.com:8989/
Certificate
IssuerLet's Encrypt
Subject3659vip6.com
Fingerprint0A:87:4F:14:C3:10:2A:06:6E:19:04:99:A1:38:A0:CD:46:81:DB:53
ValidityWed, 06 Sep 2023 15:16:47 GMT - Tue, 05 Dec 2023 15:16:46 GMT

File type
PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Size
20 kB (19964 bytes)
Hash
d495fdd61d29ff61ff34fdccc5597d0f
95a2b5b377a239ccf2d5e5cc81534f79dbbbe033
08097b5ebe2de4f6d295aeb64fc72170c766ea81851e9baf96ff4de926fc678b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_49_11.png HTTP/1.1
Host: 3659vip6.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3659vip6.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:34:34 GMT
Content-Type: image/png
Content-Length: 19964
Connection: keep-alive
Last-Modified: Sat, 11 Sep 2021 09:11:25 GMT
ETag: "613c72bd-4dfc"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:34:34 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-133
Accept-Ranges: bytes

3659vip6.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_10_30599.png

43.198.190.53

200 OK

22 kB

URL GET HTTP/1.1
3659vip6.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_10_30599.png
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://3659vip6.com:8989/
Certificate
IssuerLet's Encrypt
Subject3659vip6.com
Fingerprint0A:87:4F:14:C3:10:2A:06:6E:19:04:99:A1:38:A0:CD:46:81:DB:53
ValidityWed, 06 Sep 2023 15:16:47 GMT - Tue, 05 Dec 2023 15:16:46 GMT

File type
PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Size
22 kB (22499 bytes)
Hash
a83dc10b4e607a2685552e62c61e28ba
0f879b68bd5690faa0577ec9335ad219468e2670
3983d86b32d2cba092eea2e69dbdd3e6739824505d27c3ed04c892b28861a6e7

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_10_30599.png HTTP/1.1
Host: 3659vip6.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3659vip6.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:34:34 GMT
Content-Type: image/png
Content-Length: 22499
Connection: keep-alive
Last-Modified: Mon, 15 Jul 2019 12:48:11 GMT
ETag: "5d2c760b-57e3"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:34:34 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-133
Accept-Ranges: bytes

3659vip6.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_48_AT05.png

43.198.190.53

200 OK

23 kB

URL GET HTTP/1.1
3659vip6.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_48_AT05.png
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://3659vip6.com:8989/
Certificate
IssuerLet's Encrypt
Subject3659vip6.com
Fingerprint0A:87:4F:14:C3:10:2A:06:6E:19:04:99:A1:38:A0:CD:46:81:DB:53
ValidityWed, 06 Sep 2023 15:16:47 GMT - Tue, 05 Dec 2023 15:16:46 GMT

File type
PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Size
23 kB (23286 bytes)
Hash
993bbfdbad1c48f514367407a17d2a77
7d3db06be9d7912432c768fa5b23335264db002c
df044589914265a7b02cca67f876c01d20e5eb0d9e50bdb2e8af8e0994daeab7

HTTP Headers

GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_48_AT05.png HTTP/1.1
Host: 3659vip6.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3659vip6.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:34:34 GMT
Content-Type: image/png
Content-Length: 23286
Connection: keep-alive
Last-Modified: Mon, 14 Aug 2023 10:05:04 GMT
ETag: "64d9fc50-5af6"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:34:34 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-133
Accept-Ranges: bytes

3dsa62.gaokejd.xyz/fserver/files/gb/141/floatImage/273/1666693826407.png?wsSecret=b07ab9a9f45824b8c66c7d7784ce4b78&wsTime=1696340071

104.250.33.35

200 OK

59 kB

URL GET HTTP/1.1
3dsa62.gaokejd.xyz/fserver/files/gb/141/floatImage/273/1666693826407.png?wsSecret=b07ab9a9f45824b8c66c7d7784ce4b78&wsTime=1696340071
IP
104.250.33.35:443
ASN
#137280 Kingsoft cloud corporation limited

Requested by
https://3659vip6.com:8989/
Certificate
IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT

File type
PNG image data, 140 x 476, 8-bit/color RGBA, non-interlaced\012- data
Size
59 kB (59186 bytes)
Hash
49563d45b49a4be9ca3e47e47abe4922
d3fa0c017818ad83aea64f5aa6665ffde15e69df
f30de132f8c9fea735cb30ab39ace43814273b611b804edbbf8ccd742d3ef531

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /fserver/files/gb/141/floatImage/273/1666693826407.png?wsSecret=b07ab9a9f45824b8c66c7d7784ce4b78&wsTime=1696340071 HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3659vip6.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 59186
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-05
ETag: "6357bac2-e732"
Date: Thu, 28 Sep 2023 08:06:27 GMT
Last-Modified: Tue, 25 Oct 2022 10:30:26 GMT
Expires: Sat, 28 Oct 2023 08:06:27 GMT
Age: 451687
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xg03:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-05, HIT from KS-CLOUD-XG-03-03
X-Cdn-Request-ID: 5ba17b0610acd27b52adac990380e676

3dsa62.gaokejd.xyz/ftl/commonPage/themes/images/hongbao/hongbao_type2_hover.png?wsSecret=f0fca01ab01aea7d55acf0c59b421b7b&wsTime=1696340071

104.250.33.35

200 OK

103 kB

URL GET HTTP/1.1
3dsa62.gaokejd.xyz/ftl/commonPage/themes/images/hongbao/hongbao_type2_hover.png?wsSecret=f0fca01ab01aea7d55acf0c59b421b7b&wsTime=1696340071
IP
104.250.33.35:443
ASN
#137280 Kingsoft cloud corporation limited

Requested by
https://3659vip6.com:8989/
Certificate
IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT

File type
PNG image data, 250 x 290, 8-bit/color RGBA, non-interlaced\012- data
Size
103 kB (103097 bytes)
Hash
22d9895f65b064eedd9f6437e32ece6f
4095a9dc84b4b9477ba88358deaebae434f44b8d
7ba3c90a5fe78b7e5eaab734581c96a33e7293cf1995c22906121de97d35b8a1

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/commonPage/themes/images/hongbao/hongbao_type2_hover.png?wsSecret=f0fca01ab01aea7d55acf0c59b421b7b&wsTime=1696340071 HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3659vip6.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 103097
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-02
ETag: "61309af5-192b9"
Date: Thu, 28 Sep 2023 08:06:27 GMT
Last-Modified: Thu, 02 Sep 2021 09:35:49 GMT
Expires: Sat, 28 Oct 2023 08:06:27 GMT
Age: 451687
Cache-Control: max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xg03:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-02, HIT from KS-CLOUD-XG-FOREIGN-03-10
X-Cdn-Request-ID: f18d3089eeee940324e8b015eb8c5cdc

3dsa62.gaokejd.xyz/fserver/files/gb/141/carousel/10316/1659084716430.png?wsSecret=dc65cdf1f2e5db043723dc62710aaae8&wsTime=1696340071

104.250.33.35

200 OK

70 kB

URL GET HTTP/1.1
3dsa62.gaokejd.xyz/fserver/files/gb/141/carousel/10316/1659084716430.png?wsSecret=dc65cdf1f2e5db043723dc62710aaae8&wsTime=1696340071
IP
104.250.33.35:443
ASN
#137280 Kingsoft cloud corporation limited

Requested by
https://3659vip6.com:8989/
Certificate
IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT

File type
PNG image data, 750 x 190, 8-bit colormap, non-interlaced\012- data
Size
70 kB (70362 bytes)
Hash
3cec45bced128357804406f23fdb94d1
2e300c18f2c721f4d8580098b46829ef2be4ce1e
36d46701f11f890e85341c03a1381dd46dce7c1be4c2582ebfa67b0e39101d15

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /fserver/files/gb/141/carousel/10316/1659084716430.png?wsSecret=dc65cdf1f2e5db043723dc62710aaae8&wsTime=1696340071 HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3659vip6.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 70362
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-01
ETag: "62e39fac-112da"
Date: Thu, 28 Sep 2023 08:09:43 GMT
Last-Modified: Fri, 29 Jul 2022 08:51:56 GMT
Expires: Sat, 28 Oct 2023 08:09:43 GMT
Age: 451490
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xg03:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-01, HIT from KS-CLOUD-XG-03-02
X-Cdn-Request-ID: fb27bdd6ede5c5a90609734a2166c84c

3659vip6.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_48_AB3.png

43.198.190.53

200 OK

77 kB

URL GET HTTP/1.1
3659vip6.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_48_AB3.png
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://3659vip6.com:8989/
Certificate
IssuerLet's Encrypt
Subject3659vip6.com
Fingerprint0A:87:4F:14:C3:10:2A:06:6E:19:04:99:A1:38:A0:CD:46:81:DB:53
ValidityWed, 06 Sep 2023 15:16:47 GMT - Tue, 05 Dec 2023 15:16:46 GMT

File type
PNG image data, 249 x 215, 8-bit/color RGBA, non-interlaced\012- data
Size
77 kB (76813 bytes)
Hash
4efe93bd780474540b29c662acef4d68
2d588f15315c28feef52d101bff05d5a2071929d
e52983bbd04e43f83dccc17ccff1064098ae925ae651f753e59b1530a0e4d733

HTTP Headers

GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_48_AB3.png HTTP/1.1
Host: 3659vip6.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3659vip6.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:34:34 GMT
Content-Type: image/png
Content-Length: 76813
Connection: keep-alive
Last-Modified: Mon, 14 Aug 2023 10:05:04 GMT
ETag: "64d9fc50-12c0d"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:34:34 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-133
Accept-Ranges: bytes

3659vip6.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_48_AT01.png

43.198.190.53

200 OK

26 kB

URL GET HTTP/1.1
3659vip6.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_48_AT01.png
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://3659vip6.com:8989/
Certificate
IssuerLet's Encrypt
Subject3659vip6.com
Fingerprint0A:87:4F:14:C3:10:2A:06:6E:19:04:99:A1:38:A0:CD:46:81:DB:53
ValidityWed, 06 Sep 2023 15:16:47 GMT - Tue, 05 Dec 2023 15:16:46 GMT

File type
PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Size
26 kB (25819 bytes)
Hash
f7637fd9fb8b0dd130560efe9dfcc5ac
c6a6b30f73923175a88fb0c5685c7943ef934c2e
a647abf9fc56228cf6ab783115c113b35479dce89ff1dc4db61efb0bf3234cb4

HTTP Headers

GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_48_AT01.png HTTP/1.1
Host: 3659vip6.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3659vip6.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:34:34 GMT
Content-Type: image/png
Content-Length: 25819
Connection: keep-alive
Last-Modified: Mon, 14 Aug 2023 10:05:04 GMT
ETag: "64d9fc50-64db"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:34:34 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-133
Accept-Ranges: bytes

3659vip6.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_49_14.png

43.198.190.53

200 OK

20 kB

URL GET HTTP/1.1
3659vip6.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_49_14.png
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://3659vip6.com:8989/
Certificate
IssuerLet's Encrypt
Subject3659vip6.com
Fingerprint0A:87:4F:14:C3:10:2A:06:6E:19:04:99:A1:38:A0:CD:46:81:DB:53
ValidityWed, 06 Sep 2023 15:16:47 GMT - Tue, 05 Dec 2023 15:16:46 GMT

File type
PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Size
20 kB (20462 bytes)
Hash
86f136869bc81df2a646e873bd23b46d
c40c25bbe820c39731d1c679653b28e119cbbadc
bfebb7307f1858837e6b61be64e46352b1ccd29bf982e9975886c9feda9f637f

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_49_14.png HTTP/1.1
Host: 3659vip6.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3659vip6.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:34:34 GMT
Content-Type: image/png
Content-Length: 20462
Connection: keep-alive
Last-Modified: Fri, 03 Feb 2023 02:46:55 GMT
ETag: "63dc759f-4fee"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:34:34 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-133
Accept-Ranges: bytes

3dsa62.gaokejd.xyz/fserver/files/gb/141/floatImage/273/1666693826530.png?wsSecret=2432034e89a7edde8177cc52ad5a817b&wsTime=1696340071

103.198.200.1

200 OK

8.6 kB

URL GET HTTP/1.1
3dsa62.gaokejd.xyz/fserver/files/gb/141/floatImage/273/1666693826530.png?wsSecret=2432034e89a7edde8177cc52ad5a817b&wsTime=1696340071
IP
103.198.200.1:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://3659vip6.com:8989/
Certificate
IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT

File type
PNG image data, 140 x 35, 8-bit/color RGBA, non-interlaced\012- data
Size
8.6 kB (8612 bytes)
Hash
e9b65c8ad826f51a6e0d8b30801ebe97
a6b5f8cf0772e12117fe5db956482ed8f15140d5
2a2c01d75b9b60e977fb5a8e535fc8ea4e9146bb499e2af25ccf1bd5ebaaf840

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /fserver/files/gb/141/floatImage/273/1666693826530.png?wsSecret=2432034e89a7edde8177cc52ad5a817b&wsTime=1696340071 HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3659vip6.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 8612
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-02
ETag: "6357bac2-21a4"
Date: Thu, 28 Sep 2023 08:06:27 GMT
Last-Modified: Tue, 25 Oct 2022 10:30:26 GMT
Expires: Sat, 28 Oct 2023 08:06:27 GMT
Age: 451686
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-02, HIT from KS-CLOUD-XG-FOREIGN-21-02
X-Cdn-Request-ID: d184167c15e08a409f4526d68cf1bcb7

3659vip6.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_48_CC1001.png

43.198.190.53

200 OK

21 kB

URL GET HTTP/1.1
3659vip6.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_48_CC1001.png
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://3659vip6.com:8989/
Certificate
IssuerLet's Encrypt
Subject3659vip6.com
Fingerprint0A:87:4F:14:C3:10:2A:06:6E:19:04:99:A1:38:A0:CD:46:81:DB:53
ValidityWed, 06 Sep 2023 15:16:47 GMT - Tue, 05 Dec 2023 15:16:46 GMT

File type
PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Size
21 kB (20993 bytes)
Hash
07db342d71e455736e0e8b5656ed7174
2d9bb7427a73a28f4bfec2a70dc227af4555968c
c1a35508763b061947ad0ea9eb9972b92b079c9510a2a746979dbffd84efde0f

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_48_CC1001.png HTTP/1.1
Host: 3659vip6.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3659vip6.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:34:34 GMT
Content-Type: image/png
Content-Length: 20993
Connection: keep-alive
Last-Modified: Wed, 30 Mar 2022 02:50:04 GMT
ETag: "6243c55c-5201"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:34:34 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-133
Accept-Ranges: bytes

3659vip6.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_48_GO02.png

43.198.190.53

200 OK

22 kB

URL GET HTTP/1.1
3659vip6.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_48_GO02.png
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://3659vip6.com:8989/
Certificate
IssuerLet's Encrypt
Subject3659vip6.com
Fingerprint0A:87:4F:14:C3:10:2A:06:6E:19:04:99:A1:38:A0:CD:46:81:DB:53
ValidityWed, 06 Sep 2023 15:16:47 GMT - Tue, 05 Dec 2023 15:16:46 GMT

File type
PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Size
22 kB (21953 bytes)
Hash
12f4870c1a8e51e39a6c8bfdd11ed804
47eb5ed8af8ae69595b8743e7a61d3fe825cc048
1f6c135cc810d561e52ad5ba9ca5cfda82897c82db0863ab366e62d5970b3883

HTTP Headers

GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_48_GO02.png HTTP/1.1
Host: 3659vip6.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3659vip6.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:34:35 GMT
Content-Type: image/png
Content-Length: 21953
Connection: keep-alive
Last-Modified: Thu, 23 Dec 2021 07:42:29 GMT
ETag: "61c42865-55c1"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:34:35 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-133
Accept-Ranges: bytes

3659vip6.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_49_13.png

43.198.190.53

200 OK

26 kB

URL GET HTTP/1.1
3659vip6.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_49_13.png
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://3659vip6.com:8989/
Certificate
IssuerLet's Encrypt
Subject3659vip6.com
Fingerprint0A:87:4F:14:C3:10:2A:06:6E:19:04:99:A1:38:A0:CD:46:81:DB:53
ValidityWed, 06 Sep 2023 15:16:47 GMT - Tue, 05 Dec 2023 15:16:46 GMT

File type
PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Size
26 kB (26179 bytes)
Hash
1ac91d4dfd52f26f9c5682cf67ac3f49
6ca58050b81ce1be80d3b0c749b60a79d8413b98
021c28d7d369afa39f3aeac128f91dd3f377fc910a35d76a2e9d2463093e3b44

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_49_13.png HTTP/1.1
Host: 3659vip6.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3659vip6.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:34:35 GMT
Content-Type: image/png
Content-Length: 26179
Connection: keep-alive
Last-Modified: Mon, 25 Apr 2022 07:55:46 GMT
ETag: "62665402-6643"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:34:35 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-133
Accept-Ranges: bytes

3659vip6.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_65_5002.png

43.198.190.53

200 OK

21 kB

URL GET HTTP/1.1
3659vip6.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_65_5002.png
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://3659vip6.com:8989/
Certificate
IssuerLet's Encrypt
Subject3659vip6.com
Fingerprint0A:87:4F:14:C3:10:2A:06:6E:19:04:99:A1:38:A0:CD:46:81:DB:53
ValidityWed, 06 Sep 2023 15:16:47 GMT - Tue, 05 Dec 2023 15:16:46 GMT

File type
PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Size
21 kB (21363 bytes)
Hash
d73cf218f18362d0a89cb36a4a3303ff
57bf03bb562ca33343b19db1fe5e872335cc1cb2
691d5caeb173c0c0817111fea711d2685d1e0e4e7e19f6aa7282fc525193f40c

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_65_5002.png HTTP/1.1
Host: 3659vip6.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3659vip6.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:34:35 GMT
Content-Type: image/png
Content-Length: 21363
Connection: keep-alive
Last-Modified: Fri, 11 Feb 2022 05:28:08 GMT
ETag: "6205f3e8-5373"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:34:35 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-133
Accept-Ranges: bytes

3659vip6.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_60_7004.png

43.198.190.53

200 OK

102 kB

URL GET HTTP/1.1
3659vip6.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_60_7004.png
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://3659vip6.com:8989/
Certificate
IssuerLet's Encrypt
Subject3659vip6.com
Fingerprint0A:87:4F:14:C3:10:2A:06:6E:19:04:99:A1:38:A0:CD:46:81:DB:53
ValidityWed, 06 Sep 2023 15:16:47 GMT - Tue, 05 Dec 2023 15:16:46 GMT

File type
PNG image data, 250 x 215, 8-bit/color RGBA, non-interlaced\012- data
Size
102 kB (102160 bytes)
Hash
18b9c1ca12b579e3be9de7f0b3d765b7
cabb9ddce1222608668401769754241d2667ac59
81b7527eda1e9db86dc9704173b4e9aa50932eb8c80ea08b23d969899bca9656

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_60_7004.png HTTP/1.1
Host: 3659vip6.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3659vip6.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:34:34 GMT
Content-Type: image/png
Content-Length: 102160
Connection: keep-alive
Last-Modified: Mon, 15 Jul 2019 12:48:11 GMT
ETag: "5d2c760b-18f10"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:34:34 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-133
Accept-Ranges: bytes

3659vip6.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_65_5001.png

43.198.190.53

200 OK

20 kB

URL GET HTTP/1.1
3659vip6.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_65_5001.png
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://3659vip6.com:8989/
Certificate
IssuerLet's Encrypt
Subject3659vip6.com
Fingerprint0A:87:4F:14:C3:10:2A:06:6E:19:04:99:A1:38:A0:CD:46:81:DB:53
ValidityWed, 06 Sep 2023 15:16:47 GMT - Tue, 05 Dec 2023 15:16:46 GMT

File type
PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Size
20 kB (20254 bytes)
Hash
45d0f5934f7f664e4fb397fbe69c0bec
72a5c4e823954ec0111709b6aec71c1f0b08fe43
3e9fedb5bbb6caac2dfc16278ba5d0c26483aa3efb5508374eeec9de7b9f9cd4

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_65_5001.png HTTP/1.1
Host: 3659vip6.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3659vip6.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:34:35 GMT
Content-Type: image/png
Content-Length: 20254
Connection: keep-alive
Last-Modified: Fri, 09 Aug 2019 09:47:47 GMT
ETag: "5d4d4143-4f1e"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:34:35 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-133
Accept-Ranges: bytes

3659vip6.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_60_7003.png

43.198.190.53

200 OK

105 kB

URL GET HTTP/1.1
3659vip6.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_60_7003.png
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://3659vip6.com:8989/
Certificate
IssuerLet's Encrypt
Subject3659vip6.com
Fingerprint0A:87:4F:14:C3:10:2A:06:6E:19:04:99:A1:38:A0:CD:46:81:DB:53
ValidityWed, 06 Sep 2023 15:16:47 GMT - Tue, 05 Dec 2023 15:16:46 GMT

File type
PNG image data, 250 x 215, 8-bit/color RGBA, non-interlaced\012- data
Size
105 kB (105068 bytes)
Hash
c421c976cf701cd806a7ebeb8575e0a3
cb84123cde62bcad60f34b5a5703f7bfafca1906
e797e57325c453e7ca7e56e634ada214b51ab9298ba5aea4d183fea859857d60

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_60_7003.png HTTP/1.1
Host: 3659vip6.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3659vip6.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:34:34 GMT
Content-Type: image/png
Content-Length: 105068
Connection: keep-alive
Last-Modified: Mon, 15 Jul 2019 12:48:11 GMT
ETag: "5d2c760b-19a6c"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:34:34 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-133
Accept-Ranges: bytes

3659vip6.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_65_5004.png

43.198.190.53

200 OK

23 kB

URL GET HTTP/1.1
3659vip6.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_65_5004.png
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://3659vip6.com:8989/
Certificate
IssuerLet's Encrypt
Subject3659vip6.com
Fingerprint0A:87:4F:14:C3:10:2A:06:6E:19:04:99:A1:38:A0:CD:46:81:DB:53
ValidityWed, 06 Sep 2023 15:16:47 GMT - Tue, 05 Dec 2023 15:16:46 GMT

File type
PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Size
23 kB (23021 bytes)
Hash
20cd47483388f1e46ed9c2304f2c60ea
1c09b695620a64ae94ba7807a41e95733c6211f9
8f091a2a4dd3a918c15d7692aeb343f3d8e8d673541411e74256a48865735448

HTTP Headers

GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_65_5004.png HTTP/1.1
Host: 3659vip6.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3659vip6.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:34:35 GMT
Content-Type: image/png
Content-Length: 23021
Connection: keep-alive
Last-Modified: Fri, 09 Aug 2019 09:47:47 GMT
ETag: "5d4d4143-59ed"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:34:35 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-133
Accept-Ranges: bytes

3659vip6.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_49_10.png

43.198.190.53

200 OK

22 kB

URL GET HTTP/1.1
3659vip6.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_49_10.png
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://3659vip6.com:8989/
Certificate
IssuerLet's Encrypt
Subject3659vip6.com
Fingerprint0A:87:4F:14:C3:10:2A:06:6E:19:04:99:A1:38:A0:CD:46:81:DB:53
ValidityWed, 06 Sep 2023 15:16:47 GMT - Tue, 05 Dec 2023 15:16:46 GMT

File type
PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Size
22 kB (21502 bytes)
Hash
548f74b6fbacfdafac2d13982ea01f5b
62056e33bd99fdb7a26ed1eb6e0d34baae75ab4b
8d23af5f64406af80c5f00bbe2806c0a696eee1b9fa144135a679cf7d15c27a9

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_49_10.png HTTP/1.1
Host: 3659vip6.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3659vip6.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:34:35 GMT
Content-Type: image/png
Content-Length: 21502
Connection: keep-alive
Last-Modified: Sat, 11 Sep 2021 09:11:25 GMT
ETag: "613c72bd-53fe"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:34:35 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-133
Accept-Ranges: bytes

3659vip6.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_49_12.png

43.198.190.53

200 OK

26 kB

URL GET HTTP/1.1
3659vip6.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_49_12.png
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://3659vip6.com:8989/
Certificate
IssuerLet's Encrypt
Subject3659vip6.com
Fingerprint0A:87:4F:14:C3:10:2A:06:6E:19:04:99:A1:38:A0:CD:46:81:DB:53
ValidityWed, 06 Sep 2023 15:16:47 GMT - Tue, 05 Dec 2023 15:16:46 GMT

File type
PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Size
26 kB (26500 bytes)
Hash
dc21406f53974241a6ea9d1ba342a0a3
d98181158619aa5993f35dc4821c26ea657c9c35
656f550c68b469776ebe40713d8556d43af391da6cc881918da5f6c983ba823f

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_49_12.png HTTP/1.1
Host: 3659vip6.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3659vip6.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:34:35 GMT
Content-Type: image/png
Content-Length: 26500
Connection: keep-alive
Last-Modified: Tue, 30 Nov 2021 08:28:44 GMT
ETag: "61a5e0bc-6784"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:34:35 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-133
Accept-Ranges: bytes

3659vip6.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_65_5003.png

43.198.190.53

200 OK

21 kB

URL GET HTTP/1.1
3659vip6.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_65_5003.png
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://3659vip6.com:8989/
Certificate
IssuerLet's Encrypt
Subject3659vip6.com
Fingerprint0A:87:4F:14:C3:10:2A:06:6E:19:04:99:A1:38:A0:CD:46:81:DB:53
ValidityWed, 06 Sep 2023 15:16:47 GMT - Tue, 05 Dec 2023 15:16:46 GMT

File type
PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Size
21 kB (21009 bytes)
Hash
a03861df13ee208fcb22c604bc412484
9d5925012e3eb16bb86bbe0b0febd3941847172d
a9a4c50c7e2f04fcfdf467f4b3a6697a2a359c84000b8e38c1b5e3ab3115ab8d

HTTP Headers

GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_65_5003.png HTTP/1.1
Host: 3659vip6.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3659vip6.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:34:35 GMT
Content-Type: image/png
Content-Length: 21009
Connection: keep-alive
Last-Modified: Fri, 09 Aug 2019 09:47:47 GMT
ETag: "5d4d4143-5211"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:34:35 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-133
Accept-Ranges: bytes

3659vip6.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_60_31008.png

43.198.190.53

200 OK

20 kB

URL GET HTTP/1.1
3659vip6.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_60_31008.png
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://3659vip6.com:8989/
Certificate
IssuerLet's Encrypt
Subject3659vip6.com
Fingerprint0A:87:4F:14:C3:10:2A:06:6E:19:04:99:A1:38:A0:CD:46:81:DB:53
ValidityWed, 06 Sep 2023 15:16:47 GMT - Tue, 05 Dec 2023 15:16:46 GMT

File type
PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Size
20 kB (20172 bytes)
Hash
37070ea9397e4c9bfa4c6fa5e499de59
fd2237d48600d3a6acba5c8982c1d594962418d4
f3d50d3f597d6a23e42d069971e80a14851d7c996bbce674ed591c6e87b64bda

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_60_31008.png HTTP/1.1
Host: 3659vip6.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3659vip6.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:34:35 GMT
Content-Type: image/png
Content-Length: 20172
Connection: keep-alive
Last-Modified: Wed, 10 May 2023 06:20:23 GMT
ETag: "645b37a7-4ecc"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:34:35 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-133
Accept-Ranges: bytes

3659vip6.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_60_31006.png

43.198.190.53

200 OK

20 kB

URL GET HTTP/1.1
3659vip6.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_60_31006.png
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://3659vip6.com:8989/
Certificate
IssuerLet's Encrypt
Subject3659vip6.com
Fingerprint0A:87:4F:14:C3:10:2A:06:6E:19:04:99:A1:38:A0:CD:46:81:DB:53
ValidityWed, 06 Sep 2023 15:16:47 GMT - Tue, 05 Dec 2023 15:16:46 GMT

File type
PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Size
20 kB (19766 bytes)
Hash
a678f783e25a467193ee4fa0252d5bf4
ffadbf4388ce2dc312c720e75f9b9d73c05e93cd
1421dad09cedb4c186e8b4ac1cc027955d52a9d268b29144d3d8f0d60d5ed075

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_60_31006.png HTTP/1.1
Host: 3659vip6.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3659vip6.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:34:35 GMT
Content-Type: image/png
Content-Length: 19766
Connection: keep-alive
Last-Modified: Wed, 10 May 2023 06:20:23 GMT
ETag: "645b37a7-4d36"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:34:35 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-133
Accept-Ranges: bytes

3659vip6.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_60_7006.png

43.198.190.53

200 OK

20 kB

URL GET HTTP/1.1
3659vip6.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_60_7006.png
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://3659vip6.com:8989/
Certificate
IssuerLet's Encrypt
Subject3659vip6.com
Fingerprint0A:87:4F:14:C3:10:2A:06:6E:19:04:99:A1:38:A0:CD:46:81:DB:53
ValidityWed, 06 Sep 2023 15:16:47 GMT - Tue, 05 Dec 2023 15:16:46 GMT

File type
PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Size
20 kB (20484 bytes)
Hash
7facd57d474585a0c9e3b2b6d4762969
814362f72beba19c7dfb93b8d2bc760f87a2a00e
3bf01b8e569dbd7060d7dcb2222e7e3ebc9e42f715535df2315c877fed9046bd

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_60_7006.png HTTP/1.1
Host: 3659vip6.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3659vip6.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:34:35 GMT
Content-Type: image/png
Content-Length: 20484
Connection: keep-alive
Last-Modified: Sat, 11 Sep 2021 09:11:25 GMT
ETag: "613c72bd-5004"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:34:35 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-133
Accept-Ranges: bytes

3659vip6.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_65_5008.png

43.198.190.53

404 Not Found

150 B

URL GET HTTP/1.1
3659vip6.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_65_5008.png
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://3659vip6.com:8989/
Certificate
IssuerLet's Encrypt
Subject3659vip6.com
Fingerprint0A:87:4F:14:C3:10:2A:06:6E:19:04:99:A1:38:A0:CD:46:81:DB:53
ValidityWed, 06 Sep 2023 15:16:47 GMT - Tue, 05 Dec 2023 15:16:46 GMT

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
150 B (150 bytes)
Hash
597ba0d4396e9c906225140ce907092c
28ae2ba65ccdb583d79f85b8cc9509fae697493b
ee1a27178227546d3dcc49e611a6d72e4f1c30080ee4493ae4085b58a49e28e6

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_65_5008.png HTTP/1.1
Host: 3659vip6.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3659vip6.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Date: Tue, 03 Oct 2023 13:34:35 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 150
Connection: keep-alive
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN

3659vip6.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_65_5011.png

43.198.190.53

200 OK

23 kB

URL GET HTTP/1.1
3659vip6.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_65_5011.png
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://3659vip6.com:8989/
Certificate
IssuerLet's Encrypt
Subject3659vip6.com
Fingerprint0A:87:4F:14:C3:10:2A:06:6E:19:04:99:A1:38:A0:CD:46:81:DB:53
ValidityWed, 06 Sep 2023 15:16:47 GMT - Tue, 05 Dec 2023 15:16:46 GMT

File type
PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Size
23 kB (23076 bytes)
Hash
2ae6a25328f92bbd4f06bf83f0d64a34
a182c94addc49f545829566f4f87e7cdf5a2b16a
92d81aa551c89d28170300c1d6ae6e5795e33ac101988de54570fae720fa15c9

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_65_5011.png HTTP/1.1
Host: 3659vip6.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3659vip6.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:34:35 GMT
Content-Type: image/png
Content-Length: 23076
Connection: keep-alive
Last-Modified: Mon, 15 May 2023 01:55:35 GMT
ETag: "64619117-5a24"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:34:35 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-133
Accept-Ranges: bytes

3659vip6.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_88_b8rzo7uzqt4sw.png

43.198.190.53

200 OK

24 kB

URL GET HTTP/1.1
3659vip6.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_88_b8rzo7uzqt4sw.png
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://3659vip6.com:8989/
Certificate
IssuerLet's Encrypt
Subject3659vip6.com
Fingerprint0A:87:4F:14:C3:10:2A:06:6E:19:04:99:A1:38:A0:CD:46:81:DB:53
ValidityWed, 06 Sep 2023 15:16:47 GMT - Tue, 05 Dec 2023 15:16:46 GMT

File type
PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Size
24 kB (23806 bytes)
Hash
d7c26fb9503ab2caf040730495a59f32
06f8414b2709fac132dd2b3071843a86ab745b51
8d437af3cea1d4efc2bf19c763c17c3487f9a76db3a287a975a18f90dffea630

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_88_b8rzo7uzqt4sw.png HTTP/1.1
Host: 3659vip6.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3659vip6.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:34:35 GMT
Content-Type: image/png
Content-Length: 23806
Connection: keep-alive
Last-Modified: Sat, 11 Sep 2021 09:11:25 GMT
ETag: "613c72bd-5cfe"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:34:35 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-133
Accept-Ranges: bytes

3659vip6.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_65_5007.png

43.198.190.53

200 OK

22 kB

URL GET HTTP/1.1
3659vip6.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_65_5007.png
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://3659vip6.com:8989/
Certificate
IssuerLet's Encrypt
Subject3659vip6.com
Fingerprint0A:87:4F:14:C3:10:2A:06:6E:19:04:99:A1:38:A0:CD:46:81:DB:53
ValidityWed, 06 Sep 2023 15:16:47 GMT - Tue, 05 Dec 2023 15:16:46 GMT

File type
PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Size
22 kB (21877 bytes)
Hash
feaff8384a2780bf50a660b657928245
eb492cee9a7d13b8114aa1c75c6db75742d7ef4a
ec33d957ba07daa21a098bc096b1c643ae64420e1924f0691b6b75fd4e8707f2

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_65_5007.png HTTP/1.1
Host: 3659vip6.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3659vip6.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:34:35 GMT
Content-Type: image/png
Content-Length: 21877
Connection: keep-alive
Last-Modified: Fri, 09 Aug 2019 09:47:47 GMT
ETag: "5d4d4143-5575"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:34:35 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-133
Accept-Ranges: bytes

3659vip6.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_65_5006.png

43.198.190.53

200 OK

20 kB

URL GET HTTP/1.1
3659vip6.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_65_5006.png
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://3659vip6.com:8989/
Certificate
IssuerLet's Encrypt
Subject3659vip6.com
Fingerprint0A:87:4F:14:C3:10:2A:06:6E:19:04:99:A1:38:A0:CD:46:81:DB:53
ValidityWed, 06 Sep 2023 15:16:47 GMT - Tue, 05 Dec 2023 15:16:46 GMT

File type
PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Size
20 kB (20434 bytes)
Hash
7769f6a35df5811fbe7fa97b2aea9a1c
2875a7cfef0a8a296374aba27f95a8a8d79b8acf
855a9b3bb8c24ca1ed6cbf42331ff6a243e03b1452d8c2d371df11d861f8712b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_65_5006.png HTTP/1.1
Host: 3659vip6.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3659vip6.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:34:35 GMT
Content-Type: image/png
Content-Length: 20434
Connection: keep-alive
Last-Modified: Fri, 09 Aug 2019 09:47:47 GMT
ETag: "5d4d4143-4fd2"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:34:35 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-133
Accept-Ranges: bytes

3659vip6.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_73_105.png

43.198.190.53

200 OK

102 kB

URL GET HTTP/1.1
3659vip6.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_73_105.png
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://3659vip6.com:8989/
Certificate
IssuerLet's Encrypt
Subject3659vip6.com
Fingerprint0A:87:4F:14:C3:10:2A:06:6E:19:04:99:A1:38:A0:CD:46:81:DB:53
ValidityWed, 06 Sep 2023 15:16:47 GMT - Tue, 05 Dec 2023 15:16:46 GMT

File type
PNG image data, 250 x 215, 8-bit/color RGBA, non-interlaced\012- data
Size
102 kB (102258 bytes)
Hash
8d9aba5a434311f951ac04421c7dc771
9e269ef70b1c650a4177aa6ca8f9b5c8d400be42
282aee25e5c5e665f12f0593297c59ef00dfcbb88b210b4bc9466ab4d0e14bea

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_73_105.png HTTP/1.1
Host: 3659vip6.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3659vip6.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:34:35 GMT
Content-Type: image/png
Content-Length: 102258
Connection: keep-alive
Last-Modified: Sat, 11 Sep 2021 09:11:25 GMT
ETag: "613c72bd-18f72"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:34:35 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-133
Accept-Ranges: bytes

3659vip6.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_90_at2_060.png

43.198.190.53

200 OK

26 kB

URL GET HTTP/1.1
3659vip6.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_90_at2_060.png
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://3659vip6.com:8989/
Certificate
IssuerLet's Encrypt
Subject3659vip6.com
Fingerprint0A:87:4F:14:C3:10:2A:06:6E:19:04:99:A1:38:A0:CD:46:81:DB:53
ValidityWed, 06 Sep 2023 15:16:47 GMT - Tue, 05 Dec 2023 15:16:46 GMT

File type
PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Size
26 kB (25785 bytes)
Hash
51de7c3b3b21d10f38a0c30ac5e4fd24
106f9a993385ff522dad2b37dbdb3c58f035ac20
9240329d37bd41d53a4f2864a255b9f9aef025474f2965130ed5668f10ee311e

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_90_at2_060.png HTTP/1.1
Host: 3659vip6.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3659vip6.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:34:36 GMT
Content-Type: image/png
Content-Length: 25785
Connection: keep-alive
Last-Modified: Fri, 07 Apr 2023 02:35:05 GMT
ETag: "642f8159-64b9"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:34:36 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-133
Accept-Ranges: bytes

3659vip6.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_65_5005.png

43.198.190.53

200 OK

22 kB

URL GET HTTP/1.1
3659vip6.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_65_5005.png
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://3659vip6.com:8989/
Certificate
IssuerLet's Encrypt
Subject3659vip6.com
Fingerprint0A:87:4F:14:C3:10:2A:06:6E:19:04:99:A1:38:A0:CD:46:81:DB:53
ValidityWed, 06 Sep 2023 15:16:47 GMT - Tue, 05 Dec 2023 15:16:46 GMT

File type
PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Size
22 kB (21850 bytes)
Hash
2acb631ee46633c2bb57645aa0062b24
7ebc60e9519805119574b600d0400278fb02ea7f
c026010b4e9ba86b7dd1670e242e42a1e4fec0547b7fecc3b37feddd0c21d46b

HTTP Headers

GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_65_5005.png HTTP/1.1
Host: 3659vip6.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3659vip6.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 03 Oct 2023 13:34:36 GMT
Content-Type: image/png
Content-Length: 21850
Connection: keep-alive
Last-Modified: Fri, 09 Aug 2019 09:47:47 GMT
ETag: "5d4d4143-555a"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 04 Oct 2023 13:34:36 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-133
Accept-Ranges: bytes

3659vip6.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_65_5009.png

43.198.190.53

404 Not Found

150 B

URL GET HTTP/1.1
3659vip6.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_65_5009.png
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://3659vip6.com:8989/
Certificate
IssuerLet's Encrypt
Subject3659vip6.com
Fingerprint0A:87:4F:14:C3:10:2A:06:6E:19:04:99:A1:38:A0:CD:46:81:DB:53
ValidityWed, 06 Sep 2023 15:16:47 GMT - Tue, 05 Dec 2023 15:16:46 GMT

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
150 B (150 bytes)
Hash
597ba0d4396e9c906225140ce907092c
28ae2ba65ccdb583d79f85b8cc9509fae697493b
ee1a27178227546d3dcc49e611a6d72e4f1c30080ee4493ae4085b58a49e28e6

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_65_5009.png HTTP/1.1
Host: 3659vip6.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3659vip6.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Date: Tue, 03 Oct 2023 13:34:36 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 150
Connection: keep-alive
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN

3dsa62.gaokejd.xyz/ftl/commonPage/images/favicon/favicon_141.png?wsSecret=afea3b03a07fa34659dda3cf6c01713e&wsTime=1696340071

104.250.33.35

200 OK

4.7 kB

URL GET HTTP/1.1
3dsa62.gaokejd.xyz/ftl/commonPage/images/favicon/favicon_141.png?wsSecret=afea3b03a07fa34659dda3cf6c01713e&wsTime=1696340071
IP
104.250.33.35:443
ASN
#137280 Kingsoft cloud corporation limited

Requested by
https://3659vip6.com:8989/
Certificate
IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT

File type
PNG image data, 64 x 64, 8-bit/color RGB, non-interlaced\012- data
Size
4.7 kB (4704 bytes)
Hash
834417d344a1bd995c78df66fe45edbd
79a5cd12dc1bf06043f38349e6dd492e58144a01
736b8041b08f7ec7a5f5a8e8d4d857dc58f1f03d4e2b6f738a2f1c9ae3892bbb

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/commonPage/images/favicon/favicon_141.png?wsSecret=afea3b03a07fa34659dda3cf6c01713e&wsTime=1696340071 HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3659vip6.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 4704
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-06
ETag: "6311d300-1260"
Date: Thu, 28 Sep 2023 08:10:46 GMT
Last-Modified: Fri, 02 Sep 2022 09:55:12 GMT
Expires: Sat, 28 Oct 2023 08:10:46 GMT
Age: 451430
Cache-Control: max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg03:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-06, HIT from KS-CLOUD-XG-03-03
X-Cdn-Request-ID: 247ce0c3622aee725173ea07695874ff

786ad.239tgaaagf.com/campaign.ashx?siteId=65000584&campaignId=10b42444-f030-4724-9472-c5b49997c716&lastUpdateTime=000000000B173E4B

75.2.42.240

200 OK

14 kB

URL GET HTTP/2
786ad.239tgaaagf.com/campaign.ashx?siteId=65000584&campaignId=10b42444-f030-4724-9472-c5b49997c716&lastUpdateTime=000000000B173E4B
IP
75.2.42.240:443
ASN
#16509 AMAZON-02

Requested by
https://3659vip6.com:8989/
Certificate
IssuerAmazon
Subject*.livehelp100service.com
Fingerprint30:5B:92:F8:D3:3F:D6:BC:AB:CB:92:F8:DB:62:DE:57:A3:32:FC:AC
ValidityFri, 11 Aug 2023 00:00:00 GMT - Sun, 08 Sep 2024 23:59:59 GMT

File type

Size
14 kB (13465 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /campaign.ashx?siteId=65000584&campaignId=10b42444-f030-4724-9472-c5b49997c716&lastUpdateTime=000000000B173E4B HTTP/1.1
Host: 786ad.239tgaaagf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://3659vip6.com:8989
DNT: 1
Connection: keep-alive
Referer: https://3659vip6.com:8989/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 03 Oct 2023 13:34:34 GMT
content-type: text/json
server: nginx
access-control-allow-origin: *
cache-control: max-age=31536000
arrserver: chatserver2
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-security-policy: default-src 'self'
referrer-policy: no-referrer
X-Firefox-Spdy: h2

786ad.239tgaaagf.com/visitor.ashx?siteId=65000584

75.2.42.240

200 OK

1.4 kB

URL POST HTTP/2
786ad.239tgaaagf.com/visitor.ashx?siteId=65000584
IP
75.2.42.240:443
ASN
#16509 AMAZON-02

Requested by
https://3659vip6.com:8989/
Certificate
IssuerAmazon
Subject*.livehelp100service.com
Fingerprint30:5B:92:F8:D3:3F:D6:BC:AB:CB:92:F8:DB:62:DE:57:A3:32:FC:AC
ValidityFri, 11 Aug 2023 00:00:00 GMT - Sun, 08 Sep 2024 23:59:59 GMT

File type
Unicode text, UTF-8 text, with very long lines (1460), with no line terminators
Size
1.4 kB (1388 bytes)
Hash
0486cf13509e86e357aaf2754969b5ae
e4dc7a5e19ce8a2ad7765a7ed749ec8e3784de17
935d9a9847c530ae10ff550a45ff39b02a05df4c6f8c86612ae6b774f3b448bb

HTTP Headers

POST /visitor.ashx?siteId=65000584 HTTP/1.1
Host: 786ad.239tgaaagf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1339
Origin: https://3659vip6.com:8989
DNT: 1
Connection: keep-alive
Referer: https://3659vip6.com:8989/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 03 Oct 2023 13:34:34 GMT
content-type: text/json
server: nginx
access-control-allow-credentials: true
access-control-allow-origin: https://3659vip6.com:8989
set-cookie: visitorGuid_65000584=0dd49816-4953-4b4d-b444-1050a2dbe52f; expires=Mon, 03 Feb 3023 13:34:34 GMT; path=/; secure; samesite=none
arrserver: chatserver2
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-security-policy: default-src 'self'
referrer-policy: no-referrer
X-Firefox-Spdy: h2

786ad.239tgaaagf.com/visitor.ashx?siteId=65000584

75.2.42.240

200 OK

1.3 kB

URL POST HTTP/2
786ad.239tgaaagf.com/visitor.ashx?siteId=65000584
IP
75.2.42.240:443
ASN
#16509 AMAZON-02

Requested by
https://3659vip6.com:8989/
Certificate
IssuerAmazon
Subject*.livehelp100service.com
Fingerprint30:5B:92:F8:D3:3F:D6:BC:AB:CB:92:F8:DB:62:DE:57:A3:32:FC:AC
ValidityFri, 11 Aug 2023 00:00:00 GMT - Sun, 08 Sep 2024 23:59:59 GMT

File type
HTML document, ASCII text, with very long lines (1405), with no line terminators
Size
1.3 kB (1271 bytes)
Hash
07aec707a9be30fd34d401b0980c1053
52bc9d27748972e500b931f87fe131a320ed3d96
dc29cc96fb32ffa7aeb5dcb290da778d4d253d04abc42e8f11ab98ad403399d2

HTTP Headers

POST /visitor.ashx?siteId=65000584 HTTP/1.1
Host: 786ad.239tgaaagf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 69
Origin: https://3659vip6.com:8989
DNT: 1
Connection: keep-alive
Referer: https://3659vip6.com:8989/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 03 Oct 2023 13:34:34 GMT
content-type: text/json
server: nginx
access-control-allow-credentials: true
access-control-allow-origin: https://3659vip6.com:8989
arrserver: chatserver2
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-security-policy: default-src 'self'
referrer-policy: no-referrer
X-Firefox-Spdy: h2

vue.livehelp100service.com/visitorside/js/vendor.23e85dcd.js

143.204.55.81

200 OK

74 kB

URL GET HTTP/2
vue.livehelp100service.com/visitorside/js/vendor.23e85dcd.js
IP
143.204.55.81:443
ASN
#16509 AMAZON-02

Requested by
https://3659vip6.com:8989/
Certificate
IssuerAmazon
Subject*.livehelp100service.com
Fingerprint64:45:EC:14:03:13:80:70:27:C3:0D:CA:0D:28:F6:FA:05:0E:D3:D0
ValidityTue, 15 Aug 2023 00:00:00 GMT - Thu, 12 Sep 2024 23:59:59 GMT

File type

Size
74 kB (73933 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /visitorside/js/vendor.23e85dcd.js HTTP/1.1
Host: vue.livehelp100service.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://3659vip6.com:8989
DNT: 1
Connection: keep-alive
Referer: https://3659vip6.com:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript
date: Tue, 03 Oct 2023 02:20:19 GMT
server: nginx/1.22.1
last-modified: Wed, 20 Sep 2023 11:00:35 GMT
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
access-control-expose-headers: Content-Length,Content-Range
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: br
etag: W/"650ad0d3-120cd"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 501ad2910f631f0520a6d389d6f053e8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: CAT88NTPFvlP6ka6TxDqRFhfPEQ9ACoeMN9z_bSpNF0tbFEWsGBtKA==
age: 40452
X-Firefox-Spdy: h2

vue.livehelp100service.com/visitorside/js/bundle.43270ed0.js

143.204.55.81

200 OK

542 kB

URL GET HTTP/2
vue.livehelp100service.com/visitorside/js/bundle.43270ed0.js
IP
143.204.55.81:443
ASN
#16509 AMAZON-02

Requested by
https://3659vip6.com:8989/
Certificate
IssuerAmazon
Subject*.livehelp100service.com
Fingerprint64:45:EC:14:03:13:80:70:27:C3:0D:CA:0D:28:F6:FA:05:0E:D3:D0
ValidityTue, 15 Aug 2023 00:00:00 GMT - Thu, 12 Sep 2024 23:59:59 GMT

File type

Size
542 kB (541868 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /visitorside/js/bundle.43270ed0.js HTTP/1.1
Host: vue.livehelp100service.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://3659vip6.com:8989
DNT: 1
Connection: keep-alive
Referer: https://3659vip6.com:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript
date: Tue, 03 Oct 2023 02:22:30 GMT
server: nginx/1.22.1
last-modified: Wed, 20 Sep 2023 11:00:34 GMT
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
access-control-expose-headers: Content-Length,Content-Range
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: br
etag: W/"650ad0d2-844ac"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 501ad2910f631f0520a6d389d6f053e8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: OCjtBqKJfbHP5TJYOF3Hng9oYY7jQHUcTsD34Pc9tsOZKU796MD37g==
age: 40322
X-Firefox-Spdy: h2

vue.livehelp100service.com/livechat.ashx?siteId=65000584

143.204.55.81

200 OK

1.9 kB

URL GET HTTP/2
vue.livehelp100service.com/livechat.ashx?siteId=65000584
IP
143.204.55.81:443
ASN
#16509 AMAZON-02

Requested by
https://3659vip6.com:8989/
Certificate
IssuerAmazon
Subject*.livehelp100service.com
Fingerprint64:45:EC:14:03:13:80:70:27:C3:0D:CA:0D:28:F6:FA:05:0E:D3:D0
ValidityTue, 15 Aug 2023 00:00:00 GMT - Thu, 12 Sep 2024 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2045), with no line terminators
Size
1.9 kB (1855 bytes)
Hash
5b633e2af4f4d8d5d24a6cf843c0cafd
df50fd4c9cd113b803384174d0f738a8b6be400b
a8313f20124cadd528d8d5320f34695304ead51490241ae87595a5afbd9aaafb

HTTP Headers

GET /livechat.ashx?siteId=65000584 HTTP/1.1
Host: vue.livehelp100service.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3659vip6.com:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/x-javascript; charset=utf-8
date: Tue, 03 Oct 2023 02:30:45 GMT
server: Kestrel
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 f46f7100ad6fc83a021f62212f945830.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: xRIdkPMWsH40OzJaNNVl-cDo3lKa2yPRW7nVznxm3Ca2oVsDYJZ4xg==
age: 39825
X-Firefox-Spdy: h2

vue.livehelp100service.com/visitorside/js/common.80370cb8.js

143.204.55.81

200 OK

67 kB

URL GET HTTP/2
vue.livehelp100service.com/visitorside/js/common.80370cb8.js
IP
143.204.55.81:443
ASN
#16509 AMAZON-02

Requested by
https://3659vip6.com:8989/
Certificate
IssuerAmazon
Subject*.livehelp100service.com
Fingerprint64:45:EC:14:03:13:80:70:27:C3:0D:CA:0D:28:F6:FA:05:0E:D3:D0
ValidityTue, 15 Aug 2023 00:00:00 GMT - Thu, 12 Sep 2024 23:59:59 GMT

File type

Size
67 kB (66676 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /visitorside/js/common.80370cb8.js HTTP/1.1
Host: vue.livehelp100service.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://3659vip6.com:8989
DNT: 1
Connection: keep-alive
Referer: https://3659vip6.com:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript
date: Tue, 03 Oct 2023 02:20:18 GMT
server: nginx/1.22.1
last-modified: Wed, 20 Sep 2023 11:00:35 GMT
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
access-control-expose-headers: Content-Length,Content-Range
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: br
etag: W/"650ad0d3-10474"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 501ad2910f631f0520a6d389d6f053e8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 3_g86zdrDLRdnN3g0YYwBx69aY8l3ZtOUqmlO_vGC-tNoH97siIvPw==
age: 40453
X-Firefox-Spdy: h2

vue.livehelp100service.com/visitorside/js/Button.fa84d0c8.js

143.204.55.81

200 OK

9.7 kB

URL GET HTTP/2
vue.livehelp100service.com/visitorside/js/Button.fa84d0c8.js
IP
143.204.55.81:443
ASN
#16509 AMAZON-02

Requested by
https://3659vip6.com:8989/
Certificate
IssuerAmazon
Subject*.livehelp100service.com
Fingerprint64:45:EC:14:03:13:80:70:27:C3:0D:CA:0D:28:F6:FA:05:0E:D3:D0
ValidityTue, 15 Aug 2023 00:00:00 GMT - Thu, 12 Sep 2024 23:59:59 GMT

File type
ASCII text, with very long lines (9846), with no line terminators
Size
9.7 kB (9677 bytes)
Hash
f4b75a65708568ed20cb1c0c5ff526b5
fcc8b2cc155327433213703a0b3ce4a564b2dd45
95e6c40191a50b016b493df94625397c9766dccc6ae7b5b0d5e051663916a61b

HTTP Headers

GET /visitorside/js/Button.fa84d0c8.js HTTP/1.1
Host: vue.livehelp100service.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://3659vip6.com:8989
DNT: 1
Connection: keep-alive
Referer: https://vue.livehelp100service.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript
date: Tue, 03 Oct 2023 02:21:03 GMT
server: nginx/1.22.1
last-modified: Wed, 20 Sep 2023 11:00:34 GMT
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
access-control-expose-headers: Content-Length,Content-Range
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: br
etag: W/"650ad0d2-25cd"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 501ad2910f631f0520a6d389d6f053e8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: VQTpLgra8QENnzM-Ooul--fe0smqbMO1iM3doYS4n-xQgJvpoLTEgw==
age: 40412
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (49)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by