Report - www.bet988n.com/

Report Overview

Submitted URL
www.bet988n.com/
IP
103.116.132.7
ASN
#133448 Korea
Submitted
2024-04-25 03:37:48
Access
public
Website Title
welcome-bet365
Final URL
www.bet988n.com/home
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
170

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
www.bet988n.com	unknown	2021-04-15	2021-04-15	2023-07-25	18 kB	2.0 MB	103.116.132.7
xss-1.oigngns6zvx3.com	unknown	2022-09-03	2023-09-02	2024-04-17	2.3 kB	1.3 MB	20.255.26.14
xss-n1.q11heb456yjr435trtyjg234f.com	unknown	2023-09-05	2024-04-10	2024-04-17	479 B	668 B	0.0.0.0

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2024-03-15	medium	www.bet988n.com/	Bet365
2024-03-15	medium	www.bet988n.com/	Bet365
2024-03-15	medium	www.bet988n.com/	Bet365
2024-03-15	medium	www.bet988n.com/	Bet365
2024-03-15	medium	www.bet988n.com/	Bet365
2024-03-15	medium	www.bet988n.com/	Bet365
2024-03-15	medium	www.bet988n.com/	Bet365
2024-03-15	medium	www.bet988n.com/	Bet365
2024-03-15	medium	www.bet988n.com/	Bet365
2024-03-15	medium	www.bet988n.com/	Bet365
2024-03-15	medium	www.bet988n.com/	Bet365
2024-03-15	medium	www.bet988n.com/	Bet365
2024-03-15	medium	www.bet988n.com/	Bet365
2024-03-15	medium	www.bet988n.com/	Bet365
2024-03-15	medium	www.bet988n.com/	Bet365
2024-03-15	medium	www.bet988n.com/	Bet365
2024-03-15	medium	www.bet988n.com/	Bet365
2024-03-15	medium	www.bet988n.com/	Bet365
2024-03-15	medium	www.bet988n.com/	Bet365
2024-03-15	medium	www.bet988n.com/	Bet365
2024-03-15	medium	www.bet988n.com/	Bet365
2024-03-15	medium	www.bet988n.com/	Bet365
2024-03-15	medium	www.bet988n.com/	Bet365
2024-03-15	medium	www.bet988n.com/	Bet365
2024-03-15	medium	www.bet988n.com/	Bet365
2024-03-15	medium	www.bet988n.com/	Bet365
2024-03-15	medium	www.bet988n.com/	Bet365
2024-03-15	medium	www.bet988n.com/	Bet365
2024-03-15	medium	www.bet988n.com/	Bet365
2024-03-15	medium	www.bet988n.com/	Bet365
2024-03-15	medium	www.bet988n.com/	Bet365
2024-03-15	medium	www.bet988n.com/	Bet365
2024-03-15	medium	www.bet988n.com/	Bet365
2024-03-15	medium	www.bet988n.com/	Bet365
2024-03-15	medium	www.bet988n.com/	Bet365
2024-03-15	medium	www.bet988n.com/	Bet365
2024-03-15	medium	www.bet988n.com/	Bet365
2024-03-15	medium	www.bet988n.com/	Bet365
2024-03-15	medium	www.bet988n.com/	Bet365
2024-03-15	medium	www.bet988n.com/	Bet365
2024-03-15	medium	www.bet988n.com/	Bet365

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-04-25	medium	bet988n.com	Sinkholed
2024-04-25	medium	bet988n.com	Sinkholed
2024-04-25	medium	bet988n.com	Sinkholed
2024-04-25	medium	bet988n.com	Sinkholed
2024-04-25	medium	bet988n.com	Sinkholed
2024-04-25	medium	bet988n.com	Sinkholed
2024-04-25	medium	bet988n.com	Sinkholed
2024-04-25	medium	bet988n.com	Sinkholed
2024-04-25	medium	bet988n.com	Sinkholed
2024-04-25	medium	bet988n.com	Sinkholed
2024-04-25	medium	bet988n.com	Sinkholed
2024-04-25	medium	bet988n.com	Sinkholed
2024-04-25	medium	bet988n.com	Sinkholed
2024-04-25	medium	bet988n.com	Sinkholed
2024-04-25	medium	bet988n.com	Sinkholed
2024-04-25	medium	bet988n.com	Sinkholed
2024-04-25	medium	bet988n.com	Sinkholed
2024-04-25	medium	bet988n.com	Sinkholed
2024-04-25	medium	bet988n.com	Sinkholed
2024-04-25	medium	bet988n.com	Sinkholed
2024-04-25	medium	bet988n.com	Sinkholed
2024-04-25	medium	bet988n.com	Sinkholed
2024-04-25	medium	bet988n.com	Sinkholed
2024-04-25	medium	bet988n.com	Sinkholed
2024-04-25	medium	bet988n.com	Sinkholed
2024-04-25	medium	bet988n.com	Sinkholed
2024-04-25	medium	bet988n.com	Sinkholed
2024-04-25	medium	bet988n.com	Sinkholed
2024-04-25	medium	bet988n.com	Sinkholed
2024-04-25	medium	bet988n.com	Sinkholed
2024-04-25	medium	bet988n.com	Sinkholed
2024-04-25	medium	bet988n.com	Sinkholed
2024-04-25	medium	bet988n.com	Sinkholed
2024-04-25	medium	bet988n.com	Sinkholed
2024-04-25	medium	bet988n.com	Sinkholed
2024-04-25	medium	bet988n.com	Sinkholed
2024-04-25	medium	bet988n.com	Sinkholed
2024-04-25	medium	bet988n.com	Sinkholed
2024-04-25	medium	bet988n.com	Sinkholed
2024-04-25	medium	bet988n.com	Sinkholed
2024-04-25	medium	bet988n.com	Sinkholed
2024-04-25	medium	bet988n.com	Sinkholed
2024-04-25	medium	bet988n.com	Sinkholed
2024-04-25	medium	q11heb456yjr435trtyjg234f.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (14)

	URL	Size	First Seen	Last Seen
	www.bet988n.com/js/chunk-common.cd5c75c7.js	67 kB	2024-03-15	2024-04-30
Pretty URL www.bet988n.com/js/chunk-common.cd5c75c7.js IP 103.116.132.7 ASN #133448 Korea Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-15 16:48:41 Last Seen2024-04-30 20:11:01 Times Seen54 Hash 84105330b1c5d7b38de9b17254ede531 2b1c3d2b1d0213989f18303da668cfcc27b99fe4 117569e6233102c3525ddf518f10b5c9abb6ca5968e894147a543c9857249a31 Loading...

	www.bet988n.com/js/88495.59166de1.js	10 kB	2023-09-22	2024-04-30
Pretty URL www.bet988n.com/js/88495.59166de1.js IP 103.116.132.7 ASN #133448 Korea Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-22 01:49:40 Last Seen2024-04-30 07:48:12 Times Seen347 Hash 411411116054a70076fc13c17ed4106f 47914cbe8df6fa96044428d756be975db9dbf8b7 4201e7ef0e008277d04b557ee22d26529d309eb05236d60b3fccc0020961ef0d Loading...

	www.bet988n.com/js/index.fef83566.js	2.9 MB	2024-03-15	2024-04-30
Pretty URL www.bet988n.com/js/index.fef83566.js IP 103.116.132.7 ASN #133448 Korea Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-15 16:48:41 Last Seen2024-04-30 07:48:11 Times Seen28 Hash 2ab4311b89b9351e8e679c7949c5eedb 7ea31206927ad9b0e61ee2c44a0243dfd1e72d15 5c387503a17599715bd11f72062116d459c511fdee7c09795f5287fb4678f20d Loading...

	www.bet988n.com/	0 B	2023-03-07	2024-05-04
Pretty URL www.bet988n.com/ IP 103.116.132.7 ASN #133448 Korea Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-04 10:25:20 Times Seen37333632 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	www.bet988n.com/js/chunk-vendors.2dca9ac0.js	1.3 MB	2023-12-16	2024-04-30
Pretty URL www.bet988n.com/js/chunk-vendors.2dca9ac0.js IP 103.116.132.7 ASN #133448 Korea Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-16 14:58:39 Last Seen2024-04-30 20:11:00 Times Seen95 Hash 99c8d8de226591bbaf0c6938d9f0d623 fca48da4c3bb60b5d95ef288c8121b9a2f7dc07c 39eeb64a6f2cb89f0914b73ae628e7b803b4269d89521442ca65846fbd3fe263 Loading...

	www.bet988n.com/	0 B	2023-03-07	2024-05-04
Pretty URL www.bet988n.com/ IP 103.116.132.7 ASN #133448 Korea Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-04 10:25:20 Times Seen37333632 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	www.bet988n.com/	0 B	2023-03-07	2024-05-04
Pretty URL www.bet988n.com/ IP 103.116.132.7 ASN #133448 Korea Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-04 10:25:20 Times Seen37333632 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	www.bet988n.com/	0 B	2023-03-07	2024-05-04
Pretty URL www.bet988n.com/ IP 103.116.132.7 ASN #133448 Korea Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-04 10:25:20 Times Seen37333632 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	www.bet988n.com/	0 B	2023-03-07	2024-05-04
Pretty URL www.bet988n.com/ IP 103.116.132.7 ASN #133448 Korea Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-04 10:25:20 Times Seen37333632 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	www.bet988n.com/	0 B	2023-03-07	2024-05-04
Pretty URL www.bet988n.com/ IP 103.116.132.7 ASN #133448 Korea Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-04 10:25:20 Times Seen37333632 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	www.bet988n.com/theme.config.f74d12ca.js	70 kB	2024-03-20	2024-04-30
Pretty URL www.bet988n.com/theme.config.f74d12ca.js IP 103.116.132.7 ASN #133448 Korea Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-20 05:40:16 Last Seen2024-04-30 20:11:00 Times Seen20 Hash 3c4ad6c54d3bad7870c788343967c872 0d5863b1c3c30c574c3d3f03484d9ffa99a0e3f0 6deec430370cd2a9ccd752f25e92e804ebdae3bed6427dedc802775e4f31167b Loading...

	www.bet988n.com/js/home.0dccd467.js	21 kB	2024-03-15	2024-04-30
Pretty URL www.bet988n.com/js/home.0dccd467.js IP 103.116.132.7 ASN #133448 Korea Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-15 16:48:40 Last Seen2024-04-30 07:48:11 Times Seen34 Hash 6d8c4e3f36878517ceb19550f6930653 f0257d30af1d92ba02d6ce0fe8259c58876cb589 4c2d211686886fce92094c5bc1d2ea162ea263435c596374fac00f44152ab4dc Loading...

	www.bet988n.com/js/70264.19320668.js	266 kB	2024-03-15	2024-04-30
Pretty URL www.bet988n.com/js/70264.19320668.js IP 103.116.132.7 ASN #133448 Korea Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-15 16:48:41 Last Seen2024-04-30 07:48:11 Times Seen34 Hash 0291f7a28b057483c685838b5128ab1f d1591ea2b1da3025596570130205ef81a7b45fc3 21810ce1938a70edc53b57669aac94461827baec7ec3c7580392177191ad7ce6 Loading...

	www.bet988n.com/config/initGeetest4.js	15 kB	2023-12-16	2024-04-30
Pretty URL www.bet988n.com/config/initGeetest4.js IP 103.116.132.7 ASN #133448 Korea Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-16 04:09:07 Last Seen2024-04-30 20:11:00 Times Seen103 Hash 4b773fe272ef2f3dc7c7e443cd8a0e98 8f81f38f03c362533ba34d119215bf83b7574ed1 9bb8b869af3ceacb9261dc2cb9165d2716b150bc35ba9da63dd23674fe0773b0 Loading...

HTTP Transactions (49)

URL IP Response Size

www.bet988n.com/

103.116.132.7

3.1 kB

URL User Request GET
www.bet988n.com/
IP
103.116.132.7:0
ASN
#133448 Korea

File type
HTML document, Unicode text, UTF-8 text, with very long lines (1502)
Size
3.1 kB (3112 bytes)
Hash
16e72de3d76d07db0a9be1a31f006cad
a5de926f33d06b64eb945d63d95a92dab47a2f7f
3b55121e0446269215911f3f3e9851984d805be41753d9d11148cba957aed92b

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Bet365
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: www.bet988n.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Thu, 25 Apr 2024 03:37:21 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
Content-Encoding: gzip

www.bet988n.com/config/initGeetest4.js

103.116.132.7

200 OK

4.6 kB

URL GET HTTP/1.1
www.bet988n.com/config/initGeetest4.js
IP
103.116.132.7:80
ASN
#133448 Korea

Requested by
http://www.bet988n.com/

File type
JavaScript source, Unicode text, UTF-8 text
Size
4.6 kB (4584 bytes)
Hash
4b773fe272ef2f3dc7c7e443cd8a0e98
8f81f38f03c362533ba34d119215bf83b7574ed1
9bb8b869af3ceacb9261dc2cb9165d2716b150bc35ba9da63dd23674fe0773b0

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Bet365
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /config/initGeetest4.js HTTP/1.1
Host: www.bet988n.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.bet988n.com/
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Thu, 25 Apr 2024 03:37:21 GMT
Content-Type: application/javascript
Last-Modified: Thu, 14 Mar 2024 06:46:14 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"65f29d36-3a06"
Access-Control-Allow-Origin: *
Content-Encoding: gzip

www.bet988n.com/theme.config.f74d12ca.js

103.116.132.7

200 OK

13 kB

URL GET HTTP/1.1
www.bet988n.com/theme.config.f74d12ca.js
IP
103.116.132.7:80
ASN
#133448 Korea

Requested by
http://www.bet988n.com/

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (42210)
Size
13 kB (13138 bytes)
Hash
3c4ad6c54d3bad7870c788343967c872
0d5863b1c3c30c574c3d3f03484d9ffa99a0e3f0
6deec430370cd2a9ccd752f25e92e804ebdae3bed6427dedc802775e4f31167b

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Bet365
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /theme.config.f74d12ca.js HTTP/1.1
Host: www.bet988n.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.bet988n.com/
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Thu, 25 Apr 2024 03:37:21 GMT
Content-Type: application/javascript
Last-Modified: Thu, 14 Mar 2024 06:46:13 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"65f29d35-10fab"
Access-Control-Allow-Origin: *
Content-Encoding: gzip

www.bet988n.com/css/index.c0bf09d2.css

103.116.132.7

200 OK

44 kB

URL GET HTTP/1.1
www.bet988n.com/css/index.c0bf09d2.css
IP
103.116.132.7:80
ASN
#133448 Korea

Requested by
http://www.bet988n.com/

File type
ASCII text, with very long lines (65536), with no line terminators
Size
44 kB (43841 bytes)
Hash
5de1c1377ed05612bb994b61d9d3a51e
b3568537b7e8c473b5a7b849004c944f5cd8b030
4732f77a59f3592cfd74499c123e5e3508afe73270d47e2d9c3c42c584453027

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Bet365
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/index.c0bf09d2.css HTTP/1.1
Host: www.bet988n.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.bet988n.com/
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Thu, 25 Apr 2024 03:37:21 GMT
Content-Type: text/css
Last-Modified: Thu, 14 Mar 2024 06:46:13 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"65f29d35-1e5d5"
Access-Control-Allow-Origin: *
Content-Encoding: gzip

www.bet988n.com/css/chunk-vendors.3988e803.css

103.116.132.7

200 OK

57 kB

URL GET HTTP/1.1
www.bet988n.com/css/chunk-vendors.3988e803.css
IP
103.116.132.7:80
ASN
#133448 Korea

Requested by
http://www.bet988n.com/

File type
ASCII text, with very long lines (65536), with no line terminators
Size
57 kB (57172 bytes)
Hash
ea6b99b1959c49331f60830e6afd1948
3bd835f074fedfeb9b48ac9d5484e06f4a55a088
e93ed24c95fa7fd3896c94fde44257b2cb32eb67736316f4e3d77283de9dd342

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Bet365
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/chunk-vendors.3988e803.css HTTP/1.1
Host: www.bet988n.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.bet988n.com/
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Thu, 25 Apr 2024 03:37:21 GMT
Content-Type: text/css
Last-Modified: Thu, 14 Mar 2024 06:46:14 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"65f29d36-4398b"
Access-Control-Allow-Origin: *
Content-Encoding: gzip

www.bet988n.com/js/chunk-vendors.2dca9ac0.js

103.116.132.7

200 OK

394 kB

URL GET HTTP/1.1
www.bet988n.com/js/chunk-vendors.2dca9ac0.js
IP
103.116.132.7:80
ASN
#133448 Korea

Requested by
http://www.bet988n.com/

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
394 kB (393541 bytes)
Hash
99c8d8de226591bbaf0c6938d9f0d623
fca48da4c3bb60b5d95ef288c8121b9a2f7dc07c
39eeb64a6f2cb89f0914b73ae628e7b803b4269d89521442ca65846fbd3fe263

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Bet365
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/chunk-vendors.2dca9ac0.js HTTP/1.1
Host: www.bet988n.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.bet988n.com/
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Thu, 25 Apr 2024 03:37:21 GMT
Content-Type: application/javascript
Last-Modified: Thu, 14 Mar 2024 06:46:14 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"65f29d36-13c1e9"
Access-Control-Allow-Origin: *
Content-Encoding: gzip

www.bet988n.com/js/index.fef83566.js

103.116.132.7

200 OK

880 kB

URL GET HTTP/1.1
www.bet988n.com/js/index.fef83566.js
IP
103.116.132.7:80
ASN
#133448 Korea

Requested by
http://www.bet988n.com/

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (64598), with no line terminators
Size
880 kB (880024 bytes)
Hash
2ab4311b89b9351e8e679c7949c5eedb
7ea31206927ad9b0e61ee2c44a0243dfd1e72d15
5c387503a17599715bd11f72062116d459c511fdee7c09795f5287fb4678f20d

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Bet365
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/index.fef83566.js HTTP/1.1
Host: www.bet988n.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.bet988n.com/
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Thu, 25 Apr 2024 03:37:21 GMT
Content-Type: application/javascript
Last-Modified: Thu, 14 Mar 2024 06:46:13 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"65f29d35-2cb901"
Access-Control-Allow-Origin: *
Content-Encoding: gzip

www.bet988n.com/css/chunk-common.4fa19f9b.css

103.116.132.7

200 OK

2.2 kB

URL GET HTTP/1.1
www.bet988n.com/css/chunk-common.4fa19f9b.css
IP
103.116.132.7:80
ASN
#133448 Korea

Requested by
http://www.bet988n.com/

File type
ASCII text, with very long lines (9557), with no line terminators
Size
2.2 kB (2208 bytes)
Hash
995b0aa100127e9fbd9a7e8e9483edbe
b88eda0d3acc4128a8993fd080214d703afe3766
7e87100cc4a78ba0950555507a80d77c54b663dceca7542fdaa734512d90cfa2

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Bet365
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/chunk-common.4fa19f9b.css HTTP/1.1
Host: www.bet988n.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.bet988n.com/
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Thu, 25 Apr 2024 03:37:23 GMT
Content-Type: text/css
Last-Modified: Thu, 14 Mar 2024 06:46:14 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"65f29d36-2555"
Access-Control-Allow-Origin: *
Content-Encoding: gzip

www.bet988n.com/js/chunk-common.cd5c75c7.js

103.116.132.7

200 OK

22 kB

URL GET HTTP/1.1
www.bet988n.com/js/chunk-common.cd5c75c7.js
IP
103.116.132.7:80
ASN
#133448 Korea

Requested by
http://www.bet988n.com/

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
22 kB (21831 bytes)
Hash
84105330b1c5d7b38de9b17254ede531
2b1c3d2b1d0213989f18303da668cfcc27b99fe4
117569e6233102c3525ddf518f10b5c9abb6ca5968e894147a543c9857249a31

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Bet365
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/chunk-common.cd5c75c7.js HTTP/1.1
Host: www.bet988n.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.bet988n.com/
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Thu, 25 Apr 2024 03:37:23 GMT
Content-Type: application/javascript
Last-Modified: Thu, 14 Mar 2024 06:46:14 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"65f29d36-1041b"
Access-Control-Allow-Origin: *
Content-Encoding: gzip

www.bet988n.com/js/88495.59166de1.js

103.116.132.7

200 OK

3.4 kB

URL GET HTTP/1.1
www.bet988n.com/js/88495.59166de1.js
IP
103.116.132.7:80
ASN
#133448 Korea

Requested by
http://www.bet988n.com/

File type
JavaScript source, ASCII text, with very long lines (10181)
Size
3.4 kB (3369 bytes)
Hash
411411116054a70076fc13c17ed4106f
47914cbe8df6fa96044428d756be975db9dbf8b7
4201e7ef0e008277d04b557ee22d26529d309eb05236d60b3fccc0020961ef0d

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Bet365
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/88495.59166de1.js HTTP/1.1
Host: www.bet988n.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.bet988n.com/
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Thu, 25 Apr 2024 03:37:23 GMT
Content-Type: application/javascript
Last-Modified: Thu, 14 Mar 2024 06:46:14 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"65f29d36-2913"
Access-Control-Allow-Origin: *
Content-Encoding: gzip

www.bet988n.com/css/70264.21c900e0.css

103.116.132.7

200 OK

12 kB

URL GET HTTP/1.1
www.bet988n.com/css/70264.21c900e0.css
IP
103.116.132.7:80
ASN
#133448 Korea

Requested by
http://www.bet988n.com/

File type
ASCII text, with very long lines (35541), with no line terminators
Size
12 kB (12364 bytes)
Hash
f5ff57a1ef461eecf4a8f2b5eb47f826
786102c75149953d5df3c2362fa3b3c3953b11f7
be3fd5df9d994d01cb0630d86f7e3434a9663264da346bf8a0fe46edf722a7b7

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Bet365
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/70264.21c900e0.css HTTP/1.1
Host: www.bet988n.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.bet988n.com/
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Thu, 25 Apr 2024 03:37:23 GMT
Content-Type: text/css
Last-Modified: Thu, 14 Mar 2024 06:46:14 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"65f29d36-8ad5"
Access-Control-Allow-Origin: *
Content-Encoding: gzip

www.bet988n.com/css/home.30c8378d.css

103.116.132.7

200 OK

5.1 kB

URL GET HTTP/1.1
www.bet988n.com/css/home.30c8378d.css
IP
103.116.132.7:80
ASN
#133448 Korea

Requested by
http://www.bet988n.com/

File type
ASCII text, with very long lines (16992), with no line terminators
Size
5.1 kB (5097 bytes)
Hash
49820786c2a011af30f35527eba5ab3b
0defd0cc987b0cb52590104d9b12b6858c736b14
61030359797749f96e8e8d6781706e7d958119b1108e831d2d127c0dbcc5e5be

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Bet365
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/home.30c8378d.css HTTP/1.1
Host: www.bet988n.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.bet988n.com/
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Thu, 25 Apr 2024 03:37:23 GMT
Content-Type: text/css
Last-Modified: Thu, 14 Mar 2024 06:46:14 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"65f29d36-4260"
Access-Control-Allow-Origin: *
Content-Encoding: gzip

www.bet988n.com/js/home.0dccd467.js

103.116.132.7

200 OK

8.1 kB

URL GET HTTP/1.1
www.bet988n.com/js/home.0dccd467.js
IP
103.116.132.7:80
ASN
#133448 Korea

Requested by
http://www.bet988n.com/

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (20115), with no line terminators
Size
8.1 kB (8102 bytes)
Hash
6d8c4e3f36878517ceb19550f6930653
f0257d30af1d92ba02d6ce0fe8259c58876cb589
4c2d211686886fce92094c5bc1d2ea162ea263435c596374fac00f44152ab4dc

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Bet365
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/home.0dccd467.js HTTP/1.1
Host: www.bet988n.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.bet988n.com/
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Thu, 25 Apr 2024 03:37:23 GMT
Content-Type: application/javascript
Last-Modified: Thu, 14 Mar 2024 06:46:14 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"65f29d36-505b"
Access-Control-Allow-Origin: *
Content-Encoding: gzip

www.bet988n.com/assets/logo/favicon.ico

103.116.132.7

200 OK

24 kB

URL GET HTTP/1.1
www.bet988n.com/assets/logo/favicon.ico
IP
103.116.132.7:80
ASN
#133448 Korea

Requested by
http://www.bet988n.com/

File type
PNG image data, 200 x 200, 8-bit/color RGBA, non-interlaced
Size
24 kB (23600 bytes)
Hash
915b77b545b2f06d111b1668dec5b9ec
5b64c1aa42b2a5c05a2b2a8e70bb2ea8f7938d9a
b8ae08911816fb9ab6348d3ee9b27a7f772ec47e5b6c61440fba815b85779f94

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Bet365
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/logo/favicon.ico HTTP/1.1
Host: www.bet988n.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.bet988n.com/
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Thu, 25 Apr 2024 03:37:24 GMT
Content-Type: image/x-icon
Content-Length: 23600
Last-Modified: Sat, 10 Feb 2024 15:31:13 GMT
Connection: keep-alive
ETag: "65c796c1-5c30"
Access-Control-Allow-Origin: *
Accept-Ranges: bytes

www.bet988n.com/assets/logo/favicon.ico

103.116.132.7

200 OK

24 kB

URL GET HTTP/1.1
www.bet988n.com/assets/logo/favicon.ico
IP
103.116.132.7:80
ASN
#133448 Korea

Requested by
http://www.bet988n.com/

File type
PNG image data, 200 x 200, 8-bit/color RGBA, non-interlaced
Size
24 kB (23600 bytes)
Hash
915b77b545b2f06d111b1668dec5b9ec
5b64c1aa42b2a5c05a2b2a8e70bb2ea8f7938d9a
b8ae08911816fb9ab6348d3ee9b27a7f772ec47e5b6c61440fba815b85779f94

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Bet365
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/logo/favicon.ico HTTP/1.1
Host: www.bet988n.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.bet988n.com/
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Thu, 25 Apr 2024 03:37:24 GMT
Content-Type: image/x-icon
Content-Length: 23600
Last-Modified: Sat, 10 Feb 2024 15:31:13 GMT
Connection: keep-alive
ETag: "65c796c1-5c30"
Access-Control-Allow-Origin: *
Accept-Ranges: bytes

www.bet988n.com/js/70264.19320668.js

103.116.132.7

200 OK

176 kB

URL GET HTTP/1.1
www.bet988n.com/js/70264.19320668.js
IP
103.116.132.7:80
ASN
#133448 Korea

Requested by
http://www.bet988n.com/

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (64990), with no line terminators
Size
176 kB (176322 bytes)
Hash
0291f7a28b057483c685838b5128ab1f
d1591ea2b1da3025596570130205ef81a7b45fc3
21810ce1938a70edc53b57669aac94461827baec7ec3c7580392177191ad7ce6

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Bet365
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/70264.19320668.js HTTP/1.1
Host: www.bet988n.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.bet988n.com/
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Thu, 25 Apr 2024 03:37:23 GMT
Content-Type: application/javascript
Last-Modified: Thu, 14 Mar 2024 06:46:14 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"65f29d36-41017"
Access-Control-Allow-Origin: *
Content-Encoding: gzip

www.bet988n.com/kc180-1/logo/logo.png.png?1710398585352

103.116.132.7

200 OK

18 kB

URL GET HTTP/1.1
www.bet988n.com/kc180-1/logo/logo.png.png?1710398585352
IP
103.116.132.7:80
ASN
#133448 Korea

Requested by
http://www.bet988n.com/

File type
PNG image data, 318 x 144, 8-bit/color RGBA, non-interlaced
Size
18 kB (18228 bytes)
Hash
e7cb5ee9f30672a53b2f7495d4e42630
a8203b11ccc37efcf91857b79be90ef8cbba66ba
288f049894425abb4adcf32e8a08fce507ce91f76a41ed8a80ea118712814bc3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /kc180-1/logo/logo.png.png?1710398585352 HTTP/1.1
Host: www.bet988n.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.bet988n.com/
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Thu, 25 Apr 2024 03:37:25 GMT
Content-Type: image/png
Last-Modified: Thu, 13 Jul 2023 03:56:10 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"64af75da-47d2"
Access-Control-Allow-Origin: *
Content-Encoding: gzip

www.bet988n.com/img/game01.85b388dd.png

103.116.132.7

200 OK

30 kB

URL GET HTTP/1.1
www.bet988n.com/img/game01.85b388dd.png
IP
103.116.132.7:80
ASN
#133448 Korea

Requested by
http://www.bet988n.com/

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=81, bps=0, PhotometricInterpretation=RGB, orientation=upper-left, width=271], baseline, precision 8, 270x81, components 3
Size
30 kB (30191 bytes)
Hash
abf180088cd18dbb8b8a87e947aa4285
b511424b6a88d4faf129e526340ac617caaeb11a
b136864ffef1cf1bca9a4106031e7f247fb62bb717db1a495c96c7d8b5b77da3

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Bet365
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/game01.85b388dd.png HTTP/1.1
Host: www.bet988n.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.bet988n.com/
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Thu, 25 Apr 2024 03:37:25 GMT
Content-Type: image/png
Last-Modified: Thu, 14 Mar 2024 06:46:14 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"65f29d36-9967"
Access-Control-Allow-Origin: *
Content-Encoding: gzip

www.bet988n.com/img/game03.212a12ef.png

103.116.132.7

200 OK

12 kB

URL GET HTTP/1.1
www.bet988n.com/img/game03.212a12ef.png
IP
103.116.132.7:80
ASN
#133448 Korea

Requested by
http://www.bet988n.com/

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 270x81, components 3
Size
12 kB (11854 bytes)
Hash
ed93aae29ca896964a86103b00f80f99
1880c553dc77b4effbb5d28ad72f93de1e550ec5
496f6b90ab41e0578054f60089032a0483247165dce969a83d70f4842496608a

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Bet365
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/game03.212a12ef.png HTTP/1.1
Host: www.bet988n.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.bet988n.com/
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Thu, 25 Apr 2024 03:37:25 GMT
Content-Type: image/png
Last-Modified: Thu, 14 Mar 2024 06:46:14 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"65f29d36-2e92"
Access-Control-Allow-Origin: *
Content-Encoding: gzip

www.bet988n.com/img/game02.4289a415.png

103.116.132.7

200 OK

24 kB

URL GET HTTP/1.1
www.bet988n.com/img/game02.4289a415.png
IP
103.116.132.7:80
ASN
#133448 Korea

Requested by
http://www.bet988n.com/

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=81, bps=0, PhotometricInterpretation=RGB, orientation=upper-left, width=271], progressive, precision 8, 270x81, components 3
Size
24 kB (24468 bytes)
Hash
3952e090ab928f5bc36747b275645f3c
37d155d25da1ece2eaa2adc5de9bccb2a524985b
dbddab3a290b16fc7b43e0a1093ffdec6a2ff91c104f9eff21df181a5336118c

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Bet365
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/game02.4289a415.png HTTP/1.1
Host: www.bet988n.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.bet988n.com/
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Thu, 25 Apr 2024 03:37:25 GMT
Content-Type: image/png
Last-Modified: Thu, 14 Mar 2024 06:46:14 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"65f29d36-7d87"
Access-Control-Allow-Origin: *
Content-Encoding: gzip

www.bet988n.com/img/rdao-l-2.f6c6cbaf.png

103.116.132.7

200 OK

13 kB

URL GET HTTP/1.1
www.bet988n.com/img/rdao-l-2.f6c6cbaf.png
IP
103.116.132.7:80
ASN
#133448 Korea

Requested by
http://www.bet988n.com/

File type
PNG image data, 147 x 57, 8-bit/color RGB, non-interlaced
Size
13 kB (12864 bytes)
Hash
75441b34f2b090890fb8271d36703609
9e2ecd7b86efc2ec2dd1a899344d7bb2e0a733f3
04fe7cf05d017591f89db653cd7b0326f1c4d81d578529c50791343d460169f1

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Bet365
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/rdao-l-2.f6c6cbaf.png HTTP/1.1
Host: www.bet988n.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.bet988n.com/
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Thu, 25 Apr 2024 03:37:25 GMT
Content-Type: image/png
Last-Modified: Thu, 14 Mar 2024 06:46:13 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"65f29d35-3323"
Access-Control-Allow-Origin: *
Content-Encoding: gzip

www.bet988n.com/img/rdao-l-3.5d2e2162.png

103.116.132.7

200 OK

12 kB

URL GET HTTP/1.1
www.bet988n.com/img/rdao-l-3.5d2e2162.png
IP
103.116.132.7:80
ASN
#133448 Korea

Requested by
http://www.bet988n.com/

File type
PNG image data, 147 x 57, 8-bit/color RGB, non-interlaced
Size
12 kB (12348 bytes)
Hash
2d59ff3b03c35665687729fb98ed5478
c4c4b17fbfb5849c5c95f063b87b6bf322a1b5ea
32f2a358d3f2a798ddf394ac652c3998349c366dd467df5234071c0548398770

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Bet365
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/rdao-l-3.5d2e2162.png HTTP/1.1
Host: www.bet988n.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.bet988n.com/
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Thu, 25 Apr 2024 03:37:25 GMT
Content-Type: image/png
Last-Modified: Thu, 14 Mar 2024 06:46:13 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"65f29d35-3120"
Access-Control-Allow-Origin: *
Content-Encoding: gzip

www.bet988n.com/img/rdao-l-4.d79bc746.png

103.116.132.7

200 OK

14 kB

URL GET HTTP/1.1
www.bet988n.com/img/rdao-l-4.d79bc746.png
IP
103.116.132.7:80
ASN
#133448 Korea

Requested by
http://www.bet988n.com/

File type
PNG image data, 147 x 70, 8-bit/color RGB, non-interlaced
Size
14 kB (13927 bytes)
Hash
408a47dbec9333221ee9937cf6513a0c
b87f2425f70c7d0f8af2c41a0d3db5b4ef96a146
a359740e674cfee1c6697c6cf4b6e1cc86de89d856d5601652aa5ce7c4b48203

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Bet365
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/rdao-l-4.d79bc746.png HTTP/1.1
Host: www.bet988n.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.bet988n.com/
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Thu, 25 Apr 2024 03:37:25 GMT
Content-Type: image/png
Last-Modified: Thu, 14 Mar 2024 06:46:13 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"65f29d35-374d"
Access-Control-Allow-Origin: *
Content-Encoding: gzip

www.bet988n.com/img/rdao-l-1.d6e3a425.png

103.116.132.7

200 OK

9.2 kB

URL GET HTTP/1.1
www.bet988n.com/img/rdao-l-1.d6e3a425.png
IP
103.116.132.7:80
ASN
#133448 Korea

Requested by
http://www.bet988n.com/

File type
PNG image data, 147 x 51, 8-bit/color RGB, non-interlaced
Size
9.2 kB (9204 bytes)
Hash
f3427cdef3e73f6a410bb3caaa15e5bf
87aee39268e60a3f9bef90e3629213e00c4ca3b1
9c8946d53d9bd3e9057491cc4e9ec38d1e0c06a15a8d350f9ee15738afc45b19

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Bet365
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/rdao-l-1.d6e3a425.png HTTP/1.1
Host: www.bet988n.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.bet988n.com/
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Thu, 25 Apr 2024 03:37:25 GMT
Content-Type: image/png
Last-Modified: Thu, 14 Mar 2024 06:46:13 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"65f29d35-24d3"
Access-Control-Allow-Origin: *
Content-Encoding: gzip

www.bet988n.com/img/float_left_contact.5e628ff1.png

103.116.132.7

200 OK

14 kB

URL GET HTTP/1.1
www.bet988n.com/img/float_left_contact.5e628ff1.png
IP
103.116.132.7:80
ASN
#133448 Korea

Requested by
http://www.bet988n.com/

File type
PNG image data, 50 x 247, 8-bit/color RGBA, non-interlaced
Size
14 kB (13812 bytes)
Hash
a9bc5bbecc55ef7980fc3cfd6c338657
7bddde2e742e74809dd2462c9e12f5748f4f22e6
968753c19b6dcbfd000fdfc85ab7a54aea63164a51f993583683e7eb6ec7a82b

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Bet365
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/float_left_contact.5e628ff1.png HTTP/1.1
Host: www.bet988n.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.bet988n.com/
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Thu, 25 Apr 2024 03:37:25 GMT
Content-Type: image/png
Last-Modified: Thu, 14 Mar 2024 06:46:13 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"65f29d35-36c1"
Access-Control-Allow-Origin: *
Content-Encoding: gzip

www.bet988n.com/api/config/system

103.116.132.7

200 OK

1.0 kB

URL GET HTTP/1.1
www.bet988n.com/api/config/system
IP
103.116.132.7:80
ASN
#133448 Korea

Requested by
http://www.bet988n.com/

File type
JSON text data
Size
1.0 kB (1021 bytes)
Hash
10ffef0bac6e5a9c6575d53d418fa606
86aae387de0d871d93e2111aa4533e80674ecc19
db9e8ed59913dd9bcbc259a0ff98ff2c56ce7144ff238ac048870903e8aba2ce

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Bet365
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /api/config/system HTTP/1.1
Host: www.bet988n.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.bet988n.com/
Xign: dJrlww43hhFeE3oKigaYxHkgf7dKyH2NJeMr3ZMMrHV5Wj66dx44bVTdyn32mpI6d3ant45KcmACHmG1vrpzK5Jm/Y0NsQS4IGW05aHdPL4UR9zWGQ8ebw0CkGYVUbqeR0Co8DC7sBhnAVwikbMf8hO+Y44e9SAEgidwItcSQwU=
timestamp: 1714016245154
sign: 3s773848536q5f5p
version: 5.2.3.0
client_type: web
device_id: daaFE82yeA7berpW2Wyh5SfMijn7AGQk
lang: zh-CN
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Thu, 25 Apr 2024 03:37:25 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Expires: 0
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
X-Protected-By: OpenRASP
X-XSS-Protection: 1; mode=block
X-Request-ID: 0fda96a471d74c9babe55ed83d1e3849
Pragma: no-cache
Vary: Accept-Encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers
X-Content-Type-Options: nosniff
Access-Control-Allow-Origin: *
Content-Encoding: gzip

www.bet988n.com/api/activity/list?type=0&isPopup=1&username=

103.116.132.7

200 OK

80 B

URL GET HTTP/1.1
www.bet988n.com/api/activity/list?type=0&isPopup=1&username=
IP
103.116.132.7:80
ASN
#133448 Korea

Requested by
http://www.bet988n.com/

File type
JSON text data
Size
80 B (80 bytes)
Hash
bcd62ace8bee92d3efa75b2933265bc5
ce02ddc64e6e448ce3f53c63966d6eded4d0ca7e
c02718684fae008119f05350491f52ae41ef8d6dfee47e713d913858b3477ae1

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Bet365
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /api/activity/list?type=0&isPopup=1&username= HTTP/1.1
Host: www.bet988n.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.bet988n.com/
Xign: fZ9tx97WbwcbFeiHxudiE3JnE8o9JvHs/j15Lope+1QB048XqLpvxaaOUayU8rB06eWDnYpg0WLGeS6e5IndhQgfjTUiUc1lhS0kBATRusmUazNwsRi1FDabeCBJmw5soseoIc0/duNcpcN2A1TeQnByFI//NkIJc95q+pKmk5A=
timestamp: 1714016245155
sign: 487t2g1q25733o14
version: 5.2.3.0
client_type: web
device_id: mAx65iaR2NBncRBiE5XCdTHp7C8fiMi2
lang: zh-CN
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Thu, 25 Apr 2024 03:37:25 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Expires: 0
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
X-Protected-By: OpenRASP
X-XSS-Protection: 1; mode=block
X-Request-ID: 6bae88e9358f40e188290d0909b640b1
Pragma: no-cache
Vary: Accept-Encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers
X-Content-Type-Options: nosniff
Access-Control-Allow-Origin: *
Content-Encoding: gzip

www.bet988n.com/api/user/popMessage/bulletinList?position=5

103.116.132.7

200 OK

893 B

URL GET HTTP/1.1
www.bet988n.com/api/user/popMessage/bulletinList?position=5
IP
103.116.132.7:80
ASN
#133448 Korea

Requested by
http://www.bet988n.com/

File type
JSON text data
Size
893 B (893 bytes)
Hash
375212ae24d28dc630b9d18fee95eac0
d2c17c7c9f7e9e98d425dc2dcf53bd41e80414bc
f16de22094ade59cc44e4f871fbfdc5dac2e92067ca273ee3ebaca7bfaefac73

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Bet365
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /api/user/popMessage/bulletinList?position=5 HTTP/1.1
Host: www.bet988n.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.bet988n.com/
Xign: GbQbhfyZ5JzsJmBVzk/DeSWKVq8G+tmVeoNg5TRHoW9UAdp5yoe7DwjMbfFl9k9bep4PxugAxnxEyr7zZyOzFeASgEoR7V4bAIlMOOezUnYd28SUt9vxMEbDTo4FAQap9cbh8vaRA6lPgNqjCLaKGQCrbAUHTfRqB3A29ZOMkN4=
timestamp: 1714016245155
sign: 7436jv5t4e285815
version: 5.2.3.0
client_type: web
device_id: DC48jj3zeF5sEcthcQ7tX2CxcPRWhAcn
lang: zh-CN
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Thu, 25 Apr 2024 03:37:25 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Expires: 0
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
X-Protected-By: OpenRASP
X-XSS-Protection: 1; mode=block
X-Request-ID: 6329e41d6c1b4793b5b1648c0a8197a3
Pragma: no-cache
Vary: Accept-Encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers
X-Content-Type-Options: nosniff
Access-Control-Allow-Origin: *
Content-Encoding: gzip

www.bet988n.com/api/user/popMessage/bulletinList?position=5

103.116.132.7

200 OK

893 B

URL GET HTTP/1.1
www.bet988n.com/api/user/popMessage/bulletinList?position=5
IP
103.116.132.7:80
ASN
#133448 Korea

Requested by
http://www.bet988n.com/

File type
JSON text data
Size
893 B (893 bytes)
Hash
375212ae24d28dc630b9d18fee95eac0
d2c17c7c9f7e9e98d425dc2dcf53bd41e80414bc
f16de22094ade59cc44e4f871fbfdc5dac2e92067ca273ee3ebaca7bfaefac73

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Bet365
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /api/user/popMessage/bulletinList?position=5 HTTP/1.1
Host: www.bet988n.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.bet988n.com/
Xign: gr6K3rWrfHdc//RjUhmb1rlGzzPrJM+2hMDjxkzBG2Y+H/fyrMj6yl4KKCOQ6k/KAEBX/ogGXCVQNSchdutTMgl4dKXzIIgIx+iyeKaFCR+IIltE0vbkKwQx3PGVR8713faIk8AvROoI70NEOZYKvlRvZ5/1bQfanUsvQsWPf9w=
timestamp: 1714016245155
sign: 93hj5i6c3i577v3s
version: 5.2.3.0
client_type: web
device_id: ZpfQ2WiztFyB6YbXGxztHzdwbrdbJmHE
lang: zh-CN
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Thu, 25 Apr 2024 03:37:25 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Expires: 0
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
X-Protected-By: OpenRASP
X-XSS-Protection: 1; mode=block
X-Request-ID: cfe241a6ebaa41acbd727bea5d263c55
Pragma: no-cache
Vary: Accept-Encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers
X-Content-Type-Options: nosniff
Access-Control-Allow-Origin: *
Content-Encoding: gzip

www.bet988n.com/api/tenant/float/list

103.116.132.7

200 OK

685 B

URL GET HTTP/1.1
www.bet988n.com/api/tenant/float/list
IP
103.116.132.7:80
ASN
#133448 Korea

Requested by
http://www.bet988n.com/

File type
JSON text data
Size
685 B (685 bytes)
Hash
279d2209dce72f1dfc319f69c81378e8
6e113615f16cb879c477a6236290465efb289c69
387932886075cb6d64d19c7d6a0d7fec622a4f1544f49f8094473e4683dbb660

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Bet365
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /api/tenant/float/list HTTP/1.1
Host: www.bet988n.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.bet988n.com/
Xign: lq5AQ/ktedNfRKH0Lz7OZbjNHS7IQyknd2bphhcnIedsnt5AEDo5+oZ1R73fuGKmGhRCajSAMjxV+1KydkDq9j6Zt/rDNX9sQ4HZvPVKaNqO8CSNZNKr5tolft+vF8smAJ6GYDBMPdT7uD7BdoDRISFvDurXNqbNeLjoHwgIOnw=
timestamp: 1714016245155
sign: lg1i3s2o536g2g1c
version: 5.2.3.0
client_type: web
device_id: NHxA5xAaGcJpHCckEAZWwf57es2kkYAe
lang: zh-CN
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Thu, 25 Apr 2024 03:37:25 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Expires: 0
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
X-Protected-By: OpenRASP
X-XSS-Protection: 1; mode=block
X-Request-ID: 6871ab4f19c24bfa9850e760fd1d824e
Pragma: no-cache
Vary: Accept-Encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers
X-Content-Type-Options: nosniff
Access-Control-Allow-Origin: *
Content-Encoding: gzip

www.bet988n.com/api/game/i18/gameBarNew?modeCode=nav_game_home

103.116.132.7

200 OK

5.2 kB

URL GET HTTP/1.1
www.bet988n.com/api/game/i18/gameBarNew?modeCode=nav_game_home
IP
103.116.132.7:80
ASN
#133448 Korea

Requested by
http://www.bet988n.com/

File type
JSON text data
Size
5.2 kB (5184 bytes)
Hash
e66dbdfa6fc33bc330309c1664359c12
d7b04a0dbd6bbea0c2a3ada0e9a3f5b2f30873b7
2a0e3bb105dad0ccaed368d729b2d342fbb863b69a52a68d9ea6a53feac90f54

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Bet365
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /api/game/i18/gameBarNew?modeCode=nav_game_home HTTP/1.1
Host: www.bet988n.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.bet988n.com/
Xign: eNmXEBlBA1R5VvtbkmrRENAXQUszZ24xh/p1TYQezGqrIDHR54sTmWIquZ0ECbHFv/ztwLm9KcB3EPjUf7LGcZidz8PeNqzgwaovdwls96Rq2wxelcjfMfGQfmU2QgxyuoybkarW16YIwHW9dFrfr1H6M1Fw/EtVUrDKxwdUkOg=
timestamp: 1714016245155
sign: n7l7j6m392t6un55
version: 5.2.3.0
client_type: web
device_id: 2j6zBnyakM4fG77mbcRRsRc4f74ZFmWR
lang: zh-CN
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Thu, 25 Apr 2024 03:37:25 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Expires: 0
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
X-Protected-By: OpenRASP
X-XSS-Protection: 1; mode=block
X-Request-ID: 9fdd66733fe746ef979f44f7bc47b707
Pragma: no-cache
Vary: Accept-Encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers
X-Content-Type-Options: nosniff
Access-Control-Allow-Origin: *
Content-Encoding: gzip

www.bet988n.com/api/banner/list

103.116.132.7

200 OK

601 B

URL GET HTTP/1.1
www.bet988n.com/api/banner/list
IP
103.116.132.7:80
ASN
#133448 Korea

Requested by
http://www.bet988n.com/

File type
JSON text data
Size
601 B (601 bytes)
Hash
63a8d7ddb1dc14d010541fa3da768bb1
28a9365290ff62ec924eca085f83d06739e3a07b
ea78e1f2158f580f7169bb792eb2ef7b24ee999230b0109ea905e9562f1d0d84

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Bet365
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /api/banner/list HTTP/1.1
Host: www.bet988n.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.bet988n.com/
Xign: GGnj9EqVu4aXs0uK/3pplsDQKOC6JNTOnMncORwc0Dba6cXPp4vabXzj/bXZ2fdAkHZcfTWrqXkXOfJ9oj+apWHitwEkFtHm/IBKADENa1dHYFt2tddoOTWfqRkTeQm/TquM2YyFEgd34HuBDZlUb9OleRCZUpgFQEZ5ZbL/xrk=
timestamp: 1714016245155
sign: q6hq2e4d5uj4812k
version: 5.2.3.0
client_type: web
device_id: ft3iPipbSMxj6rrKCXXyWiiAWYk5b3sH
lang: zh-CN
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Thu, 25 Apr 2024 03:37:25 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Expires: 0
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
X-Protected-By: OpenRASP
X-XSS-Protection: 1; mode=block
X-Request-ID: 0de1106513c94d74bea3e1948b5f3bf2
Pragma: no-cache
Vary: Accept-Encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers
X-Content-Type-Options: nosniff
Access-Control-Allow-Origin: *
Content-Encoding: gzip

www.bet988n.com/img/bg-products.e4ddcae4.png

103.116.132.7

200 OK

27 kB

URL GET HTTP/1.1
www.bet988n.com/img/bg-products.e4ddcae4.png
IP
103.116.132.7:80
ASN
#133448 Korea

Requested by
http://www.bet988n.com/

File type
PNG image data, 307 x 342, 8-bit/color RGBA, non-interlaced
Size
27 kB (27443 bytes)
Hash
e61aff410bd41a8256ee4de7d1e25db0
4debbd11000bd5796036eee1550f59d98ef1d3f0
7c3578ebab0ef95c73226e6e6089174946df4ac8cb33b01dc7a59501139bbd70

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Bet365
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/bg-products.e4ddcae4.png HTTP/1.1
Host: www.bet988n.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.bet988n.com/css/home.30c8378d.css
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Thu, 25 Apr 2024 03:37:25 GMT
Content-Type: image/png
Last-Modified: Thu, 14 Mar 2024 06:46:13 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"65f29d35-6bcb"
Access-Control-Allow-Origin: *
Content-Encoding: gzip

www.bet988n.com/img/rdaobg.93df9aaf.png

103.116.132.7

200 OK

22 kB

URL GET HTTP/1.1
www.bet988n.com/img/rdaobg.93df9aaf.png
IP
103.116.132.7:80
ASN
#133448 Korea

Requested by
http://www.bet988n.com/

File type
PNG image data, 175 x 369, 8-bit/color RGBA, interlaced
Size
22 kB (22261 bytes)
Hash
f27cb3aa610d5d073308ee4066a3a726
62504a85e14b7ec505899645378a9abf9f3f6954
0e2e11002eb67d3b6eec134eecfec90b787ed55a128b7e5adc159da22b2a252f

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Bet365
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/rdaobg.93df9aaf.png HTTP/1.1
Host: www.bet988n.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.bet988n.com/css/index.c0bf09d2.css
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Thu, 25 Apr 2024 03:37:25 GMT
Content-Type: image/png
Last-Modified: Thu, 14 Mar 2024 06:46:13 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"65f29d35-5a0c"
Access-Control-Allow-Origin: *
Content-Encoding: gzip

www.bet988n.com/img/float_right_contact.d1892e60.png

103.116.132.7

200 OK

11 kB

URL GET HTTP/1.1
www.bet988n.com/img/float_right_contact.d1892e60.png
IP
103.116.132.7:80
ASN
#133448 Korea

Requested by
http://www.bet988n.com/

File type
PNG image data, 50 x 247, 8-bit/color RGBA, non-interlaced
Size
11 kB (11403 bytes)
Hash
d19d26603d7bc87f4ba30563933485fa
0c7b22b5556d0c46b38beca88746d56328c130a3
cb9ffb5ca1354d23da49d7a184c1ad12cce4013edb703bbf7e7c719484e0d82d

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Bet365
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/float_right_contact.d1892e60.png HTTP/1.1
Host: www.bet988n.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.bet988n.com/
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Thu, 25 Apr 2024 03:37:25 GMT
Content-Type: image/png
Last-Modified: Thu, 14 Mar 2024 06:46:13 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"65f29d35-2eb9"
Access-Control-Allow-Origin: *
Content-Encoding: gzip

www.bet988n.com/img/rdao-r-1.c2e7696b.png

103.116.132.7

200 OK

12 kB

URL GET HTTP/1.1
www.bet988n.com/img/rdao-r-1.c2e7696b.png
IP
103.116.132.7:80
ASN
#133448 Korea

Requested by
http://www.bet988n.com/

File type
PNG image data, 147 x 57, 8-bit/color RGB, non-interlaced
Size
12 kB (12068 bytes)
Hash
e2385d2a0d7c043e90ec1e1e3bf6a1e4
1be4ba4215520c1e884c27991984e185e2848283
c578480a5ddbede9c417bd3e3a85d752b13d61e4e8127e4d1868b708807b562e

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Bet365
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/rdao-r-1.c2e7696b.png HTTP/1.1
Host: www.bet988n.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.bet988n.com/
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Thu, 25 Apr 2024 03:37:25 GMT
Content-Type: image/png
Last-Modified: Thu, 14 Mar 2024 06:46:13 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"65f29d35-3002"
Access-Control-Allow-Origin: *
Content-Encoding: gzip

www.bet988n.com/img/rdao-r-2.b22a9f38.png

103.116.132.7

200 OK

12 kB

URL GET HTTP/1.1
www.bet988n.com/img/rdao-r-2.b22a9f38.png
IP
103.116.132.7:80
ASN
#133448 Korea

Requested by
http://www.bet988n.com/

File type
PNG image data, 147 x 57, 8-bit/color RGB, non-interlaced
Size
12 kB (12180 bytes)
Hash
b5c72992b0327b36f67ba1f1ddcc9709
4260a70304e373ad0c9dc8945459d132b5ebe38d
90fd92cbe288eeef841ebbb0760c2b041aee0196b4b9a1ad4d47cd3cb344a760

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Bet365
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/rdao-r-2.b22a9f38.png HTTP/1.1
Host: www.bet988n.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.bet988n.com/
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Thu, 25 Apr 2024 03:37:25 GMT
Content-Type: image/png
Last-Modified: Thu, 14 Mar 2024 06:46:13 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"65f29d35-3071"
Access-Control-Allow-Origin: *
Content-Encoding: gzip

www.bet988n.com/kc180-1/noData/cms_noimg.png?1710398585352

103.116.132.7

200 OK

3.9 kB

URL GET HTTP/1.1
www.bet988n.com/kc180-1/noData/cms_noimg.png?1710398585352
IP
103.116.132.7:80
ASN
#133448 Korea

Requested by
http://www.bet988n.com/

File type
PNG image data, 1920 x 700, 8-bit/color RGBA, non-interlaced
Size
3.9 kB (3910 bytes)
Hash
85e60fd8767b18839ffb552a5d543f8a
341cfd68a5b39cb246af6ade1e3171c857d2df5a
4b7ad68306ffac25830d1016ba86154890deef8bd77a03257b767b37de1c8338

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /kc180-1/noData/cms_noimg.png?1710398585352 HTTP/1.1
Host: www.bet988n.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.bet988n.com/
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Thu, 25 Apr 2024 03:37:25 GMT
Content-Type: image/png
Last-Modified: Thu, 13 Jul 2023 03:56:10 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"64af75da-269a"
Access-Control-Allow-Origin: *
Content-Encoding: gzip

www.bet988n.com/kc180-1/noData/cms_game_noimg.png?1710398585352

103.116.132.7

200 OK

3.6 kB

URL GET HTTP/1.1
www.bet988n.com/kc180-1/noData/cms_game_noimg.png?1710398585352
IP
103.116.132.7:80
ASN
#133448 Korea

Requested by
http://www.bet988n.com/

File type
PNG image data, 750 x 590, 8-bit/color RGBA, non-interlaced
Size
3.6 kB (3576 bytes)
Hash
84170735ffce6fe0e70a3136a36b8ef6
5b2dcf1d5d92d786f1e58dc65de3dab1f35d7278
581435520cde2b0026b4e7244a85b6eef0be740cb18c43690c420d1ec326d0b4

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Bet365
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /kc180-1/noData/cms_game_noimg.png?1710398585352 HTTP/1.1
Host: www.bet988n.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.bet988n.com/
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Thu, 25 Apr 2024 03:37:26 GMT
Content-Type: image/png
Last-Modified: Thu, 13 Jul 2023 03:56:10 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"64af75da-1371"
Access-Control-Allow-Origin: *
Content-Encoding: gzip

www.bet988n.com/api/tenant/domain/list

103.116.132.7

200 OK

1.3 kB

URL GET HTTP/1.1
www.bet988n.com/api/tenant/domain/list
IP
103.116.132.7:80
ASN
#133448 Korea

Requested by
http://www.bet988n.com/

File type
JSON text data
Size
1.3 kB (1302 bytes)
Hash
adde44660a1694a2e72e113d1b62cf3b
afc6972a1477b312c1ed151d0d30eb39318d9f72
d740dc502fe4472f8855ff585e450d50cb2910658dcf3e8257e43c87a276b73a

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Bet365
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /api/tenant/domain/list HTTP/1.1
Host: www.bet988n.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.bet988n.com/
Xign: oJrInxRRmNIYGLkqpp+SHFRyLpRuIxj9SSg80RuwxQBYKBW837B294OECFnXIaiwO+L7bzQy9/v7MixezAmRD+7dgiTuuD6q5P+Sq87qD00tWplhcZODgGVYKoHUTsKi6RcuS5Q1iFdfGUYojs67o0SbnjHk6fNtaE/9ENgx7sY=
timestamp: 1714016245968
sign: 1v3g752g6n3q3d5c
version: 5.2.3.0
client_type: web
device_id: ft3iPipbSMxj6rrKCXXyWiiAWYk5b3sH
lang: zh-CN
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Thu, 25 Apr 2024 03:37:26 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Expires: 0
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
X-Protected-By: OpenRASP
X-XSS-Protection: 1; mode=block
X-Request-ID: 9157787523c94b9db7356c561f2a685e
Pragma: no-cache
Vary: Accept-Encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers
X-Content-Type-Options: nosniff
Access-Control-Allow-Origin: *
Content-Encoding: gzip

www.bet988n.com/img/rdao-r-3.3d28973d.png

103.116.132.7

200 OK

12 kB

URL GET HTTP/1.1
www.bet988n.com/img/rdao-r-3.3d28973d.png
IP
103.116.132.7:80
ASN
#133448 Korea

Requested by
http://www.bet988n.com/

File type
PNG image data, 147 x 57, 8-bit/color RGB, non-interlaced
Size
12 kB (12139 bytes)
Hash
98567b2a6024c4e690574cc2f4d8a91f
c75986b57ba3fd98791a1cee632184a2c5a99d0b
2eaddbbc263065a1ab9a7f46309cb8a2f39875a06aef11da4409203216c83834

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Bet365
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/rdao-r-3.3d28973d.png HTTP/1.1
Host: www.bet988n.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.bet988n.com/
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Thu, 25 Apr 2024 03:37:26 GMT
Content-Type: image/png
Last-Modified: Thu, 14 Mar 2024 06:46:13 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"65f29d35-304f"
Access-Control-Allow-Origin: *
Content-Encoding: gzip

www.bet988n.com/img/rdao-r-4.5d6173a4.png

103.116.132.7

200 OK

14 kB

URL GET HTTP/1.1
www.bet988n.com/img/rdao-r-4.5d6173a4.png
IP
103.116.132.7:80
ASN
#133448 Korea

Requested by
http://www.bet988n.com/

File type
PNG image data, 147 x 53, 8-bit/color RGB, non-interlaced
Size
14 kB (14427 bytes)
Hash
113d3f2af50abaadad7df566c6c82d22
9ac7ddf5cd311e88709d29b3a69bf209c5ca1e51
a1a9bff1875165cafe5c41941486db0a6b12028b63e6738d1f79980cb2408caf

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Bet365
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/rdao-r-4.5d6173a4.png HTTP/1.1
Host: www.bet988n.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.bet988n.com/
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Thu, 25 Apr 2024 03:37:26 GMT
Content-Type: image/png
Last-Modified: Thu, 14 Mar 2024 06:46:13 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"65f29d35-3922"
Access-Control-Allow-Origin: *
Content-Encoding: gzip

www.bet988n.com/api/tenant/domain/list

103.116.132.7

200 OK

1.3 kB

URL GET HTTP/1.1
www.bet988n.com/api/tenant/domain/list
IP
103.116.132.7:80
ASN
#133448 Korea

Requested by
http://www.bet988n.com/

File type
JSON text data
Size
1.3 kB (1302 bytes)
Hash
adde44660a1694a2e72e113d1b62cf3b
afc6972a1477b312c1ed151d0d30eb39318d9f72
d740dc502fe4472f8855ff585e450d50cb2910658dcf3e8257e43c87a276b73a

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Bet365
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /api/tenant/domain/list HTTP/1.1
Host: www.bet988n.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.bet988n.com/
Xign: LKdlmL/iOSoRYzD9BcpUKGQyD4jnqu87GSt8gxaOJJ2jtLghm7uFfqYESVTexz2npNyuHUY440B73/WDjt0PgStbtRu6NG8GKpEyXZ3vORbz4sI5KUX65bJcz9DiKeuUmgAMg1cc4hFPU7BIOOrk5z6bon7qKa1VrX+AC4IxhW8=
timestamp: 1714016246071
sign: 26h2q174b4bf3q28
version: 5.2.3.0
client_type: web
device_id: ft3iPipbSMxj6rrKCXXyWiiAWYk5b3sH
lang: zh-CN
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Thu, 25 Apr 2024 03:37:26 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Expires: 0
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
X-Protected-By: OpenRASP
X-XSS-Protection: 1; mode=block
X-Request-ID: 134f7c1f1c5a47e29559d61df8fa8d79
Pragma: no-cache
Vary: Accept-Encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers
X-Content-Type-Options: nosniff
Access-Control-Allow-Origin: *
Content-Encoding: gzip

xss-1.oigngns6zvx3.com/gp180/b208fdd4-7d5f-4bb8-83b6-32535b5bcbb1.jpg

20.255.26.14

181 kB

URL GET
xss-1.oigngns6zvx3.com/gp180/b208fdd4-7d5f-4bb8-83b6-32535b5bcbb1.jpg
IP
20.255.26.14:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
http://www.bet988n.com/
Certificate
IssuerLet's Encrypt
Subjectxss-1.oigngns6zvx3.com
Fingerprint41:4E:B1:B4:64:5C:97:17:CF:8D:6A:87:4F:78:B8:40:79:6B:45:92
ValidityMon, 15 Apr 2024 06:17:05 GMT - Sun, 14 Jul 2024 06:17:04 GMT

File type
gzip compressed data, from Unix
Size
181 kB (181190 bytes)
Hash
a50dd939957b7dee5786412bdd04b6a4
114d1f4226ff37d916057fe0e84872682d293589
0eb15a1e5ad89c141dba0bd936b36f23ef8be2a957d416193d3446e53ae1824b

HTTP Headers

GET /gp180/b208fdd4-7d5f-4bb8-83b6-32535b5bcbb1.jpg HTTP/1.1
Host: xss-1.oigngns6zvx3.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.bet988n.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 03:37:27 GMT
content-type: image/png
etag: W/"1c7ea0cc0762a6ed12058668fe6e0d44"
last-modified: Thu, 24 Aug 2023 05:00:32 GMT
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding, Origin, Accept-Encoding
x-amz-id-2: d9b602680ee2ed5df806be630bacf98432e6305614eb4f8377eb5d27a8dc0b35
x-amz-request-id: 17C8DD502DCEA6BE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-encoding: gzip
gp-cache-status: HIT
X-Firefox-Spdy: h2

xss-1.oigngns6zvx3.com/gp180/fe5960b2-c6f8-4333-a9c7-362c953f873c.jpg

20.255.26.14

856 kB

URL GET
xss-1.oigngns6zvx3.com/gp180/fe5960b2-c6f8-4333-a9c7-362c953f873c.jpg
IP
20.255.26.14:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
http://www.bet988n.com/
Certificate
IssuerLet's Encrypt
Subjectxss-1.oigngns6zvx3.com
Fingerprint41:4E:B1:B4:64:5C:97:17:CF:8D:6A:87:4F:78:B8:40:79:6B:45:92
ValidityMon, 15 Apr 2024 06:17:05 GMT - Sun, 14 Jul 2024 06:17:04 GMT

File type
gzip compressed data, from Unix
Size
856 kB (855696 bytes)
Hash
2f667e04a94fbb8a0c7cfbddd48a721d
9a24e5f886efed53e9deb258f0b4f7481e299946
6073f9ede55784ae31e9ba3dff2152e076da0036a55e6b3c480b028d233912a1

HTTP Headers

GET /gp180/fe5960b2-c6f8-4333-a9c7-362c953f873c.jpg HTTP/1.1
Host: xss-1.oigngns6zvx3.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.bet988n.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 03:37:27 GMT
content-type: image/png
etag: W/"83507112e9bd87e6421a48b878fa0f2d"
last-modified: Thu, 24 Aug 2023 05:00:33 GMT
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding, Origin, Accept-Encoding
x-amz-id-2: 891cc6e2d9f1c35b2c12c8a4e476b4a5ca09deccda9e25248c850b9912710f3d
x-amz-request-id: 17C966EBD1905B48
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-encoding: gzip
gp-cache-status: HIT
X-Firefox-Spdy: h2

xss-1.oigngns6zvx3.com/gp180/58bfd945-22ef-48cf-b0d0-63ffc678dc10.jpg

20.255.26.14

231 kB

URL GET
xss-1.oigngns6zvx3.com/gp180/58bfd945-22ef-48cf-b0d0-63ffc678dc10.jpg
IP
20.255.26.14:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
http://www.bet988n.com/
Certificate
IssuerLet's Encrypt
Subjectxss-1.oigngns6zvx3.com
Fingerprint41:4E:B1:B4:64:5C:97:17:CF:8D:6A:87:4F:78:B8:40:79:6B:45:92
ValidityMon, 15 Apr 2024 06:17:05 GMT - Sun, 14 Jul 2024 06:17:04 GMT

File type
gzip compressed data, from Unix
Size
231 kB (230618 bytes)
Hash
97db67c19d35ed400b2dafb5bb0fe19a
d93a842b0cfe18226acc5f2e89d794ab67a9722b
caa3fc59704d6cecce9d21dd0eeb4ca172b5dd48eccf199462a68ded880d4246

HTTP Headers

GET /gp180/58bfd945-22ef-48cf-b0d0-63ffc678dc10.jpg HTTP/1.1
Host: xss-1.oigngns6zvx3.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.bet988n.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 03:37:27 GMT
content-type: image/jpeg
etag: W/"e9799154ca8e949f42cbcc16a9d761f2"
last-modified: Thu, 04 Jan 2024 07:44:14 GMT
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding, Origin, Accept-Encoding
x-amz-id-2: 891cc6e2d9f1c35b2c12c8a4e476b4a5ca09deccda9e25248c850b9912710f3d
x-amz-request-id: 17C966EBD18C36B4
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-encoding: gzip
gp-cache-status: HIT
X-Firefox-Spdy: h2

xss-1.oigngns6zvx3.com/gp180/119e7061-da4f-4271-84cc-6386c342e54b.jpg

0.0.0.0

0 B

URL GET
xss-1.oigngns6zvx3.com/gp180/119e7061-da4f-4271-84cc-6386c342e54b.jpg
IP
0.0.0.0:0
ASN
#0

Requested by
http://www.bet988n.com/
Certificate
IssuerLet's Encrypt
Subjectxss-1.oigngns6zvx3.com
Fingerprint41:4E:B1:B4:64:5C:97:17:CF:8D:6A:87:4F:78:B8:40:79:6B:45:92
ValidityMon, 15 Apr 2024 06:17:05 GMT - Sun, 14 Jul 2024 06:17:04 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /gp180/119e7061-da4f-4271-84cc-6386c342e54b.jpg HTTP/1.1
Host: xss-1.oigngns6zvx3.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.bet988n.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 03:37:27 GMT
content-type: image/png
etag: W/"b9dc0a0bde5fbdd2520aa2ff83b52264"
last-modified: Thu, 24 Aug 2023 05:00:33 GMT
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding, Origin, Accept-Encoding
x-amz-id-2: d9b602680ee2ed5df806be630bacf98432e6305614eb4f8377eb5d27a8dc0b35
x-amz-request-id: 17C966EBD17B80E6
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-encoding: gzip
gp-cache-status: HIT
X-Firefox-Spdy: h2

xss-1.oigngns6zvx3.com/gp180/59d2a54d-0d2a-425c-b2f2-a9fd8ff9e369.jpg

0.0.0.0

0 B

URL GET
xss-1.oigngns6zvx3.com/gp180/59d2a54d-0d2a-425c-b2f2-a9fd8ff9e369.jpg
IP
0.0.0.0:0
ASN
#0

Requested by
http://www.bet988n.com/
Certificate
IssuerLet's Encrypt
Subjectxss-1.oigngns6zvx3.com
Fingerprint41:4E:B1:B4:64:5C:97:17:CF:8D:6A:87:4F:78:B8:40:79:6B:45:92
ValidityMon, 15 Apr 2024 06:17:05 GMT - Sun, 14 Jul 2024 06:17:04 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /gp180/59d2a54d-0d2a-425c-b2f2-a9fd8ff9e369.jpg HTTP/1.1
Host: xss-1.oigngns6zvx3.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.bet988n.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 03:37:27 GMT
content-type: image/png
etag: W/"06287f2f8d2d97116012879c632978a7"
last-modified: Thu, 24 Aug 2023 05:00:33 GMT
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding, Origin, Accept-Encoding
x-amz-id-2: d9b602680ee2ed5df806be630bacf98432e6305614eb4f8377eb5d27a8dc0b35
x-amz-request-id: 17C966EBD17EC583
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-encoding: gzip
gp-cache-status: HIT
X-Firefox-Spdy: h2

xss-n1.q11heb456yjr435trtyjg234f.com/gp180/c8c033bb-2199-4c32-9c88-4bbcbc9fcd96.gif

0.0.0.0

0 B

URL GET
xss-n1.q11heb456yjr435trtyjg234f.com/gp180/c8c033bb-2199-4c32-9c88-4bbcbc9fcd96.gif
IP
0.0.0.0:0
ASN
#0

Requested by
http://www.bet988n.com/
Certificate
IssuerAmazon
Subjectxss-n1.q11heb456yjr435trtyjg234f.com
FingerprintED:36:81:2A:4A:79:2D:7B:EE:BA:D9:78:AB:73:41:9D:59:CC:30:62
ValidityMon, 01 Apr 2024 00:00:00 GMT - Wed, 30 Apr 2025 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /gp180/c8c033bb-2199-4c32-9c88-4bbcbc9fcd96.gif HTTP/1.1
Host: xss-n1.q11heb456yjr435trtyjg234f.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.bet988n.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: image/png
server: nginx
date: Thu, 25 Apr 2024 03:37:26 GMT
etag: W/"c2779bd16fdaf0596783964aff7999c8"
last-modified: Thu, 24 Aug 2023 05:08:02 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
expires: Thu, 25 Apr 2024 03:37:26 GMT
cache-control: max-age=0
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 277d0e3af1ffdcb1ee40b7dc9f040146.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: ovzppauy7G1TCmmbaKj250XF9vGGS6MaHJtMfsgwy9CUAYokvGZEfA==
vary: Accept-Encoding,Accept-Encoding, Origin
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (14)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML