Report - 1111968.com/

Report Overview

Submitted URL
1111968.com/
IP
20.222.191.152
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK
Submitted
2024-05-08 22:52:23
Access
public
Website Title
Welcome
Final URL
1111968.com/
Tags
bet365 gambling phishing
urlquery detections
Phishing - Bet365

Detections

urlquery
23
Network Intrusion Detection
0
Threat Detection Systems
0

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
1111968.com	unknown	unknown	No data	No data	5.9 kB	533 kB	20.222.191.152
7ngdqc.lxhhf.com	unknown	2020-06-18	2023-12-06	2024-02-20	19 kB	1.5 MB	103.198.200.1

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (40)

	URL	Size	First Seen	Last Seen
	1111968.com/	29 B	2023-03-07	2024-05-19
Pretty URL 1111968.com/ IP 20.222.191.152 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:14:38 Last Seen2024-05-19 15:48:16 Times Seen1894 Hash 9846b4b0c961f85e4c150bd29f4b86e1 adf30369fc215e80b26536f1e24a1824ad3b81d5 163a003d567f6d41f861d978c558eced69ed2b25c863055ed8171eefa350784b Loading...

	1111968.com/	48 B	2023-03-07	2024-05-19
Pretty URL 1111968.com/ IP 20.222.191.152 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:14:38 Last Seen2024-05-19 21:04:28 Times Seen6591 Hash 37f0336a6fe3f56c661b149ecf659efe 9aff4163d5da3b8d760f0593c583dd8d1f6dfc14 f33f7afadc5c318efdd57d35da2dc2aebe39fd166a61905ce37b9f7363f51c2f Loading...

	1111968.com/	1.1 kB	2024-05-02	2024-05-14
Pretty URL 1111968.com/ IP 20.222.191.152 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-02 08:16:20 Last Seen2024-05-14 20:48:41 Times Seen109 Hash 59a44f38a9e0ae5238e27842f27bb7bc ed4543bf5f278aeb2ea389fb0514856548c16787 5b1c78090be57784e415e15a692c9fb9abfb45fac3bdcf8695a0c7ab5ec3cc5a Loading...

	7ngdqc.lxhhf.com/ftl/commonPage/js/layer.js	22 kB	2023-04-05	2024-05-19
Pretty URL 7ngdqc.lxhhf.com/ftl/commonPage/js/layer.js IP 103.198.200.1 ASN #138915 Kaopu Cloud HK Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-05 18:30:47 Last Seen2024-05-19 21:04:28 Times Seen6586 Hash cb96339625e9d456e32f86cdb3c7a7a1 1301165c58bbb13c542cba493b7ab5774e87e31f 17fb047ba6828fcbdf2ca226fa4594cfded2b2fdfeaff89a5bd81c7cf0359919 Loading...

	1111968.com/	705 B	2024-01-24	2024-05-10
Pretty URL 1111968.com/ IP 20.222.191.152 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML true Observations First Seen2024-01-24 03:10:43 Last Seen2024-05-10 09:49:43 Times Seen10 Hash d25d795d758b97cb54269726e6d48339 1c5b4ea38be9273305f4cc8e71538caa4e00d472 83924688417fa10452ff56af30154aa56fde4d68b26fb9665df06136e190cf30 Loading...

	1111968.com/	18 kB	2024-01-24	2024-05-10
Pretty URL 1111968.com/ IP 20.222.191.152 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML true Observations First Seen2024-01-24 03:10:43 Last Seen2024-05-10 09:49:43 Times Seen10 Hash c81bab651374cfd7b39e124ad841b51b 05e544b3ea55feec9003d6a2547ec84901e1e156 8b09111b51227595970c0edd6e23384dbccc0c80b1839e1ac02025182c628377 Loading...

	1111968.com/commonPage/lan/i18n.js?t=1715208712.577	1.3 kB	2024-05-09	2024-05-09
Pretty URL 1111968.com/commonPage/lan/i18n.js?t=1715208712.577 IP 20.222.191.152 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-09 00:52:30 Last Seen2024-05-09 00:52:30 Times Seen1 Hash e6966181fed96f21357068fb5bdd45b9 5c0ab06d449d04303ca1182e42b92354bb2d8577 ee5f247a9bf45646854d5c45440e1dd21663055ba3e83dd60d1084088c09767f Loading...

	7ngdqc.lxhhf.com/ftl/commonPage/js/float.js	7.0 kB	2023-03-07	2024-05-19
Pretty URL 7ngdqc.lxhhf.com/ftl/commonPage/js/float.js IP 103.198.200.1 ASN #138915 Kaopu Cloud HK Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:14:38 Last Seen2024-05-19 21:04:28 Times Seen13226 Hash 829af863b0cdc4a603919824ae046299 1d417b1553e4ecb7125ebf2005b74255291fbf73 1dbe4afbc9ed220c08b9e95577b56f83e2e8e0f7620c5dc18266bb325e5bb271 Loading...

	1111968.com/	13 kB	2023-04-05	2024-05-19
Pretty URL 1111968.com/ IP 20.222.191.152 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML true Observations First Seen2023-04-05 18:30:47 Last Seen2024-05-19 21:04:28 Times Seen6597 Hash 109d40ff6f9b3510b169fac4b8e845ce 4ce0fc768718f555487159ddd745e728a0c74c64 7b782f2e9589aa72ddadf4546c0f09709c73bea1339cd0ce893dfc40f6252949 Loading...

	7ngdqc.lxhhf.com/ftl/commonPage/js/bootstrap-dialog.min.js	20 kB	2023-03-07	2024-05-19
Pretty URL 7ngdqc.lxhhf.com/ftl/commonPage/js/bootstrap-dialog.min.js IP 103.198.200.1 ASN #138915 Kaopu Cloud HK Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:14:38 Last Seen2024-05-19 21:04:28 Times Seen13247 Hash 5ce8851dc823429a42ab6147554403cc 28f381f0e0aa4f5d56690e65723bd97fb59a38e6 dd1edf5e54071903c4c1e81e33636444899d645df6b18bad22249da07f91c811 Loading...

	1111968.com/	11 kB	2023-04-05	2024-05-19
Pretty URL 1111968.com/ IP 20.222.191.152 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML true Observations First Seen2023-04-05 18:30:47 Last Seen2024-05-19 21:04:28 Times Seen6571 Hash 6681856885ee92601b7711c11d19553f 95ab4437869df8c790cad28e0753a4c9ea362e73 ce52fd46b2a5cfd741a2f0c39bc2d5218271b5690bdf8ec33af94f1062e98d23 Loading...

	1111968.com/	3.6 kB	2023-04-05	2024-05-19
Pretty URL 1111968.com/ IP 20.222.191.152 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML true Observations First Seen2023-04-05 18:30:47 Last Seen2024-05-19 21:04:28 Times Seen6569 Hash d15a9b513acdcf3e9b08901384511565 f1fe72392137895e4952f835c0330f76aacfecdf 9fa644edfd9af9be6b244016e8f4f0eaee414732edc6ba3641e8647253359995 Loading...

	1111968.com/	20 kB	2024-01-24	2024-05-10
Pretty URL 1111968.com/ IP 20.222.191.152 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML true Observations First Seen2024-01-24 03:10:44 Last Seen2024-05-10 09:49:43 Times Seen10 Hash b4fc127d241196670f227df11308dfb6 4d8ef336afa3acd33bee5d13d40684a369d12f72 d2a6aa644847dc27f06aabdea8d9b65c1ac4196c64b946a34f8f9674e2ef7b2c Loading...

	7ngdqc.lxhhf.com/ftl/commonPage/js/gui-base.js	61 kB	2023-08-26	2024-05-19
Pretty URL 7ngdqc.lxhhf.com/ftl/commonPage/js/gui-base.js IP 103.198.200.1 ASN #138915 Kaopu Cloud HK Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-26 00:19:56 Last Seen2024-05-19 21:04:28 Times Seen3552 Hash e6ce47d880d7a50ddf91b074c8572edf 6a3657c67209136e5b544859daecf16f2d153b72 c49e04c7ecfd07c74b58cf161ef2b58f2bc837a9091ed1ae090a33734cdaa734 Loading...

	7ngdqc.lxhhf.com/ftl/commonPage/js/jquery/jquery.super-marquee.js	4.4 kB	2023-03-07	2024-05-19
Pretty URL 7ngdqc.lxhhf.com/ftl/commonPage/js/jquery/jquery.super-marquee.js IP 103.155.16.137 ASN #138915 Kaopu Cloud HK Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:14:38 Last Seen2024-05-19 21:04:28 Times Seen13221 Hash f77d83590bc0a69298f2fbcc5d9911cd 1d6aa25d7052f53ad0181385e5efe72f224bbdb9 1d042b9441e860ddcc01b9e9e5e8d354121ee0e31b47f6e18a321e2e633d22e7 Loading...

	7ngdqc.lxhhf.com/ftl/commonPage/js/jquery/jquery.nicescroll.min.js	65 kB	2023-03-07	2024-05-19
Pretty URL 7ngdqc.lxhhf.com/ftl/commonPage/js/jquery/jquery.nicescroll.min.js IP 103.155.16.137 ASN #138915 Kaopu Cloud HK Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:14:38 Last Seen2024-05-19 21:04:28 Times Seen13459 Hash b5bc8cd626b389bde727a91e6ce79436 3df6c39300ac286cf596b3bda273cb39ff825429 a1eb48eeb3b3f2ba41940d3041464f0b386b7a7c4a8acb42f3017e691f4b116e Loading...

	1111968.com/	20 kB	2023-04-05	2024-05-19
Pretty URL 1111968.com/ IP 20.222.191.152 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML true Observations First Seen2023-04-05 18:30:47 Last Seen2024-05-19 21:04:28 Times Seen6565 Hash 9f5bce1aa50f72fd0834901c70db4f43 41771079bee5eb45539e694a5eff580732ab26b0 a50724b65a2657f6e67adbf98a3dd135de52b4786350f0b1bd142adff38c7ffd Loading...

	unknown	278 B	2023-04-14	2024-05-19
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-14 20:29:13 Last Seen2024-05-19 20:58:00 Times Seen5760 Hash cf0aad09d2e7287c48d72501c4ed8cbd 7950b8c00d5a278b662dbccd11af31398a408e51 72512199b29d971b5fe854b1f610604dcbdec2c38666c106f1d15863e0df32db Loading...

	7ngdqc.lxhhf.com/ftl/commonPage/js/idangerous.swiper.min.js	45 kB	2023-08-15	2024-05-19
Pretty URL 7ngdqc.lxhhf.com/ftl/commonPage/js/idangerous.swiper.min.js IP 103.198.200.1 ASN #138915 Kaopu Cloud HK Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-15 12:01:05 Last Seen2024-05-19 21:04:28 Times Seen8185 Hash f15409fb02c527ce1f66a2fd3c4aa0e9 1e1e1bcc0f49e99e14ba34991cffe0745178d302 1a1b5d3d6fbfc28abe37a668abd59494208c63c5f0b5d040cf4bbbd137f87c27 Loading...

	1111968.com/	6 B	2023-03-07	2024-05-19
Pretty URL 1111968.com/ IP 20.222.191.152 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:14:38 Last Seen2024-05-19 21:04:28 Times Seen7508 Hash edaddb8132e9e0880252c5b6c47bf1c1 dc08b5b6ca432b46cca94f1f297491e1b08736ea b98809417c0240085bf70f2a1127f0b622c1514651737e7e4ffac4b39e4da17e Loading...

	1111968.com/message_zh_CN.js?v=1714556748154	32 kB	2023-12-07	2024-05-19
Pretty URL 1111968.com/message_zh_CN.js?v=1714556748154 IP 20.222.191.152 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-07 04:18:39 Last Seen2024-05-19 21:04:28 Times Seen1854 Hash 879e0d38aaa72a30c1987722f24ef0ff a71947b06e5ff779946d15db8877a103a5432036 fd47dca609ede55de5f51d756c967b63f0d223330e6eef19df0c3659e1bd9a55 Loading...

	7ngdqc.lxhhf.com/061410/rcenter/common/static/js/gb.validation.min.js?v=1714556748154	33 kB	2023-04-05	2024-05-19
Pretty URL 7ngdqc.lxhhf.com/061410/rcenter/common/static/js/gb.validation.min.js?v=1714556748154 IP 103.198.200.1 ASN #138915 Kaopu Cloud HK Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-05 18:30:47 Last Seen2024-05-19 21:04:28 Times Seen6699 Hash a55780dc13cbf1a8d375f14ebb659cf2 9548cc269bcde0dc48e166fa6bab37af8a649e57 35d147a863ab8828e073ca1ae89d476a9cede797c410ac555597c1f442452cc8 Loading...

	1111968.com/	1.8 kB	2023-04-05	2024-05-19
Pretty URL 1111968.com/ IP 20.222.191.152 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML true Observations First Seen2023-04-05 18:30:47 Last Seen2024-05-19 21:04:28 Times Seen6561 Hash 9f1681b5a72417b33c2869aab85af152 b40a6d9c6d058c2bd6e126a1b0191182926b9d04 eabdfd0c5237f406e0acbef879968e72e5e3d62dd8e8b6bcee48e5ab7f4d0154 Loading...

	1111968.com/	2.6 kB	2023-11-23	2024-05-19
Pretty URL 1111968.com/ IP 20.222.191.152 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML true Observations First Seen2023-11-23 15:36:17 Last Seen2024-05-19 21:04:28 Times Seen2259 Hash 9c3f7d9e5de3b764c32a679ad06ae3db 9ab260e36b46c6ca6f58066ee914f3826d86a37f fefe9a763127c0f92edfe95be1000aeed2eda7690482769c90dc9488dbe5d33a Loading...

	1111968.com/	127 kB	2024-05-01	2024-05-10
Pretty URL 1111968.com/ IP 20.222.191.152 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-01 19:23:01 Last Seen2024-05-10 09:49:43 Times Seen9 Hash 2baa2d25328861f24ee9270ec9c216e6 82ca54433ab01345b6bb88bb1e132172b593d2c6 35a5b2c4cba8d1a14313eb4a8a3b3eeb37b66593a872674ea34faf1c8a25802e Loading...

	1111968.com/	1.4 kB	2023-08-21	2024-05-19
Pretty URL 1111968.com/ IP 20.222.191.152 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML true Observations First Seen2023-08-21 11:10:45 Last Seen2024-05-19 21:04:28 Times Seen3944 Hash 479c01001c455527cf2aafec087accad 230c5d853a00977d890c25cb56b5a07c5e0acd0e 0ad2a7081ff475ce3a2068fe69547248166c0fd39f26fbf03f2ac5db073a16cf Loading...

	1111968.com/	3.5 kB	2023-10-24	2024-05-19
Pretty URL 1111968.com/ IP 20.222.191.152 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML true Observations First Seen2023-10-24 11:42:08 Last Seen2024-05-19 21:04:28 Times Seen3038 Hash 7932637ac9b0a1125acfaeffa837b6af 01107a42cef642f68e70ef30502ecb6c0de6a0d6 f938651bd7efeb3c523dcca3df1c9a0cc63b12f604816c8e49636fda5b1b1c7e Loading...

	1111968.com/	2.0 kB	2023-11-22	2024-05-19
Pretty URL 1111968.com/ IP 20.222.191.152 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML true Observations First Seen2023-11-22 16:18:01 Last Seen2024-05-19 21:04:28 Times Seen2267 Hash dd4934ec50598a49950c57836d268ba9 9830d9f40b0baf411ea1e7b7a4b65675cf35ae04 89e8ae92a48e530a676704a7858edcc65fdd1488e39280ba8da4cb80dc5729d5 Loading...

	7ngdqc.lxhhf.com/ftl/commonPage/js/jquery/jquery-1.11.3.min.js	96 kB	2023-03-07	2024-05-19
Pretty URL 7ngdqc.lxhhf.com/ftl/commonPage/js/jquery/jquery-1.11.3.min.js IP 103.198.200.1 ASN #138915 Kaopu Cloud HK Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:10:10 Last Seen2024-05-19 21:04:28 Times Seen13856 Hash b091a47f6b91e26c93a848092c6f3788 52918af2d431e73464060b35d364640c8db75606 329ab92b9276ef4e3148f69be6b208969bebdf2db3121a589caa172453fd9f10 Loading...

	1111968.com/	6.0 kB	2023-08-02	2024-05-19
Pretty URL 1111968.com/ IP 20.222.191.152 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML true Observations First Seen2023-08-02 04:42:13 Last Seen2024-05-19 21:04:28 Times Seen4455 Hash e6ea297058f6d52d83390d9ea7f914aa 349df987c3c4c50687d993b31f83cfea7f796730 2f21ca2376a9112f70c12ecc46d75ff792b067f5edceae5ea06011c13cf14e56 Loading...

	1111968.com/	585 B	2024-01-24	2024-05-10
Pretty URL 1111968.com/ IP 20.222.191.152 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML true Observations First Seen2024-01-24 03:10:44 Last Seen2024-05-10 09:49:43 Times Seen10 Hash aa7a702556bfc1dfb301d6db09b46bab e1522707bb9d5a29cd755f5348cb6c69b05ebbb7 6e999fc25740127605c648f69675fd84c992a3ffe4ab443a91b697e64fc0c3d2 Loading...

	7ngdqc.lxhhf.com/ftl/commonPage/js/websocket/CometMarathon.js	12 kB	2023-04-05	2024-05-19
Pretty URL 7ngdqc.lxhhf.com/ftl/commonPage/js/websocket/CometMarathon.js IP 103.198.200.1 ASN #138915 Kaopu Cloud HK Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-05 18:30:47 Last Seen2024-05-19 20:58:00 Times Seen6595 Hash 466a7ed7d00986d45375c0cbffb5233c 68845ead668e9abd29c24b491dbf97b219226c08 7ddafae5a0a552d2d56101cdc8306403e8fb9570759d66c48b25893b409f0123 Loading...

	7ngdqc.lxhhf.com/ftl/commonPage/js/websocket/PopUp.js	2.1 kB	2023-03-07	2024-05-19
Pretty URL 7ngdqc.lxhhf.com/ftl/commonPage/js/websocket/PopUp.js IP 103.198.200.1 ASN #138915 Kaopu Cloud HK Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:14:38 Last Seen2024-05-19 21:04:28 Times Seen13225 Hash 07864ad2e2759d53f8f2f14dd4295bd9 95144219e2eb702c4c4a707c3622b086876cf41c 871bf30791bb89605b61cea815c3786246274b65ede3b8a8b8c2dd9244cfa89d Loading...

	7ngdqc.lxhhf.com/061410/rcenter/common/js/jquery/plugins/jquery.validate/jquery.validate.js	28 kB	2023-04-05	2024-05-19
Pretty URL 7ngdqc.lxhhf.com/061410/rcenter/common/js/jquery/plugins/jquery.validate/jquery.validate.js IP 103.198.200.1 ASN #138915 Kaopu Cloud HK Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-05 18:30:47 Last Seen2024-05-19 21:04:28 Times Seen6587 Hash 9c41709c2b64126b909c101a27f39153 4ab666b36c092577acb41390ad90e96d5fea7711 c1963697eeafb63b6c29e95da2d38d91dd907ab656e130e6e1c34d1dcd149f60 Loading...

	7ngdqc.lxhhf.com/ftl/commonPage/js/moment.js	117 kB	2023-07-29	2024-05-19
Pretty URL 7ngdqc.lxhhf.com/ftl/commonPage/js/moment.js IP 103.198.200.1 ASN #138915 Kaopu Cloud HK Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-07-29 10:21:40 Last Seen2024-05-19 21:04:29 Times Seen9131 Hash 36c8f828395a9395549bd6e7307cb7e9 f30a4961558e2d3d4405e7d93aa28fdb63245e78 5d5e32fa1e06a0bc9396f349d142ad248e82086543e438c890e43f41e692db33 Loading...

	1111968.com/	2.1 kB	2023-10-26	2024-05-10
Pretty URL 1111968.com/ IP 20.222.191.152 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML true Observations First Seen2023-10-26 08:52:41 Last Seen2024-05-10 09:49:43 Times Seen15 Hash 94b2e22bdfd726e524db16edaa3d33a9 988297e7d96536fc82d227632d10e3e21799393c bb391eb3f504b0b11cf6d1fa6d0409065cb713d2505e8991bc3719a99af9bb1a Loading...

	1111968.com/	3.0 kB	2023-10-26	2024-05-10
Pretty URL 1111968.com/ IP 20.222.191.152 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML true Observations First Seen2023-10-26 08:52:41 Last Seen2024-05-10 09:49:43 Times Seen15 Hash 27d08ef6dfbd283a49abfa87481c78de 560e63630d0f0840216ab1bbfba0d9423ee68d86 1711db1a5ce94609bd312a331d244e0aad4616f081083ef381618f8c96a5ca06 Loading...

	7ngdqc.lxhhf.com/ftl/commonPage/js/websocket/Comet.js	17 kB	2023-04-05	2024-05-19
Pretty URL 7ngdqc.lxhhf.com/ftl/commonPage/js/websocket/Comet.js IP 103.198.200.1 ASN #138915 Kaopu Cloud HK Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-05 18:30:47 Last Seen2024-05-19 21:04:28 Times Seen6603 Hash 1008fe6a5e1a182d7775963b85405bb2 e174a7b08cc3cb5545af1cd33d2814e604119392 7479f6f22194ac37dd6d3f5a579b4682ac8dcb6389fb961cf4140f3fcc707a20 Loading...

	7ngdqc.lxhhf.com/ftl/commonPage/js/lazyload.js	12 kB	2023-08-15	2024-05-19
Pretty URL 7ngdqc.lxhhf.com/ftl/commonPage/js/lazyload.js IP 103.198.200.1 ASN #138915 Kaopu Cloud HK Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-15 12:01:05 Last Seen2024-05-19 21:04:28 Times Seen4085 Hash d87854586672bff7f886a47da85da5ed 8d0537030dc7a81ade87a41a75fd5a75e4e33da1 17859187f895c27de8869fb6bfec579fd68c4588d0af71d08d334be92d144ada Loading...

	7ngdqc.lxhhf.com/061410/rcenter/common/js/gamebox/common/jquery.validate.extend.msites.js	15 kB	2023-03-07	2024-05-19
Pretty URL 7ngdqc.lxhhf.com/061410/rcenter/common/js/gamebox/common/jquery.validate.extend.msites.js IP 103.198.200.1 ASN #138915 Kaopu Cloud HK Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:14:38 Last Seen2024-05-19 21:04:28 Times Seen13218 Hash 4fe7dadf050dad2dcfd386d21b880281 07e7feb8dc9309fe66d86d7a9e27f8efd32ab0bd aa891aafe8e98e1e15d81b2b116e6c3808d0bbbec56cd24818e2e7ac911877c9 Loading...

HTTP Transactions (52)

URL IP Response Size

1111968.com/commonPage/lan/i18n.js?t=1715208712.577

20.222.191.152

200 OK

7.0 kB

URL GET HTTP/2
1111968.com/commonPage/lan/i18n.js?t=1715208712.577
IP
20.222.191.152:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://1111968.com/
Certificate
IssuerLet's Encrypt
Subject1111968.com
Fingerprint55:41:26:53:B3:D8:75:BF:B7:57:A2:47:7B:1D:07:3F:47:6B:DE:12
ValidityWed, 06 Mar 2024 15:32:41 GMT - Tue, 04 Jun 2024 15:32:40 GMT

File type
gzip compressed data, from Unix
Size
7.0 kB (6952 bytes)
Hash
f97d1e22ba5ca774383befd73a460864
508021f31ead2a958f44c389fcdcd96f5d03611b
4c95d101c38be427a93e20b6f0488161f9561735e05c4031296820530aaf08f3

HTTP Headers

GET /commonPage/lan/i18n.js?t=1715208712.577 HTTP/1.1
Host: 1111968.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1111968.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.25.3
date: Wed, 08 May 2024 22:51:53 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
access-control-allow-origin: *
x-frame-options: SAMEORIGIN
uuid: 00177-01-00000000-1715208713c020
out-line: gb-cdn-806
content-encoding: gzip
x-country: NO
x-cache: MISS@wakamonom000001
X-Firefox-Spdy: h2

1111968.com/message_zh_CN.js?v=1714556748154

20.222.191.152

200 OK

20 kB

URL GET HTTP/2
1111968.com/message_zh_CN.js?v=1714556748154
IP
20.222.191.152:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://1111968.com/
Certificate
IssuerLet's Encrypt
Subject1111968.com
Fingerprint55:41:26:53:B3:D8:75:BF:B7:57:A2:47:7B:1D:07:3F:47:6B:DE:12
ValidityWed, 06 Mar 2024 15:32:41 GMT - Tue, 04 Jun 2024 15:32:40 GMT

File type
gzip compressed data, max compression, from Unix
Size
20 kB (20548 bytes)
Hash
12a8e7247ec956e8086cb6374e6bd6ee
2648c3546cf21ce9362ede0b0e63d29ade791752
c3d0770b7cff7366407ba0df3e97c2d9acde87b993800f3144e1ea8f48d51c0c

HTTP Headers

GET /message_zh_CN.js?v=1714556748154 HTTP/1.1
Host: 1111968.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1111968.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.25.3
date: Wed, 08 May 2024 22:51:53 GMT
content-type: application/javascript;charset=UTF-8
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
x-frame-options: SAMEORIGIN
cache-control: max-age=86400
uuid: 00177-01-00000000-1715208709f592
out-line: gb-cdn-132
x-country: NO
x-cache: HIT, HIT@wakamonom000001
X-Firefox-Spdy: h2

7ngdqc.lxhhf.com/ftl/venetian177/themes/style/common.css

103.198.200.1

200 OK

5.6 kB

URL GET HTTP/1.1
7ngdqc.lxhhf.com/ftl/venetian177/themes/style/common.css
IP
103.198.200.1:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://1111968.com/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.lxhhf.com
Fingerprint8D:5A:ED:78:BB:FB:17:9F:37:EA:A1:21:80:F7:F6:0A:13:DC:98:38
ValidityTue, 05 Dec 2023 08:15:55 GMT - Wed, 04 Dec 2024 08:15:54 GMT

File type
Unicode text, UTF-8 text, with very long lines (312)
Size
5.6 kB (5602 bytes)
Hash
03ce869f3c2d66b7d688b7c02a6546c4
343e1a1a8e8e54844b17be0fdc1a828af6306f7d
99ac572a23f192ef279dcfc77efd95c3ebdf4bd10ac8bc8363ce4d814c69a676

HTTP Headers

GET /ftl/venetian177/themes/style/common.css HTTP/1.1
Host: 7ngdqc.lxhhf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1111968.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 5602
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-05
ETag: W/"6434cd36-5dc5"
Date: Tue, 16 Apr 2024 10:10:27 GMT
Last-Modified: Tue, 11 Apr 2023 03:00:06 GMT
Expires: Thu, 16 May 2024 10:10:27 GMT
Age: 1946487
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-05, HIT from KS-CLOUD-XG-FOREIGN-21-06
X-Cdn-Request-ID: 39906960502895355710d37eb0feeaaa

7ngdqc.lxhhf.com/ftl/venetian177/themes/style/bootstrap-dialog.min.css

103.198.200.1

200 OK

582 B

URL GET HTTP/1.1
7ngdqc.lxhhf.com/ftl/venetian177/themes/style/bootstrap-dialog.min.css
IP
103.198.200.1:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://1111968.com/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.lxhhf.com
Fingerprint8D:5A:ED:78:BB:FB:17:9F:37:EA:A1:21:80:F7:F6:0A:13:DC:98:38
ValidityTue, 05 Dec 2023 08:15:55 GMT - Wed, 04 Dec 2024 08:15:54 GMT

File type
ASCII text, with very long lines (2212), with no line terminators
Size
582 B (582 bytes)
Hash
b96ac75a57b19d9c167a3a1c8576b53d
7efedd5b5277d951393af4783e9da20fc5376152
3fcfb5edb031a13551fb7630852d5a1b474339bfb2c8ac97e9596e9e798a7815

HTTP Headers

GET /ftl/venetian177/themes/style/bootstrap-dialog.min.css HTTP/1.1
Host: 7ngdqc.lxhhf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1111968.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 582
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-03
ETag: W/"6156d044-8a4"
Date: Tue, 16 Apr 2024 10:10:27 GMT
Last-Modified: Fri, 01 Oct 2021 09:09:24 GMT
Expires: Thu, 16 May 2024 10:10:27 GMT
Age: 1946487
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-03, HIT from KS-CLOUD-XG-FOREIGN-21-11
X-Cdn-Request-ID: f7653bf77e6f5b9291545f13648400ff

7ngdqc.lxhhf.com/ftl/commonPage/themes/gui-skin-default.css

103.198.200.1

200 OK

6.3 kB

URL GET HTTP/1.1
7ngdqc.lxhhf.com/ftl/commonPage/themes/gui-skin-default.css
IP
103.198.200.1:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://1111968.com/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.lxhhf.com
Fingerprint8D:5A:ED:78:BB:FB:17:9F:37:EA:A1:21:80:F7:F6:0A:13:DC:98:38
ValidityTue, 05 Dec 2023 08:15:55 GMT - Wed, 04 Dec 2024 08:15:54 GMT

File type
Unicode text, UTF-8 (with BOM) text, with very long lines (7014)
Size
6.3 kB (6253 bytes)
Hash
4f6eba52b6bdba2bd8154d39c61fcaab
11a91e977ab64175dc2ec233d45c6cf9d34798b0
b4ae8f84403e1e8ea7f75cac8491e461ac6e5524260a04d772d53dd912f8e53a

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/commonPage/themes/gui-skin-default.css HTTP/1.1
Host: 7ngdqc.lxhhf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1111968.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 6253
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-02
ETag: W/"64ad1569-7b6e"
Date: Tue, 16 Apr 2024 10:06:42 GMT
Last-Modified: Tue, 11 Jul 2023 08:40:09 GMT
Expires: Thu, 16 May 2024 10:06:42 GMT
Age: 1946712
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-02, HIT from KS-CLOUD-XG-FOREIGN-21-15
X-Cdn-Request-ID: 9139ec178aea2127ec17e5aca70577df

7ngdqc.lxhhf.com/ftl/commonPage/themes/gui-base.css

103.198.200.1

200 OK

17 kB

URL GET HTTP/1.1
7ngdqc.lxhhf.com/ftl/commonPage/themes/gui-base.css
IP
103.198.200.1:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://1111968.com/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.lxhhf.com
Fingerprint8D:5A:ED:78:BB:FB:17:9F:37:EA:A1:21:80:F7:F6:0A:13:DC:98:38
ValidityTue, 05 Dec 2023 08:15:55 GMT - Wed, 04 Dec 2024 08:15:54 GMT

File type
Unicode text, UTF-8 text, with very long lines (12023)
Size
17 kB (17118 bytes)
Hash
d01c79296c69daae2357744b28ad3a08
6979c86432a04a8cc22818055bd599e10d13892e
03bae6f265bda27347f4697d37ddb03335678cf0a76d5a246ee1b02463294599

HTTP Headers

GET /ftl/commonPage/themes/gui-base.css HTTP/1.1
Host: 7ngdqc.lxhhf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1111968.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 17118
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-02
ETag: W/"661623eb-14596"
Date: Tue, 16 Apr 2024 10:06:41 GMT
Last-Modified: Wed, 10 Apr 2024 05:30:19 GMT
Expires: Thu, 16 May 2024 10:06:41 GMT
Age: 1946713
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-02, HIT from KS-CLOUD-XG-FOREIGN-21-01
X-Cdn-Request-ID: 4ed3aa4a95277b2fbe7ef20826f58705

7ngdqc.lxhhf.com/ftl/commonPage/js/float.js

103.198.200.1

200 OK

1.9 kB

URL GET HTTP/1.1
7ngdqc.lxhhf.com/ftl/commonPage/js/float.js
IP
103.198.200.1:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://1111968.com/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.lxhhf.com
Fingerprint8D:5A:ED:78:BB:FB:17:9F:37:EA:A1:21:80:F7:F6:0A:13:DC:98:38
ValidityTue, 05 Dec 2023 08:15:55 GMT - Wed, 04 Dec 2024 08:15:54 GMT

File type
JavaScript source, Unicode text, UTF-8 text
Size
1.9 kB (1929 bytes)
Hash
829af863b0cdc4a603919824ae046299
1d417b1553e4ecb7125ebf2005b74255291fbf73
1dbe4afbc9ed220c08b9e95577b56f83e2e8e0f7620c5dc18266bb325e5bb271

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/commonPage/js/float.js HTTP/1.1
Host: 7ngdqc.lxhhf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1111968.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 1929
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-03
ETag: W/"612747ba-1b2f"
Date: Tue, 16 Apr 2024 10:06:34 GMT
Last-Modified: Thu, 26 Aug 2021 07:50:18 GMT
Expires: Thu, 16 May 2024 10:06:34 GMT
Age: 1946720
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-03, HIT from KS-CLOUD-XG-FOREIGN-21-05
X-Cdn-Request-ID: cb6fdcc3ee9592ec98f7ed99eba143a0

7ngdqc.lxhhf.com/ftl/commonPage/js/websocket/PopUp.js

103.198.200.1

200 OK

797 B

URL GET HTTP/1.1
7ngdqc.lxhhf.com/ftl/commonPage/js/websocket/PopUp.js
IP
103.198.200.1:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://1111968.com/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.lxhhf.com
Fingerprint8D:5A:ED:78:BB:FB:17:9F:37:EA:A1:21:80:F7:F6:0A:13:DC:98:38
ValidityTue, 05 Dec 2023 08:15:55 GMT - Wed, 04 Dec 2024 08:15:54 GMT

File type
Unicode text, UTF-8 text
Size
797 B (797 bytes)
Hash
07864ad2e2759d53f8f2f14dd4295bd9
95144219e2eb702c4c4a707c3622b086876cf41c
871bf30791bb89605b61cea815c3786246274b65ede3b8a8b8c2dd9244cfa89d

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/commonPage/js/websocket/PopUp.js HTTP/1.1
Host: 7ngdqc.lxhhf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1111968.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 797
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-04
ETag: W/"6260ddd4-828"
Date: Tue, 16 Apr 2024 10:06:37 GMT
Last-Modified: Thu, 21 Apr 2022 04:30:12 GMT
Expires: Thu, 16 May 2024 10:06:37 GMT
Age: 1946717
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-204
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-04, HIT from KS-CLOUD-XG-FOREIGN-21-05
X-Cdn-Request-ID: 6e843385fc6719b4d044eeedf79940f1

7ngdqc.lxhhf.com/ftl/commonPage/js/websocket/Comet.js

103.198.200.1

200 OK

4.0 kB

URL GET HTTP/1.1
7ngdqc.lxhhf.com/ftl/commonPage/js/websocket/Comet.js
IP
103.198.200.1:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://1111968.com/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.lxhhf.com
Fingerprint8D:5A:ED:78:BB:FB:17:9F:37:EA:A1:21:80:F7:F6:0A:13:DC:98:38
ValidityTue, 05 Dec 2023 08:15:55 GMT - Wed, 04 Dec 2024 08:15:54 GMT

File type
JavaScript source, Unicode text, UTF-8 text
Size
4.0 kB (4031 bytes)
Hash
4de3e8bcf2f02d60519ca0d3584d3b8e
6323c2bf18b1bbf968e164bdf2e58d7677f67f8a
6cf6e96f51f13834e233bee9a9040f6eff70601dc0b755e60885b20550b35a9f

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/commonPage/js/websocket/Comet.js HTTP/1.1
Host: 7ngdqc.lxhhf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1111968.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 4031
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-01
ETag: W/"60f60fb5-43bc"
Date: Tue, 16 Apr 2024 10:06:35 GMT
Last-Modified: Mon, 19 Jul 2021 23:50:13 GMT
Expires: Thu, 16 May 2024 10:06:35 GMT
Age: 1946719
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-204
x-link-via: xg21:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-01, HIT from KS-CLOUD-XG-FOREIGN-21-07
X-Cdn-Request-ID: d28bcc07cf8e32eeaa55230ea3748c3f

7ngdqc.lxhhf.com/ftl/commonPage/js/websocket/CometMarathon.js

103.198.200.1

200 OK

3.3 kB

URL GET HTTP/1.1
7ngdqc.lxhhf.com/ftl/commonPage/js/websocket/CometMarathon.js
IP
103.198.200.1:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://1111968.com/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.lxhhf.com
Fingerprint8D:5A:ED:78:BB:FB:17:9F:37:EA:A1:21:80:F7:F6:0A:13:DC:98:38
ValidityTue, 05 Dec 2023 08:15:55 GMT - Wed, 04 Dec 2024 08:15:54 GMT

File type
JavaScript source, Unicode text, UTF-8 text
Size
3.3 kB (3316 bytes)
Hash
3b4680db1e065116488f065419ca9f58
6c646601c5656ff6cb1fdf9d5b95823f41e9bcfa
e2bfb9fc21f2a1a6e33c7c5ed20de13ef2ef4bcf266aa4b2e6f2fee06f8f4eaf

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/commonPage/js/websocket/CometMarathon.js HTTP/1.1
Host: 7ngdqc.lxhhf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1111968.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 3316
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-02
ETag: W/"6260ddd4-2f13"
Date: Tue, 16 Apr 2024 10:05:17 GMT
Last-Modified: Thu, 21 Apr 2022 04:30:12 GMT
Expires: Thu, 16 May 2024 10:05:17 GMT
Age: 1946797
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-02, HIT from KS-CLOUD-XG-FOREIGN-21-11
X-Cdn-Request-ID: 1818b1d8f66f784d13bafc3b6682d798

7ngdqc.lxhhf.com/ftl/commonPage/js/idangerous.swiper.min.js

103.198.200.1

200 OK

12 kB

URL GET HTTP/1.1
7ngdqc.lxhhf.com/ftl/commonPage/js/idangerous.swiper.min.js
IP
103.198.200.1:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://1111968.com/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.lxhhf.com
Fingerprint8D:5A:ED:78:BB:FB:17:9F:37:EA:A1:21:80:F7:F6:0A:13:DC:98:38
ValidityTue, 05 Dec 2023 08:15:55 GMT - Wed, 04 Dec 2024 08:15:54 GMT

File type
JavaScript source, ASCII text, with very long lines (32034)
Size
12 kB (11957 bytes)
Hash
f15409fb02c527ce1f66a2fd3c4aa0e9
1e1e1bcc0f49e99e14ba34991cffe0745178d302
1a1b5d3d6fbfc28abe37a668abd59494208c63c5f0b5d040cf4bbbd137f87c27

HTTP Headers

GET /ftl/commonPage/js/idangerous.swiper.min.js HTTP/1.1
Host: 7ngdqc.lxhhf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1111968.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 11957
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-03
ETag: W/"64d5b951-b083"
Date: Tue, 16 Apr 2024 10:06:35 GMT
Last-Modified: Fri, 11 Aug 2023 04:30:09 GMT
Expires: Thu, 16 May 2024 10:06:35 GMT
Age: 1946720
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-204
x-link-via: xg21:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-03, HIT from KS-CLOUD-XG-FOREIGN-21-12
X-Cdn-Request-ID: 4ed2dba71cdbc74bb9fd53a3bbe4271b

7ngdqc.lxhhf.com/ftl/commonPage/js/lazyload.js

103.198.200.1

200 OK

2.7 kB

URL GET HTTP/1.1
7ngdqc.lxhhf.com/ftl/commonPage/js/lazyload.js
IP
103.198.200.1:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://1111968.com/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.lxhhf.com
Fingerprint8D:5A:ED:78:BB:FB:17:9F:37:EA:A1:21:80:F7:F6:0A:13:DC:98:38
ValidityTue, 05 Dec 2023 08:15:55 GMT - Wed, 04 Dec 2024 08:15:54 GMT

File type
JavaScript source, Unicode text, UTF-8 text
Size
2.7 kB (2731 bytes)
Hash
58f1a7fa1a19b0e5ad0a5bad974b98cf
6963ce7378e6c992de06e7e77d79432a0d38f54d
fb513dceb383ebeda507b1e1cc89ab4d73de071d8aa4fc78bc22f66e7fc5a7e4

HTTP Headers

GET /ftl/commonPage/js/lazyload.js HTTP/1.1
Host: 7ngdqc.lxhhf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1111968.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 2731
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-05
ETag: W/"64d05f66-2f79"
Date: Tue, 16 Apr 2024 10:05:15 GMT
Last-Modified: Mon, 07 Aug 2023 03:05:10 GMT
Expires: Thu, 16 May 2024 10:05:15 GMT
Age: 1946799
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding, Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-204
Content-Encoding: gzip
x-link-via: xg21:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-05, HIT from KS-CLOUD-XG-FOREIGN-21-10
X-Cdn-Request-ID: de8704d8f6e511f6549fd36a0a7b37ea

7ngdqc.lxhhf.com/ftl/commonPage/themes/hongbao.css

103.155.16.137

200 OK

5.7 kB

URL GET HTTP/1.1
7ngdqc.lxhhf.com/ftl/commonPage/themes/hongbao.css
IP
103.155.16.137:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://1111968.com/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.lxhhf.com
Fingerprint8D:5A:ED:78:BB:FB:17:9F:37:EA:A1:21:80:F7:F6:0A:13:DC:98:38
ValidityTue, 05 Dec 2023 08:15:55 GMT - Wed, 04 Dec 2024 08:15:54 GMT

File type
Unicode text, UTF-8 text, with very long lines (336)
Size
5.7 kB (5666 bytes)
Hash
499a3a64bcf22609681f5337a6360c80
fc05a8a391c8375ea4e47183eca56a18bed8fca7
5339bf22971b6400e64154decc06b84fd4be337c2758cc7ca565756c92c97894

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/commonPage/themes/hongbao.css HTTP/1.1
Host: 7ngdqc.lxhhf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://7ngdqc.lxhhf.com/ftl/commonPage/themes/gui-base.css
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 5666
Connection: keep-alive
Server: Default-server-KS-CLOUD-XJP-12-04
ETag: W/"64252e4f-d530"
Date: Tue, 16 Apr 2024 10:38:26 GMT
Last-Modified: Thu, 30 Mar 2023 06:38:07 GMT
Expires: Thu, 16 May 2024 10:38:26 GMT
Age: 1944808
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-204
x-link-via: xjp21:443;xjp12:80;
X-Cache-Status: HIT from KS-CLOUD-XJP-12-04, HIT from KS-CLOUD-XJP-FOREIGN-21-06
X-Cdn-Request-ID: 0fa1c91d3721cbafd6b1a175c1f558dd

7ngdqc.lxhhf.com/ftl/commonPage/themes/gui-layer.css

103.155.16.137

200 OK

6.9 kB

URL GET HTTP/1.1
7ngdqc.lxhhf.com/ftl/commonPage/themes/gui-layer.css
IP
103.155.16.137:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://1111968.com/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.lxhhf.com
Fingerprint8D:5A:ED:78:BB:FB:17:9F:37:EA:A1:21:80:F7:F6:0A:13:DC:98:38
ValidityTue, 05 Dec 2023 08:15:55 GMT - Wed, 04 Dec 2024 08:15:54 GMT

File type
Unicode text, UTF-8 text, with very long lines (489)
Size
6.9 kB (6923 bytes)
Hash
858eefc3fa70af7d0115c901908471f5
29c181bbbc09a424f7de7cb57629bd8a9e3c679a
9f6a77c93f998e065f1ed52eb9943a3c560a50366bba2c8a34a4a1223c793caf

HTTP Headers

GET /ftl/commonPage/themes/gui-layer.css HTTP/1.1
Host: 7ngdqc.lxhhf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://7ngdqc.lxhhf.com/ftl/commonPage/themes/gui-base.css
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 6923
Connection: keep-alive
Server: Default-server-KS-CLOUD-XJP-12-08
ETag: W/"64ddd5e1-c760"
Date: Tue, 16 Apr 2024 10:38:26 GMT
Last-Modified: Thu, 17 Aug 2023 08:10:09 GMT
Expires: Thu, 16 May 2024 10:38:26 GMT
Age: 1944808
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-204
x-link-via: xjp21:443;xjp12:80;
X-Cache-Status: HIT from KS-CLOUD-XJP-12-08, HIT from KS-CLOUD-XJP-FOREIGN-21-20
X-Cdn-Request-ID: 72399d0b0713e4c32cdba0ad13d774c3

7ngdqc.lxhhf.com/ftl/commonPage/js/bootstrap-dialog.min.js

103.198.200.1

200 OK

5.0 kB

URL GET HTTP/1.1
7ngdqc.lxhhf.com/ftl/commonPage/js/bootstrap-dialog.min.js
IP
103.198.200.1:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://1111968.com/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.lxhhf.com
Fingerprint8D:5A:ED:78:BB:FB:17:9F:37:EA:A1:21:80:F7:F6:0A:13:DC:98:38
ValidityTue, 05 Dec 2023 08:15:55 GMT - Wed, 04 Dec 2024 08:15:54 GMT

File type
JavaScript source, ASCII text, with very long lines (20132), with no line terminators
Size
5.0 kB (5007 bytes)
Hash
5ce8851dc823429a42ab6147554403cc
28f381f0e0aa4f5d56690e65723bd97fb59a38e6
dd1edf5e54071903c4c1e81e33636444899d645df6b18bad22249da07f91c811

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/commonPage/js/bootstrap-dialog.min.js HTTP/1.1
Host: 7ngdqc.lxhhf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1111968.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 5007
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-06
ETag: W/"5d848f4f-4ea4"
Date: Tue, 16 Apr 2024 10:06:42 GMT
Last-Modified: Fri, 20 Sep 2019 08:35:27 GMT
Expires: Thu, 16 May 2024 10:06:42 GMT
Age: 1946712
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-06, HIT from KS-CLOUD-XG-FOREIGN-21-06
X-Cdn-Request-ID: ba5a338185049a1a596b7f8270747aa1

7ngdqc.lxhhf.com/ftl/commonPage/js/gui-base.js

103.198.200.1

200 OK

16 kB

URL GET HTTP/1.1
7ngdqc.lxhhf.com/ftl/commonPage/js/gui-base.js
IP
103.198.200.1:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://1111968.com/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.lxhhf.com
Fingerprint8D:5A:ED:78:BB:FB:17:9F:37:EA:A1:21:80:F7:F6:0A:13:DC:98:38
ValidityTue, 05 Dec 2023 08:15:55 GMT - Wed, 04 Dec 2024 08:15:54 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (11056)
Size
16 kB (15779 bytes)
Hash
4007cfe0a95df1d6a9f4252e636f995f
b0f9a2ad5c49b9b50ac5d025c8e9ce803eb5d7a8
4370313fa317e44140f85bba141ec24c2c9ef674593779d3349d2a44001699d0

HTTP Headers

GET /ftl/commonPage/js/gui-base.js HTTP/1.1
Host: 7ngdqc.lxhhf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1111968.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 15779
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-06
ETag: W/"64ddbaed-ee5c"
Date: Tue, 16 Apr 2024 10:05:17 GMT
Last-Modified: Thu, 17 Aug 2023 06:15:09 GMT
Expires: Thu, 16 May 2024 10:05:17 GMT
Age: 1946798
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding, Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-204
Content-Encoding: gzip
x-link-via: xg21:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-06, HIT from KS-CLOUD-XG-FOREIGN-21-09
X-Cdn-Request-ID: e15dd89987b466619096453ff30bd574

7ngdqc.lxhhf.com/ftl/commonPage/js/layer.js

103.198.200.1

200 OK

7.6 kB

URL GET HTTP/1.1
7ngdqc.lxhhf.com/ftl/commonPage/js/layer.js
IP
103.198.200.1:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://1111968.com/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.lxhhf.com
Fingerprint8D:5A:ED:78:BB:FB:17:9F:37:EA:A1:21:80:F7:F6:0A:13:DC:98:38
ValidityTue, 05 Dec 2023 08:15:55 GMT - Wed, 04 Dec 2024 08:15:54 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (21922)
Size
7.6 kB (7599 bytes)
Hash
c42797aecccd5494e2b747cedf1a890b
b9e06a6d245b6a3c87f2753db0c9c9aa020640b2
56feab66e10b4718de666fc63941b4f36a5e553e8887d663e137e635add8beb3

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/commonPage/js/layer.js HTTP/1.1
Host: 7ngdqc.lxhhf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1111968.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 7599
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-06
ETag: W/"5d848f4f-55f6"
Date: Tue, 16 Apr 2024 10:05:18 GMT
Last-Modified: Fri, 20 Sep 2019 08:35:27 GMT
Expires: Thu, 16 May 2024 10:05:18 GMT
Age: 1946796
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-204
x-link-via: xg21:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-06, HIT from KS-CLOUD-XG-FOREIGN-21-13
X-Cdn-Request-ID: 9ff26500b25511537f93d3c397c80426

7ngdqc.lxhhf.com/ftl/commonPage/js/jquery/jquery.super-marquee.js

103.155.16.137

200 OK

1.4 kB

URL GET HTTP/1.1
7ngdqc.lxhhf.com/ftl/commonPage/js/jquery/jquery.super-marquee.js
IP
103.155.16.137:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://1111968.com/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.lxhhf.com
Fingerprint8D:5A:ED:78:BB:FB:17:9F:37:EA:A1:21:80:F7:F6:0A:13:DC:98:38
ValidityTue, 05 Dec 2023 08:15:55 GMT - Wed, 04 Dec 2024 08:15:54 GMT

File type
JavaScript source, ASCII text, with very long lines (4433), with no line terminators
Size
1.4 kB (1421 bytes)
Hash
f77d83590bc0a69298f2fbcc5d9911cd
1d6aa25d7052f53ad0181385e5efe72f224bbdb9
1d042b9441e860ddcc01b9e9e5e8d354121ee0e31b47f6e18a321e2e633d22e7

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/commonPage/js/jquery/jquery.super-marquee.js HTTP/1.1
Host: 7ngdqc.lxhhf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1111968.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 1421
Connection: keep-alive
Server: Default-server-KS-CLOUD-XJP-12-09
ETag: W/"5d848f4f-1151"
Date: Mon, 22 Apr 2024 18:43:50 GMT
Last-Modified: Fri, 20 Sep 2019 08:35:27 GMT
Expires: Wed, 22 May 2024 18:43:50 GMT
Age: 1397285
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xjp21:443;xjp12:80;
X-Cache-Status: HIT from KS-CLOUD-XJP-12-09, HIT from KS-CLOUD-XJP-FOREIGN-21-11
X-Cdn-Request-ID: f1e82126ff6089cdab24095595205567

7ngdqc.lxhhf.com/ftl/commonPage/js/jquery/jquery-1.11.3.min.js

103.198.200.1

200 OK

34 kB

URL GET HTTP/1.1
7ngdqc.lxhhf.com/ftl/commonPage/js/jquery/jquery-1.11.3.min.js
IP
103.198.200.1:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://1111968.com/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.lxhhf.com
Fingerprint8D:5A:ED:78:BB:FB:17:9F:37:EA:A1:21:80:F7:F6:0A:13:DC:98:38
ValidityTue, 05 Dec 2023 08:15:55 GMT - Wed, 04 Dec 2024 08:15:54 GMT

File type
JavaScript source, ASCII text, with very long lines (32038)
Size
34 kB (33545 bytes)
Hash
b091a47f6b91e26c93a848092c6f3788
52918af2d431e73464060b35d364640c8db75606
329ab92b9276ef4e3148f69be6b208969bebdf2db3121a589caa172453fd9f10

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/commonPage/js/jquery/jquery-1.11.3.min.js HTTP/1.1
Host: 7ngdqc.lxhhf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1111968.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 33545
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-04
ETag: W/"5d848f4f-176d4"
Date: Tue, 16 Apr 2024 10:05:18 GMT
Last-Modified: Fri, 20 Sep 2019 08:35:27 GMT
Expires: Thu, 16 May 2024 10:05:18 GMT
Age: 1946797
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-04, HIT from KS-CLOUD-XG-FOREIGN-21-01
X-Cdn-Request-ID: 77f91c2306f3973f470d987ab5685bab

7ngdqc.lxhhf.com/061410/rcenter/common/js/gamebox/common/jquery.validate.extend.msites.js

103.198.200.1

200 OK

4.1 kB

URL GET HTTP/1.1
7ngdqc.lxhhf.com/061410/rcenter/common/js/gamebox/common/jquery.validate.extend.msites.js
IP
103.198.200.1:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://1111968.com/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.lxhhf.com
Fingerprint8D:5A:ED:78:BB:FB:17:9F:37:EA:A1:21:80:F7:F6:0A:13:DC:98:38
ValidityTue, 05 Dec 2023 08:15:55 GMT - Wed, 04 Dec 2024 08:15:54 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (14855), with no line terminators
Size
4.1 kB (4126 bytes)
Hash
4fe7dadf050dad2dcfd386d21b880281
07e7feb8dc9309fe66d86d7a9e27f8efd32ab0bd
aa891aafe8e98e1e15d81b2b116e6c3808d0bbbec56cd24818e2e7ac911877c9

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /061410/rcenter/common/js/gamebox/common/jquery.validate.extend.msites.js HTTP/1.1
Host: 7ngdqc.lxhhf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1111968.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 4126
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-04
ETag: W/"655579ca-3a09"
Date: Tue, 07 May 2024 13:53:04 GMT
Last-Modified: Thu, 16 Nov 2023 02:09:14 GMT
Expires: Thu, 06 Jun 2024 13:53:04 GMT
Age: 118731
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-04, HIT from KS-CLOUD-XG-FOREIGN-21-08
X-Cdn-Request-ID: 7b66043eca61e29ebdd7186b3dbe26b4

7ngdqc.lxhhf.com/ftl/commonPage/js/jquery/jquery.nicescroll.min.js

103.155.16.137

200 OK

17 kB

URL GET HTTP/1.1
7ngdqc.lxhhf.com/ftl/commonPage/js/jquery/jquery.nicescroll.min.js
IP
103.155.16.137:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://1111968.com/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.lxhhf.com
Fingerprint8D:5A:ED:78:BB:FB:17:9F:37:EA:A1:21:80:F7:F6:0A:13:DC:98:38
ValidityTue, 05 Dec 2023 08:15:55 GMT - Wed, 04 Dec 2024 08:15:54 GMT

File type
JavaScript source, ASCII text, with very long lines (64577)
Size
17 kB (17446 bytes)
Hash
b5bc8cd626b389bde727a91e6ce79436
3df6c39300ac286cf596b3bda273cb39ff825429
a1eb48eeb3b3f2ba41940d3041464f0b386b7a7c4a8acb42f3017e691f4b116e

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/commonPage/js/jquery/jquery.nicescroll.min.js HTTP/1.1
Host: 7ngdqc.lxhhf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1111968.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 17446
Connection: keep-alive
Server: Default-server-KS-CLOUD-XJP-12-08
ETag: W/"5d848f4f-fc8b"
Date: Mon, 22 Apr 2024 18:43:51 GMT
Last-Modified: Fri, 20 Sep 2019 08:35:27 GMT
Expires: Wed, 22 May 2024 18:43:51 GMT
Age: 1397284
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding, Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
Content-Encoding: gzip
x-link-via: xjp21:443;xjp12:80;
X-Cache-Status: HIT from KS-CLOUD-XJP-12-08, HIT from KS-CLOUD-XJP-FOREIGN-21-20
X-Cdn-Request-ID: d494c502a78e0d777549cbc935b4e162

7ngdqc.lxhhf.com/061410/rcenter/common/js/jquery/plugins/jquery.validate/jquery.validate.js

103.198.200.1

200 OK

7.7 kB

URL GET HTTP/1.1
7ngdqc.lxhhf.com/061410/rcenter/common/js/jquery/plugins/jquery.validate/jquery.validate.js
IP
103.198.200.1:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://1111968.com/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.lxhhf.com
Fingerprint8D:5A:ED:78:BB:FB:17:9F:37:EA:A1:21:80:F7:F6:0A:13:DC:98:38
ValidityTue, 05 Dec 2023 08:15:55 GMT - Wed, 04 Dec 2024 08:15:54 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (27669)
Size
7.7 kB (7746 bytes)
Hash
f8c2b37c1dc626eede6a2e3e37aa4504
d4e8419497caa64c8a850ac4808dddb89b5eeb3f
728d63b799ab3d9bee5e987ad13f71aeb9d30ff78ed552c7edc425531c9c0f2a

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /061410/rcenter/common/js/jquery/plugins/jquery.validate/jquery.validate.js HTTP/1.1
Host: 7ngdqc.lxhhf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1111968.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 7746
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-03
ETag: W/"655579ca-6caf"
Date: Tue, 07 May 2024 13:53:05 GMT
Last-Modified: Thu, 16 Nov 2023 02:09:14 GMT
Expires: Thu, 06 Jun 2024 13:53:05 GMT
Age: 118730
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding, Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
Content-Encoding: gzip
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-03, HIT from KS-CLOUD-XG-FOREIGN-21-05
X-Cdn-Request-ID: e7cc5b55b8b32485e05a1eea2f46e821

1111968.com/ftl/commonPage/images/partner/partner-hongtu-goldGradient.png

20.222.191.152

200 OK

87 kB

URL GET HTTP/2
1111968.com/ftl/commonPage/images/partner/partner-hongtu-goldGradient.png
IP
20.222.191.152:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://1111968.com/
Certificate
IssuerLet's Encrypt
Subject1111968.com
Fingerprint55:41:26:53:B3:D8:75:BF:B7:57:A2:47:7B:1D:07:3F:47:6B:DE:12
ValidityWed, 06 Mar 2024 15:32:41 GMT - Tue, 04 Jun 2024 15:32:40 GMT

File type
PNG image data, 4964 x 72, 8-bit colormap, non-interlaced
Size
87 kB (86597 bytes)
Hash
f27ded2561ffd51a112741a1d783230d
b5382b043f37a2cd93e802472958d8b49c14241f
db4f7cbfc843c8b3915a389d8002aa727adb6f39f0789e63762c609ac9c835dd

HTTP Headers

GET /ftl/commonPage/images/partner/partner-hongtu-goldGradient.png HTTP/1.1
Host: 1111968.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1111968.com/
Cookie: sticket=VlpMWhZbVEwTFRGa1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.25.3
date: Wed, 08 May 2024 22:51:55 GMT
content-type: image/png
content-length: 86597
last-modified: Mon, 08 Apr 2024 09:30:15 GMT
etag: "6613b927-15245"
access-control-allow-origin: *
x-frame-options: SAMEORIGIN
cache-control: max-age=86400
uuid: -
out-line: gb-cdn-132
x-country: NO
x-cache: HIT, HIT@wakamonom000001
accept-ranges: bytes
X-Firefox-Spdy: h2

7ngdqc.lxhhf.com/ftl/commonPage/js/moment.js

103.198.200.1

200 OK

27 kB

URL GET HTTP/1.1
7ngdqc.lxhhf.com/ftl/commonPage/js/moment.js
IP
103.198.200.1:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://1111968.com/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.lxhhf.com
Fingerprint8D:5A:ED:78:BB:FB:17:9F:37:EA:A1:21:80:F7:F6:0A:13:DC:98:38
ValidityTue, 05 Dec 2023 08:15:55 GMT - Wed, 04 Dec 2024 08:15:54 GMT

File type
JavaScript source, Unicode text, UTF-8 text
Size
27 kB (26968 bytes)
Hash
36c8f828395a9395549bd6e7307cb7e9
f30a4961558e2d3d4405e7d93aa28fdb63245e78
5d5e32fa1e06a0bc9396f349d142ad248e82086543e438c890e43f41e692db33

HTTP Headers

GET /ftl/commonPage/js/moment.js HTTP/1.1
Host: 7ngdqc.lxhhf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1111968.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 26968
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-02
ETag: W/"64b633ca-1cab9"
Date: Tue, 16 Apr 2024 10:05:18 GMT
Last-Modified: Tue, 18 Jul 2023 06:40:10 GMT
Expires: Thu, 16 May 2024 10:05:18 GMT
Age: 1946797
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding, Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-204
Content-Encoding: gzip
x-link-via: xg21:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-02, HIT from KS-CLOUD-XG-FOREIGN-21-01
X-Cdn-Request-ID: 0b58eb3ab6ab5553d22a649eb215144c

7ngdqc.lxhhf.com/061410/rcenter/common/static/css/gb.validation.min.css

103.198.200.1

200 OK

3.8 kB

URL GET HTTP/1.1
7ngdqc.lxhhf.com/061410/rcenter/common/static/css/gb.validation.min.css
IP
103.198.200.1:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://1111968.com/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.lxhhf.com
Fingerprint8D:5A:ED:78:BB:FB:17:9F:37:EA:A1:21:80:F7:F6:0A:13:DC:98:38
ValidityTue, 05 Dec 2023 08:15:55 GMT - Wed, 04 Dec 2024 08:15:54 GMT

File type
Unicode text, UTF-8 text, with very long lines (2295)
Size
3.8 kB (3788 bytes)
Hash
f00ce0554efc5adea6a8e02d5e501cad
388840e376568b37ac0103aa5c87a268778db67a
3043f42fdd97ec607648da79c3abfa6f364404c7594143227c2541d1f0ac6069

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /061410/rcenter/common/static/css/gb.validation.min.css HTTP/1.1
Host: 7ngdqc.lxhhf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1111968.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 3788
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-04
ETag: W/"633d510e-2d52"
Date: Tue, 07 May 2024 13:53:03 GMT
Last-Modified: Wed, 05 Oct 2022 09:40:30 GMT
Expires: Thu, 06 Jun 2024 13:53:03 GMT
Age: 118732
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-04, HIT from KS-CLOUD-XG-FOREIGN-21-07
X-Cdn-Request-ID: ce4127b6fcfd212e419fa0e0727ceeb7

7ngdqc.lxhhf.com/ftl/commonPage/themes/hb/css/pc.css

103.155.16.137

200 OK

911 B

URL GET HTTP/1.1
7ngdqc.lxhhf.com/ftl/commonPage/themes/hb/css/pc.css
IP
103.155.16.137:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://1111968.com/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.lxhhf.com
Fingerprint8D:5A:ED:78:BB:FB:17:9F:37:EA:A1:21:80:F7:F6:0A:13:DC:98:38
ValidityTue, 05 Dec 2023 08:15:55 GMT - Wed, 04 Dec 2024 08:15:54 GMT

File type
ASCII text
Size
911 B (911 bytes)
Hash
1da71520b7a0a61526a8fa8d0feb40d1
ba1bf69dad8783563328054cae58ccabf1b00829
5eb4d895bcb33061cda238c8ff4985ede69a866819b980c732cf3802ec101e8d

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/commonPage/themes/hb/css/pc.css HTTP/1.1
Host: 7ngdqc.lxhhf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1111968.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 911
Connection: keep-alive
Server: Default-server-KS-CLOUD-XJP-12-03
ETag: W/"5d848f4f-b5d"
Date: Mon, 22 Apr 2024 18:43:49 GMT
Last-Modified: Fri, 20 Sep 2019 08:35:27 GMT
Expires: Wed, 22 May 2024 18:43:49 GMT
Age: 1397286
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-204
x-link-via: xjp21:443;xjp12:80;
X-Cache-Status: HIT from KS-CLOUD-XJP-12-03, HIT from KS-CLOUD-XJP-FOREIGN-21-04
X-Cdn-Request-ID: e0e195c74ebcce95a3fcb6fb2b7c6357

7ngdqc.lxhhf.com/061410/rcenter/common/static/js/gb.validation.min.js?v=1714556748154

103.198.200.1

200 OK

5.2 kB

URL GET HTTP/1.1
7ngdqc.lxhhf.com/061410/rcenter/common/static/js/gb.validation.min.js?v=1714556748154
IP
103.198.200.1:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://1111968.com/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.lxhhf.com
Fingerprint8D:5A:ED:78:BB:FB:17:9F:37:EA:A1:21:80:F7:F6:0A:13:DC:98:38
ValidityTue, 05 Dec 2023 08:15:55 GMT - Wed, 04 Dec 2024 08:15:54 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (801)
Size
5.2 kB (5207 bytes)
Hash
30be40425b37bee4158676082cef1f4d
b41ed46721936872d5d7eadf303ce22938240d2a
f5ca5f543161a6b37ca2bf26c4f3c630fe08323108c77dac1fba6ce755ce6f47

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /061410/rcenter/common/static/js/gb.validation.min.js?v=1714556748154 HTTP/1.1
Host: 7ngdqc.lxhhf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1111968.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 5207
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-06
ETag: W/"633d510e-7fd7"
Date: Tue, 07 May 2024 13:53:04 GMT
Last-Modified: Wed, 05 Oct 2022 09:40:30 GMT
Expires: Thu, 06 Jun 2024 13:53:04 GMT
Age: 118731
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-06, HIT from KS-CLOUD-XG-FOREIGN-21-07
X-Cdn-Request-ID: fc0c3b610905ca6aa6737981b1ac7c79

7ngdqc.lxhhf.com/ftl/commonPage/js/theme/default/layer.css?v=3.1.0

103.155.16.137

200 OK

3.1 kB

URL GET HTTP/1.1
7ngdqc.lxhhf.com/ftl/commonPage/js/theme/default/layer.css?v=3.1.0
IP
103.155.16.137:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://1111968.com/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.lxhhf.com
Fingerprint8D:5A:ED:78:BB:FB:17:9F:37:EA:A1:21:80:F7:F6:0A:13:DC:98:38
ValidityTue, 05 Dec 2023 08:15:55 GMT - Wed, 04 Dec 2024 08:15:54 GMT

File type
ASCII text
Size
3.1 kB (3111 bytes)
Hash
5cf9259b7dd27aacd46161ec23d261cf
ba0c399616a5ae9cdd8aec5b76ba4aae4822367c
7f73a66b3a9a38576d124b6243a8984d795028e3493b8fa3f688d8dbe10cbccc

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/commonPage/js/theme/default/layer.css?v=3.1.0 HTTP/1.1
Host: 7ngdqc.lxhhf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1111968.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 3111
Connection: keep-alive
Server: Default-server-KS-CLOUD-XJP-12-04
ETag: W/"6131d862-48e4"
Date: Mon, 22 Apr 2024 18:43:52 GMT
Last-Modified: Fri, 03 Sep 2021 08:10:10 GMT
Expires: Wed, 22 May 2024 18:43:52 GMT
Age: 1397283
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-204
x-link-via: xjp21:443;xjp12:80;
X-Cache-Status: HIT from KS-CLOUD-XJP-12-04, HIT from KS-CLOUD-XJP-FOREIGN-21-11
X-Cdn-Request-ID: 9e85547cde14b44fc7e4d6c7e173d0b1

7ngdqc.lxhhf.com/ftl/commonPage/zh_CN/mobileTopic/images/special_3.jpg

103.198.200.1

200 OK

6.9 kB

URL GET HTTP/1.1
7ngdqc.lxhhf.com/ftl/commonPage/zh_CN/mobileTopic/images/special_3.jpg
IP
103.198.200.1:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://1111968.com/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.lxhhf.com
Fingerprint8D:5A:ED:78:BB:FB:17:9F:37:EA:A1:21:80:F7:F6:0A:13:DC:98:38
ValidityTue, 05 Dec 2023 08:15:55 GMT - Wed, 04 Dec 2024 08:15:54 GMT

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 168x168, components 3
Size
6.9 kB (6871 bytes)
Hash
99be4bfe275809d4e436b77c991b1381
54eadee77394eb62ccf377ae68d9f49acb5b6785
4ca35131972acdf420b94f0d64a5a0f504eb5a7b0e6fb7b8b467916a12aae37d

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/commonPage/zh_CN/mobileTopic/images/special_3.jpg HTTP/1.1
Host: 7ngdqc.lxhhf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1111968.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 6871
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-01
ETag: "5d848f4f-1ad7"
Date: Tue, 16 Apr 2024 10:06:41 GMT
Last-Modified: Fri, 20 Sep 2019 08:35:27 GMT
Expires: Thu, 16 May 2024 10:06:41 GMT
Age: 1946715
Cache-Control: max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-204
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-01, HIT from KS-CLOUD-XG-FOREIGN-21-01
X-Cdn-Request-ID: 9d564e57b8fb8482f45c4a2568a3fb60

1111968.com/ftl/commonPage/themes/images/hongbao/icon-close-1.png

20.222.191.152

200 OK

6.1 kB

URL GET HTTP/2
1111968.com/ftl/commonPage/themes/images/hongbao/icon-close-1.png
IP
20.222.191.152:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://1111968.com/
Certificate
IssuerLet's Encrypt
Subject1111968.com
Fingerprint55:41:26:53:B3:D8:75:BF:B7:57:A2:47:7B:1D:07:3F:47:6B:DE:12
ValidityWed, 06 Mar 2024 15:32:41 GMT - Tue, 04 Jun 2024 15:32:40 GMT

File type
PNG image data, 60 x 60, 8-bit/color RGBA, non-interlaced
Size
6.1 kB (6087 bytes)
Hash
30eb0e841ea47a1f05854ebca3f9e9c1
0cb9874c32ff8837c1ffaf89cba502ceb3483b2b
382670ae61fc81522b190a0536d7b993058183aea2ffe81d197ded6af07d2183

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/commonPage/themes/images/hongbao/icon-close-1.png HTTP/1.1
Host: 1111968.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1111968.com/
Cookie: sticket=VlpMWhZbVEwTFRGa1; route=ed8de952ed57247bb4b5c65efa859ad5
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.25.3
date: Wed, 08 May 2024 22:51:57 GMT
content-type: image/png
content-length: 6087
last-modified: Wed, 11 Aug 2021 06:10:54 GMT
etag: "611369ee-17c7"
access-control-allow-origin: *
x-frame-options: SAMEORIGIN
cache-control: max-age=86400
uuid: -
out-line: gb-cdn-132
x-country: NO
x-cache: HIT, HIT@wakamonom000001
accept-ranges: bytes
X-Firefox-Spdy: h2

7ngdqc.lxhhf.com/fserver/files/gb/177/carousel/10034/1586594592602.jpg?wsSecret=2f599f486bc42823dad7bdc9db115b49&wsTime=1715208716

103.198.200.1

200 OK

178 kB

URL GET HTTP/1.1
7ngdqc.lxhhf.com/fserver/files/gb/177/carousel/10034/1586594592602.jpg?wsSecret=2f599f486bc42823dad7bdc9db115b49&wsTime=1715208716
IP
103.198.200.1:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://1111968.com/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.lxhhf.com
Fingerprint8D:5A:ED:78:BB:FB:17:9F:37:EA:A1:21:80:F7:F6:0A:13:DC:98:38
ValidityTue, 05 Dec 2023 08:15:55 GMT - Wed, 04 Dec 2024 08:15:54 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1920x534, components 3
Size
178 kB (177821 bytes)
Hash
23c0c2fe33c518fc0b302870f869634b
8b6e4bf7b0731f623a044eb64414704d38420e0f
70c8a6694c7a7b2ab161b2b3e98ee8e0ed8b09b1d2fa9da92bf02db6e4f1d9c0

HTTP Headers

GET /fserver/files/gb/177/carousel/10034/1586594592602.jpg?wsSecret=2f599f486bc42823dad7bdc9db115b49&wsTime=1715208716 HTTP/1.1
Host: 7ngdqc.lxhhf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1111968.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 177821
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-01
ETag: "637a05a5-2b69d"
Date: Wed, 17 Apr 2024 03:00:12 GMT
Last-Modified: Sun, 20 Nov 2022 10:47:01 GMT
Expires: Fri, 17 May 2024 03:00:12 GMT
Age: 1885903
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-01, HIT from KS-CLOUD-XG-FOREIGN-21-06
X-Cdn-Request-ID: 427dbc65a2651e8177d5cc68dd4c20d1

7ngdqc.lxhhf.com/ftl/venetian177/themes/images/topBg.jpg?wsSecret=3f54410434e73e4aec61e18f24a00a47&wsTime=1715208716

103.198.200.1

200 OK

1.7 kB

URL GET HTTP/1.1
7ngdqc.lxhhf.com/ftl/venetian177/themes/images/topBg.jpg?wsSecret=3f54410434e73e4aec61e18f24a00a47&wsTime=1715208716
IP
103.198.200.1:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://1111968.com/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.lxhhf.com
Fingerprint8D:5A:ED:78:BB:FB:17:9F:37:EA:A1:21:80:F7:F6:0A:13:DC:98:38
ValidityTue, 05 Dec 2023 08:15:55 GMT - Wed, 04 Dec 2024 08:15:54 GMT

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 58x151, components 3
Size
1.7 kB (1701 bytes)
Hash
0a5bf1cb2035e921856c31c276b84edc
85fff45f0c4c19f1ee7fe7a5c88819654be2a3a6
0f47bce4b8f4ce9713ead513b7fcbb09b54a3b84d66848d0ab38b4362e52ab59

HTTP Headers

GET /ftl/venetian177/themes/images/topBg.jpg?wsSecret=3f54410434e73e4aec61e18f24a00a47&wsTime=1715208716 HTTP/1.1
Host: 7ngdqc.lxhhf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1111968.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 1701
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-03
ETag: "5d2c760e-6a5"
Date: Tue, 16 Apr 2024 10:10:27 GMT
Last-Modified: Mon, 15 Jul 2019 12:48:14 GMT
Expires: Thu, 16 May 2024 10:10:27 GMT
Age: 1946489
Cache-Control: max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-03, HIT from KS-CLOUD-XG-FOREIGN-21-06
X-Cdn-Request-ID: a892b87b75fd760ec2ab4d558b28d09f

7ngdqc.lxhhf.com/ftl/venetian177/themes/images/login1.png?wsSecret=ad2d4f4dc8176014a4e525e11e72bfd1&wsTime=1715208716

103.198.200.1

200 OK

779 B

URL GET HTTP/1.1
7ngdqc.lxhhf.com/ftl/venetian177/themes/images/login1.png?wsSecret=ad2d4f4dc8176014a4e525e11e72bfd1&wsTime=1715208716
IP
103.198.200.1:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://1111968.com/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.lxhhf.com
Fingerprint8D:5A:ED:78:BB:FB:17:9F:37:EA:A1:21:80:F7:F6:0A:13:DC:98:38
ValidityTue, 05 Dec 2023 08:15:55 GMT - Wed, 04 Dec 2024 08:15:54 GMT

File type
PNG image data, 142 x 31, 8-bit/color RGBA, non-interlaced
Size
779 B (779 bytes)
Hash
77c4ca2fe362f79f8b3c5e6991f5b17d
4491bab5e2981a56315bae0e1ac7edf16e81cc3c
4799d8dd8850fd45faf99fcf0e2478340c0ed4a0d1f9c1d7e93807914cb85d11

HTTP Headers

GET /ftl/venetian177/themes/images/login1.png?wsSecret=ad2d4f4dc8176014a4e525e11e72bfd1&wsTime=1715208716 HTTP/1.1
Host: 7ngdqc.lxhhf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1111968.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 779
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-02
ETag: "5d2c760e-30b"
Date: Tue, 16 Apr 2024 10:10:27 GMT
Last-Modified: Mon, 15 Jul 2019 12:48:14 GMT
Expires: Thu, 16 May 2024 10:10:27 GMT
Age: 1946489
Cache-Control: max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-02, HIT from KS-CLOUD-XG-FOREIGN-21-04
X-Cdn-Request-ID: 5dac0ff6f84fe79e4eebd269293a79a5

7ngdqc.lxhhf.com/ftl/venetian177/images/slogan.png?wsSecret=10b2fbd3d0d377e72567e1d91d33e676&wsTime=1715208716

103.155.16.137

200 OK

7.5 kB

URL GET HTTP/1.1
7ngdqc.lxhhf.com/ftl/venetian177/images/slogan.png?wsSecret=10b2fbd3d0d377e72567e1d91d33e676&wsTime=1715208716
IP
103.155.16.137:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://1111968.com/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.lxhhf.com
Fingerprint8D:5A:ED:78:BB:FB:17:9F:37:EA:A1:21:80:F7:F6:0A:13:DC:98:38
ValidityTue, 05 Dec 2023 08:15:55 GMT - Wed, 04 Dec 2024 08:15:54 GMT

File type
PNG image data, 229 x 47, 8-bit/color RGBA, non-interlaced
Size
7.5 kB (7469 bytes)
Hash
e0262c056b3cbd67f97f82e376b76a73
91e9d2b44eebb5a532947a1768a7ef25deaddffb
129ede663130529cad2374d510a49e9f13e405e54173c2d99db7edea832d199f

HTTP Headers

GET /ftl/venetian177/images/slogan.png?wsSecret=10b2fbd3d0d377e72567e1d91d33e676&wsTime=1715208716 HTTP/1.1
Host: 7ngdqc.lxhhf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1111968.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 7469
Connection: keep-alive
Server: Default-server-KS-CLOUD-XJP-12-09
ETag: "64794acc-1d2d"
Date: Tue, 16 Apr 2024 10:38:28 GMT
Last-Modified: Fri, 02 Jun 2023 01:50:04 GMT
Expires: Thu, 16 May 2024 10:38:28 GMT
Age: 1944808
Cache-Control: max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xjp21:443;xjp12:80;
X-Cache-Status: HIT from KS-CLOUD-XJP-12-09, HIT from KS-CLOUD-XJP-FOREIGN-21-16
X-Cdn-Request-ID: 91177b3e02cb20ceee4e7b1b0db03072

7ngdqc.lxhhf.com/ftl/venetian177/themes/images/langs.png?wsSecret=9c7ca04e60d7b7394ed85661c0a95536&wsTime=1715208716

103.155.16.137

200 OK

3.1 kB

URL GET HTTP/1.1
7ngdqc.lxhhf.com/ftl/venetian177/themes/images/langs.png?wsSecret=9c7ca04e60d7b7394ed85661c0a95536&wsTime=1715208716
IP
103.155.16.137:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://1111968.com/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.lxhhf.com
Fingerprint8D:5A:ED:78:BB:FB:17:9F:37:EA:A1:21:80:F7:F6:0A:13:DC:98:38
ValidityTue, 05 Dec 2023 08:15:55 GMT - Wed, 04 Dec 2024 08:15:54 GMT

File type
PNG image data, 74 x 16, 8-bit/color RGBA, non-interlaced
Size
3.1 kB (3067 bytes)
Hash
4f496caec9a1d64a79fc5f47729253f1
d3bda8f30c11d76f7e050d9d54cc846c4089656d
69d5eaa2ae9b13f35eab0ef6a634168303a7139cb6fc67839b057e85568f3c39

HTTP Headers

GET /ftl/venetian177/themes/images/langs.png?wsSecret=9c7ca04e60d7b7394ed85661c0a95536&wsTime=1715208716 HTTP/1.1
Host: 7ngdqc.lxhhf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1111968.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 3067
Connection: keep-alive
Server: Default-server-KS-CLOUD-XJP-12-08
ETag: "5d2c760e-bfb"
Date: Tue, 16 Apr 2024 10:38:29 GMT
Last-Modified: Mon, 15 Jul 2019 12:48:14 GMT
Expires: Thu, 16 May 2024 10:38:29 GMT
Age: 1944807
Cache-Control: max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xjp21:443;xjp12:80;
X-Cache-Status: HIT from KS-CLOUD-XJP-12-08, HIT from KS-CLOUD-XJP-FOREIGN-21-09
X-Cdn-Request-ID: 411c6b4ba52b37751090a288863bfdf8

7ngdqc.lxhhf.com/ftl/venetian177/themes/images/login2.png?wsSecret=77a8c09bd151ae2aae3a7edb12eca6af&wsTime=1715208716

103.198.200.1

200 OK

807 B

URL GET HTTP/1.1
7ngdqc.lxhhf.com/ftl/venetian177/themes/images/login2.png?wsSecret=77a8c09bd151ae2aae3a7edb12eca6af&wsTime=1715208716
IP
103.198.200.1:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://1111968.com/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.lxhhf.com
Fingerprint8D:5A:ED:78:BB:FB:17:9F:37:EA:A1:21:80:F7:F6:0A:13:DC:98:38
ValidityTue, 05 Dec 2023 08:15:55 GMT - Wed, 04 Dec 2024 08:15:54 GMT

File type
PNG image data, 142 x 31, 8-bit/color RGBA, non-interlaced
Size
807 B (807 bytes)
Hash
05de8b444bec05f77e6e96f7b7801630
838ec29d99379efe4a0385a525f2784563e78279
85c15f2a75af098275c0d71d71d400adbccaa2222a012a77251046827c6af925

HTTP Headers

GET /ftl/venetian177/themes/images/login2.png?wsSecret=77a8c09bd151ae2aae3a7edb12eca6af&wsTime=1715208716 HTTP/1.1
Host: 7ngdqc.lxhhf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1111968.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 807
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-05
ETag: "5d2c760e-327"
Date: Tue, 16 Apr 2024 10:10:27 GMT
Last-Modified: Mon, 15 Jul 2019 12:48:14 GMT
Expires: Thu, 16 May 2024 10:10:27 GMT
Age: 1946489
Cache-Control: max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-05, HIT from KS-CLOUD-XG-FOREIGN-21-01
X-Cdn-Request-ID: f2ca40a626d2fcf40732b65e6eea98f3

7ngdqc.lxhhf.com/ftl/venetian177/themes/images/notice-bg.png?wsSecret=bc01d146459f7e079e74fae0e5fd55d5&wsTime=1715208716

103.155.16.137

200 OK

7.5 kB

URL GET HTTP/1.1
7ngdqc.lxhhf.com/ftl/venetian177/themes/images/notice-bg.png?wsSecret=bc01d146459f7e079e74fae0e5fd55d5&wsTime=1715208716
IP
103.155.16.137:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://1111968.com/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.lxhhf.com
Fingerprint8D:5A:ED:78:BB:FB:17:9F:37:EA:A1:21:80:F7:F6:0A:13:DC:98:38
ValidityTue, 05 Dec 2023 08:15:55 GMT - Wed, 04 Dec 2024 08:15:54 GMT

File type
PNG image data, 1049 x 51, 8-bit/color RGBA, non-interlaced
Size
7.5 kB (7519 bytes)
Hash
b7ff659aed428c8d71293c2dff1bdeab
ee44739936cd700f9b84688c39dcb8f3c56c942b
57b0151a51eec1402dd91f33a0540c9c9c78e3b6a450370c774eae5c90be42e6

HTTP Headers

GET /ftl/venetian177/themes/images/notice-bg.png?wsSecret=bc01d146459f7e079e74fae0e5fd55d5&wsTime=1715208716 HTTP/1.1
Host: 7ngdqc.lxhhf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1111968.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 7519
Connection: keep-alive
Server: Default-server-KS-CLOUD-XJP-FOREIGN-12-01
ETag: "5d2c760e-1d5f"
Date: Tue, 16 Apr 2024 10:38:28 GMT
Last-Modified: Mon, 15 Jul 2019 12:48:14 GMT
Expires: Thu, 16 May 2024 10:38:28 GMT
Age: 1944809
Cache-Control: max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xjp21:443;xjp12:80;
X-Cache-Status: HIT from KS-CLOUD-XJP-FOREIGN-12-01, HIT from KS-CLOUD-XJP-FOREIGN-21-03
X-Cdn-Request-ID: 7bf40fb39893bd0c4a521db321501403

7ngdqc.lxhhf.com/ftl/venetian177/themes/images/indexBg.jpg?wsSecret=6bd4d996e0f1fb55400712d2da92d2c7&wsTime=1715208716

103.155.16.137

200 OK

379 B

URL GET HTTP/1.1
7ngdqc.lxhhf.com/ftl/venetian177/themes/images/indexBg.jpg?wsSecret=6bd4d996e0f1fb55400712d2da92d2c7&wsTime=1715208716
IP
103.155.16.137:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://1111968.com/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.lxhhf.com
Fingerprint8D:5A:ED:78:BB:FB:17:9F:37:EA:A1:21:80:F7:F6:0A:13:DC:98:38
ValidityTue, 05 Dec 2023 08:15:55 GMT - Wed, 04 Dec 2024 08:15:54 GMT

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 1x410, components 3
Size
379 B (379 bytes)
Hash
a2ebdc13d4ac1975f8f82b1b9364e8ff
bbbe2b61edb70f0e9f9f46cf6292f099476a4309
3c5315f4c00b02c6da6d35a52cf3e6a79b7f8aa8cab9666b8e221fdceaa77109

HTTP Headers

GET /ftl/venetian177/themes/images/indexBg.jpg?wsSecret=6bd4d996e0f1fb55400712d2da92d2c7&wsTime=1715208716 HTTP/1.1
Host: 7ngdqc.lxhhf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1111968.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 379
Connection: keep-alive
Server: Default-server-KS-CLOUD-XJP-FOREIGN-12-05
ETag: "5d2c760e-17b"
Date: Tue, 16 Apr 2024 10:38:29 GMT
Last-Modified: Mon, 15 Jul 2019 12:48:14 GMT
Expires: Thu, 16 May 2024 10:38:29 GMT
Age: 1944808
Cache-Control: max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xjp21:443;xjp12:80;
X-Cache-Status: HIT from KS-CLOUD-XJP-FOREIGN-12-05, HIT from KS-CLOUD-XJP-FOREIGN-21-02
X-Cdn-Request-ID: b8ad4b98ef3d16910b878a1982646528

7ngdqc.lxhhf.com/fserver/files/gb/177/carousel/10050/1686054216648.jpg?wsSecret=bbbabc1b83ca46120bd9c5e44b537ed9&wsTime=1715208716

103.198.200.1

200 OK

584 kB

URL GET HTTP/1.1
7ngdqc.lxhhf.com/fserver/files/gb/177/carousel/10050/1686054216648.jpg?wsSecret=bbbabc1b83ca46120bd9c5e44b537ed9&wsTime=1715208716
IP
103.198.200.1:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://1111968.com/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.lxhhf.com
Fingerprint8D:5A:ED:78:BB:FB:17:9F:37:EA:A1:21:80:F7:F6:0A:13:DC:98:38
ValidityTue, 05 Dec 2023 08:15:55 GMT - Wed, 04 Dec 2024 08:15:54 GMT

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 750x500, components 3
Size
584 kB (583606 bytes)
Hash
7e4c601d43db5b1b5177dd1ac6a7c6f8
426343d3159d097f3c8cfe584fa6062563b6fbde
622c9b0246a7fbf366e6ba47f629182bfad77cf41ad94021e0b7055704107d4d

HTTP Headers

GET /fserver/files/gb/177/carousel/10050/1686054216648.jpg?wsSecret=bbbabc1b83ca46120bd9c5e44b537ed9&wsTime=1715208716 HTTP/1.1
Host: 7ngdqc.lxhhf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1111968.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 583606
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-02
ETag: "647f2548-8e7b6"
Date: Wed, 17 Apr 2024 03:00:14 GMT
Last-Modified: Tue, 06 Jun 2023 12:23:36 GMT
Expires: Fri, 17 May 2024 03:00:14 GMT
Age: 1885901
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-02, HIT from KS-CLOUD-XG-FOREIGN-21-04
X-Cdn-Request-ID: ed32f7dc04cd76152d09b9a4a7a72168

7ngdqc.lxhhf.com/fserver/files/gb/177/Logo/1/1594714783181.png?wsSecret=13ef2af2d19c083c134a89bdf6126ef5&wsTime=1715208716

103.198.200.1

200 OK

61 kB

URL GET HTTP/1.1
7ngdqc.lxhhf.com/fserver/files/gb/177/Logo/1/1594714783181.png?wsSecret=13ef2af2d19c083c134a89bdf6126ef5&wsTime=1715208716
IP
103.198.200.1:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://1111968.com/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.lxhhf.com
Fingerprint8D:5A:ED:78:BB:FB:17:9F:37:EA:A1:21:80:F7:F6:0A:13:DC:98:38
ValidityTue, 05 Dec 2023 08:15:55 GMT - Wed, 04 Dec 2024 08:15:54 GMT

File type
PNG image data, 480 x 120, 8-bit/color RGBA, non-interlaced
Size
61 kB (61378 bytes)
Hash
4a9ac319ef36f2658a655881a628546b
15d36d95f7a6b9c207874a985cca734c70c9dd86
768929112e0ff76f7cbaf479b4645196bf97730431749e55d0ca18a0c27c5f43

HTTP Headers

GET /fserver/files/gb/177/Logo/1/1594714783181.png?wsSecret=13ef2af2d19c083c134a89bdf6126ef5&wsTime=1715208716 HTTP/1.1
Host: 7ngdqc.lxhhf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1111968.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 61378
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-06
ETag: "5f0d6b50-efc2"
Date: Wed, 17 Apr 2024 03:00:14 GMT
Last-Modified: Tue, 14 Jul 2020 08:22:40 GMT
Expires: Fri, 17 May 2024 03:00:14 GMT
Age: 1885902
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-06, HIT from KS-CLOUD-XG-FOREIGN-21-06
X-Cdn-Request-ID: 12e571e004008f3e41e794b50342d310

7ngdqc.lxhhf.com/ftl/commonPage/themes/images/layer-dialog/gui-layer-close-bg.png

103.198.200.1

200 OK

1.3 kB

URL GET HTTP/1.1
7ngdqc.lxhhf.com/ftl/commonPage/themes/images/layer-dialog/gui-layer-close-bg.png
IP
103.198.200.1:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://1111968.com/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.lxhhf.com
Fingerprint8D:5A:ED:78:BB:FB:17:9F:37:EA:A1:21:80:F7:F6:0A:13:DC:98:38
ValidityTue, 05 Dec 2023 08:15:55 GMT - Wed, 04 Dec 2024 08:15:54 GMT

File type
PNG image data, 34 x 34, 8-bit/color RGBA, non-interlaced
Size
1.3 kB (1321 bytes)
Hash
a2e938202c0287b9c82461a6fd94dee9
b5e2adc7cb07c18a70a88af314e56b946ec1a1b6
df9ce20db277ad8302c704a73aff5024683a0d38aff0d3e7e884a67a24439936

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/commonPage/themes/images/layer-dialog/gui-layer-close-bg.png HTTP/1.1
Host: 7ngdqc.lxhhf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://7ngdqc.lxhhf.com/ftl/commonPage/themes/gui-layer.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 1321
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-06
ETag: "5d848f4f-529"
Date: Tue, 16 Apr 2024 10:13:28 GMT
Last-Modified: Fri, 20 Sep 2019 08:35:27 GMT
Expires: Thu, 16 May 2024 10:13:28 GMT
Age: 1946309
Cache-Control: max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-204
x-link-via: xg21:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-06, HIT from KS-CLOUD-XG-FOREIGN-21-12
X-Cdn-Request-ID: 85d834553cfb9665d8501c7d71f5937c

7ngdqc.lxhhf.com/ftl/venetian177/themes/images/bottom-info.png?wsSecret=d2a9480e1d9e3dde33e9c09c2c98bde6&wsTime=1715208716

103.198.200.1

200 OK

63 kB

URL GET HTTP/1.1
7ngdqc.lxhhf.com/ftl/venetian177/themes/images/bottom-info.png?wsSecret=d2a9480e1d9e3dde33e9c09c2c98bde6&wsTime=1715208716
IP
103.198.200.1:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://1111968.com/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.lxhhf.com
Fingerprint8D:5A:ED:78:BB:FB:17:9F:37:EA:A1:21:80:F7:F6:0A:13:DC:98:38
ValidityTue, 05 Dec 2023 08:15:55 GMT - Wed, 04 Dec 2024 08:15:54 GMT

File type
PNG image data, 956 x 441, 8-bit/color RGBA, non-interlaced
Size
63 kB (62603 bytes)
Hash
d1e3ed9407490eae20d7fdaf19b10afa
eb832559eb32b71ce9966f9840955ed6aaa0caa4
a63ab596303c44ed3934a6956d4ef4d48ce429d76deede30ab65ab1f2befb7b8

HTTP Headers

GET /ftl/venetian177/themes/images/bottom-info.png?wsSecret=d2a9480e1d9e3dde33e9c09c2c98bde6&wsTime=1715208716 HTTP/1.1
Host: 7ngdqc.lxhhf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1111968.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 62603
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-06
ETag: "613c72d3-f48b"
Date: Tue, 16 Apr 2024 10:10:26 GMT
Last-Modified: Sat, 11 Sep 2021 09:11:47 GMT
Expires: Thu, 16 May 2024 10:10:26 GMT
Age: 1946491
Cache-Control: max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-06, HIT from KS-CLOUD-XG-FOREIGN-21-08
X-Cdn-Request-ID: 947829bc4bf4118d86964e1756ef991e

7ngdqc.lxhhf.com/ftl/venetian177/themes/images/index1.jpg?wsSecret=332455d6e9ed88826759a1f91570a8d7&wsTime=1715208716

103.155.16.137

200 OK

107 kB

URL GET HTTP/1.1
7ngdqc.lxhhf.com/ftl/venetian177/themes/images/index1.jpg?wsSecret=332455d6e9ed88826759a1f91570a8d7&wsTime=1715208716
IP
103.155.16.137:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://1111968.com/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.lxhhf.com
Fingerprint8D:5A:ED:78:BB:FB:17:9F:37:EA:A1:21:80:F7:F6:0A:13:DC:98:38
ValidityTue, 05 Dec 2023 08:15:55 GMT - Wed, 04 Dec 2024 08:15:54 GMT

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1004x410, components 3
Size
107 kB (107023 bytes)
Hash
3ce81a4b2e0a2fc2787386f08d0dfe7e
48a466af8dfe8ed638d5f352637c92ee78819a46
d1cc534cc1ee5239cbe69abb843316e7eff3514cff4585421430a96a6c2a9971

HTTP Headers

GET /ftl/venetian177/themes/images/index1.jpg?wsSecret=332455d6e9ed88826759a1f91570a8d7&wsTime=1715208716 HTTP/1.1
Host: 7ngdqc.lxhhf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1111968.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 107023
Connection: keep-alive
Server: Default-server-KS-CLOUD-XJP-FOREIGN-12-05
ETag: "5d2c760e-1a20f"
Date: Tue, 16 Apr 2024 10:38:29 GMT
Last-Modified: Mon, 15 Jul 2019 12:48:14 GMT
Expires: Thu, 16 May 2024 10:38:29 GMT
Age: 1944808
Cache-Control: max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xjp21:443;xjp12:80;
X-Cache-Status: HIT from KS-CLOUD-XJP-FOREIGN-12-05, HIT from KS-CLOUD-XJP-FOREIGN-21-21
X-Cdn-Request-ID: 720666f5962d48bd5066df3642e7a389

7ngdqc.lxhhf.com/ftl/venetian177/images/banner.jpg?wsSecret=4c3d7561545332cf796ff51a104a951d&wsTime=1715208716

103.155.16.137

200 OK

217 kB

URL GET HTTP/1.1
7ngdqc.lxhhf.com/ftl/venetian177/images/banner.jpg?wsSecret=4c3d7561545332cf796ff51a104a951d&wsTime=1715208716
IP
103.155.16.137:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://1111968.com/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.lxhhf.com
Fingerprint8D:5A:ED:78:BB:FB:17:9F:37:EA:A1:21:80:F7:F6:0A:13:DC:98:38
ValidityTue, 05 Dec 2023 08:15:55 GMT - Wed, 04 Dec 2024 08:15:54 GMT

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1920x534, components 3
Size
217 kB (216668 bytes)
Hash
7af6f3703b46f2a02adbc20bd5a83860
80a30244986aa290a07c58f80d701a299908e001
b6833e9d2710e0aaa34480f31f450d3ecc9f17836fbbb44b30d89e1a3a1245ab

HTTP Headers

GET /ftl/venetian177/images/banner.jpg?wsSecret=4c3d7561545332cf796ff51a104a951d&wsTime=1715208716 HTTP/1.1
Host: 7ngdqc.lxhhf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1111968.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 216668
Connection: keep-alive
Server: Default-server-KS-CLOUD-XJP-12-07
ETag: "5d2c760e-34e5c"
Date: Tue, 16 Apr 2024 10:38:29 GMT
Last-Modified: Mon, 15 Jul 2019 12:48:14 GMT
Expires: Thu, 16 May 2024 10:38:29 GMT
Age: 1944808
Cache-Control: max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xjp21:443;xjp12:80;
X-Cache-Status: HIT from KS-CLOUD-XJP-12-07, HIT from KS-CLOUD-XJP-FOREIGN-21-08
X-Cdn-Request-ID: 48366e9ddfcbd4e48b93f9e1c2bd4154

7ngdqc.lxhhf.com/ftl/commonPage/images/favicon/favicon_177.png?wsSecret=b8a75bbb0c15e2e4a5ef4d6142621e34&wsTime=1715208716

103.198.200.1

200 OK

2.6 kB

URL GET HTTP/1.1
7ngdqc.lxhhf.com/ftl/commonPage/images/favicon/favicon_177.png?wsSecret=b8a75bbb0c15e2e4a5ef4d6142621e34&wsTime=1715208716
IP
103.198.200.1:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://1111968.com/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.lxhhf.com
Fingerprint8D:5A:ED:78:BB:FB:17:9F:37:EA:A1:21:80:F7:F6:0A:13:DC:98:38
ValidityTue, 05 Dec 2023 08:15:55 GMT - Wed, 04 Dec 2024 08:15:54 GMT

File type
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
Size
2.6 kB (2615 bytes)
Hash
322e2cf43df14cec1c361cc9c1ccd1bd
6852807da7f3828286e54b9e96307cd0f3f6b4d3
956ff2d2e2f31b5da2f99ed0ac8102747bc02674c5ac96e0e20e417bbd97a1ea

HTTP Headers

GET /ftl/commonPage/images/favicon/favicon_177.png?wsSecret=b8a75bbb0c15e2e4a5ef4d6142621e34&wsTime=1715208716 HTTP/1.1
Host: 7ngdqc.lxhhf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1111968.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 2615
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-04
ETag: "6311d300-a37"
Date: Tue, 16 Apr 2024 10:10:27 GMT
Last-Modified: Fri, 02 Sep 2022 09:55:12 GMT
Expires: Thu, 16 May 2024 10:10:27 GMT
Age: 1946490
Cache-Control: max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-04, HIT from KS-CLOUD-XG-FOREIGN-21-07
X-Cdn-Request-ID: f4780e2b1825f88370a66ad72eb0380a

1111968.com/headerInfo.html?t=lvyezg3p

20.222.191.152

200 OK

9.6 kB

URL GET HTTP/2
1111968.com/headerInfo.html?t=lvyezg3p
IP
20.222.191.152:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://1111968.com/
Certificate
IssuerLet's Encrypt
Subject1111968.com
Fingerprint55:41:26:53:B3:D8:75:BF:B7:57:A2:47:7B:1D:07:3F:47:6B:DE:12
ValidityWed, 06 Mar 2024 15:32:41 GMT - Tue, 04 Jun 2024 15:32:40 GMT

File type
gzip compressed data, max compression, from Unix
Size
9.6 kB (9595 bytes)
Hash
6506d4fb18a40ea747887476e8178379
6e5b5d54a22c3a05119490d98f52a21f3fcb5a42
790d2ef433e521e7bcc721a9698f7107c76cf7c5905f694ca140461f7ebfd9ef

HTTP Headers

GET /headerInfo.html?t=lvyezg3p HTTP/1.1
Host: 1111968.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://1111968.com/
Cookie: sticket=VlpMWhZbVEwTFRGa1; route=ed8de952ed57247bb4b5c65efa859ad5
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.25.3
date: Wed, 08 May 2024 22:51:57 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
content-disposition: inline;filename=f.txt
sub-sys: msite
content-encoding: gzip
x-frame-options: SAMEORIGIN
uuid: 00177-01-00000000-17152087175b10
out-line: gb-cdn-806
x-country: NO
x-cache: BYPASS@wakamonom000001
X-Firefox-Spdy: h2

1111968.com/mobile-api/v5/origin/loginSwitchCheck.html

20.222.191.152

200 OK

3.5 kB

URL GET HTTP/2
1111968.com/mobile-api/v5/origin/loginSwitchCheck.html
IP
20.222.191.152:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://1111968.com/
Certificate
IssuerLet's Encrypt
Subject1111968.com
Fingerprint55:41:26:53:B3:D8:75:BF:B7:57:A2:47:7B:1D:07:3F:47:6B:DE:12
ValidityWed, 06 Mar 2024 15:32:41 GMT - Tue, 04 Jun 2024 15:32:40 GMT

File type
JSON text data
Size
3.5 kB (3452 bytes)
Hash
1452cebf3e2bb129b06762f43f09e5c8
0ec65f1e79233e8c59f76c55fb89ac8637cfb070
99a31cd18b8ce37d3725d0a77d5e314452d2906ed2b54b8b19d4de849d1bf13d

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /mobile-api/v5/origin/loginSwitchCheck.html HTTP/1.1
Host: 1111968.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://1111968.com/
Cookie: sticket=VlpMWhZbVEwTFRGa1; route=ed8de952ed57247bb4b5c65efa859ad5
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.25.3
date: Wed, 08 May 2024 22:51:57 GMT
content-type: text/html;charset=utf-8
vary: Accept-Encoding
set-cookie: route=1bd47f3fb2de4e856ef59c7ef0cfd5c8; Path=/
access-control-allow-methods: *
access-control-max-age: 3600
access-control-allow-headers: Content-Type,Access-Token,X-Requested-With
content-disposition: inline;filename=f.txt
sub-sys: mobile
x-frame-options: SAMEORIGIN
uuid: 00177-01-00000000-1715208717882c
out-line: gb-cdn-806
x-country: NO
x-cache: BYPASS@wakamonom000001
content-encoding: br
X-Firefox-Spdy: h2

1111968.com/index/getUserTimeZoneDate.html?t=lvyezfu8

20.222.191.152

200 OK

119 B

URL GET HTTP/2
1111968.com/index/getUserTimeZoneDate.html?t=lvyezfu8
IP
20.222.191.152:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://1111968.com/
Certificate
IssuerLet's Encrypt
Subject1111968.com
Fingerprint55:41:26:53:B3:D8:75:BF:B7:57:A2:47:7B:1D:07:3F:47:6B:DE:12
ValidityWed, 06 Mar 2024 15:32:41 GMT - Tue, 04 Jun 2024 15:32:40 GMT

File type
troff or preprocessor input, ASCII text, with no line terminators
Size
119 B (119 bytes)
Hash
0c23cfb46c781edd9b20f41eb885edce
c289ea7dfd655ce903a564319f44b81b88ae7095
5ac0ac30561e4c0376f1d80dc9d52bd063db8b493f95efd8f07c26aeeafd1b06

HTTP Headers

GET /index/getUserTimeZoneDate.html?t=lvyezfu8 HTTP/1.1
Host: 1111968.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://1111968.com/
Cookie: sticket=VlpMWhZbVEwTFRGa1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.25.3
date: Wed, 08 May 2024 22:51:56 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
set-cookie: route=ed8de952ed57247bb4b5c65efa859ad5; Path=/
content-disposition: inline;filename=f.txt
sub-sys: msite
cachettl: 3
x-frame-options: SAMEORIGIN
uuid: 00177-01-00000000-17152087163f80
out-line: gb-cdn-806
x-country: NO
x-cache: BYPASS@wakamonom000001
content-encoding: br
X-Firefox-Spdy: h2

1111968.com/mobile-api/v5/origin/getThirdParam.html

20.222.191.152

200 OK

103 B

URL GET HTTP/2
1111968.com/mobile-api/v5/origin/getThirdParam.html
IP
20.222.191.152:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://1111968.com/
Certificate
IssuerLet's Encrypt
Subject1111968.com
Fingerprint55:41:26:53:B3:D8:75:BF:B7:57:A2:47:7B:1D:07:3F:47:6B:DE:12
ValidityWed, 06 Mar 2024 15:32:41 GMT - Tue, 04 Jun 2024 15:32:40 GMT

File type
troff or preprocessor input, Unicode text, UTF-8 text, with no line terminators
Size
103 B (103 bytes)
Hash
696fb49ead30121d5513e1c2b60d42a2
dd34a288bf6b0e4c295c1bb848705f58ba5f245d
c030ec18bd43fe0351659670355a8fc897e26b6a34b990e8a4878a51b76a268d

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /mobile-api/v5/origin/getThirdParam.html HTTP/1.1
Host: 1111968.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://1111968.com/
Cookie: sticket=VlpMWhZbVEwTFRGa1; route=1bd47f3fb2de4e856ef59c7ef0cfd5c8
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.25.3
date: Wed, 08 May 2024 22:51:57 GMT
content-type: text/html;charset=utf-8
vary: Accept-Encoding
access-control-allow-methods: *
access-control-max-age: 3600
access-control-allow-headers: Content-Type,Access-Token,X-Requested-With
content-disposition: inline;filename=f.txt
sub-sys: mobile
x-frame-options: SAMEORIGIN
uuid: 00177-01-00000000-17152087178b56
out-line: gb-cdn-806
x-country: NO
x-cache: BYPASS@wakamonom000001
content-encoding: br
X-Firefox-Spdy: h2

1111968.com/mobile-api/v5/origin/getFloat.html

20.222.191.152

200 OK

3.6 kB

URL POST HTTP/2
1111968.com/mobile-api/v5/origin/getFloat.html
IP
20.222.191.152:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://1111968.com/
Certificate
IssuerLet's Encrypt
Subject1111968.com
Fingerprint55:41:26:53:B3:D8:75:BF:B7:57:A2:47:7B:1D:07:3F:47:6B:DE:12
ValidityWed, 06 Mar 2024 15:32:41 GMT - Tue, 04 Jun 2024 15:32:40 GMT

File type
troff or preprocessor input, Unicode text, UTF-8 text, with very long lines (4125), with no line terminators
Size
3.6 kB (3637 bytes)
Hash
0e172865e906f72a46826e53d91b0876
af796b2f9d312c149445fd0e85374f04c81ff7da
3e3282d2c81ccda8826a8be0af5443243005a77893e73dc9d37716d440973997

HTTP Headers

POST /mobile-api/v5/origin/getFloat.html HTTP/1.1
Host: 1111968.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 68
Origin: https://1111968.com
DNT: 1
Connection: keep-alive
Referer: https://1111968.com/
Cookie: sticket=VlpMWhZbVEwTFRGa1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.25.3
date: Wed, 08 May 2024 22:51:56 GMT
content-type: text/html;charset=utf-8
vary: Accept-Encoding
set-cookie: route=f7c95a7b6b031c620a6304190a7ddf24; Path=/
access-control-allow-origin: https://1111968.com
access-control-allow-methods: *
access-control-max-age: 3600
access-control-allow-headers: Content-Type,Access-Token,X-Requested-With
content-disposition: inline;filename=f.txt
sub-sys: mobile
content-encoding: gzip
x-frame-options: SAMEORIGIN
uuid: 00177-01-00000000-1715208716f4d2
out-line: gb-cdn-806
x-country: NO
x-cache: @wakamonom000001
X-Firefox-Spdy: h2

1111968.com/

20.222.191.152

200 OK

391 kB

URL User Request GET HTTP/2
1111968.com/
IP
20.222.191.152:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Certificate
IssuerLet's Encrypt
Subject1111968.com
Fingerprint55:41:26:53:B3:D8:75:BF:B7:57:A2:47:7B:1D:07:3F:47:6B:DE:12
ValidityWed, 06 Mar 2024 15:32:41 GMT - Tue, 04 Jun 2024 15:32:40 GMT

File type

Size
391 kB (390675 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: 1111968.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.25.3
date: Wed, 08 May 2024 22:51:52 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
x-html-cache: HIT-3600
x-frame-options: SAMEORIGIN
uuid: -
out-line: gb-cdn-806
content-encoding: gzip
x-country: NO
x-cache: BYPASS@wakamonom000001
X-Firefox-Spdy: h2

1111968.com/mobile-api/v5/chess/getActivityMsg.html?function=sign

20.222.191.152

200 OK

141 B

URL GET HTTP/2
1111968.com/mobile-api/v5/chess/getActivityMsg.html?function=sign
IP
20.222.191.152:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://1111968.com/
Certificate
IssuerLet's Encrypt
Subject1111968.com
Fingerprint55:41:26:53:B3:D8:75:BF:B7:57:A2:47:7B:1D:07:3F:47:6B:DE:12
ValidityWed, 06 Mar 2024 15:32:41 GMT - Tue, 04 Jun 2024 15:32:40 GMT

File type
troff or preprocessor input, Unicode text, UTF-8 text, with no line terminators
Size
141 B (141 bytes)
Hash
fda3d3714996a16fd8380acab2d2a4aa
6f43ab4b082cf508edbb5e43045b6dd969026d17
46fc02d95ef6ba7eeb28d215d72cc4f70bae0717d3fbd63c8c7969a65e165483

HTTP Headers

GET /mobile-api/v5/chess/getActivityMsg.html?function=sign HTTP/1.1
Host: 1111968.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://1111968.com/
Cookie: sticket=VlpMWhZbVEwTFRGa1; route=ed8de952ed57247bb4b5c65efa859ad5
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.25.3
date: Wed, 08 May 2024 22:51:57 GMT
content-type: text/html;charset=utf-8
vary: Accept-Encoding
set-cookie: route=66776b881a59021b52807ef9298664ac; Path=/
access-control-allow-methods: *
access-control-max-age: 3600
access-control-allow-headers: Content-Type,Access-Token,X-Requested-With
content-disposition: inline;filename=f.txt
sub-sys: mobile
x-frame-options: SAMEORIGIN
uuid: 00177-01-00000000-17152087176324
out-line: gb-cdn-806
x-country: NO
x-cache: BYPASS@wakamonom000001
content-encoding: br
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (40)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML