301 Moved Permanently 63 B URL User Request GET HTTP/1.1 IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Certificate IssuerLet's Encrypt
Subjectd.313vip37.xyz
Fingerprint0C:CD:2A:92:60:DE:79:4F:60:49:33:D2:82:9F:3D:C6:6B:A2:F5:F9
ValiditySun, 19 Nov 2023 03:06:25 GMT - Sat, 17 Feb 2024 03:06:24 GMT
File type HTML document, ASCII text
Hash 68460c4fd726f22ad466d421a4db8b1d
8518f6d9306bbea3a7f862a1894d3df66ba8a10a
eb0d236ca31f2dcedb3ae3e0a38fc523aeeda24894c61e32b8cacae19dc4e042
GET / HTTP/1.1
Host: d.313vip37.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=utf-8
Location: https://d.313vip37.xyz:8989/
Date: Thu, 23 Nov 2023 08:44:08 GMT
Content-Length: 63
200 OK 112 kB URL User Request GET HTTP/1.1 IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Certificate IssuerLet's Encrypt
Subjectd.313vip37.xyz
Fingerprint0C:CD:2A:92:60:DE:79:4F:60:49:33:D2:82:9F:3D:C6:6B:A2:F5:F9
ValiditySun, 19 Nov 2023 03:06:25 GMT - Sat, 17 Feb 2024 03:06:24 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text
Size 112 kB (112261 bytes)
Hash 40af8472dce491a55fa264465c782f3b
e866a467ec70b6c2342c15c32e402a3cafcd6442
6e3d630e56295034692bbb722332075acbbc594f215b25a580277c0dafdc61be
GET / HTTP/1.1
Host: d.313vip37.xyz:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Encoding: gzip
Content-Type: text/html; charset=utf-8
Date: Thu, 23 Nov 2023 08:44:09 GMT
Out-Line: gb-cdn-802
Uuid: -
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
X-Html-Cache: HIT-3600
Transfer-Encoding: chunked
d.313vip37.xyz:8989/commonPage/lan/i18n.js?t=1700729049.466
200 OK 813 B URL GET HTTP/1.1 d.313vip37.xyz:8989/commonPage/lan/i18n.js?t=1700729049.466
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerLet's Encrypt
Subjectd.313vip37.xyz
Fingerprint0C:CD:2A:92:60:DE:79:4F:60:49:33:D2:82:9F:3D:C6:6B:A2:F5:F9
ValiditySun, 19 Nov 2023 03:06:25 GMT - Sat, 17 Feb 2024 03:06:24 GMT
File type ASCII text, with very long lines (1217)
Hash d5ba5cba0bc7d521626628f1586b164f
9fb132c5ecf518730099d99dc4dcbdd38db6f47f
528c5daf4dd77b62164c0d983cbcde2016deda98feec0329fac9b0bd95ca0cb7
GET /commonPage/lan/i18n.js?t=1700729049.466 HTTP/1.1
Host: d.313vip37.xyz:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Content-Type: application/javascript; charset=utf-8
Date: Thu, 23 Nov 2023 08:44:10 GMT
Out-Line: gb-cdn-802
Uuid: 00627-01-00000000-17007290500eee
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
Content-Length: 813
5y7wpn.gaokejd.xyz/ftl/commonPage/themes/gui-base.css
200 OK 17 kB URL GET HTTP/1.1 5y7wpn.gaokejd.xyz/ftl/commonPage/themes/gui-base.css
IP
ASN #137280 Kingsoft cloud corporation limited
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type Unicode text, UTF-8 text, with very long lines (12023)
Hash 127bc5e19c08901aeedbdee1cb860a7d
b479eebde953d307ad4e0363d41520433e09d58d
2f6fa5669c0d38a7652ec88e57d2382ab4d39974181dcf2bc2d4648e449f7db6
GET /ftl/commonPage/themes/gui-base.css HTTP/1.1
Host: 5y7wpn.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 17085
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-06
ETag: W/"654df4a7-144ec"
Date: Tue, 14 Nov 2023 04:55:08 GMT
Last-Modified: Fri, 10 Nov 2023 09:15:19 GMT
Expires: Thu, 14 Dec 2023 04:55:08 GMT
Age: 791341
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-204
x-link-via: xg03:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-06, HIT from KS-CLOUD-XG-FOREIGN-03-11
X-Cdn-Request-ID: ea74bff38ec7f3d2936359cb99c1bd6e
5y7wpn.gaokejd.xyz/ftl/bet365-627/themes/style/common.css
200 OK 13 kB URL GET HTTP/1.1 5y7wpn.gaokejd.xyz/ftl/bet365-627/themes/style/common.css
IP
ASN #137280 Kingsoft cloud corporation limited
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type Unicode text, UTF-8 (with BOM) text, with very long lines (532)
Hash 95178481afb04dea64a578c8058c3118
e03c851921231bb437cd7a2d88227026b1848bdc
ca96b231c254fe19fde0e855db7347176fb27843a52992247abea74548328703
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/bet365-627/themes/style/common.css HTTP/1.1
Host: 5y7wpn.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 12762
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-05
ETag: W/"6327fe95-da45"
Date: Tue, 14 Nov 2023 04:55:09 GMT
Last-Modified: Mon, 19 Sep 2022 05:31:01 GMT
Expires: Thu, 14 Dec 2023 04:55:09 GMT
Age: 791341
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xg03:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-05, HIT from KS-CLOUD-XG-03-13
X-Cdn-Request-ID: 547fdce2610532ba51724e76224d83ac
5y7wpn.gaokejd.xyz/ftl/commonPage/themes/gui-skin-default.css
200 OK 6.3 kB URL GET HTTP/1.1 5y7wpn.gaokejd.xyz/ftl/commonPage/themes/gui-skin-default.css
IP
ASN #137280 Kingsoft cloud corporation limited
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type Unicode text, UTF-8 (with BOM) text, with very long lines (7014)
Hash 4f6eba52b6bdba2bd8154d39c61fcaab
11a91e977ab64175dc2ec233d45c6cf9d34798b0
b4ae8f84403e1e8ea7f75cac8491e461ac6e5524260a04d772d53dd912f8e53a
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/commonPage/themes/gui-skin-default.css HTTP/1.1
Host: 5y7wpn.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 6253
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-02
ETag: W/"64ad1569-7b6e"
Date: Tue, 14 Nov 2023 04:55:07 GMT
Last-Modified: Tue, 11 Jul 2023 08:40:09 GMT
Expires: Thu, 14 Dec 2023 04:55:07 GMT
Age: 791343
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg03:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-02, HIT from KS-CLOUD-XG-FOREIGN-03-08
X-Cdn-Request-ID: 00e2bb6ca0cd5e892c9cfacd830ae9e0
5y7wpn.gaokejd.xyz/ftl/bet365-627/themes/style/bootstrap-dialog.min.css
200 OK 630 B URL GET HTTP/1.1 5y7wpn.gaokejd.xyz/ftl/bet365-627/themes/style/bootstrap-dialog.min.css
IP
ASN #137280 Kingsoft cloud corporation limited
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
Hash 304eb84809c6637b7cdd0dc6225c5761
e724aff10b16dc82bf1086cd3b70d8396f630d64
cb1d0b332c0218bbb360fd25d693f88293b54389caf88c36ffcfd8adc948d0e4
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/bet365-627/themes/style/bootstrap-dialog.min.css HTTP/1.1
Host: 5y7wpn.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 630
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-02
ETag: W/"6156cab3-adc"
Date: Tue, 14 Nov 2023 04:55:08 GMT
Last-Modified: Fri, 01 Oct 2021 08:45:39 GMT
Expires: Thu, 14 Dec 2023 04:55:08 GMT
Age: 791341
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xg03:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-02, HIT from KS-CLOUD-XG-03-09
X-Cdn-Request-ID: 36697f58ebd275a6d48d71ec4b228598
5y7wpn.gaokejd.xyz/ftl/bet365-627/themes/style/swiper-4.3.3.min.css
200 OK 3.1 kB URL GET HTTP/1.1 5y7wpn.gaokejd.xyz/ftl/bet365-627/themes/style/swiper-4.3.3.min.css
IP
ASN #137280 Kingsoft cloud corporation limited
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type ASCII text, with very long lines (19512)
Hash f29b1aec530d4ecb1255894948203345
ec15a3a265c1556fae8f9553d371423df9653c50
f476606c821fd23ba0fcae1845e3e45ae39f6040921de2d96698ad7d1e922f3e
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/bet365-627/themes/style/swiper-4.3.3.min.css HTTP/1.1
Host: 5y7wpn.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 3094
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-06
ETag: W/"615c2c2b-4d3d"
Date: Tue, 14 Nov 2023 04:55:09 GMT
Last-Modified: Tue, 05 Oct 2021 10:42:51 GMT
Expires: Thu, 14 Dec 2023 04:55:09 GMT
Age: 791341
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xg03:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-06, HIT from KS-CLOUD-XG-03-13
X-Cdn-Request-ID: 366b240d72ba10b87f8f8029b055579e
d.313vip37.xyz:8989/message_zh_CN.js?v=1700646329357
200 OK 9.9 kB URL GET HTTP/1.1 d.313vip37.xyz:8989/message_zh_CN.js?v=1700646329357
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerLet's Encrypt
Subjectd.313vip37.xyz
Fingerprint0C:CD:2A:92:60:DE:79:4F:60:49:33:D2:82:9F:3D:C6:6B:A2:F5:F9
ValiditySun, 19 Nov 2023 03:06:25 GMT - Sat, 17 Feb 2024 03:06:24 GMT
File type Unicode text, UTF-8 text, with very long lines (18042)
Hash adcd647972140ca028f47a6dd9646934
391048d6b4a2878b9d0dac49df247c5504f06dd7
ad194b3c9e03ab63b64bccd568d8c277db23a273c5ac4f3ef670decb7417a7ed
GET /message_zh_CN.js?v=1700646329357 HTTP/1.1
Host: d.313vip37.xyz:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
Content-Encoding: gzip
Content-Type: application/javascript;charset=UTF-8
Date: Thu, 23 Nov 2023 08:44:10 GMT
Expires: Fri, 24 Nov 2023 08:44:10 GMT
Out-Line: gb-cdn-802
Uuid: 00627-01-00000000-1700729050e5fa
Vary: Accept-Encoding
X-Cache: HIT
X-Frame-Options: SAMEORIGIN
Transfer-Encoding: chunked
5y7wpn.gaokejd.xyz/ftl/commonPage/js/jquery/jquery-1.11.3.min.js
200 OK 34 kB URL GET HTTP/1.1 5y7wpn.gaokejd.xyz/ftl/commonPage/js/jquery/jquery-1.11.3.min.js
IP
ASN #137280 Kingsoft cloud corporation limited
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type ASCII text, with very long lines (32038)
Hash b091a47f6b91e26c93a848092c6f3788
52918af2d431e73464060b35d364640c8db75606
329ab92b9276ef4e3148f69be6b208969bebdf2db3121a589caa172453fd9f10
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/commonPage/js/jquery/jquery-1.11.3.min.js HTTP/1.1
Host: 5y7wpn.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 33545
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-03
ETag: W/"5d848f4f-176d4"
Date: Tue, 14 Nov 2023 04:54:12 GMT
Last-Modified: Fri, 20 Sep 2019 08:35:27 GMT
Expires: Thu, 14 Dec 2023 04:54:12 GMT
Age: 791397
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg03:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-03, HIT from KS-CLOUD-XG-03-02
X-Cdn-Request-ID: 40d0e926f0805be22dca95eecfa438ae
5y7wpn.gaokejd.xyz/ftl/commonPage/js/float.js
200 OK 1.9 kB URL GET HTTP/1.1 5y7wpn.gaokejd.xyz/ftl/commonPage/js/float.js
IP
ASN #137280 Kingsoft cloud corporation limited
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
Hash 829af863b0cdc4a603919824ae046299
1d417b1553e4ecb7125ebf2005b74255291fbf73
1dbe4afbc9ed220c08b9e95577b56f83e2e8e0f7620c5dc18266bb325e5bb271
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/commonPage/js/float.js HTTP/1.1
Host: 5y7wpn.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 1929
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-04
ETag: W/"612747ba-1b2f"
Date: Tue, 14 Nov 2023 04:54:13 GMT
Last-Modified: Thu, 26 Aug 2021 07:50:18 GMT
Expires: Thu, 14 Dec 2023 04:54:13 GMT
Age: 791397
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg03:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-04, HIT from KS-CLOUD-XG-03-14
X-Cdn-Request-ID: a6b0056f95f9f8d8ea8f4fbd3d7b68c8
5y7wpn.gaokejd.xyz/ftl/commonPage/js/idangerous.swiper.min.js
200 OK 12 kB URL GET HTTP/1.1 5y7wpn.gaokejd.xyz/ftl/commonPage/js/idangerous.swiper.min.js
IP
ASN #137280 Kingsoft cloud corporation limited
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type ASCII text, with very long lines (32034)
Hash f15409fb02c527ce1f66a2fd3c4aa0e9
1e1e1bcc0f49e99e14ba34991cffe0745178d302
1a1b5d3d6fbfc28abe37a668abd59494208c63c5f0b5d040cf4bbbd137f87c27
GET /ftl/commonPage/js/idangerous.swiper.min.js HTTP/1.1
Host: 5y7wpn.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 11957
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-01
ETag: W/"64d5b951-b083"
Date: Tue, 14 Nov 2023 04:54:13 GMT
Last-Modified: Fri, 11 Aug 2023 04:30:09 GMT
Expires: Thu, 14 Dec 2023 04:54:13 GMT
Age: 791397
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg03:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-01, HIT from KS-CLOUD-XG-03-12
X-Cdn-Request-ID: d7fe5abe2235586d44a818a7d12a1bb7
5y7wpn.gaokejd.xyz/ftl/commonPage/js/websocket/Comet.js
200 OK 4.0 kB URL GET HTTP/1.1 5y7wpn.gaokejd.xyz/ftl/commonPage/js/websocket/Comet.js
IP
ASN #137280 Kingsoft cloud corporation limited
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
Hash 4de3e8bcf2f02d60519ca0d3584d3b8e
6323c2bf18b1bbf968e164bdf2e58d7677f67f8a
6cf6e96f51f13834e233bee9a9040f6eff70601dc0b755e60885b20550b35a9f
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/commonPage/js/websocket/Comet.js HTTP/1.1
Host: 5y7wpn.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 4031
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-04
ETag: W/"60f60fb5-43bc"
Date: Tue, 14 Nov 2023 04:54:13 GMT
Last-Modified: Mon, 19 Jul 2021 23:50:13 GMT
Expires: Thu, 14 Dec 2023 04:54:13 GMT
Age: 791397
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg03:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-04, HIT from KS-CLOUD-XG-03-09
X-Cdn-Request-ID: 337ac615792c5a7de3cb3b16e92fbe0f
5y7wpn.gaokejd.xyz/ftl/commonPage/js/websocket/PopUp.js
200 OK 797 B URL GET HTTP/1.1 5y7wpn.gaokejd.xyz/ftl/commonPage/js/websocket/PopUp.js
IP
ASN #137280 Kingsoft cloud corporation limited
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
Hash 07864ad2e2759d53f8f2f14dd4295bd9
95144219e2eb702c4c4a707c3622b086876cf41c
871bf30791bb89605b61cea815c3786246274b65ede3b8a8b8c2dd9244cfa89d
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/commonPage/js/websocket/PopUp.js HTTP/1.1
Host: 5y7wpn.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 797
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-01
ETag: W/"6260ddd4-828"
Date: Tue, 14 Nov 2023 04:54:13 GMT
Last-Modified: Thu, 21 Apr 2022 04:30:12 GMT
Expires: Thu, 14 Dec 2023 04:54:13 GMT
Age: 791397
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg03:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-01, HIT from KS-CLOUD-XG-FOREIGN-03-05
X-Cdn-Request-ID: ed6e025941233448d887e621a608cd83
5y7wpn.gaokejd.xyz/ftl/commonPage/js/websocket/CometMarathon.js
200 OK 3.3 kB URL GET HTTP/1.1 5y7wpn.gaokejd.xyz/ftl/commonPage/js/websocket/CometMarathon.js
IP
ASN #137280 Kingsoft cloud corporation limited
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
Hash 3b4680db1e065116488f065419ca9f58
6c646601c5656ff6cb1fdf9d5b95823f41e9bcfa
e2bfb9fc21f2a1a6e33c7c5ed20de13ef2ef4bcf266aa4b2e6f2fee06f8f4eaf
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/commonPage/js/websocket/CometMarathon.js HTTP/1.1
Host: 5y7wpn.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 3316
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-04
ETag: W/"6260ddd4-2f13"
Date: Tue, 14 Nov 2023 04:54:12 GMT
Last-Modified: Thu, 21 Apr 2022 04:30:12 GMT
Expires: Thu, 14 Dec 2023 04:54:12 GMT
Age: 791398
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg03:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-04, HIT from KS-CLOUD-XG-03-03
X-Cdn-Request-ID: 36622e999f409533b628c2ef20f7b78c
5y7wpn.gaokejd.xyz/ftl/commonPage/themes/hongbao.css
200 OK 5.7 kB URL GET HTTP/1.1 5y7wpn.gaokejd.xyz/ftl/commonPage/themes/hongbao.css
IP
ASN #137280 Kingsoft cloud corporation limited
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type Unicode text, UTF-8 text, with very long lines (336)
Hash 499a3a64bcf22609681f5337a6360c80
fc05a8a391c8375ea4e47183eca56a18bed8fca7
5339bf22971b6400e64154decc06b84fd4be337c2758cc7ca565756c92c97894
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/commonPage/themes/hongbao.css HTTP/1.1
Host: 5y7wpn.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://5y7wpn.gaokejd.xyz/ftl/commonPage/themes/gui-base.css
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 5666
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-06
ETag: W/"64252e4f-d530"
Date: Tue, 14 Nov 2023 04:55:08 GMT
Last-Modified: Thu, 30 Mar 2023 06:38:07 GMT
Expires: Thu, 14 Dec 2023 04:55:08 GMT
Age: 791342
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg03:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-06, HIT from KS-CLOUD-XG-03-02
X-Cdn-Request-ID: e7edb73196a1302d0e5a3b3e06992e97
5y7wpn.gaokejd.xyz/ftl/commonPage/themes/gui-layer.css
200 OK 6.9 kB URL GET HTTP/1.1 5y7wpn.gaokejd.xyz/ftl/commonPage/themes/gui-layer.css
IP
ASN #138915 Kaopu Cloud HK Limited
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type Unicode text, UTF-8 text, with very long lines (489)
Hash 858eefc3fa70af7d0115c901908471f5
29c181bbbc09a424f7de7cb57629bd8a9e3c679a
9f6a77c93f998e065f1ed52eb9943a3c560a50366bba2c8a34a4a1223c793caf
GET /ftl/commonPage/themes/gui-layer.css HTTP/1.1
Host: 5y7wpn.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://5y7wpn.gaokejd.xyz/ftl/commonPage/themes/gui-base.css
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 6923
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-05
ETag: W/"64ddd5e1-c760"
Date: Tue, 14 Nov 2023 04:55:09 GMT
Last-Modified: Thu, 17 Aug 2023 08:10:09 GMT
Expires: Thu, 14 Dec 2023 04:55:09 GMT
Age: 791341
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-05, HIT from KS-CLOUD-XG-FOREIGN-21-20
X-Cdn-Request-ID: 6a1d4a381a77f0f16e29c015d337bd3d
5y7wpn.gaokejd.xyz/ftl/commonPage/js/lazyload.js
200 OK 2.7 kB URL GET HTTP/1.1 5y7wpn.gaokejd.xyz/ftl/commonPage/js/lazyload.js
IP
ASN #137280 Kingsoft cloud corporation limited
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
Hash 58f1a7fa1a19b0e5ad0a5bad974b98cf
6963ce7378e6c992de06e7e77d79432a0d38f54d
fb513dceb383ebeda507b1e1cc89ab4d73de071d8aa4fc78bc22f66e7fc5a7e4
GET /ftl/commonPage/js/lazyload.js HTTP/1.1
Host: 5y7wpn.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 2731
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-03
ETag: W/"64d05f66-2f79"
Date: Tue, 14 Nov 2023 04:54:13 GMT
Last-Modified: Mon, 07 Aug 2023 03:05:10 GMT
Expires: Thu, 14 Dec 2023 04:54:13 GMT
Age: 791397
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg03:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-03, HIT from KS-CLOUD-XG-03-02
X-Cdn-Request-ID: 934446f515cd701c547ed77413268da0
5y7wpn.gaokejd.xyz/ftl/commonPage/js/gui-base.js
200 OK 16 kB URL GET HTTP/1.1 5y7wpn.gaokejd.xyz/ftl/commonPage/js/gui-base.js
IP
ASN #137280 Kingsoft cloud corporation limited
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type HTML document, Unicode text, UTF-8 text, with very long lines (11056)
Hash 4007cfe0a95df1d6a9f4252e636f995f
b0f9a2ad5c49b9b50ac5d025c8e9ce803eb5d7a8
4370313fa317e44140f85bba141ec24c2c9ef674593779d3349d2a44001699d0
GET /ftl/commonPage/js/gui-base.js HTTP/1.1
Host: 5y7wpn.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 15779
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-03
ETag: W/"64ddbaed-ee5c"
Date: Tue, 14 Nov 2023 04:54:13 GMT
Last-Modified: Thu, 17 Aug 2023 06:15:09 GMT
Expires: Thu, 14 Dec 2023 04:54:13 GMT
Age: 791397
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg03:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-03, HIT from KS-CLOUD-XG-FOREIGN-03-06
X-Cdn-Request-ID: a2f48e860a8c9ee4425394e616d6ef48
5y7wpn.gaokejd.xyz/ftl/commonPage/js/bootstrap-dialog.min.js
200 OK 5.0 kB URL GET HTTP/1.1 5y7wpn.gaokejd.xyz/ftl/commonPage/js/bootstrap-dialog.min.js
IP
ASN #137280 Kingsoft cloud corporation limited
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type ASCII text, with very long lines (20132), with no line terminators
Hash 5ce8851dc823429a42ab6147554403cc
28f381f0e0aa4f5d56690e65723bd97fb59a38e6
dd1edf5e54071903c4c1e81e33636444899d645df6b18bad22249da07f91c811
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/commonPage/js/bootstrap-dialog.min.js HTTP/1.1
Host: 5y7wpn.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 5007
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-02
ETag: W/"5d848f4f-4ea4"
Date: Tue, 14 Nov 2023 04:54:13 GMT
Last-Modified: Fri, 20 Sep 2019 08:35:27 GMT
Expires: Thu, 14 Dec 2023 04:54:13 GMT
Age: 791397
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg03:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-02, HIT from KS-CLOUD-XG-FOREIGN-03-08
X-Cdn-Request-ID: 909e1e922d105fa09f3f4b1c9a2530d6
5y7wpn.gaokejd.xyz/ftl/commonPage/js/layer.js
200 OK 7.6 kB URL GET HTTP/1.1 5y7wpn.gaokejd.xyz/ftl/commonPage/js/layer.js
IP
ASN #137280 Kingsoft cloud corporation limited
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type Unicode text, UTF-8 text, with very long lines (21922)
Hash c42797aecccd5494e2b747cedf1a890b
b9e06a6d245b6a3c87f2753db0c9c9aa020640b2
56feab66e10b4718de666fc63941b4f36a5e553e8887d663e137e635add8beb3
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/commonPage/js/layer.js HTTP/1.1
Host: 5y7wpn.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 7599
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-05
ETag: W/"5d848f4f-55f6"
Date: Tue, 14 Nov 2023 04:54:12 GMT
Last-Modified: Fri, 20 Sep 2019 08:35:27 GMT
Expires: Thu, 14 Dec 2023 04:54:12 GMT
Age: 791398
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg03:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-05, HIT from KS-CLOUD-XG-03-02
X-Cdn-Request-ID: 7cb8082e05e2d88755a1c7cb835570da
5y7wpn.gaokejd.xyz/ftl/commonPage/js/jquery/jquery.super-marquee.js
200 OK 1.4 kB URL GET HTTP/1.1 5y7wpn.gaokejd.xyz/ftl/commonPage/js/jquery/jquery.super-marquee.js
IP
ASN #137280 Kingsoft cloud corporation limited
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type ASCII text, with very long lines (4433), with no line terminators
Hash f77d83590bc0a69298f2fbcc5d9911cd
1d6aa25d7052f53ad0181385e5efe72f224bbdb9
1d042b9441e860ddcc01b9e9e5e8d354121ee0e31b47f6e18a321e2e633d22e7
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/commonPage/js/jquery/jquery.super-marquee.js HTTP/1.1
Host: 5y7wpn.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 1421
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-06
ETag: W/"5d848f4f-1151"
Date: Tue, 14 Nov 2023 04:54:13 GMT
Last-Modified: Fri, 20 Sep 2019 08:35:27 GMT
Expires: Thu, 14 Dec 2023 04:54:13 GMT
Age: 791397
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg03:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-06, HIT from KS-CLOUD-XG-FOREIGN-03-06
X-Cdn-Request-ID: 872e299d4efe84a7ea8fc57ea0f36892
5y7wpn.gaokejd.xyz/061410/rcenter/common/js/jquery/plugins/jquery.validate/jquery.validate.js
200 OK 7.7 kB URL GET HTTP/1.1 5y7wpn.gaokejd.xyz/061410/rcenter/common/js/jquery/plugins/jquery.validate/jquery.validate.js
IP
ASN #137280 Kingsoft cloud corporation limited
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type Unicode text, UTF-8 text, with very long lines (27669)
Hash f8c2b37c1dc626eede6a2e3e37aa4504
d4e8419497caa64c8a850ac4808dddb89b5eeb3f
728d63b799ab3d9bee5e987ad13f71aeb9d30ff78ed552c7edc425531c9c0f2a
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /061410/rcenter/common/js/jquery/plugins/jquery.validate/jquery.validate.js HTTP/1.1
Host: 5y7wpn.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 7746
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-04
ETag: W/"65320e6c-6caf"
Date: Tue, 14 Nov 2023 04:54:13 GMT
Last-Modified: Fri, 20 Oct 2023 05:21:48 GMT
Expires: Thu, 14 Dec 2023 04:54:13 GMT
Age: 791397
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg03:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-04, HIT from KS-CLOUD-XG-03-13
X-Cdn-Request-ID: 5637de3e22a6cfea0b05652b8e035d7c
5y7wpn.gaokejd.xyz/061410/rcenter/common/js/gamebox/common/jquery.validate.extend.msites.js
200 OK 4.1 kB URL GET HTTP/1.1 5y7wpn.gaokejd.xyz/061410/rcenter/common/js/gamebox/common/jquery.validate.extend.msites.js
IP
ASN #137280 Kingsoft cloud corporation limited
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type Unicode text, UTF-8 text, with very long lines (14855), with no line terminators
Hash 4fe7dadf050dad2dcfd386d21b880281
07e7feb8dc9309fe66d86d7a9e27f8efd32ab0bd
aa891aafe8e98e1e15d81b2b116e6c3808d0bbbec56cd24818e2e7ac911877c9
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /061410/rcenter/common/js/gamebox/common/jquery.validate.extend.msites.js HTTP/1.1
Host: 5y7wpn.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 4126
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-01
ETag: W/"65320e6c-3a09"
Date: Tue, 14 Nov 2023 04:54:14 GMT
Last-Modified: Fri, 20 Oct 2023 05:21:48 GMT
Expires: Thu, 14 Dec 2023 04:54:14 GMT
Age: 791396
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg03:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-01, HIT from KS-CLOUD-XG-FOREIGN-03-10
X-Cdn-Request-ID: d02cbf190eec11ffd1068d7bf33f0c81
5y7wpn.gaokejd.xyz/ftl/commonPage/js/jquery/jquery.nicescroll.min.js
200 OK 17 kB URL GET HTTP/1.1 5y7wpn.gaokejd.xyz/ftl/commonPage/js/jquery/jquery.nicescroll.min.js
IP
ASN #138915 Kaopu Cloud HK Limited
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type ASCII text, with very long lines (64577)
Hash b5bc8cd626b389bde727a91e6ce79436
3df6c39300ac286cf596b3bda273cb39ff825429
a1eb48eeb3b3f2ba41940d3041464f0b386b7a7c4a8acb42f3017e691f4b116e
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/commonPage/js/jquery/jquery.nicescroll.min.js HTTP/1.1
Host: 5y7wpn.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 17446
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-01
ETag: W/"5d848f4f-fc8b"
Date: Tue, 14 Nov 2023 04:54:13 GMT
Last-Modified: Fri, 20 Sep 2019 08:35:27 GMT
Expires: Thu, 14 Dec 2023 04:54:13 GMT
Age: 791397
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding, Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
Content-Encoding: gzip
x-link-via: xg21:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-01, HIT from KS-CLOUD-XG-FOREIGN-21-02
X-Cdn-Request-ID: c2352a2893e0a252d754f381574e9db3
5y7wpn.gaokejd.xyz/ftl/commonPage/themes/hb/css/pc.css
200 OK 911 B URL GET HTTP/1.1 5y7wpn.gaokejd.xyz/ftl/commonPage/themes/hb/css/pc.css
IP
ASN #137280 Kingsoft cloud corporation limited
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
Hash 1da71520b7a0a61526a8fa8d0feb40d1
ba1bf69dad8783563328054cae58ccabf1b00829
5eb4d895bcb33061cda238c8ff4985ede69a866819b980c732cf3802ec101e8d
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/commonPage/themes/hb/css/pc.css HTTP/1.1
Host: 5y7wpn.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 911
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-04
ETag: W/"5d848f4f-b5d"
Date: Tue, 14 Nov 2023 04:55:09 GMT
Last-Modified: Fri, 20 Sep 2019 08:35:27 GMT
Expires: Thu, 14 Dec 2023 04:55:09 GMT
Age: 791341
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg03:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-04, HIT from KS-CLOUD-XG-FOREIGN-03-05
X-Cdn-Request-ID: e5a46e14751a884238581a762efe3ddd
5y7wpn.gaokejd.xyz/ftl/commonPage/js/moment.js
200 OK 27 kB URL GET HTTP/1.1 5y7wpn.gaokejd.xyz/ftl/commonPage/js/moment.js
IP
ASN #137280 Kingsoft cloud corporation limited
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type Algol 68 source text\012- Pascal source, Unicode text, UTF-8 text
Hash 36c8f828395a9395549bd6e7307cb7e9
f30a4961558e2d3d4405e7d93aa28fdb63245e78
5d5e32fa1e06a0bc9396f349d142ad248e82086543e438c890e43f41e692db33
GET /ftl/commonPage/js/moment.js HTTP/1.1
Host: 5y7wpn.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 26968
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-02
ETag: W/"64b633ca-1cab9"
Date: Tue, 14 Nov 2023 04:54:14 GMT
Last-Modified: Tue, 18 Jul 2023 06:40:10 GMT
Expires: Thu, 14 Dec 2023 04:54:14 GMT
Age: 791396
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg03:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-02, HIT from KS-CLOUD-XG-03-12
X-Cdn-Request-ID: 59fe29091624093552f3249bfffcab61
5y7wpn.gaokejd.xyz/ftl/commonPage/js/theme/default/layer.css?v=3.1.0
200 OK 3.1 kB URL GET HTTP/1.1 5y7wpn.gaokejd.xyz/ftl/commonPage/js/theme/default/layer.css?v=3.1.0
IP
ASN #137280 Kingsoft cloud corporation limited
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
Hash 5cf9259b7dd27aacd46161ec23d261cf
ba0c399616a5ae9cdd8aec5b76ba4aae4822367c
7f73a66b3a9a38576d124b6243a8984d795028e3493b8fa3f688d8dbe10cbccc
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/commonPage/js/theme/default/layer.css?v=3.1.0 HTTP/1.1
Host: 5y7wpn.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 3111
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-03
ETag: W/"6131d862-48e4"
Date: Tue, 14 Nov 2023 04:55:09 GMT
Last-Modified: Fri, 03 Sep 2021 08:10:10 GMT
Expires: Thu, 14 Dec 2023 04:55:09 GMT
Age: 791342
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg03:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-03, HIT from KS-CLOUD-XG-03-13
X-Cdn-Request-ID: ab9add5975219a2b2b5e6ec409d20da8
5y7wpn.gaokejd.xyz/061410/rcenter/common/static/js/gb.validation.min.js?v=1700646329357
200 OK 5.2 kB URL GET HTTP/1.1 5y7wpn.gaokejd.xyz/061410/rcenter/common/static/js/gb.validation.min.js?v=1700646329357
IP
ASN #137280 Kingsoft cloud corporation limited
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type Unicode text, UTF-8 text, with very long lines (801)
Hash 30be40425b37bee4158676082cef1f4d
b41ed46721936872d5d7eadf303ce22938240d2a
f5ca5f543161a6b37ca2bf26c4f3c630fe08323108c77dac1fba6ce755ce6f47
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /061410/rcenter/common/static/js/gb.validation.min.js?v=1700646329357 HTTP/1.1
Host: 5y7wpn.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 5207
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-06
ETag: W/"633d510e-7fd7"
Date: Tue, 14 Nov 2023 04:54:14 GMT
Last-Modified: Wed, 05 Oct 2022 09:40:30 GMT
Expires: Thu, 14 Dec 2023 04:54:14 GMT
Age: 791396
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-204
x-link-via: xg03:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-06, HIT from KS-CLOUD-XG-03-09
X-Cdn-Request-ID: 21aa3e57c7d3bdb885addb850f40e1f8
5y7wpn.gaokejd.xyz/061410/rcenter/common/static/css/gb.validation.min.css
200 OK 3.8 kB URL GET HTTP/1.1 5y7wpn.gaokejd.xyz/061410/rcenter/common/static/css/gb.validation.min.css
IP
ASN #137280 Kingsoft cloud corporation limited
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type Unicode text, UTF-8 text, with very long lines (2295)
Hash f00ce0554efc5adea6a8e02d5e501cad
388840e376568b37ac0103aa5c87a268778db67a
3043f42fdd97ec607648da79c3abfa6f364404c7594143227c2541d1f0ac6069
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /061410/rcenter/common/static/css/gb.validation.min.css HTTP/1.1
Host: 5y7wpn.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 3788
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-02
ETag: W/"633d510e-2d52"
Date: Tue, 14 Nov 2023 04:55:09 GMT
Last-Modified: Wed, 05 Oct 2022 09:40:30 GMT
Expires: Thu, 14 Dec 2023 04:55:09 GMT
Age: 791342
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-204
x-link-via: xg03:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-02, HIT from KS-CLOUD-XG-03-03
X-Cdn-Request-ID: dc70e458c9e373632ed4d279a4d5c85a
d.313vip37.xyz:8989/mobile-api/v5/origin/getFloat.html
200 OK 2.9 kB URL POST HTTP/1.1 d.313vip37.xyz:8989/mobile-api/v5/origin/getFloat.html
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerLet's Encrypt
Subjectd.313vip37.xyz
Fingerprint0C:CD:2A:92:60:DE:79:4F:60:49:33:D2:82:9F:3D:C6:6B:A2:F5:F9
ValiditySun, 19 Nov 2023 03:06:25 GMT - Sat, 17 Feb 2024 03:06:24 GMT
File type JSON data\012- HTML document, Unicode text, UTF-8 text, with very long lines (16341), with no line terminators
Hash 099df963f7f7030587d64d5922d4e286
7cd1b035cc6e5a1aa9d8db702310a09fd9c02ebd
bf52d659142349cb476cd19f334a37c069d95914cf651b5f984c349f8fb4dbd4
POST /mobile-api/v5/origin/getFloat.html HTTP/1.1
Host: d.313vip37.xyz:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 68
Origin: https://d.313vip37.xyz:8989
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Cookie: sticket=TMWlNREZpTFRCaU9H
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Access-Control-Allow-Headers: Content-Type,Access-Token,X-Requested-With
Access-Control-Allow-Methods: *
Access-Control-Allow-Origin: https://d.313vip37.xyz:8989
Access-Control-Max-Age: 3600
Content-Disposition: inline;filename=f.txt
Content-Encoding: gzip
Content-Type: text/html;charset=utf-8
Date: Thu, 23 Nov 2023 08:44:11 GMT
Out-Line: gb-cdn-802
Set-Cookie: route=66776b881a59021b52807ef9298664ac; Path=/
Sub-Sys: mobile
Uuid: 00627-01-00000000-17007290518524
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
Transfer-Encoding: chunked
5y7wpn.gaokejd.xyz/ftl/bet365-627/plugin/js/swiper-4.3.3.min.js
200 OK 32 kB URL GET HTTP/1.1 5y7wpn.gaokejd.xyz/ftl/bet365-627/plugin/js/swiper-4.3.3.min.js
IP
ASN #138915 Kaopu Cloud HK Limited
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type ASCII text, with very long lines (65275)
Hash 317fd00903b68a157500b40495e8d74e
29ba73703d5c1d5390551e9fb230a3f1ace1437e
efac6fec2ba437b6a906e249fad9de3c7d3c105a48136b0155376b5989c4d76a
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/bet365-627/plugin/js/swiper-4.3.3.min.js HTTP/1.1
Host: 5y7wpn.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 31739
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-02
ETag: W/"61567ad6-1df6f"
Date: Tue, 14 Nov 2023 04:54:13 GMT
Last-Modified: Fri, 01 Oct 2021 03:04:54 GMT
Expires: Thu, 14 Dec 2023 04:54:13 GMT
Age: 791398
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xg21:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-02, HIT from KS-CLOUD-XG-FOREIGN-21-16
X-Cdn-Request-ID: 4a0a8f6b6fb648f9dfd40ca90be9efbd
5y7wpn.gaokejd.xyz/ftl/commonPage/zh_CN/mobileTopic/images/special_3.jpg
200 OK 6.9 kB URL GET HTTP/1.1 5y7wpn.gaokejd.xyz/ftl/commonPage/zh_CN/mobileTopic/images/special_3.jpg
IP
ASN #137280 Kingsoft cloud corporation limited
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 168x168, components 3\012- data
Hash 99be4bfe275809d4e436b77c991b1381
54eadee77394eb62ccf377ae68d9f49acb5b6785
4ca35131972acdf420b94f0d64a5a0f504eb5a7b0e6fb7b8b467916a12aae37d
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/commonPage/zh_CN/mobileTopic/images/special_3.jpg HTTP/1.1
Host: 5y7wpn.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 6871
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-02
ETag: "5d848f4f-1ad7"
Date: Tue, 14 Nov 2023 04:55:09 GMT
Last-Modified: Fri, 20 Sep 2019 08:35:27 GMT
Expires: Thu, 14 Dec 2023 04:55:09 GMT
Age: 791342
Cache-Control: max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg03:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-02, HIT from KS-CLOUD-XG-03-12
X-Cdn-Request-ID: a9ee6827581f0b360b9e508121d40733
ocsp.r2m03.amazontrust.com/
471 B URL ocsp.r2m03.amazontrust.com/
IP
Hash dafe509d28d16ba0e4953214d884985a
7fed8f6fb925fbc9bd46febc0e0f803dc07e82c2
0e96d0558b808c5d068a9cf76f7810d7c4f26378102edec898ed62ed5ad9c1a8
POST / HTTP/1.1
Host: ocsp.r2m03.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Cache-Control: max-age=7200
Date: Thu, 23 Nov 2023 08:44:12 GMT
Server: ECAcc (amb/6B51)
X-Cache: Miss from cloudfront
Via: 1.1 f46773a8236e136c4f6648dd79a7af8e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: tuAZmYvo7Rz1A7gt3zVw3B5vxqv7ME44YoayiFKwvjx2iPg8RXIcuw==
d.313vip37.xyz:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_88_1jeqx59c7ztqg.png
200 OK 24 kB URL GET HTTP/1.1 d.313vip37.xyz:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_88_1jeqx59c7ztqg.png
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerLet's Encrypt
Subjectd.313vip37.xyz
Fingerprint0C:CD:2A:92:60:DE:79:4F:60:49:33:D2:82:9F:3D:C6:6B:A2:F5:F9
ValiditySun, 19 Nov 2023 03:06:25 GMT - Sat, 17 Feb 2024 03:06:24 GMT
File type PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Hash 19e16d0cf5c005f3fd798e8f0131db7d
ebb9c520f4047172662991c689a2e07015680dcd
57c3d3bf827de223898f46813f9bd0fd2296cc21a61f3f77d03ba6cee265c78d
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_88_1jeqx59c7ztqg.png HTTP/1.1
Host: d.313vip37.xyz:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
Content-Length: 23771
Content-Type: image/png
Date: Thu, 23 Nov 2023 08:44:12 GMT
Etag: "613c72bd-5cdb"
Expires: Fri, 24 Nov 2023 08:44:12 GMT
Last-Modified: Sat, 11 Sep 2021 09:11:25 GMT
Out-Line: gb-cdn-802
Uuid: -
X-Cache: HIT
X-Frame-Options: SAMEORIGIN
d.313vip37.xyz:8989/index/getAppsUrl.html?device=android&fPixelId=&accessToken=&apiVersion=
200 OK 926 B URL GET HTTP/1.1 d.313vip37.xyz:8989/index/getAppsUrl.html?device=android&fPixelId=&accessToken=&apiVersion=
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerLet's Encrypt
Subjectd.313vip37.xyz
Fingerprint0C:CD:2A:92:60:DE:79:4F:60:49:33:D2:82:9F:3D:C6:6B:A2:F5:F9
ValiditySun, 19 Nov 2023 03:06:25 GMT - Sat, 17 Feb 2024 03:06:24 GMT
File type JSON data\012- , ASCII text, with very long lines (1168), with no line terminators
Hash 3675f51c7da12252ba0188035a851775
bc1af94ed66f28c57dc4520de21bba4625397b31
7cc13f3e7bfd34bc98344db25681a49311999fd0695fefcbd4d627aecca928d0
GET /index/getAppsUrl.html?device=android&fPixelId=&accessToken=&apiVersion= HTTP/1.1
Host: d.313vip37.xyz:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Cookie: sticket=TMWlNREZpTFRCaU9H; route=66776b881a59021b52807ef9298664ac
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Disposition: inline;filename=f.txt
Content-Encoding: gzip
Content-Type: text/html; charset=utf-8
Date: Thu, 23 Nov 2023 08:44:12 GMT
Out-Line: gb-cdn-802
Set-Cookie: route=f99a9c30dbd1a887d1dbc0d8dc11c2e5; Path=/
Sub-Sys: msite
Uuid: 00627-01-00000000-170072905260ec
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
Content-Length: 926
d.313vip37.xyz:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_90_at2_060.png
200 OK 26 kB URL GET HTTP/1.1 d.313vip37.xyz:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_90_at2_060.png
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerLet's Encrypt
Subjectd.313vip37.xyz
Fingerprint0C:CD:2A:92:60:DE:79:4F:60:49:33:D2:82:9F:3D:C6:6B:A2:F5:F9
ValiditySun, 19 Nov 2023 03:06:25 GMT - Sat, 17 Feb 2024 03:06:24 GMT
File type PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Hash 51de7c3b3b21d10f38a0c30ac5e4fd24
106f9a993385ff522dad2b37dbdb3c58f035ac20
9240329d37bd41d53a4f2864a255b9f9aef025474f2965130ed5668f10ee311e
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_90_at2_060.png HTTP/1.1
Host: d.313vip37.xyz:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
Content-Length: 25785
Content-Type: image/png
Date: Thu, 23 Nov 2023 08:44:12 GMT
Etag: "642f8159-64b9"
Expires: Fri, 24 Nov 2023 08:44:12 GMT
Last-Modified: Fri, 07 Apr 2023 02:35:05 GMT
Out-Line: gb-cdn-802
Uuid: -
X-Cache: HIT
X-Frame-Options: SAMEORIGIN
d.313vip37.xyz:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_90_ds_1010.png
200 OK 104 kB URL GET HTTP/1.1 d.313vip37.xyz:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_90_ds_1010.png
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerLet's Encrypt
Subjectd.313vip37.xyz
Fingerprint0C:CD:2A:92:60:DE:79:4F:60:49:33:D2:82:9F:3D:C6:6B:A2:F5:F9
ValiditySun, 19 Nov 2023 03:06:25 GMT - Sat, 17 Feb 2024 03:06:24 GMT
File type PNG image data, 250 x 215, 8-bit/color RGBA, non-interlaced\012- data
Size 104 kB (103628 bytes)
Hash 8d666e925b25cb11e51e73f93c070f4d
c6ff29c0819e955832f80eb564569cadd6a2b6e9
58377e7130027c1bc0b0d1640be5c18574464c78253ee14a8957586e32f55e0a
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_90_ds_1010.png HTTP/1.1
Host: d.313vip37.xyz:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
Content-Length: 103628
Content-Type: image/png
Date: Thu, 23 Nov 2023 08:44:12 GMT
Etag: "6279dd75-194cc"
Expires: Fri, 24 Nov 2023 08:44:12 GMT
Last-Modified: Tue, 10 May 2022 03:35:17 GMT
Out-Line: gb-cdn-802
Uuid: -
X-Cache: HIT
X-Frame-Options: SAMEORIGIN
5y7wpn.gaokejd.xyz/fserver/files/gb/627/carousel/10016/1537530207836.jpg?wsSecret=c587fd3b685a0449d6760e0d1c0f6f59&wsTime=1700729054
200 OK 30 kB URL GET HTTP/1.1 5y7wpn.gaokejd.xyz/fserver/files/gb/627/carousel/10016/1537530207836.jpg?wsSecret=c587fd3b685a0449d6760e0d1c0f6f59&wsTime=1700729054
IP
ASN #137280 Kingsoft cloud corporation limited
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 844x214, components 3\012- data
Hash 9d0b372de41ea61c5046d415502f6448
b7370cb3c7a6c7fe0a47316f6766b141bd765ce4
4e7849176be3f2506e63bcfeed553a4f9c8504ba525b8df345391fa5afc2241a
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /fserver/files/gb/627/carousel/10016/1537530207836.jpg?wsSecret=c587fd3b685a0449d6760e0d1c0f6f59&wsTime=1700729054 HTTP/1.1
Host: 5y7wpn.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 29972
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-05
ETag: "5ba4d95f-7514"
Date: Tue, 14 Nov 2023 04:55:11 GMT
Last-Modified: Fri, 21 Sep 2018 11:43:27 GMT
Expires: Thu, 14 Dec 2023 04:55:11 GMT
Age: 791341
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xg03:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-05, HIT from KS-CLOUD-XG-FOREIGN-03-05
X-Cdn-Request-ID: 32df3a2d29565d95ee6cd103be885dfd
d.313vip37.xyz:8989/ftl/commonPage/themes/images/hongbao/icon-close-1.png
200 OK 6.1 kB URL GET HTTP/1.1 d.313vip37.xyz:8989/ftl/commonPage/themes/images/hongbao/icon-close-1.png
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerLet's Encrypt
Subjectd.313vip37.xyz
Fingerprint0C:CD:2A:92:60:DE:79:4F:60:49:33:D2:82:9F:3D:C6:6B:A2:F5:F9
ValiditySun, 19 Nov 2023 03:06:25 GMT - Sat, 17 Feb 2024 03:06:24 GMT
File type PNG image data, 60 x 60, 8-bit/color RGBA, non-interlaced\012- data
Hash 30eb0e841ea47a1f05854ebca3f9e9c1
0cb9874c32ff8837c1ffaf89cba502ceb3483b2b
382670ae61fc81522b190a0536d7b993058183aea2ffe81d197ded6af07d2183
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/commonPage/themes/images/hongbao/icon-close-1.png HTTP/1.1
Host: d.313vip37.xyz:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Cookie: sticket=TMWlNREZpTFRCaU9H; route=f99a9c30dbd1a887d1dbc0d8dc11c2e5
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
Content-Length: 6087
Content-Type: image/png
Date: Thu, 23 Nov 2023 08:44:12 GMT
Etag: "611369ee-17c7"
Expires: Fri, 24 Nov 2023 08:44:12 GMT
Last-Modified: Wed, 11 Aug 2021 06:10:54 GMT
Out-Line: gb-cdn-802
Uuid: -
X-Cache: HIT
X-Frame-Options: SAMEORIGIN
d.313vip37.xyz:8989/index/getUserTimeZoneDate.html?t=lpay61o2
200 OK 97 B URL GET HTTP/1.1 d.313vip37.xyz:8989/index/getUserTimeZoneDate.html?t=lpay61o2
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerLet's Encrypt
Subjectd.313vip37.xyz
Fingerprint0C:CD:2A:92:60:DE:79:4F:60:49:33:D2:82:9F:3D:C6:6B:A2:F5:F9
ValiditySun, 19 Nov 2023 03:06:25 GMT - Sat, 17 Feb 2024 03:06:24 GMT
File type JSON data\012- , ASCII text, with no line terminators
Hash def3c0c4bcd149c7a4108114222454d9
9c15cad33bb08e52909b2ddee8668e61d4dc1ade
465ae3c77547153e5acbbb1235de257e4a6073578cd002a4b5c57708cad8c4f7
GET /index/getUserTimeZoneDate.html?t=lpay61o2 HTTP/1.1
Host: d.313vip37.xyz:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Cookie: sticket=TMWlNREZpTFRCaU9H; route=f99a9c30dbd1a887d1dbc0d8dc11c2e5
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cachettl: 3
Content-Disposition: inline;filename=f.txt
Content-Encoding: br
Content-Type: text/html; charset=utf-8
Date: Thu, 23 Nov 2023 08:44:12 GMT
Out-Line: gb-cdn-802
Sub-Sys: msite
Uuid: 00627-01-00000000-1700729052594c
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
Content-Length: 97
d.313vip37.xyz:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_90_at2_030.png
200 OK 92 kB URL GET HTTP/1.1 d.313vip37.xyz:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_90_at2_030.png
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerLet's Encrypt
Subjectd.313vip37.xyz
Fingerprint0C:CD:2A:92:60:DE:79:4F:60:49:33:D2:82:9F:3D:C6:6B:A2:F5:F9
ValiditySun, 19 Nov 2023 03:06:25 GMT - Sat, 17 Feb 2024 03:06:24 GMT
File type PNG image data, 250 x 215, 8-bit/color RGBA, non-interlaced\012- data
Hash 9f3fb2c25fe5ed8707017bd1c48b7dad
0431fc4b55351854aa7a1b519549df5d71f18ace
d86817d248b0c22c26c6c3a95c307094345fb2b3e51245164599a7c3969d4e6c
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_90_at2_030.png HTTP/1.1
Host: d.313vip37.xyz:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
Content-Length: 91545
Content-Type: image/png
Date: Thu, 23 Nov 2023 08:44:12 GMT
Etag: "617655d2-16599"
Expires: Fri, 24 Nov 2023 08:44:12 GMT
Last-Modified: Mon, 25 Oct 2021 06:59:30 GMT
Out-Line: gb-cdn-802
Uuid: -
X-Cache: HIT
X-Frame-Options: SAMEORIGIN
d.313vip37.xyz:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_90_ds_1004.png
200 OK 107 kB URL GET HTTP/1.1 d.313vip37.xyz:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_90_ds_1004.png
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerLet's Encrypt
Subjectd.313vip37.xyz
Fingerprint0C:CD:2A:92:60:DE:79:4F:60:49:33:D2:82:9F:3D:C6:6B:A2:F5:F9
ValiditySun, 19 Nov 2023 03:06:25 GMT - Sat, 17 Feb 2024 03:06:24 GMT
File type PNG image data, 250 x 215, 8-bit/color RGBA, non-interlaced\012- data
Size 107 kB (107087 bytes)
Hash 97e7e1d62e6ab7d3fb963eeaa7eaf82c
0b8b4dfbecc67f6c2108f1518363b04df485c23c
ba14d4ca242898af3cc3283eae416223f025413067480df7b0dd1ec6904d1b38
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_90_ds_1004.png HTTP/1.1
Host: d.313vip37.xyz:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
Content-Length: 107087
Content-Type: image/png
Date: Thu, 23 Nov 2023 08:44:12 GMT
Etag: "61513db1-1a24f"
Expires: Fri, 24 Nov 2023 08:44:12 GMT
Last-Modified: Mon, 27 Sep 2021 03:42:41 GMT
Out-Line: gb-cdn-802
Uuid: -
X-Cache: HIT
X-Frame-Options: SAMEORIGIN
d.313vip37.xyz:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_90_at2_018.png
200 OK 104 kB URL GET HTTP/1.1 d.313vip37.xyz:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_90_at2_018.png
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerLet's Encrypt
Subjectd.313vip37.xyz
Fingerprint0C:CD:2A:92:60:DE:79:4F:60:49:33:D2:82:9F:3D:C6:6B:A2:F5:F9
ValiditySun, 19 Nov 2023 03:06:25 GMT - Sat, 17 Feb 2024 03:06:24 GMT
File type PNG image data, 250 x 215, 8-bit/color RGBA, non-interlaced\012- data
Size 104 kB (103789 bytes)
Hash 47f5aa60abc34c45a6676edb8fdf0479
26c8e877af1411d84fa894f304795cc48e7ccb3e
35097b6af20809e9e749d5744ba558e6abb5d8f1cc0a48d351d7b6266eb1353b
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_90_at2_018.png HTTP/1.1
Host: d.313vip37.xyz:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
Content-Length: 103789
Content-Type: image/png
Date: Thu, 23 Nov 2023 08:44:12 GMT
Etag: "61513db1-1956d"
Expires: Fri, 24 Nov 2023 08:44:12 GMT
Last-Modified: Mon, 27 Sep 2021 03:42:41 GMT
Out-Line: gb-cdn-802
Uuid: -
X-Cache: HIT
X-Frame-Options: SAMEORIGIN
d.313vip37.xyz:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_3_8673.png
200 OK 25 kB URL GET HTTP/1.1 d.313vip37.xyz:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_3_8673.png
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerLet's Encrypt
Subjectd.313vip37.xyz
Fingerprint0C:CD:2A:92:60:DE:79:4F:60:49:33:D2:82:9F:3D:C6:6B:A2:F5:F9
ValiditySun, 19 Nov 2023 03:06:25 GMT - Sat, 17 Feb 2024 03:06:24 GMT
File type PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Hash 230a3ba266ae64dee8f70d0ff2f3b0e0
e5bd5defc0486a69adf7d8b187c2100e015260a2
c38424550af0abe01c532bcfdb9d3985a006a2f50ebe65da95b5a4afd2495449
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_3_8673.png HTTP/1.1
Host: d.313vip37.xyz:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
Content-Length: 25030
Content-Type: image/png
Date: Thu, 23 Nov 2023 08:44:13 GMT
Etag: "639fd3f4-61c6"
Expires: Fri, 24 Nov 2023 08:44:13 GMT
Last-Modified: Mon, 19 Dec 2022 03:01:08 GMT
Out-Line: gb-cdn-802
Uuid: -
X-Cache: HIT
X-Frame-Options: SAMEORIGIN
d.313vip37.xyz:8989/headerInfo.html?t=lpay61y3
200 OK 116 B URL GET HTTP/1.1 d.313vip37.xyz:8989/headerInfo.html?t=lpay61y3
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerLet's Encrypt
Subjectd.313vip37.xyz
Fingerprint0C:CD:2A:92:60:DE:79:4F:60:49:33:D2:82:9F:3D:C6:6B:A2:F5:F9
ValiditySun, 19 Nov 2023 03:06:25 GMT - Sat, 17 Feb 2024 03:06:24 GMT
File type JSON data\012- , ASCII text, with no line terminators
Hash dc0f960ce852654cc7d50f8cfeb85b0b
4e18a4f0c710e297ea870be08818e9bd171e2da3
b11558ae3740a675d6188923aed276bd1969fc32d98ea67b32204ba4b52ece3a
GET /headerInfo.html?t=lpay61y3 HTTP/1.1
Host: d.313vip37.xyz:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Cookie: sticket=TMWlNREZpTFRCaU9H; route=f99a9c30dbd1a887d1dbc0d8dc11c2e5
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Disposition: inline;filename=f.txt
Content-Encoding: gzip
Content-Type: text/html; charset=utf-8
Date: Thu, 23 Nov 2023 08:44:13 GMT
Out-Line: gb-cdn-802
Sub-Sys: msite
Uuid: 00627-01-00000000-1700729053fae6
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
Content-Length: 116
d.313vip37.xyz:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_90_at2_020.png
200 OK 106 kB URL GET HTTP/1.1 d.313vip37.xyz:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_90_at2_020.png
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerLet's Encrypt
Subjectd.313vip37.xyz
Fingerprint0C:CD:2A:92:60:DE:79:4F:60:49:33:D2:82:9F:3D:C6:6B:A2:F5:F9
ValiditySun, 19 Nov 2023 03:06:25 GMT - Sat, 17 Feb 2024 03:06:24 GMT
File type PNG image data, 250 x 215, 8-bit/color RGBA, non-interlaced\012- data
Size 106 kB (105577 bytes)
Hash 88a047662775c71a5483b0643e4cc75d
1403cc8add3e60970a95f9dd1b23084b850266be
ba2434bbbac29b41f9fc1f429f7311ca994e3888dbbd5b115a9829438ab130f7
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_90_at2_020.png HTTP/1.1
Host: d.313vip37.xyz:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
Content-Length: 105577
Content-Type: image/png
Date: Thu, 23 Nov 2023 08:44:13 GMT
Etag: "61513db1-19c69"
Expires: Fri, 24 Nov 2023 08:44:13 GMT
Last-Modified: Mon, 27 Sep 2021 03:42:41 GMT
Out-Line: gb-cdn-802
Uuid: -
X-Cache: HIT
X-Frame-Options: SAMEORIGIN
d.313vip37.xyz:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_3_7583.png
200 OK 20 kB URL GET HTTP/1.1 d.313vip37.xyz:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_3_7583.png
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerLet's Encrypt
Subjectd.313vip37.xyz
Fingerprint0C:CD:2A:92:60:DE:79:4F:60:49:33:D2:82:9F:3D:C6:6B:A2:F5:F9
ValiditySun, 19 Nov 2023 03:06:25 GMT - Sat, 17 Feb 2024 03:06:24 GMT
File type PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Hash a33f52ea5bd6275e21267f80791ef78a
8c628b103599834a360c53bbb3fbc9e01c5878c6
bb5a4afcdc59886a05b426337bdc6480c07742c0d06ca7bb3a03f66d904731e7
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_3_7583.png HTTP/1.1
Host: d.313vip37.xyz:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
Content-Length: 20322
Content-Type: image/png
Date: Thu, 23 Nov 2023 08:44:13 GMT
Etag: "6242ddff-4f62"
Expires: Fri, 24 Nov 2023 08:44:13 GMT
Last-Modified: Tue, 29 Mar 2022 10:22:55 GMT
Out-Line: gb-cdn-802
Uuid: -
X-Cache: HIT
X-Frame-Options: SAMEORIGIN
d.313vip37.xyz:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_90_ds_1002.png
200 OK 120 kB URL GET HTTP/1.1 d.313vip37.xyz:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_90_ds_1002.png
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerLet's Encrypt
Subjectd.313vip37.xyz
Fingerprint0C:CD:2A:92:60:DE:79:4F:60:49:33:D2:82:9F:3D:C6:6B:A2:F5:F9
ValiditySun, 19 Nov 2023 03:06:25 GMT - Sat, 17 Feb 2024 03:06:24 GMT
File type PNG image data, 250 x 215, 8-bit/color RGBA, non-interlaced\012- data
Size 120 kB (119603 bytes)
Hash 47f82f045a474d9481728a14eef31212
e0440f66748805d9bd9fd46164094f9848054da4
3f6b4bf17a52f4989b5ebe3ee767a5e12554b0ac387668e8da6bb6ed67224431
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_90_ds_1002.png HTTP/1.1
Host: d.313vip37.xyz:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
Content-Length: 119603
Content-Type: image/png
Date: Thu, 23 Nov 2023 08:44:13 GMT
Etag: "61513db1-1d333"
Expires: Fri, 24 Nov 2023 08:44:13 GMT
Last-Modified: Mon, 27 Sep 2021 03:42:41 GMT
Out-Line: gb-cdn-802
Uuid: -
X-Cache: HIT
X-Frame-Options: SAMEORIGIN
d.313vip37.xyz:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_90_ds_1001.png
200 OK 98 kB URL GET HTTP/1.1 d.313vip37.xyz:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_90_ds_1001.png
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerLet's Encrypt
Subjectd.313vip37.xyz
Fingerprint0C:CD:2A:92:60:DE:79:4F:60:49:33:D2:82:9F:3D:C6:6B:A2:F5:F9
ValiditySun, 19 Nov 2023 03:06:25 GMT - Sat, 17 Feb 2024 03:06:24 GMT
File type PNG image data, 250 x 215, 8-bit/color RGBA, non-interlaced\012- data
Hash 877c38be4323f2c147032108ccef2199
add9d18c6be428cb95544a73b0f6e00f11fc2b5b
a0424505fba5728d840e3f3c9dfc0b3a5c7838813eb4eb37e9babe498c79e16b
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_90_ds_1001.png HTTP/1.1
Host: d.313vip37.xyz:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
Content-Length: 97628
Content-Type: image/png
Date: Thu, 23 Nov 2023 08:44:13 GMT
Etag: "61513db1-17d5c"
Expires: Fri, 24 Nov 2023 08:44:13 GMT
Last-Modified: Mon, 27 Sep 2021 03:42:41 GMT
Out-Line: gb-cdn-802
Uuid: -
X-Cache: HIT
X-Frame-Options: SAMEORIGIN
d.313vip37.xyz:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_90_ds_1003.png
200 OK 127 kB URL GET HTTP/1.1 d.313vip37.xyz:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_90_ds_1003.png
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerLet's Encrypt
Subjectd.313vip37.xyz
Fingerprint0C:CD:2A:92:60:DE:79:4F:60:49:33:D2:82:9F:3D:C6:6B:A2:F5:F9
ValiditySun, 19 Nov 2023 03:06:25 GMT - Sat, 17 Feb 2024 03:06:24 GMT
File type PNG image data, 250 x 215, 8-bit/color RGBA, non-interlaced\012- data
Size 127 kB (126630 bytes)
Hash b5927edf22b7afcaa8623bb2bf7a023c
27991e900ef52dc1848a4d010abaee15b9764ad7
9bd02bff9e834cfb9d1e51a452cffa22aeecb4564729009c4e76d9d92ff6a73b
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_90_ds_1003.png HTTP/1.1
Host: d.313vip37.xyz:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
Content-Length: 126630
Content-Type: image/png
Date: Thu, 23 Nov 2023 08:44:13 GMT
Etag: "61513db1-1eea6"
Expires: Fri, 24 Nov 2023 08:44:13 GMT
Last-Modified: Mon, 27 Sep 2021 03:42:41 GMT
Out-Line: gb-cdn-802
Uuid: -
X-Cache: HIT
X-Frame-Options: SAMEORIGIN
d.313vip37.xyz:8989/mobile-api/v5/chess/getActivityMsg.html?function=sign
200 OK 112 B URL GET HTTP/1.1 d.313vip37.xyz:8989/mobile-api/v5/chess/getActivityMsg.html?function=sign
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerLet's Encrypt
Subjectd.313vip37.xyz
Fingerprint0C:CD:2A:92:60:DE:79:4F:60:49:33:D2:82:9F:3D:C6:6B:A2:F5:F9
ValiditySun, 19 Nov 2023 03:06:25 GMT - Sat, 17 Feb 2024 03:06:24 GMT
File type JSON data\012- , Unicode text, UTF-8 text, with no line terminators
Hash 5d062bc93ef9d75b27e852ed745d170f
1ecf82a0589608b26ee6a29b2cc3229916596626
26e77aa8c61c230db13c8fd74d4ab3adf8be54c3192c4e16f94e633a71efc2e1
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /mobile-api/v5/chess/getActivityMsg.html?function=sign HTTP/1.1
Host: d.313vip37.xyz:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Cookie: sticket=TMWlNREZpTFRCaU9H; route=f99a9c30dbd1a887d1dbc0d8dc11c2e5
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Access-Control-Allow-Headers: Content-Type,Access-Token,X-Requested-With
Access-Control-Allow-Methods: *
Access-Control-Max-Age: 3600
Content-Disposition: inline;filename=f.txt
Content-Encoding: br
Content-Type: text/html;charset=utf-8
Date: Thu, 23 Nov 2023 08:44:13 GMT
Out-Line: gb-cdn-802
Set-Cookie: route=66776b881a59021b52807ef9298664ac; Path=/
Sub-Sys: mobile
Uuid: 00627-01-00000000-17007290534adc
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
Content-Length: 112
d.313vip37.xyz:8989/mobile-api/v5/origin/loginSwitchCheck.html
200 OK 113 B URL GET HTTP/1.1 d.313vip37.xyz:8989/mobile-api/v5/origin/loginSwitchCheck.html
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerLet's Encrypt
Subjectd.313vip37.xyz
Fingerprint0C:CD:2A:92:60:DE:79:4F:60:49:33:D2:82:9F:3D:C6:6B:A2:F5:F9
ValiditySun, 19 Nov 2023 03:06:25 GMT - Sat, 17 Feb 2024 03:06:24 GMT
File type JSON data\012- , Unicode text, UTF-8 text, with no line terminators
Hash 1452cebf3e2bb129b06762f43f09e5c8
0ec65f1e79233e8c59f76c55fb89ac8637cfb070
99a31cd18b8ce37d3725d0a77d5e314452d2906ed2b54b8b19d4de849d1bf13d
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /mobile-api/v5/origin/loginSwitchCheck.html HTTP/1.1
Host: d.313vip37.xyz:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Cookie: sticket=TMWlNREZpTFRCaU9H; route=f99a9c30dbd1a887d1dbc0d8dc11c2e5
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Access-Control-Allow-Headers: Content-Type,Access-Token,X-Requested-With
Access-Control-Allow-Methods: *
Access-Control-Max-Age: 3600
Content-Disposition: inline;filename=f.txt
Content-Encoding: br
Content-Type: text/html;charset=utf-8
Date: Thu, 23 Nov 2023 08:44:13 GMT
Out-Line: gb-cdn-802
Set-Cookie: route=1bd47f3fb2de4e856ef59c7ef0cfd5c8; Path=/
Sub-Sys: mobile
Uuid: 00627-01-00000000-17007290533958
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
Content-Length: 113
d.313vip37.xyz:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_3_7696.png
200 OK 23 kB URL GET HTTP/1.1 d.313vip37.xyz:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_3_7696.png
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerLet's Encrypt
Subjectd.313vip37.xyz
Fingerprint0C:CD:2A:92:60:DE:79:4F:60:49:33:D2:82:9F:3D:C6:6B:A2:F5:F9
ValiditySun, 19 Nov 2023 03:06:25 GMT - Sat, 17 Feb 2024 03:06:24 GMT
File type PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Hash 8443275571f203acae6b53207ed73b9f
c3d112abe5edbacb300b321b54cdc9c7d4666bbf
c54b7cdaf70e87778fc4d9c645d5c0296184f7f67793a2b777c194599700882c
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_3_7696.png HTTP/1.1
Host: d.313vip37.xyz:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
Content-Length: 22876
Content-Type: image/png
Date: Thu, 23 Nov 2023 08:44:13 GMT
Etag: "6242ddff-595c"
Expires: Fri, 24 Nov 2023 08:44:13 GMT
Last-Modified: Tue, 29 Mar 2022 10:22:55 GMT
Out-Line: gb-cdn-802
Uuid: -
X-Cache: HIT
X-Frame-Options: SAMEORIGIN
d.313vip37.xyz:8989/index/getUserTimeZoneDate.html?t=lpay626u
200 OK 97 B URL GET HTTP/1.1 d.313vip37.xyz:8989/index/getUserTimeZoneDate.html?t=lpay626u
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerLet's Encrypt
Subjectd.313vip37.xyz
Fingerprint0C:CD:2A:92:60:DE:79:4F:60:49:33:D2:82:9F:3D:C6:6B:A2:F5:F9
ValiditySun, 19 Nov 2023 03:06:25 GMT - Sat, 17 Feb 2024 03:06:24 GMT
File type JSON data\012- , ASCII text, with no line terminators
Hash 5a8f8361dce1cec05e441f486bb741c9
e1001837d8ec8ac33bfc4548433cb3f71936b083
f6b0d5480863597f8f7074e97222d216f311001c8fa9c2c4f983d3f56c0a6fb8
GET /index/getUserTimeZoneDate.html?t=lpay626u HTTP/1.1
Host: d.313vip37.xyz:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Cookie: sticket=TMWlNREZpTFRCaU9H; route=f99a9c30dbd1a887d1dbc0d8dc11c2e5
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cachettl: 3
Content-Disposition: inline;filename=f.txt
Content-Encoding: br
Content-Type: text/html; charset=utf-8
Date: Thu, 23 Nov 2023 08:44:13 GMT
Out-Line: gb-cdn-802
Sub-Sys: msite
Uuid: 00627-01-00000000-170072905357be
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
Content-Length: 97
d.313vip37.xyz:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_3_7695.png
200 OK 23 kB URL GET HTTP/1.1 d.313vip37.xyz:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_3_7695.png
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerLet's Encrypt
Subjectd.313vip37.xyz
Fingerprint0C:CD:2A:92:60:DE:79:4F:60:49:33:D2:82:9F:3D:C6:6B:A2:F5:F9
ValiditySun, 19 Nov 2023 03:06:25 GMT - Sat, 17 Feb 2024 03:06:24 GMT
File type PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Hash 3c3c588128385827b532946ac86d0a6d
7d84bebb554df6b3c699352d83d640368903ceff
206c91c826cef5d9db409283a0c439a4322211588ecc14b6abb0af9d4573b328
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_3_7695.png HTTP/1.1
Host: d.313vip37.xyz:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
Content-Length: 22623
Content-Type: image/png
Date: Thu, 23 Nov 2023 08:44:13 GMT
Etag: "6242ddff-585f"
Expires: Fri, 24 Nov 2023 08:44:13 GMT
Last-Modified: Tue, 29 Mar 2022 10:22:55 GMT
Out-Line: gb-cdn-802
Uuid: -
X-Cache: HIT
X-Frame-Options: SAMEORIGIN
d.313vip37.xyz:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_90_at2_017.png
200 OK 96 kB URL GET HTTP/1.1 d.313vip37.xyz:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_90_at2_017.png
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerLet's Encrypt
Subjectd.313vip37.xyz
Fingerprint0C:CD:2A:92:60:DE:79:4F:60:49:33:D2:82:9F:3D:C6:6B:A2:F5:F9
ValiditySun, 19 Nov 2023 03:06:25 GMT - Sat, 17 Feb 2024 03:06:24 GMT
File type PNG image data, 250 x 215, 8-bit/color RGBA, non-interlaced\012- data
Hash 0ea541fd7014332c36b6d147e4e97dac
ec19906ce3c4f9bf8b0811437b4e6daefb64073c
f92a42092bfb2d534b675509c54ce485f2d38f5c6e3ae25e013859f868f49ae7
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_90_at2_017.png HTTP/1.1
Host: d.313vip37.xyz:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
Content-Length: 95696
Content-Type: image/png
Date: Thu, 23 Nov 2023 08:44:13 GMT
Etag: "61513db1-175d0"
Expires: Fri, 24 Nov 2023 08:44:13 GMT
Last-Modified: Mon, 27 Sep 2021 03:42:41 GMT
Out-Line: gb-cdn-802
Uuid: -
X-Cache: HIT
X-Frame-Options: SAMEORIGIN
d.313vip37.xyz:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_90_at2_012.png
200 OK 99 kB URL GET HTTP/1.1 d.313vip37.xyz:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_90_at2_012.png
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerLet's Encrypt
Subjectd.313vip37.xyz
Fingerprint0C:CD:2A:92:60:DE:79:4F:60:49:33:D2:82:9F:3D:C6:6B:A2:F5:F9
ValiditySun, 19 Nov 2023 03:06:25 GMT - Sat, 17 Feb 2024 03:06:24 GMT
File type PNG image data, 250 x 215, 8-bit/color RGBA, non-interlaced\012- data
Hash 8d9b708f3313917c09eb78bbe19876a5
4b254e52083cf6f29daf23393f398f9c542638f1
29c83142b9e396bb4645c5b797b46ea424e84ec7c46baab65f5223ddb85519cf
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_90_at2_012.png HTTP/1.1
Host: d.313vip37.xyz:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
Content-Length: 98689
Content-Type: image/png
Date: Thu, 23 Nov 2023 08:44:13 GMT
Etag: "615e79f3-18181"
Expires: Fri, 24 Nov 2023 08:44:13 GMT
Last-Modified: Thu, 07 Oct 2021 04:39:15 GMT
Out-Line: gb-cdn-802
Uuid: -
X-Cache: HIT
X-Frame-Options: SAMEORIGIN
d.313vip37.xyz:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_10_30599.png
200 OK 22 kB URL GET HTTP/1.1 d.313vip37.xyz:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_10_30599.png
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerLet's Encrypt
Subjectd.313vip37.xyz
Fingerprint0C:CD:2A:92:60:DE:79:4F:60:49:33:D2:82:9F:3D:C6:6B:A2:F5:F9
ValiditySun, 19 Nov 2023 03:06:25 GMT - Sat, 17 Feb 2024 03:06:24 GMT
File type PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Hash a83dc10b4e607a2685552e62c61e28ba
0f879b68bd5690faa0577ec9335ad219468e2670
3983d86b32d2cba092eea2e69dbdd3e6739824505d27c3ed04c892b28861a6e7
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_10_30599.png HTTP/1.1
Host: d.313vip37.xyz:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
Content-Length: 22499
Content-Type: image/png
Date: Thu, 23 Nov 2023 08:44:14 GMT
Etag: "5d2c760b-57e3"
Expires: Fri, 24 Nov 2023 08:44:14 GMT
Last-Modified: Mon, 15 Jul 2019 12:48:11 GMT
Out-Line: gb-cdn-802
Uuid: -
X-Cache: HIT
X-Frame-Options: SAMEORIGIN
d.313vip37.xyz:8989/mobile-api/v5/origin/getThirdParam.html
200 OK 86 B URL GET HTTP/1.1 d.313vip37.xyz:8989/mobile-api/v5/origin/getThirdParam.html
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerLet's Encrypt
Subjectd.313vip37.xyz
Fingerprint0C:CD:2A:92:60:DE:79:4F:60:49:33:D2:82:9F:3D:C6:6B:A2:F5:F9
ValiditySun, 19 Nov 2023 03:06:25 GMT - Sat, 17 Feb 2024 03:06:24 GMT
File type JSON data\012- , Unicode text, UTF-8 text, with no line terminators
Hash 9ac55fe189e4f53f37156e563e0f542e
18b13b1360ce9fbd973e046d2652be38d58a15e0
d7e02321006e1520d4c3e8d26428462419388e022cc89f3c974d0b87ad83af7b
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /mobile-api/v5/origin/getThirdParam.html HTTP/1.1
Host: d.313vip37.xyz:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Cookie: sticket=TMWlNREZpTFRCaU9H; route=1bd47f3fb2de4e856ef59c7ef0cfd5c8
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Access-Control-Allow-Headers: Content-Type,Access-Token,X-Requested-With
Access-Control-Allow-Methods: *
Access-Control-Max-Age: 3600
Content-Disposition: inline;filename=f.txt
Content-Encoding: br
Content-Type: text/html;charset=utf-8
Date: Thu, 23 Nov 2023 08:44:14 GMT
Out-Line: gb-cdn-802
Sub-Sys: mobile
Uuid: 00627-01-00000000-1700729054bbb7
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
Content-Length: 86
d.313vip37.xyz:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_3_8339.png
200 OK 96 kB URL GET HTTP/1.1 d.313vip37.xyz:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_3_8339.png
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerLet's Encrypt
Subjectd.313vip37.xyz
Fingerprint0C:CD:2A:92:60:DE:79:4F:60:49:33:D2:82:9F:3D:C6:6B:A2:F5:F9
ValiditySun, 19 Nov 2023 03:06:25 GMT - Sat, 17 Feb 2024 03:06:24 GMT
File type PNG image data, 250 x 215, 8-bit/color RGBA, non-interlaced\012- data
Hash 852c361c9460f489e179f3d34edab1dd
c981b28bbab1500869ff9aa937c3f17e67262ad8
97538b6351173a03757ff751ee08d62cf615b8e01725bc60ec299a2b54a6859b
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_3_8339.png HTTP/1.1
Host: d.313vip37.xyz:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
Content-Length: 95973
Content-Type: image/png
Date: Thu, 23 Nov 2023 08:44:14 GMT
Etag: "62afee6c-176e5"
Expires: Fri, 24 Nov 2023 08:44:14 GMT
Last-Modified: Mon, 20 Jun 2022 03:50:04 GMT
Out-Line: gb-cdn-802
Uuid: -
X-Cache: HIT
X-Frame-Options: SAMEORIGIN
d.313vip37.xyz:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_3_7697.png
200 OK 27 kB URL GET HTTP/1.1 d.313vip37.xyz:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_3_7697.png
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerLet's Encrypt
Subjectd.313vip37.xyz
Fingerprint0C:CD:2A:92:60:DE:79:4F:60:49:33:D2:82:9F:3D:C6:6B:A2:F5:F9
ValiditySun, 19 Nov 2023 03:06:25 GMT - Sat, 17 Feb 2024 03:06:24 GMT
File type PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Hash 6806dc9c36ddfc927f9814ab1f8a021c
fee37bf769af8a26bf58ed70405100bfee39e867
1455e15577781e784863594804797d19c9edb69c6aaa32fe86f9268b9847d6c0
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_3_7697.png HTTP/1.1
Host: d.313vip37.xyz:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
Content-Length: 26952
Content-Type: image/png
Date: Thu, 23 Nov 2023 08:44:14 GMT
Etag: "6242ddff-6948"
Expires: Fri, 24 Nov 2023 08:44:14 GMT
Last-Modified: Tue, 29 Mar 2022 10:22:55 GMT
Out-Line: gb-cdn-802
Uuid: -
X-Cache: HIT
X-Frame-Options: SAMEORIGIN
d.313vip37.xyz:8989/game-api/v5/content/sportRecommended.html?t=lpay62mi
200 OK 1.9 kB URL GET HTTP/1.1 d.313vip37.xyz:8989/game-api/v5/content/sportRecommended.html?t=lpay62mi
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerLet's Encrypt
Subjectd.313vip37.xyz
Fingerprint0C:CD:2A:92:60:DE:79:4F:60:49:33:D2:82:9F:3D:C6:6B:A2:F5:F9
ValiditySun, 19 Nov 2023 03:06:25 GMT - Sat, 17 Feb 2024 03:06:24 GMT
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (13140), with no line terminators
Hash 0d657641a6a5fdf9ded688d549bc960e
13bf36f1d35c4a7606cbd992c178024d83e8897c
4b53921ba0dd862374c59671706c74134cdc59db94dae27b78a05dc28ed779aa
GET /game-api/v5/content/sportRecommended.html?t=lpay62mi HTTP/1.1
Host: d.313vip37.xyz:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Cookie: sticket=TMWlNREZpTFRCaU9H; route=1bd47f3fb2de4e856ef59c7ef0cfd5c8
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Disposition: inline;filename=f.txt
Content-Encoding: gzip
Content-Type: text/html;charset=utf-8
Date: Thu, 23 Nov 2023 08:44:14 GMT
Out-Line: gb-cdn-802
Set-Cookie: route=4fa27cd8ccb9b1c65f9c0b6943f6c2c5; Path=/
Sub-Sys: mobile
Uuid: 00627-01-00000000-17007290543e05
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
Content-Length: 1856
5y7wpn.gaokejd.xyz/ftl/commonPage/themes/images/layer-dialog/gui-layer-close-bg.png
200 OK 1.3 kB URL GET HTTP/1.1 5y7wpn.gaokejd.xyz/ftl/commonPage/themes/images/layer-dialog/gui-layer-close-bg.png
IP
ASN #138915 Kaopu Cloud HK Limited
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type PNG image data, 34 x 34, 8-bit/color RGBA, non-interlaced\012- data
Hash a2e938202c0287b9c82461a6fd94dee9
b5e2adc7cb07c18a70a88af314e56b946ec1a1b6
df9ce20db277ad8302c704a73aff5024683a0d38aff0d3e7e884a67a24439936
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/commonPage/themes/images/layer-dialog/gui-layer-close-bg.png HTTP/1.1
Host: 5y7wpn.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://5y7wpn.gaokejd.xyz/ftl/commonPage/themes/gui-layer.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 1321
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-06
ETag: "5d848f4f-529"
Date: Tue, 14 Nov 2023 04:55:11 GMT
Last-Modified: Fri, 20 Sep 2019 08:35:27 GMT
Expires: Thu, 14 Dec 2023 04:55:11 GMT
Age: 791342
Cache-Control: max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-204
x-link-via: xg21:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-06, HIT from KS-CLOUD-XG-FOREIGN-21-12
X-Cdn-Request-ID: c71aa4ae6163bdf8bf2b5a66054664e8
d.313vip37.xyz:8989/ftl/bet365-627/themes/images/hot.gif
200 OK 167 B URL GET HTTP/1.1 d.313vip37.xyz:8989/ftl/bet365-627/themes/images/hot.gif
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerLet's Encrypt
Subjectd.313vip37.xyz
Fingerprint0C:CD:2A:92:60:DE:79:4F:60:49:33:D2:82:9F:3D:C6:6B:A2:F5:F9
ValiditySun, 19 Nov 2023 03:06:25 GMT - Sat, 17 Feb 2024 03:06:24 GMT
File type GIF image data, version 89a, 21 x 12\012- data
Hash b2f35bc4ca5bcaac202e8af12cb1b306
b6a2b19fceda710a3cff5855d1641955b1cf4d0a
8e94fcabb03b3da77e5f0428c831040f54836cb109f45a8ec2e324eb6007d621
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/bet365-627/themes/images/hot.gif HTTP/1.1
Host: d.313vip37.xyz:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Cookie: sticket=TMWlNREZpTFRCaU9H; route=1bd47f3fb2de4e856ef59c7ef0cfd5c8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=86400
Content-Length: 167
Content-Type: image/gif
Date: Thu, 23 Nov 2023 08:44:14 GMT
Etag: "5d2c7603-a7"
Expires: Fri, 24 Nov 2023 08:44:14 GMT
Last-Modified: Mon, 15 Jul 2019 12:48:03 GMT
Out-Line: gb-cdn-802
Uuid: -
X-Cache: HIT
X-Frame-Options: SAMEORIGIN
d.313vip37.xyz:8989/ftl/bet365-627/themes/images/hot2.gif
200 OK 1.2 kB URL GET HTTP/1.1 d.313vip37.xyz:8989/ftl/bet365-627/themes/images/hot2.gif
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerLet's Encrypt
Subjectd.313vip37.xyz
Fingerprint0C:CD:2A:92:60:DE:79:4F:60:49:33:D2:82:9F:3D:C6:6B:A2:F5:F9
ValiditySun, 19 Nov 2023 03:06:25 GMT - Sat, 17 Feb 2024 03:06:24 GMT
File type GIF image data, version 89a, 21 x 12\012- data
Hash d6ce337eca63be7cb1aadcf908fdc295
d704d68522c1ece42cfe8825d8db78e965f89b90
6f09d86e9d7f1d0d59ac2d5f7560714735dccbf97ef37b5d64f0cfab9ca55d8d
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/bet365-627/themes/images/hot2.gif HTTP/1.1
Host: d.313vip37.xyz:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Cookie: sticket=TMWlNREZpTFRCaU9H; route=1bd47f3fb2de4e856ef59c7ef0cfd5c8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=86400
Content-Length: 1247
Content-Type: image/gif
Date: Thu, 23 Nov 2023 08:44:14 GMT
Etag: "5d2c7603-4df"
Expires: Fri, 24 Nov 2023 08:44:14 GMT
Last-Modified: Mon, 15 Jul 2019 12:48:03 GMT
Out-Line: gb-cdn-802
Uuid: -
X-Cache: HIT
X-Frame-Options: SAMEORIGIN
d.313vip37.xyz:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_49_10.png
200 OK 22 kB URL GET HTTP/1.1 d.313vip37.xyz:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_49_10.png
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerLet's Encrypt
Subjectd.313vip37.xyz
Fingerprint0C:CD:2A:92:60:DE:79:4F:60:49:33:D2:82:9F:3D:C6:6B:A2:F5:F9
ValiditySun, 19 Nov 2023 03:06:25 GMT - Sat, 17 Feb 2024 03:06:24 GMT
File type PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Hash 548f74b6fbacfdafac2d13982ea01f5b
62056e33bd99fdb7a26ed1eb6e0d34baae75ab4b
8d23af5f64406af80c5f00bbe2806c0a696eee1b9fa144135a679cf7d15c27a9
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_49_10.png HTTP/1.1
Host: d.313vip37.xyz:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
Content-Length: 21502
Content-Type: image/png
Date: Thu, 23 Nov 2023 08:44:14 GMT
Etag: "613c72bd-53fe"
Expires: Fri, 24 Nov 2023 08:44:14 GMT
Last-Modified: Sat, 11 Sep 2021 09:11:25 GMT
Out-Line: gb-cdn-802
Uuid: -
X-Cache: HIT
X-Frame-Options: SAMEORIGIN
5y7wpn.gaokejd.xyz/fserver/files/gb/627/carousel/10248/1639031498927.jpg?wsSecret=8a2bceca504e19cf817acbdc796838f9&wsTime=1700729054
200 OK 109 kB URL GET HTTP/1.1 5y7wpn.gaokejd.xyz/fserver/files/gb/627/carousel/10248/1639031498927.jpg?wsSecret=8a2bceca504e19cf817acbdc796838f9&wsTime=1700729054
IP
ASN #137280 Kingsoft cloud corporation limited
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1400x1047, components 3\012- data
Size 109 kB (108905 bytes)
Hash a582bbafae734ce8d97277a3fe5c816a
3635982fcf5958b2b7f5743bc6096909d51ca4eb
3ddc1c6b6f8bd56be3aad8e95135a4e4499bc3759ecfb1607d89abd13cbcb94c
GET /fserver/files/gb/627/carousel/10248/1639031498927.jpg?wsSecret=8a2bceca504e19cf817acbdc796838f9&wsTime=1700729054 HTTP/1.1
Host: 5y7wpn.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 108905
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-05
ETag: "637b43b1-1a969"
Date: Tue, 14 Nov 2023 04:55:11 GMT
Last-Modified: Mon, 21 Nov 2022 09:24:01 GMT
Expires: Thu, 14 Dec 2023 04:55:11 GMT
Age: 791342
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xg03:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-05, HIT from KS-CLOUD-XG-03-02
X-Cdn-Request-ID: e86f25adae81b9cde31431d02dd9114c
d.313vip37.xyz:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_10_38001.png
200 OK 23 kB URL GET HTTP/1.1 d.313vip37.xyz:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_10_38001.png
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerLet's Encrypt
Subjectd.313vip37.xyz
Fingerprint0C:CD:2A:92:60:DE:79:4F:60:49:33:D2:82:9F:3D:C6:6B:A2:F5:F9
ValiditySun, 19 Nov 2023 03:06:25 GMT - Sat, 17 Feb 2024 03:06:24 GMT
File type PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Hash 14f7dbafc1472fa05db8eb17ae826f30
991915b5ae07c7a47e93dce0c6c82d0d0b690993
7287fcb933e5bf3eba0d13e7312cf5ba90f94c0593310090fdc521f866b0b134
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_10_38001.png HTTP/1.1
Host: d.313vip37.xyz:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
Content-Length: 23355
Content-Type: image/png
Date: Thu, 23 Nov 2023 08:44:14 GMT
Etag: "5d2c760b-5b3b"
Expires: Fri, 24 Nov 2023 08:44:14 GMT
Last-Modified: Mon, 15 Jul 2019 12:48:11 GMT
Out-Line: gb-cdn-802
Uuid: -
X-Cache: HIT
X-Frame-Options: SAMEORIGIN
d.313vip37.xyz:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_9_HMSH.png
200 OK 20 kB URL GET HTTP/1.1 d.313vip37.xyz:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_9_HMSH.png
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerLet's Encrypt
Subjectd.313vip37.xyz
Fingerprint0C:CD:2A:92:60:DE:79:4F:60:49:33:D2:82:9F:3D:C6:6B:A2:F5:F9
ValiditySun, 19 Nov 2023 03:06:25 GMT - Sat, 17 Feb 2024 03:06:24 GMT
File type PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Hash 82c905f14c36be0d2fa670516edded31
437546d720284de3982ff79df6a946b81e923371
f3cdfd33e75d6f3877e1e0da0491c2b2a65c66f95d434c6b08950b0b5d5b9cc6
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_9_HMSH.png HTTP/1.1
Host: d.313vip37.xyz:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
Content-Length: 19597
Content-Type: image/png
Date: Thu, 23 Nov 2023 08:44:14 GMT
Etag: "613c72be-4c8d"
Expires: Fri, 24 Nov 2023 08:44:14 GMT
Last-Modified: Sat, 11 Sep 2021 09:11:26 GMT
Out-Line: gb-cdn-802
Uuid: -
X-Cache: HIT
X-Frame-Options: SAMEORIGIN
d.313vip37.xyz:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_10_30588.png
200 OK 20 kB URL GET HTTP/1.1 d.313vip37.xyz:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_10_30588.png
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerLet's Encrypt
Subjectd.313vip37.xyz
Fingerprint0C:CD:2A:92:60:DE:79:4F:60:49:33:D2:82:9F:3D:C6:6B:A2:F5:F9
ValiditySun, 19 Nov 2023 03:06:25 GMT - Sat, 17 Feb 2024 03:06:24 GMT
File type PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Hash f5a323409d6eeca58e65b88d3d0bdd15
6b60c6305e3065a1e9641865eb20243526444f17
b895770db7a902a14119dae3f32bb5622b8e0ae8ddb181f5b4e833e6cd535fb2
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_10_30588.png HTTP/1.1
Host: d.313vip37.xyz:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
Content-Length: 19724
Content-Type: image/png
Date: Thu, 23 Nov 2023 08:44:14 GMT
Etag: "647d3bee-4d0c"
Expires: Fri, 24 Nov 2023 08:44:14 GMT
Last-Modified: Mon, 05 Jun 2023 01:35:42 GMT
Out-Line: gb-cdn-802
Uuid: -
X-Cache: HIT
X-Frame-Options: SAMEORIGIN
d.313vip37.xyz:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_35_1050.png
200 OK 22 kB URL GET HTTP/1.1 d.313vip37.xyz:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_35_1050.png
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerLet's Encrypt
Subjectd.313vip37.xyz
Fingerprint0C:CD:2A:92:60:DE:79:4F:60:49:33:D2:82:9F:3D:C6:6B:A2:F5:F9
ValiditySun, 19 Nov 2023 03:06:25 GMT - Sat, 17 Feb 2024 03:06:24 GMT
File type PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Hash 0445397f922bcef3252bedd6877d8668
f4d265e0774ed0dbda4d4548863cd852c48c570f
3069757649a24fe38937eebf84c12b959ec4e58edf10cf2c661cc2ae433a40c0
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_35_1050.png HTTP/1.1
Host: d.313vip37.xyz:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
Content-Length: 21792
Content-Type: image/png
Date: Thu, 23 Nov 2023 08:44:14 GMT
Etag: "613c72bd-5520"
Expires: Fri, 24 Nov 2023 08:44:14 GMT
Last-Modified: Sat, 11 Sep 2021 09:11:25 GMT
Out-Line: gb-cdn-802
Uuid: -
X-Cache: HIT
X-Frame-Options: SAMEORIGIN
5y7wpn.gaokejd.xyz/fserver/files/gb/627/carousel/10242/1634789185352.jpg?wsSecret=eb78c10113a0abe9fbf1b32ac3c12d2a&wsTime=1700729054
200 OK 156 kB URL GET HTTP/1.1 5y7wpn.gaokejd.xyz/fserver/files/gb/627/carousel/10242/1634789185352.jpg?wsSecret=eb78c10113a0abe9fbf1b32ac3c12d2a&wsTime=1700729054
IP
ASN #137280 Kingsoft cloud corporation limited
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1400x1047, components 3\012- data
Size 156 kB (155560 bytes)
Hash 60b8a70e22bccbddfc23fcb7901206bf
30ba40197faf4b7de677d782fa2130449d3c5ddf
87411f257761e4f055ae77c637510675ff922bf03b51efd8d844133bba82e5e3
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /fserver/files/gb/627/carousel/10242/1634789185352.jpg?wsSecret=eb78c10113a0abe9fbf1b32ac3c12d2a&wsTime=1700729054 HTTP/1.1
Host: 5y7wpn.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 155560
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-01
ETag: "637b438a-25fa8"
Date: Tue, 14 Nov 2023 04:55:12 GMT
Last-Modified: Mon, 21 Nov 2022 09:23:22 GMT
Expires: Thu, 14 Dec 2023 04:55:12 GMT
Age: 791341
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xg03:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-01, HIT from KS-CLOUD-XG-03-13
X-Cdn-Request-ID: fa74411bcb7eff6be4d23b5b8e19dbef
d.313vip37.xyz:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_9_6.png
200 OK 22 kB URL GET HTTP/1.1 d.313vip37.xyz:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_9_6.png
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerLet's Encrypt
Subjectd.313vip37.xyz
Fingerprint0C:CD:2A:92:60:DE:79:4F:60:49:33:D2:82:9F:3D:C6:6B:A2:F5:F9
ValiditySun, 19 Nov 2023 03:06:25 GMT - Sat, 17 Feb 2024 03:06:24 GMT
File type PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Hash 18fc529cc0b071eee9ab764c7b3cebf2
e79958322824752ee3be995515d242f3a65dbd15
7dc7c033a2391b021f70e5576b15806c1e3e73b2bf5a0beda751bbdff7513b7b
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_9_6.png HTTP/1.1
Host: d.313vip37.xyz:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
Content-Length: 21622
Content-Type: image/png
Date: Thu, 23 Nov 2023 08:44:14 GMT
Etag: "5d2c760b-5476"
Expires: Fri, 24 Nov 2023 08:44:14 GMT
Last-Modified: Mon, 15 Jul 2019 12:48:11 GMT
Out-Line: gb-cdn-802
Uuid: -
X-Cache: HIT
X-Frame-Options: SAMEORIGIN
5y7wpn.gaokejd.xyz/fserver/files/gb/627/carousel/10286/1657103857814.jpg?wsSecret=63f2194f5b3de81936a04d5b3f68ae09&wsTime=1700729054
200 OK 140 kB URL GET HTTP/1.1 5y7wpn.gaokejd.xyz/fserver/files/gb/627/carousel/10286/1657103857814.jpg?wsSecret=63f2194f5b3de81936a04d5b3f68ae09&wsTime=1700729054
IP
ASN #137280 Kingsoft cloud corporation limited
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1384x1032, components 3\012- data
Size 140 kB (139728 bytes)
Hash aca3feaaa5938bae877d19b4abb189b5
543fd9fd9b9e103ca96613bac6990edcfe762dc9
203af714f1e2f0bdedc75ebc1995a0037559bad23c3730dde63032462318460d
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /fserver/files/gb/627/carousel/10286/1657103857814.jpg?wsSecret=63f2194f5b3de81936a04d5b3f68ae09&wsTime=1700729054 HTTP/1.1
Host: 5y7wpn.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 139728
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-02
ETag: "637b4453-221d0"
Date: Tue, 14 Nov 2023 04:55:13 GMT
Last-Modified: Mon, 21 Nov 2022 09:26:43 GMT
Expires: Thu, 14 Dec 2023 04:55:13 GMT
Age: 791340
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xg03:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-02, HIT from KS-CLOUD-XG-03-12
X-Cdn-Request-ID: c7e7bd2510ba55a3b629760428ece9cc
d.313vip37.xyz:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_10_30593.png
200 OK 87 kB URL GET HTTP/1.1 d.313vip37.xyz:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_10_30593.png
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerLet's Encrypt
Subjectd.313vip37.xyz
Fingerprint0C:CD:2A:92:60:DE:79:4F:60:49:33:D2:82:9F:3D:C6:6B:A2:F5:F9
ValiditySun, 19 Nov 2023 03:06:25 GMT - Sat, 17 Feb 2024 03:06:24 GMT
File type PNG image data, 250 x 215, 8-bit/color RGBA, non-interlaced\012- data
Hash c851a15f25d8a0c556c7a56b75aebf6f
90dd4c3169383ee12aea9e93ce8fdfb6f3146f51
655efce4a9020abae7117b5e296b181b1ffbd3f9b9dece49f1e547cf6b9396b3
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_10_30593.png HTTP/1.1
Host: d.313vip37.xyz:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
Content-Length: 86675
Content-Type: image/png
Date: Thu, 23 Nov 2023 08:44:14 GMT
Etag: "615d301d-15293"
Expires: Fri, 24 Nov 2023 08:44:14 GMT
Last-Modified: Wed, 06 Oct 2021 05:11:57 GMT
Out-Line: gb-cdn-802
Uuid: -
X-Cache: HIT
X-Frame-Options: SAMEORIGIN
5y7wpn.gaokejd.xyz/fserver/files/gb/1228/sportTeam/5/1579969440448.png?wsSecret=7efc4b64f22c02df064891e82860cf85&wsTime=1700729054
200 OK 3.3 kB URL GET HTTP/1.1 5y7wpn.gaokejd.xyz/fserver/files/gb/1228/sportTeam/5/1579969440448.png?wsSecret=7efc4b64f22c02df064891e82860cf85&wsTime=1700729054
IP
ASN #138915 Kaopu Cloud HK Limited
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type PNG image data, 150 x 150, 8-bit colormap, non-interlaced\012- data
Hash a85a2a71298deb399029d6ce59968f2a
b69e48f661c86259df396dfc37025ffe48100e55
292e22e4002f6f73102bddad543c5b275abfe278571af324006ec08273a02169
GET /fserver/files/gb/1228/sportTeam/5/1579969440448.png?wsSecret=7efc4b64f22c02df064891e82860cf85&wsTime=1700729054 HTTP/1.1
Host: 5y7wpn.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 3330
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-04
ETag: "5e2c6ba0-d02"
Date: Tue, 14 Nov 2023 04:55:14 GMT
Last-Modified: Sat, 25 Jan 2020 16:24:00 GMT
Expires: Thu, 14 Dec 2023 04:55:14 GMT
Age: 791339
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-04, HIT from KS-CLOUD-XG-FOREIGN-21-02
X-Cdn-Request-ID: 9e543aa85e67d2feedbe1e696ed7676b
d.313vip37.xyz:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_10_30595.png
200 OK 28 kB URL GET HTTP/1.1 d.313vip37.xyz:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_10_30595.png
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerLet's Encrypt
Subjectd.313vip37.xyz
Fingerprint0C:CD:2A:92:60:DE:79:4F:60:49:33:D2:82:9F:3D:C6:6B:A2:F5:F9
ValiditySun, 19 Nov 2023 03:06:25 GMT - Sat, 17 Feb 2024 03:06:24 GMT
File type PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Hash b2c524e4d0297da3203c6d45d2f07115
e91bac7336aabae38e8038d2fd931a2f42fe3c84
91c4128aa7b5fa411efae3f85e25b618c0e83958b984a0460dc5e51cb83ccdd1
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_10_30595.png HTTP/1.1
Host: d.313vip37.xyz:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
Content-Length: 27580
Content-Type: image/png
Date: Thu, 23 Nov 2023 08:44:14 GMT
Etag: "61c1a4a3-6bbc"
Expires: Fri, 24 Nov 2023 08:44:14 GMT
Last-Modified: Tue, 21 Dec 2021 09:55:47 GMT
Out-Line: gb-cdn-802
Uuid: -
X-Cache: HIT
X-Frame-Options: SAMEORIGIN
d.313vip37.xyz:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_48_AT05.png
200 OK 23 kB URL GET HTTP/1.1 d.313vip37.xyz:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_48_AT05.png
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerLet's Encrypt
Subjectd.313vip37.xyz
Fingerprint0C:CD:2A:92:60:DE:79:4F:60:49:33:D2:82:9F:3D:C6:6B:A2:F5:F9
ValiditySun, 19 Nov 2023 03:06:25 GMT - Sat, 17 Feb 2024 03:06:24 GMT
File type PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Hash 993bbfdbad1c48f514367407a17d2a77
7d3db06be9d7912432c768fa5b23335264db002c
df044589914265a7b02cca67f876c01d20e5eb0d9e50bdb2e8af8e0994daeab7
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_48_AT05.png HTTP/1.1
Host: d.313vip37.xyz:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
Content-Length: 23286
Content-Type: image/png
Date: Thu, 23 Nov 2023 08:44:14 GMT
Etag: "64d9fc50-5af6"
Expires: Fri, 24 Nov 2023 08:44:14 GMT
Last-Modified: Mon, 14 Aug 2023 10:05:04 GMT
Out-Line: gb-cdn-802
Uuid: -
X-Cache: HIT
X-Frame-Options: SAMEORIGIN
d.313vip37.xyz:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_10_30598.png
200 OK 20 kB URL GET HTTP/1.1 d.313vip37.xyz:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_10_30598.png
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerLet's Encrypt
Subjectd.313vip37.xyz
Fingerprint0C:CD:2A:92:60:DE:79:4F:60:49:33:D2:82:9F:3D:C6:6B:A2:F5:F9
ValiditySun, 19 Nov 2023 03:06:25 GMT - Sat, 17 Feb 2024 03:06:24 GMT
File type PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Hash 06b42bc87015b1f21a614c47bd914859
533e764dcc3ae171ac0c8f51a7fbcca10f26072f
dbcc205b41e6eec3484c66381d57bd921175da6e5936ade916c42e8bd1110eb3
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_10_30598.png HTTP/1.1
Host: d.313vip37.xyz:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
Content-Length: 20250
Content-Type: image/png
Date: Thu, 23 Nov 2023 08:44:14 GMT
Etag: "5d2c760b-4f1a"
Expires: Fri, 24 Nov 2023 08:44:14 GMT
Last-Modified: Mon, 15 Jul 2019 12:48:11 GMT
Out-Line: gb-cdn-802
Uuid: -
X-Cache: HIT
X-Frame-Options: SAMEORIGIN
5y7wpn.gaokejd.xyz/fserver/files/sportTeam/football/it03.png?wsSecret=b54842a3e6a63b090fb946a4e4819f22&wsTime=1700729054
200 OK 7.0 kB URL GET HTTP/1.1 5y7wpn.gaokejd.xyz/fserver/files/sportTeam/football/it03.png?wsSecret=b54842a3e6a63b090fb946a4e4819f22&wsTime=1700729054
IP
ASN #138915 Kaopu Cloud HK Limited
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type PNG image data, 150 x 150, 8-bit colormap, non-interlaced\012- data
Hash a853bec439a1590b0da6896f86f76feb
7f21d1dc5395fcc056ef4d91a3cf85782de121a5
f3a24872bb0011114620d987e4c9d49bcfe8716f1fff47abd35e89ce1ec56fe8
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /fserver/files/sportTeam/football/it03.png?wsSecret=b54842a3e6a63b090fb946a4e4819f22&wsTime=1700729054 HTTP/1.1
Host: 5y7wpn.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 7019
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-02
ETag: "5bed34be-1b6b"
Date: Tue, 14 Nov 2023 04:55:14 GMT
Last-Modified: Thu, 15 Nov 2018 08:56:30 GMT
Expires: Thu, 14 Dec 2023 04:55:14 GMT
Age: 791339
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-02, HIT from KS-CLOUD-XG-FOREIGN-21-02
X-Cdn-Request-ID: 001da2cce48eba934a2a2f3a4cc5c971
5y7wpn.gaokejd.xyz/fserver/files/sportTeam/football/es16.png?wsSecret=a419c049788d660efd8bc1e4732b3ea8&wsTime=1700729054
200 OK 15 kB URL GET HTTP/1.1 5y7wpn.gaokejd.xyz/fserver/files/sportTeam/football/es16.png?wsSecret=a419c049788d660efd8bc1e4732b3ea8&wsTime=1700729054
IP
ASN #138915 Kaopu Cloud HK Limited
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced\012- data
Hash 154d503e003b1477ea910732f6b794b4
d50ab15193ad6b6d2cd88465de2c30574d503793
3f90806ea74061a9b12c68d12dcc9cf38c40e9ff2b6f37c33001f94d288a3357
GET /fserver/files/sportTeam/football/es16.png?wsSecret=a419c049788d660efd8bc1e4732b3ea8&wsTime=1700729054 HTTP/1.1
Host: 5y7wpn.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 14686
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-01
ETag: "5bed35d4-395e"
Date: Fri, 17 Nov 2023 16:30:12 GMT
Last-Modified: Thu, 15 Nov 2018 09:01:08 GMT
Expires: Sun, 17 Dec 2023 16:30:12 GMT
Age: 490441
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-01, HIT from KS-CLOUD-XG-FOREIGN-21-15
X-Cdn-Request-ID: 9e088e86058e654b38bb05d43bc5cfc2
5y7wpn.gaokejd.xyz/fserver/files/gb/627/carousel/10280/1655969393390.jpg?wsSecret=e70da199668c7c89c64a9f4b86f6626c&wsTime=1700729054
200 OK 159 kB URL GET HTTP/1.1 5y7wpn.gaokejd.xyz/fserver/files/gb/627/carousel/10280/1655969393390.jpg?wsSecret=e70da199668c7c89c64a9f4b86f6626c&wsTime=1700729054
IP
ASN #137280 Kingsoft cloud corporation limited
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1384x1032, components 3\012- data
Size 159 kB (159133 bytes)
Hash a22c0493ab533d36da93f6ebd6e1faf9
2c20e52b115e9bcccf8585b8603574aa5368d447
0e3c7dca201d7e8e215136314fc30ee845d859e73f2f8ee9c62866b2cce771a7
GET /fserver/files/gb/627/carousel/10280/1655969393390.jpg?wsSecret=e70da199668c7c89c64a9f4b86f6626c&wsTime=1700729054 HTTP/1.1
Host: 5y7wpn.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 159133
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-02
ETag: "637b4430-26d9d"
Date: Tue, 14 Nov 2023 04:55:15 GMT
Last-Modified: Mon, 21 Nov 2022 09:26:08 GMT
Expires: Thu, 14 Dec 2023 04:55:15 GMT
Age: 791338
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xg03:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-02, HIT from KS-CLOUD-XG-FOREIGN-03-10
X-Cdn-Request-ID: 556da0c0289131b41fd5a8f1cef5c830
d.313vip37.xyz:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_48_AT01.png
200 OK 26 kB URL GET HTTP/1.1 d.313vip37.xyz:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_48_AT01.png
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerLet's Encrypt
Subjectd.313vip37.xyz
Fingerprint0C:CD:2A:92:60:DE:79:4F:60:49:33:D2:82:9F:3D:C6:6B:A2:F5:F9
ValiditySun, 19 Nov 2023 03:06:25 GMT - Sat, 17 Feb 2024 03:06:24 GMT
File type PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Hash f7637fd9fb8b0dd130560efe9dfcc5ac
c6a6b30f73923175a88fb0c5685c7943ef934c2e
a647abf9fc56228cf6ab783115c113b35479dce89ff1dc4db61efb0bf3234cb4
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_48_AT01.png HTTP/1.1
Host: d.313vip37.xyz:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
Content-Length: 25819
Content-Type: image/png
Date: Thu, 23 Nov 2023 08:44:14 GMT
Etag: "64d9fc50-64db"
Expires: Fri, 24 Nov 2023 08:44:14 GMT
Last-Modified: Mon, 14 Aug 2023 10:05:04 GMT
Out-Line: gb-cdn-802
Uuid: -
X-Cache: HIT
X-Frame-Options: SAMEORIGIN
d.313vip37.xyz:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_10_30594.png
200 OK 25 kB URL GET HTTP/1.1 d.313vip37.xyz:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_10_30594.png
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerLet's Encrypt
Subjectd.313vip37.xyz
Fingerprint0C:CD:2A:92:60:DE:79:4F:60:49:33:D2:82:9F:3D:C6:6B:A2:F5:F9
ValiditySun, 19 Nov 2023 03:06:25 GMT - Sat, 17 Feb 2024 03:06:24 GMT
File type PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Hash 7b497cfccdf85cf3a934c4d61e80d55a
2ed0898ac3b002f53b99dd5b059509098078295e
210370587be2eff0fbd4e3f29dd8114da568e50ef60f94912bd6b37eb657be72
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_10_30594.png HTTP/1.1
Host: d.313vip37.xyz:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
Content-Length: 24721
Content-Type: image/png
Date: Thu, 23 Nov 2023 08:44:14 GMT
Etag: "62c24fe5-6091"
Expires: Fri, 24 Nov 2023 08:44:14 GMT
Last-Modified: Mon, 04 Jul 2022 02:26:45 GMT
Out-Line: gb-cdn-802
Uuid: -
X-Cache: HIT
X-Frame-Options: SAMEORIGIN
5y7wpn.gaokejd.xyz/fserver/files/gb/627/carousel/10392/1698020092912.jpg?wsSecret=05576c3a1713c1c3c8642ef22e63b297&wsTime=1700729054
200 OK 828 kB URL GET HTTP/1.1 5y7wpn.gaokejd.xyz/fserver/files/gb/627/carousel/10392/1698020092912.jpg?wsSecret=05576c3a1713c1c3c8642ef22e63b297&wsTime=1700729054
IP
ASN #137280 Kingsoft cloud corporation limited
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1384x1032, components 3\012- data
Size 828 kB (827751 bytes)
Hash d5ca89080e7f04ac2ef8a02cf20d1584
b80ff950f7531c97168b562ee4e57f72f6c1fd2e
96fbf8c86ec972b30068b556693fbabfebb5f2dc5e1f20fc159c7512313aa66f
GET /fserver/files/gb/627/carousel/10392/1698020092912.jpg?wsSecret=05576c3a1713c1c3c8642ef22e63b297&wsTime=1700729054 HTTP/1.1
Host: 5y7wpn.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 827751
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-06
ETag: "6535bafc-ca167"
Date: Tue, 14 Nov 2023 04:55:11 GMT
Last-Modified: Mon, 23 Oct 2023 00:14:52 GMT
Expires: Thu, 14 Dec 2023 04:55:11 GMT
Age: 791342
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xg03:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-06, HIT from KS-CLOUD-XG-FOREIGN-03-05
X-Cdn-Request-ID: 38a2aa1be656de3f96a3025c271009c1
d.313vip37.xyz:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_48_CC1001.png
200 OK 21 kB URL GET HTTP/1.1 d.313vip37.xyz:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_48_CC1001.png
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerLet's Encrypt
Subjectd.313vip37.xyz
Fingerprint0C:CD:2A:92:60:DE:79:4F:60:49:33:D2:82:9F:3D:C6:6B:A2:F5:F9
ValiditySun, 19 Nov 2023 03:06:25 GMT - Sat, 17 Feb 2024 03:06:24 GMT
File type PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Hash 07db342d71e455736e0e8b5656ed7174
2d9bb7427a73a28f4bfec2a70dc227af4555968c
c1a35508763b061947ad0ea9eb9972b92b079c9510a2a746979dbffd84efde0f
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_48_CC1001.png HTTP/1.1
Host: d.313vip37.xyz:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
Content-Length: 20993
Content-Type: image/png
Date: Thu, 23 Nov 2023 08:44:14 GMT
Etag: "6243c55c-5201"
Expires: Fri, 24 Nov 2023 08:44:14 GMT
Last-Modified: Wed, 30 Mar 2022 02:50:04 GMT
Out-Line: gb-cdn-802
Uuid: -
X-Cache: HIT
X-Frame-Options: SAMEORIGIN
d.313vip37.xyz:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_10_30592.png
200 OK 18 kB URL GET HTTP/1.1 d.313vip37.xyz:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_10_30592.png
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerLet's Encrypt
Subjectd.313vip37.xyz
Fingerprint0C:CD:2A:92:60:DE:79:4F:60:49:33:D2:82:9F:3D:C6:6B:A2:F5:F9
ValiditySun, 19 Nov 2023 03:06:25 GMT - Sat, 17 Feb 2024 03:06:24 GMT
File type PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Hash 2a8b9275fdec775b8d1ec6e4b0c5df8f
d1d297beee93861fd031fa9e66ddfbe8f7822e28
d2e8ae7ed84c4081f1aa6e15229af593354b571a2097b506a489a0bc1eeea8ec
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_10_30592.png HTTP/1.1
Host: d.313vip37.xyz:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
Content-Length: 17796
Content-Type: image/png
Date: Thu, 23 Nov 2023 08:44:14 GMT
Etag: "640af8a4-4584"
Expires: Fri, 24 Nov 2023 08:44:14 GMT
Last-Modified: Fri, 10 Mar 2023 09:30:12 GMT
Out-Line: gb-cdn-802
Uuid: -
X-Cache: HIT
X-Frame-Options: SAMEORIGIN
d.313vip37.xyz:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_35_1051.png
200 OK 23 kB URL GET HTTP/1.1 d.313vip37.xyz:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_35_1051.png
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerLet's Encrypt
Subjectd.313vip37.xyz
Fingerprint0C:CD:2A:92:60:DE:79:4F:60:49:33:D2:82:9F:3D:C6:6B:A2:F5:F9
ValiditySun, 19 Nov 2023 03:06:25 GMT - Sat, 17 Feb 2024 03:06:24 GMT
File type PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Hash c2bad36f7d90b3d9d5077df183c0a80b
7890000fd16f911c2aa5223af3cddf3ed6c5f702
90b7d091ece32c042a2866eb7d6943d7e88148d3bb474eaff988a78942d6d3aa
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_35_1051.png HTTP/1.1
Host: d.313vip37.xyz:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
Content-Length: 23172
Content-Type: image/png
Date: Thu, 23 Nov 2023 08:44:14 GMT
Etag: "5d2c760b-5a84"
Expires: Fri, 24 Nov 2023 08:44:14 GMT
Last-Modified: Mon, 15 Jul 2019 12:48:11 GMT
Out-Line: gb-cdn-802
Uuid: -
X-Cache: HIT
X-Frame-Options: SAMEORIGIN
5y7wpn.gaokejd.xyz/fserver/files/gb/627/carousel/10383/1695644169263.jpg?wsSecret=850bcdb28f370a6cc9c5ca7cb456ee0f&wsTime=1700729054
200 OK 447 kB URL GET HTTP/1.1 5y7wpn.gaokejd.xyz/fserver/files/gb/627/carousel/10383/1695644169263.jpg?wsSecret=850bcdb28f370a6cc9c5ca7cb456ee0f&wsTime=1700729054
IP
ASN #137280 Kingsoft cloud corporation limited
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1384x1032, components 3\012- data
Size 447 kB (446907 bytes)
Hash 11c1ed0026a45dcce7374c501f06d6dc
7c4374db8e03183e76cbd41d835f97881cfde12a
64b1a169ea60653872921a5c95d06c486e2b226f9b99fc74842479c73105e293
GET /fserver/files/gb/627/carousel/10383/1695644169263.jpg?wsSecret=850bcdb28f370a6cc9c5ca7cb456ee0f&wsTime=1700729054 HTTP/1.1
Host: 5y7wpn.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 446907
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-05
ETag: "65117a09-6d1bb"
Date: Tue, 14 Nov 2023 04:55:11 GMT
Last-Modified: Mon, 25 Sep 2023 12:16:09 GMT
Expires: Thu, 14 Dec 2023 04:55:11 GMT
Age: 791343
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xg03:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-05, HIT from KS-CLOUD-XG-FOREIGN-03-07
X-Cdn-Request-ID: 1b7e38d6a3fd366627d325f09d93c4b6
5y7wpn.gaokejd.xyz/ftl/bet365-627/themes/images/body-bg.gif?wsSecret=331dadf467d21b161d0542c8a493c0b3&wsTime=1700729054
200 OK 758 B URL GET HTTP/1.1 5y7wpn.gaokejd.xyz/ftl/bet365-627/themes/images/body-bg.gif?wsSecret=331dadf467d21b161d0542c8a493c0b3&wsTime=1700729054
IP
ASN #137280 Kingsoft cloud corporation limited
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type GIF image data, version 89a, 1 x 500\012- data
Hash 41a9eebb99ba7c3b2a905aaa45726923
abf17115c33bdea05313ce6bcebe3fe4d7da935a
f9b50670a93fcef81c4f838f7da60d397994bea07f83af0f51ae89d670f1189c
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/bet365-627/themes/images/body-bg.gif?wsSecret=331dadf467d21b161d0542c8a493c0b3&wsTime=1700729054 HTTP/1.1
Host: 5y7wpn.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/gif
Content-Length: 758
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-06
ETag: "5d2c7603-2f6"
Date: Tue, 14 Nov 2023 04:55:12 GMT
Last-Modified: Mon, 15 Jul 2019 12:48:03 GMT
Expires: Thu, 14 Dec 2023 04:55:12 GMT
Age: 791342
Cache-Control: max-age=86400
Accept-Ranges: bytes
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xg03:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-06, HIT from KS-CLOUD-XG-03-12
X-Cdn-Request-ID: a47aa24fccc47583fb96c114cde8f469
d.313vip37.xyz:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_48_GO02.png
200 OK 22 kB URL GET HTTP/1.1 d.313vip37.xyz:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_48_GO02.png
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerLet's Encrypt
Subjectd.313vip37.xyz
Fingerprint0C:CD:2A:92:60:DE:79:4F:60:49:33:D2:82:9F:3D:C6:6B:A2:F5:F9
ValiditySun, 19 Nov 2023 03:06:25 GMT - Sat, 17 Feb 2024 03:06:24 GMT
File type PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Hash 12f4870c1a8e51e39a6c8bfdd11ed804
47eb5ed8af8ae69595b8743e7a61d3fe825cc048
1f6c135cc810d561e52ad5ba9ca5cfda82897c82db0863ab366e62d5970b3883
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_48_GO02.png HTTP/1.1
Host: d.313vip37.xyz:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
Content-Length: 21953
Content-Type: image/png
Date: Thu, 23 Nov 2023 08:44:15 GMT
Etag: "61c42865-55c1"
Expires: Fri, 24 Nov 2023 08:44:15 GMT
Last-Modified: Thu, 23 Dec 2021 07:42:29 GMT
Out-Line: gb-cdn-802
Uuid: -
X-Cache: HIT
X-Frame-Options: SAMEORIGIN
5y7wpn.gaokejd.xyz/ftl/bet365-627/themes/images/head1.jpg?wsSecret=f62112aff571462a1caddb5afcfdfcaa&wsTime=1700729054
200 OK 7.7 kB URL GET HTTP/1.1 5y7wpn.gaokejd.xyz/ftl/bet365-627/themes/images/head1.jpg?wsSecret=f62112aff571462a1caddb5afcfdfcaa&wsTime=1700729054
IP
ASN #137280 Kingsoft cloud corporation limited
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 960x72, components 3\012- data
Hash 4e7da730a5cbfe4a7ce573ddcea0e60a
ac31a27a6d71a7a297905c195a6434f043f7f0a7
fe5506589506db3c8dad8b544636c2794a764f28a9ab79215714d5cfe2d866c0
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/bet365-627/themes/images/head1.jpg?wsSecret=f62112aff571462a1caddb5afcfdfcaa&wsTime=1700729054 HTTP/1.1
Host: 5y7wpn.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 7727
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-05
ETag: "613c72a9-1e2f"
Date: Tue, 14 Nov 2023 04:55:12 GMT
Last-Modified: Sat, 11 Sep 2021 09:11:05 GMT
Expires: Thu, 14 Dec 2023 04:55:12 GMT
Age: 791342
Cache-Control: max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xg03:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-05, HIT from KS-CLOUD-XG-FOREIGN-03-08
X-Cdn-Request-ID: bdf0cc1e3d85d17db8eaf1bba0800c29
d.313vip37.xyz:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_48_AB3.png
200 OK 77 kB URL GET HTTP/1.1 d.313vip37.xyz:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_48_AB3.png
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerLet's Encrypt
Subjectd.313vip37.xyz
Fingerprint0C:CD:2A:92:60:DE:79:4F:60:49:33:D2:82:9F:3D:C6:6B:A2:F5:F9
ValiditySun, 19 Nov 2023 03:06:25 GMT - Sat, 17 Feb 2024 03:06:24 GMT
File type PNG image data, 249 x 215, 8-bit/color RGBA, non-interlaced\012- data
Hash 4efe93bd780474540b29c662acef4d68
2d588f15315c28feef52d101bff05d5a2071929d
e52983bbd04e43f83dccc17ccff1064098ae925ae651f753e59b1530a0e4d733
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_48_AB3.png HTTP/1.1
Host: d.313vip37.xyz:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
Content-Length: 76813
Content-Type: image/png
Date: Thu, 23 Nov 2023 08:44:15 GMT
Etag: "64d9fc50-12c0d"
Expires: Fri, 24 Nov 2023 08:44:15 GMT
Last-Modified: Mon, 14 Aug 2023 10:05:04 GMT
Out-Line: gb-cdn-802
Uuid: -
X-Cache: HIT
X-Frame-Options: SAMEORIGIN
d.313vip37.xyz:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_60_7003.png
200 OK 105 kB URL GET HTTP/1.1 d.313vip37.xyz:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_60_7003.png
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerLet's Encrypt
Subjectd.313vip37.xyz
Fingerprint0C:CD:2A:92:60:DE:79:4F:60:49:33:D2:82:9F:3D:C6:6B:A2:F5:F9
ValiditySun, 19 Nov 2023 03:06:25 GMT - Sat, 17 Feb 2024 03:06:24 GMT
File type PNG image data, 250 x 215, 8-bit/color RGBA, non-interlaced\012- data
Size 105 kB (105068 bytes)
Hash c421c976cf701cd806a7ebeb8575e0a3
cb84123cde62bcad60f34b5a5703f7bfafca1906
e797e57325c453e7ca7e56e634ada214b51ab9298ba5aea4d183fea859857d60
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_60_7003.png HTTP/1.1
Host: d.313vip37.xyz:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
Content-Length: 105068
Content-Type: image/png
Date: Thu, 23 Nov 2023 08:44:15 GMT
Etag: "5d2c760b-19a6c"
Expires: Fri, 24 Nov 2023 08:44:15 GMT
Last-Modified: Mon, 15 Jul 2019 12:48:11 GMT
Out-Line: gb-cdn-802
Uuid: -
X-Cache: HIT
X-Frame-Options: SAMEORIGIN
d.313vip37.xyz:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_25_F-SF01.png
200 OK 23 kB URL GET HTTP/1.1 d.313vip37.xyz:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_25_F-SF01.png
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerLet's Encrypt
Subjectd.313vip37.xyz
Fingerprint0C:CD:2A:92:60:DE:79:4F:60:49:33:D2:82:9F:3D:C6:6B:A2:F5:F9
ValiditySun, 19 Nov 2023 03:06:25 GMT - Sat, 17 Feb 2024 03:06:24 GMT
File type PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Hash 2fbcb4a692fc6b41699f7e60ecf26a63
da35d134b38413040316f5cf1e5f76d75fd941c7
ccdecdf7de01b3b3513596f7c4555266473805551702685e14299770ae8bed26
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_25_F-SF01.png HTTP/1.1
Host: d.313vip37.xyz:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
Content-Length: 22679
Content-Type: image/png
Date: Thu, 23 Nov 2023 08:44:15 GMT
Etag: "5d2c760b-5897"
Expires: Fri, 24 Nov 2023 08:44:15 GMT
Last-Modified: Mon, 15 Jul 2019 12:48:11 GMT
Out-Line: gb-cdn-802
Uuid: -
X-Cache: HIT
X-Frame-Options: SAMEORIGIN
d.313vip37.xyz:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_49_12.png
200 OK 26 kB URL GET HTTP/1.1 d.313vip37.xyz:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_49_12.png
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerLet's Encrypt
Subjectd.313vip37.xyz
Fingerprint0C:CD:2A:92:60:DE:79:4F:60:49:33:D2:82:9F:3D:C6:6B:A2:F5:F9
ValiditySun, 19 Nov 2023 03:06:25 GMT - Sat, 17 Feb 2024 03:06:24 GMT
File type PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Hash dc21406f53974241a6ea9d1ba342a0a3
d98181158619aa5993f35dc4821c26ea657c9c35
656f550c68b469776ebe40713d8556d43af391da6cc881918da5f6c983ba823f
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_49_12.png HTTP/1.1
Host: d.313vip37.xyz:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
Content-Length: 26500
Content-Type: image/png
Date: Thu, 23 Nov 2023 08:44:15 GMT
Etag: "61a5e0bc-6784"
Expires: Fri, 24 Nov 2023 08:44:15 GMT
Last-Modified: Tue, 30 Nov 2021 08:28:44 GMT
Out-Line: gb-cdn-802
Uuid: -
X-Cache: HIT
X-Frame-Options: SAMEORIGIN
5y7wpn.gaokejd.xyz/ftl/bet365-627/themes/images/sec-nav-bg-grad.gif?wsSecret=7e176e53f191c806edfb0b6df1de13dd&wsTime=1700729054
200 OK 376 B URL GET HTTP/1.1 5y7wpn.gaokejd.xyz/ftl/bet365-627/themes/images/sec-nav-bg-grad.gif?wsSecret=7e176e53f191c806edfb0b6df1de13dd&wsTime=1700729054
IP
ASN #137280 Kingsoft cloud corporation limited
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type GIF image data, version 89a, 1 x 594\012- data
Hash 355b2cb853d78ae262c093065eaa6e70
3e8d2a456204e635cfe5bd959cff47faf63023fc
cd58d657e3d79583a5722257d8770e3b5f620f1d58e392f1d9460cc89ac485fa
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/bet365-627/themes/images/sec-nav-bg-grad.gif?wsSecret=7e176e53f191c806edfb0b6df1de13dd&wsTime=1700729054 HTTP/1.1
Host: 5y7wpn.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/gif
Content-Length: 376
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-02
ETag: "5d2c7603-178"
Date: Tue, 14 Nov 2023 04:55:12 GMT
Last-Modified: Mon, 15 Jul 2019 12:48:03 GMT
Expires: Thu, 14 Dec 2023 04:55:12 GMT
Age: 791342
Cache-Control: max-age=86400
Accept-Ranges: bytes
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xg03:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-02, HIT from KS-CLOUD-XG-03-12
X-Cdn-Request-ID: 1e7161cead498a8425c33a20e1ad40aa
d.313vip37.xyz:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_49_14.png
200 OK 20 kB URL GET HTTP/1.1 d.313vip37.xyz:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_49_14.png
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerLet's Encrypt
Subjectd.313vip37.xyz
Fingerprint0C:CD:2A:92:60:DE:79:4F:60:49:33:D2:82:9F:3D:C6:6B:A2:F5:F9
ValiditySun, 19 Nov 2023 03:06:25 GMT - Sat, 17 Feb 2024 03:06:24 GMT
File type PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Hash 86f136869bc81df2a646e873bd23b46d
c40c25bbe820c39731d1c679653b28e119cbbadc
bfebb7307f1858837e6b61be64e46352b1ccd29bf982e9975886c9feda9f637f
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_49_14.png HTTP/1.1
Host: d.313vip37.xyz:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
Content-Length: 20462
Content-Type: image/png
Date: Thu, 23 Nov 2023 08:44:15 GMT
Etag: "63dc759f-4fee"
Expires: Fri, 24 Nov 2023 08:44:15 GMT
Last-Modified: Fri, 03 Feb 2023 02:46:55 GMT
Out-Line: gb-cdn-802
Uuid: -
X-Cache: HIT
X-Frame-Options: SAMEORIGIN
5y7wpn.gaokejd.xyz/ftl/bet365-627/themes/images/inco3.png?wsSecret=97e218963820b979b4baa3be3245dc5d&wsTime=1700729054
200 OK 286 B URL GET HTTP/1.1 5y7wpn.gaokejd.xyz/ftl/bet365-627/themes/images/inco3.png?wsSecret=97e218963820b979b4baa3be3245dc5d&wsTime=1700729054
IP
ASN #137280 Kingsoft cloud corporation limited
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type PNG image data, 16 x 11, 8-bit/color RGBA, non-interlaced\012- data
Hash 1353807c6bcbe7cde684d8caec8ca5ff
af2f7c4a5fe71016b7ec5abe7450b93e1c06a466
bf890166717f0ba4ff625d229dd0ac7efa910bf4ad296d8907c282ce8c9b7597
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/bet365-627/themes/images/inco3.png?wsSecret=97e218963820b979b4baa3be3245dc5d&wsTime=1700729054 HTTP/1.1
Host: 5y7wpn.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 286
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-02
ETag: "5d2c7603-11e"
Date: Tue, 14 Nov 2023 04:55:13 GMT
Last-Modified: Mon, 15 Jul 2019 12:48:03 GMT
Expires: Thu, 14 Dec 2023 04:55:13 GMT
Age: 791341
Cache-Control: max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xg03:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-02, HIT from KS-CLOUD-XG-03-13
X-Cdn-Request-ID: 96319613a1ccfba660b85955d5cd7257
5y7wpn.gaokejd.xyz/ftl/bet365-627/themes/images/sports-infos-bg.png?wsSecret=6b1b03889abe6a0e3ac7d9bde1f2e041&wsTime=1700729054
200 OK 4.3 kB URL GET HTTP/1.1 5y7wpn.gaokejd.xyz/ftl/bet365-627/themes/images/sports-infos-bg.png?wsSecret=6b1b03889abe6a0e3ac7d9bde1f2e041&wsTime=1700729054
IP
ASN #137280 Kingsoft cloud corporation limited
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type PNG image data, 414 x 204, 8-bit/color RGB, non-interlaced\012- data
Hash 69957649d4c70d7b7cc0c1aa434c462f
9070128b8ee6a699818e5deb33c926581d5b0b6f
6cff75537c35a2a855cafaf1d2d45767867dbc28774da40ed8c4fd4f4f74a813
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/bet365-627/themes/images/sports-infos-bg.png?wsSecret=6b1b03889abe6a0e3ac7d9bde1f2e041&wsTime=1700729054 HTTP/1.1
Host: 5y7wpn.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 4311
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-02
ETag: "5d2c7603-10d7"
Date: Tue, 14 Nov 2023 04:55:11 GMT
Last-Modified: Mon, 15 Jul 2019 12:48:03 GMT
Expires: Thu, 14 Dec 2023 04:55:11 GMT
Age: 791343
Cache-Control: max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xg03:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-02, HIT from KS-CLOUD-XG-03-03
X-Cdn-Request-ID: 3359132526f4aa2707f198c338606cca
d.313vip37.xyz:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_60_31006.png
200 OK 20 kB URL GET HTTP/1.1 d.313vip37.xyz:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_60_31006.png
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerLet's Encrypt
Subjectd.313vip37.xyz
Fingerprint0C:CD:2A:92:60:DE:79:4F:60:49:33:D2:82:9F:3D:C6:6B:A2:F5:F9
ValiditySun, 19 Nov 2023 03:06:25 GMT - Sat, 17 Feb 2024 03:06:24 GMT
File type PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Hash a678f783e25a467193ee4fa0252d5bf4
ffadbf4388ce2dc312c720e75f9b9d73c05e93cd
1421dad09cedb4c186e8b4ac1cc027955d52a9d268b29144d3d8f0d60d5ed075
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_60_31006.png HTTP/1.1
Host: d.313vip37.xyz:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
Content-Length: 19766
Content-Type: image/png
Date: Thu, 23 Nov 2023 08:44:15 GMT
Etag: "645b37a7-4d36"
Expires: Fri, 24 Nov 2023 08:44:15 GMT
Last-Modified: Wed, 10 May 2023 06:20:23 GMT
Out-Line: gb-cdn-802
Uuid: -
X-Cache: HIT
X-Frame-Options: SAMEORIGIN
d.313vip37.xyz:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_60_7006.png
200 OK 20 kB URL GET HTTP/1.1 d.313vip37.xyz:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_60_7006.png
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerLet's Encrypt
Subjectd.313vip37.xyz
Fingerprint0C:CD:2A:92:60:DE:79:4F:60:49:33:D2:82:9F:3D:C6:6B:A2:F5:F9
ValiditySun, 19 Nov 2023 03:06:25 GMT - Sat, 17 Feb 2024 03:06:24 GMT
File type PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Hash 7facd57d474585a0c9e3b2b6d4762969
814362f72beba19c7dfb93b8d2bc760f87a2a00e
3bf01b8e569dbd7060d7dcb2222e7e3ebc9e42f715535df2315c877fed9046bd
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_60_7006.png HTTP/1.1
Host: d.313vip37.xyz:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
Content-Length: 20484
Content-Type: image/png
Date: Thu, 23 Nov 2023 08:44:15 GMT
Etag: "613c72bd-5004"
Expires: Fri, 24 Nov 2023 08:44:15 GMT
Last-Modified: Sat, 11 Sep 2021 09:11:25 GMT
Out-Line: gb-cdn-802
Uuid: -
X-Cache: HIT
X-Frame-Options: SAMEORIGIN
d.313vip37.xyz:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_49_11.png
200 OK 20 kB URL GET HTTP/1.1 d.313vip37.xyz:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_49_11.png
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerLet's Encrypt
Subjectd.313vip37.xyz
Fingerprint0C:CD:2A:92:60:DE:79:4F:60:49:33:D2:82:9F:3D:C6:6B:A2:F5:F9
ValiditySun, 19 Nov 2023 03:06:25 GMT - Sat, 17 Feb 2024 03:06:24 GMT
File type PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Hash d495fdd61d29ff61ff34fdccc5597d0f
95a2b5b377a239ccf2d5e5cc81534f79dbbbe033
08097b5ebe2de4f6d295aeb64fc72170c766ea81851e9baf96ff4de926fc678b
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_49_11.png HTTP/1.1
Host: d.313vip37.xyz:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
Content-Length: 19964
Content-Type: image/png
Date: Thu, 23 Nov 2023 08:44:15 GMT
Etag: "613c72bd-4dfc"
Expires: Fri, 24 Nov 2023 08:44:15 GMT
Last-Modified: Sat, 11 Sep 2021 09:11:25 GMT
Out-Line: gb-cdn-802
Uuid: -
X-Cache: HIT
X-Frame-Options: SAMEORIGIN
d.313vip37.xyz:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_49_13.png
200 OK 26 kB URL GET HTTP/1.1 d.313vip37.xyz:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_49_13.png
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerLet's Encrypt
Subjectd.313vip37.xyz
Fingerprint0C:CD:2A:92:60:DE:79:4F:60:49:33:D2:82:9F:3D:C6:6B:A2:F5:F9
ValiditySun, 19 Nov 2023 03:06:25 GMT - Sat, 17 Feb 2024 03:06:24 GMT
File type PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Hash 1ac91d4dfd52f26f9c5682cf67ac3f49
6ca58050b81ce1be80d3b0c749b60a79d8413b98
021c28d7d369afa39f3aeac128f91dd3f377fc910a35d76a2e9d2463093e3b44
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_49_13.png HTTP/1.1
Host: d.313vip37.xyz:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
Content-Length: 26179
Content-Type: image/png
Date: Thu, 23 Nov 2023 08:44:15 GMT
Etag: "62665402-6643"
Expires: Fri, 24 Nov 2023 08:44:15 GMT
Last-Modified: Mon, 25 Apr 2022 07:55:46 GMT
Out-Line: gb-cdn-802
Uuid: -
X-Cache: HIT
X-Frame-Options: SAMEORIGIN
5y7wpn.gaokejd.xyz/ftl/bet365-627/themes/images/betNow.png?wsSecret=e071a397146f09393531b56f641a7c8d&wsTime=1700729054
200 OK 484 B URL GET HTTP/1.1 5y7wpn.gaokejd.xyz/ftl/bet365-627/themes/images/betNow.png?wsSecret=e071a397146f09393531b56f641a7c8d&wsTime=1700729054
IP
ASN #137280 Kingsoft cloud corporation limited
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type PNG image data, 170 x 28, 8-bit colormap, non-interlaced\012- data
Hash b1ab87f2aa1045cf56bd192752fb20ba
e8b07455934b82eb6c9d1a5d657c582822eb32cc
527228714a2a640b71788550f8dcd2c0964ee13fdfddc1c57ff377134f8fcecb
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/bet365-627/themes/images/betNow.png?wsSecret=e071a397146f09393531b56f641a7c8d&wsTime=1700729054 HTTP/1.1
Host: 5y7wpn.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 484
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-03
ETag: "615a9fcc-1e4"
Date: Tue, 14 Nov 2023 04:55:12 GMT
Last-Modified: Mon, 04 Oct 2021 06:31:40 GMT
Expires: Thu, 14 Dec 2023 04:55:12 GMT
Age: 791342
Cache-Control: max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xg03:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-03, HIT from KS-CLOUD-XG-03-02
X-Cdn-Request-ID: dfb9930b137d9fb5f698d7f18bd49a20
d.313vip37.xyz:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_60_7004.png
200 OK 102 kB URL GET HTTP/1.1 d.313vip37.xyz:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_60_7004.png
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerLet's Encrypt
Subjectd.313vip37.xyz
Fingerprint0C:CD:2A:92:60:DE:79:4F:60:49:33:D2:82:9F:3D:C6:6B:A2:F5:F9
ValiditySun, 19 Nov 2023 03:06:25 GMT - Sat, 17 Feb 2024 03:06:24 GMT
File type PNG image data, 250 x 215, 8-bit/color RGBA, non-interlaced\012- data
Size 102 kB (102160 bytes)
Hash 18b9c1ca12b579e3be9de7f0b3d765b7
cabb9ddce1222608668401769754241d2667ac59
81b7527eda1e9db86dc9704173b4e9aa50932eb8c80ea08b23d969899bca9656
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_60_7004.png HTTP/1.1
Host: d.313vip37.xyz:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
Content-Length: 102160
Content-Type: image/png
Date: Thu, 23 Nov 2023 08:44:15 GMT
Etag: "5d2c760b-18f10"
Expires: Fri, 24 Nov 2023 08:44:15 GMT
Last-Modified: Mon, 15 Jul 2019 12:48:11 GMT
Out-Line: gb-cdn-802
Uuid: -
X-Cache: HIT
X-Frame-Options: SAMEORIGIN
5y7wpn.gaokejd.xyz/ftl/bet365-627/themes/images/bg-products.gif?wsSecret=0615ffd6d85c1d85687aa097c3ad14bb&wsTime=1700729054
200 OK 21 kB URL GET HTTP/1.1 5y7wpn.gaokejd.xyz/ftl/bet365-627/themes/images/bg-products.gif?wsSecret=0615ffd6d85c1d85687aa097c3ad14bb&wsTime=1700729054
IP
ASN #137280 Kingsoft cloud corporation limited
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type GIF image data, version 89a, 271 x 302\012- data
Hash e6c33fd46eacf329da3565adb295287a
79b107df875842fd4e22809f21b60c322d128cce
1694db51d04b5d207f7bc4ca11a7fcd2ca171b2f4c2c2b12d1c75e5cb3dbe20f
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/bet365-627/themes/images/bg-products.gif?wsSecret=0615ffd6d85c1d85687aa097c3ad14bb&wsTime=1700729054 HTTP/1.1
Host: 5y7wpn.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/gif
Content-Length: 21028
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-05
ETag: "5d2c7603-5224"
Date: Tue, 14 Nov 2023 04:55:11 GMT
Last-Modified: Mon, 15 Jul 2019 12:48:03 GMT
Expires: Thu, 14 Dec 2023 04:55:11 GMT
Age: 791343
Cache-Control: max-age=86400
Accept-Ranges: bytes
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xg03:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-05, HIT from KS-CLOUD-XG-FOREIGN-03-11
X-Cdn-Request-ID: 4738f89d9997ea8eb3ade8537479deb5
d.313vip37.xyz:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_90_ds_1009.png
200 OK 123 kB URL GET HTTP/1.1 d.313vip37.xyz:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_90_ds_1009.png
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerLet's Encrypt
Subjectd.313vip37.xyz
Fingerprint0C:CD:2A:92:60:DE:79:4F:60:49:33:D2:82:9F:3D:C6:6B:A2:F5:F9
ValiditySun, 19 Nov 2023 03:06:25 GMT - Sat, 17 Feb 2024 03:06:24 GMT
File type PNG image data, 250 x 215, 8-bit/color RGBA, non-interlaced\012- data
Size 123 kB (122960 bytes)
Hash b69175dfa95eb604296c5851d0c3e475
4261111823816abc196390d2e8d44b4fbb4131ab
2bde2c2b2e0d167704830962300fd6528f914b1688a08b9cacc344af415fa1a3
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_90_ds_1009.png HTTP/1.1
Host: d.313vip37.xyz:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
Content-Length: 122960
Content-Type: image/png
Date: Thu, 23 Nov 2023 08:44:15 GMT
Etag: "61513db1-1e050"
Expires: Fri, 24 Nov 2023 08:44:15 GMT
Last-Modified: Mon, 27 Sep 2021 03:42:41 GMT
Out-Line: gb-cdn-802
Uuid: -
X-Cache: HIT
X-Frame-Options: SAMEORIGIN
5y7wpn.gaokejd.xyz/ftl/bet365-627/themes/images/arrow.png?wsSecret=47938d5ee465a2f349d96c9418118173&wsTime=1700729054
200 OK 260 B URL GET HTTP/1.1 5y7wpn.gaokejd.xyz/ftl/bet365-627/themes/images/arrow.png?wsSecret=47938d5ee465a2f349d96c9418118173&wsTime=1700729054
IP
ASN #137280 Kingsoft cloud corporation limited
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type PNG image data, 10 x 14, 8-bit colormap, non-interlaced\012- data
Hash e602938a99acc154421381f39d5652d8
e12cb203b3e61b0cae31ad5cb3241555caba6c10
73500ead881aa273814d982b0a0e78dc29ebf04f37b5932667785f6f7c45a664
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/bet365-627/themes/images/arrow.png?wsSecret=47938d5ee465a2f349d96c9418118173&wsTime=1700729054 HTTP/1.1
Host: 5y7wpn.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 260
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-03
ETag: "615a9fcc-104"
Date: Tue, 14 Nov 2023 04:55:12 GMT
Last-Modified: Mon, 04 Oct 2021 06:31:40 GMT
Expires: Thu, 14 Dec 2023 04:55:12 GMT
Age: 791342
Cache-Control: max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xg03:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-03, HIT from KS-CLOUD-XG-FOREIGN-03-05
X-Cdn-Request-ID: 4369653b23d66dee708b16d6527e3d4c
5y7wpn.gaokejd.xyz/ftl/bet365-627/themes/images/icon_match_prev.png?wsSecret=b2c4409f11b8b700d28bd3b67c3524f9&wsTime=1700729054
200 OK 2.1 kB URL GET HTTP/1.1 5y7wpn.gaokejd.xyz/ftl/bet365-627/themes/images/icon_match_prev.png?wsSecret=b2c4409f11b8b700d28bd3b67c3524f9&wsTime=1700729054
IP
ASN #137280 Kingsoft cloud corporation limited
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type PNG image data, 14 x 28, 8-bit/color RGBA, non-interlaced\012- data
Hash b873e4dddfe48288b1756349ab019830
4e53e73668ba1e33f4dd53ab9aa11c3116c149dc
dadda5f44eb9b08edb6bf9821a644aa9f6557ebbe82ae27866140192780c9213
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/bet365-627/themes/images/icon_match_prev.png?wsSecret=b2c4409f11b8b700d28bd3b67c3524f9&wsTime=1700729054 HTTP/1.1
Host: 5y7wpn.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 2089
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-05
ETag: "613c72a9-829"
Date: Tue, 14 Nov 2023 04:55:13 GMT
Last-Modified: Sat, 11 Sep 2021 09:11:05 GMT
Expires: Thu, 14 Dec 2023 04:55:13 GMT
Age: 791342
Cache-Control: max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xg03:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-05, HIT from KS-CLOUD-XG-FOREIGN-03-07
X-Cdn-Request-ID: dfe92fabd8d09bdb4ea21bbb7e181211
d.313vip37.xyz:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_60_31008.png
200 OK 20 kB URL GET HTTP/1.1 d.313vip37.xyz:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_60_31008.png
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerLet's Encrypt
Subjectd.313vip37.xyz
Fingerprint0C:CD:2A:92:60:DE:79:4F:60:49:33:D2:82:9F:3D:C6:6B:A2:F5:F9
ValiditySun, 19 Nov 2023 03:06:25 GMT - Sat, 17 Feb 2024 03:06:24 GMT
File type PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Hash 37070ea9397e4c9bfa4c6fa5e499de59
fd2237d48600d3a6acba5c8982c1d594962418d4
f3d50d3f597d6a23e42d069971e80a14851d7c996bbce674ed591c6e87b64bda
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_60_31008.png HTTP/1.1
Host: d.313vip37.xyz:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
Content-Length: 20172
Content-Type: image/png
Date: Thu, 23 Nov 2023 08:44:15 GMT
Etag: "645b37a7-4ecc"
Expires: Fri, 24 Nov 2023 08:44:15 GMT
Last-Modified: Wed, 10 May 2023 06:20:23 GMT
Out-Line: gb-cdn-802
Uuid: -
X-Cache: HIT
X-Frame-Options: SAMEORIGIN
d.313vip37.xyz:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_73_411.png
200 OK 107 kB URL GET HTTP/1.1 d.313vip37.xyz:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_73_411.png
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerLet's Encrypt
Subjectd.313vip37.xyz
Fingerprint0C:CD:2A:92:60:DE:79:4F:60:49:33:D2:82:9F:3D:C6:6B:A2:F5:F9
ValiditySun, 19 Nov 2023 03:06:25 GMT - Sat, 17 Feb 2024 03:06:24 GMT
File type PNG image data, 250 x 215, 8-bit/color RGBA, non-interlaced\012- data
Size 107 kB (107367 bytes)
Hash f391a00c7ca4a801c7c46431f6949f3e
392e698fcd6b15c2397eb576de33134e7abae702
1ffd1f9416cc641e5c5659de5a2f1530bbe7ddeeb71c91af2db8129c6624f64f
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_73_411.png HTTP/1.1
Host: d.313vip37.xyz:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
Content-Length: 107367
Content-Type: image/png
Date: Thu, 23 Nov 2023 08:44:15 GMT
Etag: "613c72bd-1a367"
Expires: Fri, 24 Nov 2023 08:44:15 GMT
Last-Modified: Sat, 11 Sep 2021 09:11:25 GMT
Out-Line: gb-cdn-802
Uuid: -
X-Cache: HIT
X-Frame-Options: SAMEORIGIN
d.313vip37.xyz:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_73_105.png
200 OK 102 kB URL GET HTTP/1.1 d.313vip37.xyz:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_73_105.png
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerLet's Encrypt
Subjectd.313vip37.xyz
Fingerprint0C:CD:2A:92:60:DE:79:4F:60:49:33:D2:82:9F:3D:C6:6B:A2:F5:F9
ValiditySun, 19 Nov 2023 03:06:25 GMT - Sat, 17 Feb 2024 03:06:24 GMT
File type PNG image data, 250 x 215, 8-bit/color RGBA, non-interlaced\012- data
Size 102 kB (102258 bytes)
Hash 8d9aba5a434311f951ac04421c7dc771
9e269ef70b1c650a4177aa6ca8f9b5c8d400be42
282aee25e5c5e665f12f0593297c59ef00dfcbb88b210b4bc9466ab4d0e14bea
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_73_105.png HTTP/1.1
Host: d.313vip37.xyz:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
Content-Length: 102258
Content-Type: image/png
Date: Thu, 23 Nov 2023 08:44:15 GMT
Etag: "613c72bd-18f72"
Expires: Fri, 24 Nov 2023 08:44:15 GMT
Last-Modified: Sat, 11 Sep 2021 09:11:25 GMT
Out-Line: gb-cdn-802
Uuid: -
X-Cache: HIT
X-Frame-Options: SAMEORIGIN
5y7wpn.gaokejd.xyz/fserver/files/gb/627/carousel/10387/1696694827168.jpg?wsSecret=c9edb3d174340fd38262261c2e433a45&wsTime=1700729054
200 OK 526 kB URL GET HTTP/1.1 5y7wpn.gaokejd.xyz/fserver/files/gb/627/carousel/10387/1696694827168.jpg?wsSecret=c9edb3d174340fd38262261c2e433a45&wsTime=1700729054
IP
ASN #138915 Kaopu Cloud HK Limited
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1384x1032, components 3\012- data
Size 526 kB (525585 bytes)
Hash 33690b3d6d7945e57d8da97f3e66aed5
3d713bf5ff5025260c8bd55e8033a347a3d032b8
1faae00556648f03a5ccdb911bab2868dd4b4f647b006960f5cc5c9d89a51f3a
GET /fserver/files/gb/627/carousel/10387/1696694827168.jpg?wsSecret=c9edb3d174340fd38262261c2e433a45&wsTime=1700729054 HTTP/1.1
Host: 5y7wpn.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 525585
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-03
ETag: "6521822b-80511"
Date: Sat, 18 Nov 2023 04:09:32 GMT
Last-Modified: Sat, 07 Oct 2023 16:07:07 GMT
Expires: Mon, 18 Dec 2023 04:09:32 GMT
Age: 448481
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-03, HIT from KS-CLOUD-XG-FOREIGN-21-11
X-Cdn-Request-ID: ce4ed5b1adf58170c490fb9a645b450a
5y7wpn.gaokejd.xyz/fserver/files/gb/1272/sportTeam/49/1596876784308.png?wsSecret=05317128fb2828c208a9f6a50c408a34&wsTime=1700729054
200 OK 158 kB URL GET HTTP/1.1 5y7wpn.gaokejd.xyz/fserver/files/gb/1272/sportTeam/49/1596876784308.png?wsSecret=05317128fb2828c208a9f6a50c408a34&wsTime=1700729054
IP
ASN #138915 Kaopu Cloud HK Limited
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type PNG image data, 3144 x 3144, 8-bit colormap, non-interlaced\012- data
Size 158 kB (157568 bytes)
Hash 252b8ae1519e0f51e2737bed066952fd
9830c0ba6f719a1fad991f0b9c5b354086f0fc24
15f64f997efcf1ff6fcab26b8af883171a198b9d240666ea4207e09cd71d2e36
GET /fserver/files/gb/1272/sportTeam/49/1596876784308.png?wsSecret=05317128fb2828c208a9f6a50c408a34&wsTime=1700729054 HTTP/1.1
Host: 5y7wpn.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 157568
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-04
ETag: "6379b38f-26780"
Date: Wed, 22 Nov 2023 17:23:40 GMT
Last-Modified: Sun, 20 Nov 2022 04:56:47 GMT
Expires: Fri, 22 Dec 2023 17:23:40 GMT
Age: 55233
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xg21:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-04, HIT from KS-CLOUD-XG-FOREIGN-21-10
X-Cdn-Request-ID: 8fcfae673c7589fcfcf755f4106515ae
5y7wpn.gaokejd.xyz/ftl/bet365-627/themes/images/play.png?wsSecret=008d39cb47d87e9050b45fa5769d59cd&wsTime=1700729054
200 OK 484 B URL GET HTTP/1.1 5y7wpn.gaokejd.xyz/ftl/bet365-627/themes/images/play.png?wsSecret=008d39cb47d87e9050b45fa5769d59cd&wsTime=1700729054
IP
ASN #137280 Kingsoft cloud corporation limited
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type PNG image data, 170 x 28, 8-bit colormap, non-interlaced\012- data
Hash b1ab87f2aa1045cf56bd192752fb20ba
e8b07455934b82eb6c9d1a5d657c582822eb32cc
527228714a2a640b71788550f8dcd2c0964ee13fdfddc1c57ff377134f8fcecb
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/bet365-627/themes/images/play.png?wsSecret=008d39cb47d87e9050b45fa5769d59cd&wsTime=1700729054 HTTP/1.1
Host: 5y7wpn.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 484
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-03
ETag: "615a9fcc-1e4"
Date: Tue, 14 Nov 2023 04:55:13 GMT
Last-Modified: Mon, 04 Oct 2021 06:31:40 GMT
Expires: Thu, 14 Dec 2023 04:55:13 GMT
Age: 791341
Cache-Control: max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xg03:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-03, HIT from KS-CLOUD-XG-FOREIGN-03-06
X-Cdn-Request-ID: 8b4ddafd28456714d969dae97dd1dc60
5y7wpn.gaokejd.xyz/ftl/bet365-627/themes/images/icon_match_next.png?wsSecret=66672de50fdf6ab3bea80d2d390fd82c&wsTime=1700729054
200 OK 2.0 kB URL GET HTTP/1.1 5y7wpn.gaokejd.xyz/ftl/bet365-627/themes/images/icon_match_next.png?wsSecret=66672de50fdf6ab3bea80d2d390fd82c&wsTime=1700729054
IP
ASN #137280 Kingsoft cloud corporation limited
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type PNG image data, 14 x 28, 8-bit/color RGBA, non-interlaced\012- data
Hash c571d5d9e6009ddad889472d4862fb34
38c454b97f36f53906f200dbd838fd058abc278c
4e095259026ca8ccf5c778fa9eec9f71eb4230b010e9d95fc30c37510d507e03
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/bet365-627/themes/images/icon_match_next.png?wsSecret=66672de50fdf6ab3bea80d2d390fd82c&wsTime=1700729054 HTTP/1.1
Host: 5y7wpn.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 1992
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-05
ETag: "613c72a9-7c8"
Date: Tue, 14 Nov 2023 04:55:12 GMT
Last-Modified: Sat, 11 Sep 2021 09:11:05 GMT
Expires: Thu, 14 Dec 2023 04:55:12 GMT
Age: 791342
Cache-Control: max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xg03:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-05, HIT from KS-CLOUD-XG-FOREIGN-03-06
X-Cdn-Request-ID: 6d897f229ccf34bcb987dafbf0804b5f
5y7wpn.gaokejd.xyz/fserver/files/gb/627/carousel/10182/1694949241591.png?wsSecret=f684e13cc0cdb46deaf1b4413975a28e&wsTime=1700729054
200 OK 193 kB URL GET HTTP/1.1 5y7wpn.gaokejd.xyz/fserver/files/gb/627/carousel/10182/1694949241591.png?wsSecret=f684e13cc0cdb46deaf1b4413975a28e&wsTime=1700729054
IP
ASN #137280 Kingsoft cloud corporation limited
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type PNG image data, 844 x 214, 8-bit/color RGBA, non-interlaced\012- data
Size 193 kB (193086 bytes)
Hash f5cdf0371701588ef59a91dbee1b2a1e
77d260c8b5541f457c2ce6b85e577172cc7ba64f
0790644fa30ae6b56e3f19b30b8135eca561762fc79849ecca3564912e88e2bd
GET /fserver/files/gb/627/carousel/10182/1694949241591.png?wsSecret=f684e13cc0cdb46deaf1b4413975a28e&wsTime=1700729054 HTTP/1.1
Host: 5y7wpn.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 193086
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-03
ETag: "6506df79-2f23e"
Date: Tue, 14 Nov 2023 04:55:13 GMT
Last-Modified: Sun, 17 Sep 2023 11:14:01 GMT
Expires: Thu, 14 Dec 2023 04:55:13 GMT
Age: 791342
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xg03:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-03, HIT from KS-CLOUD-XG-FOREIGN-03-11
X-Cdn-Request-ID: d169feb61bea5aed844a1be3a0f7527b
5y7wpn.gaokejd.xyz/fserver/files/gb/1272/sportTeam/49/1596773302324.png?wsSecret=014836bff9854b3a816fa090d7dadc52&wsTime=1700729054
200 OK 76 kB URL GET HTTP/1.1 5y7wpn.gaokejd.xyz/fserver/files/gb/1272/sportTeam/49/1596773302324.png?wsSecret=014836bff9854b3a816fa090d7dadc52&wsTime=1700729054
IP
ASN #137280 Kingsoft cloud corporation limited
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type PNG image data, 1200 x 1200, 8-bit colormap, non-interlaced\012- data
Hash 14fbec2c35fb4af157d1ef484f23b4a0
5f80bc5fd6a3dec3c6bd3b5fb2f6d6864cd4f485
dd313539a327db1a11dc1dc4050a02bb214c74a7830b6709afff9e4877d52a9f
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /fserver/files/gb/1272/sportTeam/49/1596773302324.png?wsSecret=014836bff9854b3a816fa090d7dadc52&wsTime=1700729054 HTTP/1.1
Host: 5y7wpn.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 76307
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-06
ETag: "61809164-12a13"
Date: Mon, 20 Nov 2023 16:40:24 GMT
Last-Modified: Tue, 02 Nov 2021 01:16:20 GMT
Expires: Wed, 20 Dec 2023 16:40:24 GMT
Age: 230631
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xg03:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-06, HIT from KS-CLOUD-XG-03-13
X-Cdn-Request-ID: 88476d1d495ee7543c6d6fe687da011c
5y7wpn.gaokejd.xyz/fserver/files/gb/141/sportTeam/5/1692343486202.png?wsSecret=1c753a9fdbdbea087bff062cd4c2e35e&wsTime=1700729054
200 OK 20 kB URL GET HTTP/1.1 5y7wpn.gaokejd.xyz/fserver/files/gb/141/sportTeam/5/1692343486202.png?wsSecret=1c753a9fdbdbea087bff062cd4c2e35e&wsTime=1700729054
IP
ASN #137280 Kingsoft cloud corporation limited
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced\012- data
Hash c405ceea18b170b3f15288610a3109fe
e46a14a2380c0c8bc909fc8bd39de7bdc2fe4b5b
ced2b48e43fdebc67c47c5d862045b0b4aa6a4630fde10ea0c6dc3d3c2149ced
GET /fserver/files/gb/141/sportTeam/5/1692343486202.png?wsSecret=1c753a9fdbdbea087bff062cd4c2e35e&wsTime=1700729054 HTTP/1.1
Host: 5y7wpn.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 19648
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-05
ETag: "64df1cbe-4cc0"
Date: Wed, 15 Nov 2023 16:43:21 GMT
Last-Modified: Fri, 18 Aug 2023 07:24:46 GMT
Expires: Fri, 15 Dec 2023 16:43:21 GMT
Age: 662454
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xg03:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-05, HIT from KS-CLOUD-XG-03-09
X-Cdn-Request-ID: daa47da9d59524188e0341c3cc1446af
5y7wpn.gaokejd.xyz/fserver/files/sportTeam/football/es06.png?wsSecret=606a786f7a8d73600c49028adfcdeb7e&wsTime=1700729054
200 OK 4.2 kB URL GET HTTP/1.1 5y7wpn.gaokejd.xyz/fserver/files/sportTeam/football/es06.png?wsSecret=606a786f7a8d73600c49028adfcdeb7e&wsTime=1700729054
IP
ASN #138915 Kaopu Cloud HK Limited
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type PNG image data, 150 x 150, 8-bit colormap, non-interlaced\012- data
Hash 5272f254fce87913fa8649fc67a5baa4
68dee8ce218806e009bf488f1244eced450338b0
4053841e54c3a7d004d486309ad497fa2009170f09170809eb642377b3b2b463
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /fserver/files/sportTeam/football/es06.png?wsSecret=606a786f7a8d73600c49028adfcdeb7e&wsTime=1700729054 HTTP/1.1
Host: 5y7wpn.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 4187
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-01
ETag: "5bed35d0-105b"
Date: Wed, 15 Nov 2023 16:43:21 GMT
Last-Modified: Thu, 15 Nov 2018 09:01:04 GMT
Expires: Fri, 15 Dec 2023 16:43:21 GMT
Age: 662454
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-01, HIT from KS-CLOUD-XG-FOREIGN-21-17
X-Cdn-Request-ID: c272d90c8bbbd83b65a183e156bba492
5y7wpn.gaokejd.xyz/fserver/files/gb/1272/sportTeam/49/1597293413453.png?wsSecret=786dd47c2c41c76545a50359c330a760&wsTime=1700729054
200 OK 183 kB URL GET HTTP/1.1 5y7wpn.gaokejd.xyz/fserver/files/gb/1272/sportTeam/49/1597293413453.png?wsSecret=786dd47c2c41c76545a50359c330a760&wsTime=1700729054
IP
ASN #138915 Kaopu Cloud HK Limited
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type PNG image data, 4000 x 2574, 8-bit colormap, non-interlaced\012- data
Size 183 kB (182807 bytes)
Hash bc1a9fdeab762a7930a8e45f6c6d42b2
4d476e021f9834d417422fab1000c45176ac19b4
b46b8211dc75109f59cf2dee7de4cb806fb9d1445ddfa389114f8f86b9175ae9
GET /fserver/files/gb/1272/sportTeam/49/1597293413453.png?wsSecret=786dd47c2c41c76545a50359c330a760&wsTime=1700729054 HTTP/1.1
Host: 5y7wpn.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 182807
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-06
ETag: "6379b39f-2ca17"
Date: Mon, 20 Nov 2023 16:40:25 GMT
Last-Modified: Sun, 20 Nov 2022 04:57:03 GMT
Expires: Wed, 20 Dec 2023 16:40:25 GMT
Age: 230630
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xg21:443;xg12:80;
X-Cache-Status: PENDING from KS-CLOUD-XG-FOREIGN-12-06, HIT from KS-CLOUD-XG-FOREIGN-21-09
X-Cdn-Request-ID: 813eb221f4ba6dc6838e92c7246d0e81
5y7wpn.gaokejd.xyz/fserver/files/gb/1555/sportTeam/49/1664977001573.png?wsSecret=30ef6253611bcdb89a13942b1f594638&wsTime=1700729054
200 OK 28 kB URL GET HTTP/1.1 5y7wpn.gaokejd.xyz/fserver/files/gb/1555/sportTeam/49/1664977001573.png?wsSecret=30ef6253611bcdb89a13942b1f594638&wsTime=1700729054
IP
ASN #137280 Kingsoft cloud corporation limited
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type PNG image data, 200 x 200, 8-bit/color RGBA, non-interlaced\012- data
Hash 2d5ff96bc853014504dbcf4f147a41b9
b38d64285b89069241e01556672b281f19a72a2e
66fdd51cabeec6c53928bd88e7eb76cc827561b956b7bcc95f01014eeda2e49f
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /fserver/files/gb/1555/sportTeam/49/1664977001573.png?wsSecret=30ef6253611bcdb89a13942b1f594638&wsTime=1700729054 HTTP/1.1
Host: 5y7wpn.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 28075
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-06
ETag: "633d8869-6dab"
Date: Tue, 14 Nov 2023 04:55:14 GMT
Last-Modified: Wed, 05 Oct 2022 13:36:41 GMT
Expires: Thu, 14 Dec 2023 04:55:14 GMT
Age: 791341
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xg03:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-06, HIT from KS-CLOUD-XG-FOREIGN-03-08
X-Cdn-Request-ID: f6424c7dda78236021f96e4bd981a14a
vue.livehelp100service.com/visitorside/js/common.301a4410.js
200 OK 27 kB URL GET HTTP/2 vue.livehelp100service.com/visitorside/js/common.301a4410.js
IP
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerAmazon
Subject*.livehelp100service.com
Fingerprint77:2D:5A:72:73:6B:79:7B:5B:7B:23:F0:4F:18:3B:D1:07:EF:47:E1
ValidityMon, 30 Oct 2023 00:00:00 GMT - Thu, 28 Nov 2024 23:59:59 GMT
File type Unicode text, UTF-8 text, with very long lines (62098)
Hash 0d1c89d5e1f9cc80c884603bbdd7eae0
35e40a5dc43220d1c6f4e9770c08726e6eaf3ccb
27b06add84acc892f4cd15007e2cb177fdfe0717ea2988390e21df5a02c5e75c
GET /visitorside/js/common.301a4410.js HTTP/1.1
Host: vue.livehelp100service.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://d.313vip37.xyz:8989
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript
date: Thu, 23 Nov 2023 07:04:24 GMT
server: nginx/1.22.1
last-modified: Tue, 14 Nov 2023 03:13:34 GMT
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
access-control-expose-headers: Content-Length,Content-Range
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: br
etag: W/"6552e5de-10474"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 80d21802b1b80c40e55ccf83433b8eac.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: f7FUl5mWimmpbz13X2NZGnqIn0EqxneAORBLxSOpWe-PLcBd0N3VJg==
age: 5988
X-Firefox-Spdy: h2
5y7wpn.gaokejd.xyz/fserver/files/gb/1377/sportTeam/48/1599484638979.png?wsSecret=2c6ef5b759206ab99df608945d70d6fa&wsTime=1700729054
200 OK 6.0 kB URL GET HTTP/1.1 5y7wpn.gaokejd.xyz/fserver/files/gb/1377/sportTeam/48/1599484638979.png?wsSecret=2c6ef5b759206ab99df608945d70d6fa&wsTime=1700729054
IP
ASN #137280 Kingsoft cloud corporation limited
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type PNG image data, 150 x 150, 8-bit colormap, non-interlaced\012- data
Hash 4699512e0ddddd358b40f3791364269f
ef1620f851c99efea506d913380fd82a842fe748
fb2fe393b9ede9c096b8f46f001b3d71be212a1a0332f9eb44f34a7ff8d5db30
GET /fserver/files/gb/1377/sportTeam/48/1599484638979.png?wsSecret=2c6ef5b759206ab99df608945d70d6fa&wsTime=1700729054 HTTP/1.1
Host: 5y7wpn.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 5991
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-04
ETag: "5f5621ed-1767"
Date: Tue, 14 Nov 2023 04:55:14 GMT
Last-Modified: Mon, 07 Sep 2020 12:05:01 GMT
Expires: Thu, 14 Dec 2023 04:55:14 GMT
Age: 791341
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xg03:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-04, HIT from KS-CLOUD-XG-FOREIGN-03-11
X-Cdn-Request-ID: ea8bb02b035f10fa8eb2b724337f1fe8
5y7wpn.gaokejd.xyz/fserver/files/sportTeam/football/it12.png?wsSecret=2392fdd3db00c09e8b68b6b06ac7426e&wsTime=1700729054
200 OK 4.1 kB URL GET HTTP/1.1 5y7wpn.gaokejd.xyz/fserver/files/sportTeam/football/it12.png?wsSecret=2392fdd3db00c09e8b68b6b06ac7426e&wsTime=1700729054
IP
ASN #137280 Kingsoft cloud corporation limited
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type PNG image data, 150 x 150, 8-bit colormap, non-interlaced\012- data
Hash 89364ce1fd7101f097deb9b672be9f6d
aa1f142cc608f935cefdaeedf52860ebf91fb7db
c5f6326aabca1589967ef9bcd2b29a6ee1512da61f5f2ce7b30baf6a85c443f5
GET /fserver/files/sportTeam/football/it12.png?wsSecret=2392fdd3db00c09e8b68b6b06ac7426e&wsTime=1700729054 HTTP/1.1
Host: 5y7wpn.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 4063
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-02
ETag: "5bed34c4-fdf"
Date: Tue, 14 Nov 2023 04:55:15 GMT
Last-Modified: Thu, 15 Nov 2018 08:56:36 GMT
Expires: Thu, 14 Dec 2023 04:55:15 GMT
Age: 791341
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xg03:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-02, HIT from KS-CLOUD-XG-03-14
X-Cdn-Request-ID: c756329a7054f00f0cb921933341dedd
5y7wpn.gaokejd.xyz/fserver/files/sportTeam/football/en11.png?wsSecret=917223a24e696c79c4d0a5352035517d&wsTime=1700729054
200 OK 22 kB URL GET HTTP/1.1 5y7wpn.gaokejd.xyz/fserver/files/sportTeam/football/en11.png?wsSecret=917223a24e696c79c4d0a5352035517d&wsTime=1700729054
IP
ASN #138915 Kaopu Cloud HK Limited
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced\012- data
Hash 249225e8af0a72a2ea6390afe5672f1f
e61a16997a24337a16e27be4cd8e87840760487d
426ddf3584e1c7bee6ebddff437b55f5202c03086cc4c53a538f1265e87c0d3c
GET /fserver/files/sportTeam/football/en11.png?wsSecret=917223a24e696c79c4d0a5352035517d&wsTime=1700729054 HTTP/1.1
Host: 5y7wpn.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 21845
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-02
ETag: "5beb9c4c-5555"
Date: Tue, 14 Nov 2023 04:55:14 GMT
Last-Modified: Wed, 14 Nov 2018 03:53:48 GMT
Expires: Thu, 14 Dec 2023 04:55:14 GMT
Age: 791341
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-02, HIT from KS-CLOUD-XG-FOREIGN-21-15
X-Cdn-Request-ID: 971582bbee218f8e492499036e236cfb
5y7wpn.gaokejd.xyz/fserver/files/sportTeam/football/es04.png?wsSecret=725037ba97f8ac7170036150f19ab33c&wsTime=1700729054
200 OK 5.1 kB URL GET HTTP/1.1 5y7wpn.gaokejd.xyz/fserver/files/sportTeam/football/es04.png?wsSecret=725037ba97f8ac7170036150f19ab33c&wsTime=1700729054
IP
ASN #137280 Kingsoft cloud corporation limited
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type PNG image data, 150 x 150, 8-bit colormap, non-interlaced\012- data
Hash 8aa9fdc9d7f19da19eccb8f576b5e81a
55dd0b06cdfea93c034898be3f02ec0ef20857f6
b0ae65d92441c1d72564c50534fef0d9a77b154230729ad0130d25eb0ef0516f
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /fserver/files/sportTeam/football/es04.png?wsSecret=725037ba97f8ac7170036150f19ab33c&wsTime=1700729054 HTTP/1.1
Host: 5y7wpn.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 5113
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-01
ETag: "5bed35d2-13f9"
Date: Tue, 14 Nov 2023 04:55:13 GMT
Last-Modified: Thu, 15 Nov 2018 09:01:06 GMT
Expires: Thu, 14 Dec 2023 04:55:13 GMT
Age: 791343
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xg03:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-01, HIT from KS-CLOUD-XG-03-03
X-Cdn-Request-ID: d20117d1f501b59e397573eab3414e7b
5y7wpn.gaokejd.xyz/fserver/files/sportTeam/football/it15.png?wsSecret=346df1041c3c090b08f6a2a4399fc0c8&wsTime=1700729054
200 OK 3.6 kB URL GET HTTP/1.1 5y7wpn.gaokejd.xyz/fserver/files/sportTeam/football/it15.png?wsSecret=346df1041c3c090b08f6a2a4399fc0c8&wsTime=1700729054
IP
ASN #137280 Kingsoft cloud corporation limited
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type PNG image data, 150 x 150, 8-bit colormap, non-interlaced\012- data
Hash 59d78d849c6ee0380da2946a1ab83b5b
d5331efee7750b3abd8c6ed8fbcdf5e9def6b798
273532c2c77aca391e2af97ae2af404dc64a7bbf181488510ed12a0576436f6f
GET /fserver/files/sportTeam/football/it15.png?wsSecret=346df1041c3c090b08f6a2a4399fc0c8&wsTime=1700729054 HTTP/1.1
Host: 5y7wpn.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 3581
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-06
ETag: "5bed34c6-dfd"
Date: Fri, 17 Nov 2023 16:22:20 GMT
Last-Modified: Thu, 15 Nov 2018 08:56:38 GMT
Expires: Sun, 17 Dec 2023 16:22:20 GMT
Age: 490915
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xg03:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-06, HIT from KS-CLOUD-XG-FOREIGN-03-06
X-Cdn-Request-ID: ead1931e7b4b492d648c567ac83144a1
5y7wpn.gaokejd.xyz/fserver/files/sportTeam/football/it14.png?wsSecret=606e8ba36709e2c20f34c155071636ef&wsTime=1700729054
200 OK 11 kB URL GET HTTP/1.1 5y7wpn.gaokejd.xyz/fserver/files/sportTeam/football/it14.png?wsSecret=606e8ba36709e2c20f34c155071636ef&wsTime=1700729054
IP
ASN #137280 Kingsoft cloud corporation limited
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type PNG image data, 150 x 150, 8-bit colormap, non-interlaced\012- data
Hash af93b382c7d8ad911f6dd1d31c9c9d8e
a42bb9ac924794ebd3362b191979c88444f5c0ce
89892bbd7eb0aa56bec6a17b9f5872990033d4e5eb8b1547dabb45130e8edf03
GET /fserver/files/sportTeam/football/it14.png?wsSecret=606e8ba36709e2c20f34c155071636ef&wsTime=1700729054 HTTP/1.1
Host: 5y7wpn.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 10965
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-03
ETag: "5bed34c8-2ad5"
Date: Tue, 14 Nov 2023 04:55:14 GMT
Last-Modified: Thu, 15 Nov 2018 08:56:40 GMT
Expires: Thu, 14 Dec 2023 04:55:14 GMT
Age: 791342
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xg03:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-03, HIT from KS-CLOUD-XG-FOREIGN-03-07
X-Cdn-Request-ID: 9ce9ae8e7f6152c8d074daf81854f308
5y7wpn.gaokejd.xyz/fserver/files/gb/1272/sportTeam/1/1620130580209.png?wsSecret=a419ef67c113e55635c7ab7819910fb9&wsTime=1700729054
200 OK 85 kB URL GET HTTP/1.1 5y7wpn.gaokejd.xyz/fserver/files/gb/1272/sportTeam/1/1620130580209.png?wsSecret=a419ef67c113e55635c7ab7819910fb9&wsTime=1700729054
IP
ASN #138915 Kaopu Cloud HK Limited
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type PNG image data, 256 x 260, 8-bit/color RGB, non-interlaced\012- data
Hash 7eaced594befc61e2ddbbbc55b771cf0
9e1a5ad65af14be29cb96508c18c28c64c829809
fb1e0d4a9f5f6723173afe5f99d94a8b45b07472f2d17ee2c8d7a4cef639713d
GET /fserver/files/gb/1272/sportTeam/1/1620130580209.png?wsSecret=a419ef67c113e55635c7ab7819910fb9&wsTime=1700729054 HTTP/1.1
Host: 5y7wpn.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 84999
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-03
ETag: "60913b14-14c07"
Date: Tue, 14 Nov 2023 04:55:14 GMT
Last-Modified: Tue, 04 May 2021 12:16:20 GMT
Expires: Thu, 14 Dec 2023 04:55:14 GMT
Age: 791341
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-03, HIT from KS-CLOUD-XG-FOREIGN-21-07
X-Cdn-Request-ID: ff081f08cd67fff9d3ecbad9f859df85
5y7wpn.gaokejd.xyz/fserver/files/sportTeam/football/it09.png?wsSecret=5a9ded20058ea73bfcafedc72b5675c0&wsTime=1700729054
200 OK 5.9 kB URL GET HTTP/1.1 5y7wpn.gaokejd.xyz/fserver/files/sportTeam/football/it09.png?wsSecret=5a9ded20058ea73bfcafedc72b5675c0&wsTime=1700729054
IP
ASN #137280 Kingsoft cloud corporation limited
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type PNG image data, 150 x 150, 8-bit colormap, non-interlaced\012- data
Hash 24fe79a84f7fb9ea7310eada69adbced
bb91799145cb082bfc195521ed9b5f32beb08597
16eab4ca9571da5f451b70ec61d9b7d14bf85c297bda33e58739237866086fce
GET /fserver/files/sportTeam/football/it09.png?wsSecret=5a9ded20058ea73bfcafedc72b5675c0&wsTime=1700729054 HTTP/1.1
Host: 5y7wpn.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 5944
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-01
ETag: "5bed34c0-1738"
Date: Fri, 17 Nov 2023 16:22:19 GMT
Last-Modified: Thu, 15 Nov 2018 08:56:32 GMT
Expires: Sun, 17 Dec 2023 16:22:19 GMT
Age: 490917
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xg03:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-01, HIT from KS-CLOUD-XG-FOREIGN-03-08
X-Cdn-Request-ID: f9de067e7fa6800feef6e54f1513f3a2
5y7wpn.gaokejd.xyz/fserver/files/sportTeam/football/en06.png?wsSecret=c22639f32d60fbe4524feaf57af8eabf&wsTime=1700729054
200 OK 8.3 kB URL GET HTTP/1.1 5y7wpn.gaokejd.xyz/fserver/files/sportTeam/football/en06.png?wsSecret=c22639f32d60fbe4524feaf57af8eabf&wsTime=1700729054
IP
ASN #138915 Kaopu Cloud HK Limited
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type PNG image data, 150 x 150, 8-bit colormap, non-interlaced\012- data
Hash 8c597c02135fc6dd1fcd25fbb155bf64
1766765d593b2cfbd199e178d95a4257a6d23fd5
4307d34ec5c483ad4cb5e09b33691f5725a301a68eea661243ce89110587646c
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /fserver/files/sportTeam/football/en06.png?wsSecret=c22639f32d60fbe4524feaf57af8eabf&wsTime=1700729054 HTTP/1.1
Host: 5y7wpn.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 8266
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-01
ETag: "5beb9668-204a"
Date: Tue, 14 Nov 2023 04:55:15 GMT
Last-Modified: Wed, 14 Nov 2018 03:28:40 GMT
Expires: Thu, 14 Dec 2023 04:55:15 GMT
Age: 791340
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xg21:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-01, HIT from KS-CLOUD-XG-FOREIGN-21-15
X-Cdn-Request-ID: b4a9896df30f600d1f4c8a4fc48795c6
5y7wpn.gaokejd.xyz/fserver/files/sportTeam/football/fr27.png?wsSecret=de836acb739088ccb34bd1d7063bfee4&wsTime=1700729054
200 OK 5.3 kB URL GET HTTP/1.1 5y7wpn.gaokejd.xyz/fserver/files/sportTeam/football/fr27.png?wsSecret=de836acb739088ccb34bd1d7063bfee4&wsTime=1700729054
IP
ASN #137280 Kingsoft cloud corporation limited
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type PNG image data, 150 x 150, 8-bit colormap, non-interlaced\012- data
Hash 8ebade574cca1f25cfe97bfc609e552d
49cd04b18560d6224a6fe1752294673d30140136
3894228ba3704c8980366724fb4e140d256ed9429ee1b83d4741dfef13a39492
GET /fserver/files/sportTeam/football/fr27.png?wsSecret=de836acb739088ccb34bd1d7063bfee4&wsTime=1700729054 HTTP/1.1
Host: 5y7wpn.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 5291
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-04
ETag: "5beba074-14ab"
Date: Wed, 22 Nov 2023 17:20:50 GMT
Last-Modified: Wed, 14 Nov 2018 04:11:32 GMT
Expires: Fri, 22 Dec 2023 17:20:50 GMT
Age: 55405
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xg03:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-04, HIT from KS-CLOUD-XG-03-09
X-Cdn-Request-ID: 84adca197c9baf0bf0135faaf69b1479
5y7wpn.gaokejd.xyz/fserver/files/sportTeam/football/nba16.png?wsSecret=eccc238dfb698d537218254f04fd2aec&wsTime=1700729054
200 OK 38 kB URL GET HTTP/1.1 5y7wpn.gaokejd.xyz/fserver/files/sportTeam/football/nba16.png?wsSecret=eccc238dfb698d537218254f04fd2aec&wsTime=1700729054
IP
ASN #137280 Kingsoft cloud corporation limited
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced\012- data
Hash 8a16c398ca4f60075accff4b41ee35f4
49a7e0d3999d79011c7261414a502e05703f5e06
a707a11fc016f6313134d76e2dc893256eef9b4e5ca4be2cced921f25645b698
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /fserver/files/sportTeam/football/nba16.png?wsSecret=eccc238dfb698d537218254f04fd2aec&wsTime=1700729054 HTTP/1.1
Host: 5y7wpn.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 37673
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-05
ETag: "5c08fc44-9329"
Date: Tue, 14 Nov 2023 04:55:16 GMT
Last-Modified: Thu, 06 Dec 2018 10:39:00 GMT
Expires: Thu, 14 Dec 2023 04:55:16 GMT
Age: 791339
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xg03:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-05, HIT from KS-CLOUD-XG-FOREIGN-03-05
X-Cdn-Request-ID: 2a2fcc884c1c4664187a204658d52cad
5y7wpn.gaokejd.xyz/fserver/files/sportTeam/football/nba29.png?wsSecret=35506840eed7dc8e8ba2a3d0513f11f8&wsTime=1700729054
200 OK 12 kB URL GET HTTP/1.1 5y7wpn.gaokejd.xyz/fserver/files/sportTeam/football/nba29.png?wsSecret=35506840eed7dc8e8ba2a3d0513f11f8&wsTime=1700729054
IP
ASN #137280 Kingsoft cloud corporation limited
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced\012- data
Hash 6721701536e064c776e38b1b0ff8cb52
928f0a6538598c8b9b8d04c6fd67944f7f3f7d41
d051180da769f2bbf6d04579a034a9bbb99befa618e96a72b8032e9d50f6d795
GET /fserver/files/sportTeam/football/nba29.png?wsSecret=35506840eed7dc8e8ba2a3d0513f11f8&wsTime=1700729054 HTTP/1.1
Host: 5y7wpn.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 12438
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-05
ETag: "5c08ff90-3096"
Date: Wed, 15 Nov 2023 16:59:28 GMT
Last-Modified: Thu, 06 Dec 2018 10:53:04 GMT
Expires: Fri, 15 Dec 2023 16:59:28 GMT
Age: 661488
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xg03:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-05, HIT from KS-CLOUD-XG-03-13
X-Cdn-Request-ID: ba9a2e4a6be05f85c4d6b3ca08e8eccb
5y7wpn.gaokejd.xyz/fserver/files/sportTeam/football/fr20.png?wsSecret=8b75ab12d64a36e345822ca72dee8f6d&wsTime=1700729054
200 OK 38 kB URL GET HTTP/1.1 5y7wpn.gaokejd.xyz/fserver/files/sportTeam/football/fr20.png?wsSecret=8b75ab12d64a36e345822ca72dee8f6d&wsTime=1700729054
IP
ASN #137280 Kingsoft cloud corporation limited
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced\012- data
Hash 6d26807c1d12adeb79ccca0c610e357d
b22ae7e1ed5e881ac810b7497eac50c766a2e352
6c34f24c0a5a78e2c8158e13f99a0639a02e345708819c59e37329bbf2ca2fb0
GET /fserver/files/sportTeam/football/fr20.png?wsSecret=8b75ab12d64a36e345822ca72dee8f6d&wsTime=1700729054 HTTP/1.1
Host: 5y7wpn.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 38311
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-06
ETag: "5bed3728-95a7"
Date: Tue, 14 Nov 2023 04:55:15 GMT
Last-Modified: Thu, 15 Nov 2018 09:06:48 GMT
Expires: Thu, 14 Dec 2023 04:55:15 GMT
Age: 791340
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xg03:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-06, HIT from KS-CLOUD-XG-FOREIGN-03-10
X-Cdn-Request-ID: caf5d6c71c76f4b27ea58d909d2c57f8
5y7wpn.gaokejd.xyz/fserver/files/sportTeam/football/fr08.png?wsSecret=78c5569d0f566d11f6d10fbb7ad91f24&wsTime=1700729054
200 OK 9.0 kB URL GET HTTP/1.1 5y7wpn.gaokejd.xyz/fserver/files/sportTeam/football/fr08.png?wsSecret=78c5569d0f566d11f6d10fbb7ad91f24&wsTime=1700729054
IP
ASN #138915 Kaopu Cloud HK Limited
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type PNG image data, 150 x 150, 8-bit colormap, non-interlaced\012- data
Hash 32e7ed2700c905bb90f12f13805bcebc
95b758f9bf8e31b4749f3caae69b98e98097b003
1129068008ab46c365f0338531810dbb872948d50490bd73069fcb7aee0c3ebe
GET /fserver/files/sportTeam/football/fr08.png?wsSecret=78c5569d0f566d11f6d10fbb7ad91f24&wsTime=1700729054 HTTP/1.1
Host: 5y7wpn.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 9036
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-06
ETag: "5bed3722-234c"
Date: Tue, 14 Nov 2023 04:55:15 GMT
Last-Modified: Thu, 15 Nov 2018 09:06:42 GMT
Expires: Thu, 14 Dec 2023 04:55:15 GMT
Age: 791341
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-06, HIT from KS-CLOUD-XG-FOREIGN-21-13
X-Cdn-Request-ID: 451c391fc301e0e689700b5d35ce5855
5y7wpn.gaokejd.xyz/fserver/files/gb/950/sportTeam/5/1673036026164.png?wsSecret=55fc992cb2513f0377f960849bf2be53&wsTime=1700729054
200 OK 30 kB URL GET HTTP/1.1 5y7wpn.gaokejd.xyz/fserver/files/gb/950/sportTeam/5/1673036026164.png?wsSecret=55fc992cb2513f0377f960849bf2be53&wsTime=1700729054
IP
ASN #138915 Kaopu Cloud HK Limited
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced\012- data
Hash e2211461e095ca8d7d3e80c0c8c99ce7
fe6cdadefe76bdf07acbac9061f106610fce0b93
0d93f1bd751406d7894576d704dfa96c4796d53c724dafbc680e57690c52b8de
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /fserver/files/gb/950/sportTeam/5/1673036026164.png?wsSecret=55fc992cb2513f0377f960849bf2be53&wsTime=1700729054 HTTP/1.1
Host: 5y7wpn.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 29758
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-03
ETag: "63b880fa-743e"
Date: Fri, 17 Nov 2023 16:30:13 GMT
Last-Modified: Fri, 06 Jan 2023 20:13:46 GMT
Expires: Sun, 17 Dec 2023 16:30:13 GMT
Age: 490443
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-03, HIT from KS-CLOUD-XG-FOREIGN-21-06
X-Cdn-Request-ID: 455fc0ce473df42f511c9e9ded185670
5y7wpn.gaokejd.xyz/fserver/files/gb/388/sportTeam/49/1618352303443.png?wsSecret=28b1b76d303f647069899075ef70a8db&wsTime=1700729054
200 OK 12 kB URL GET HTTP/1.1 5y7wpn.gaokejd.xyz/fserver/files/gb/388/sportTeam/49/1618352303443.png?wsSecret=28b1b76d303f647069899075ef70a8db&wsTime=1700729054
IP
ASN #137280 Kingsoft cloud corporation limited
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type PNG image data, 330 x 186, 8-bit/color RGBA, non-interlaced\012- data
Hash 9049cd5982fd357336d3fb06a4818f2c
6b832995e746fef146e577588fb819c0cc3f6cfc
d663069a41ae8d28e6f2b5e12fdf29a3ec24cd2d7ee6efb7b9899457c3099bc3
GET /fserver/files/gb/388/sportTeam/49/1618352303443.png?wsSecret=28b1b76d303f647069899075ef70a8db&wsTime=1700729054 HTTP/1.1
Host: 5y7wpn.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 11883
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-05
ETag: "607618af-2e6b"
Date: Mon, 20 Nov 2023 16:28:22 GMT
Last-Modified: Tue, 13 Apr 2021 22:18:23 GMT
Expires: Wed, 20 Dec 2023 16:28:22 GMT
Age: 231354
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xg03:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-05, HIT from KS-CLOUD-XG-03-09
X-Cdn-Request-ID: ae94bfdf105a2a14ff31cbbd926d0c6d
5y7wpn.gaokejd.xyz/fserver/files/gb/388/sportTeam/49/1618265491118.png?wsSecret=d431e138a7d25aa5ce6a421ad419403a&wsTime=1700729054
200 OK 74 kB URL GET HTTP/1.1 5y7wpn.gaokejd.xyz/fserver/files/gb/388/sportTeam/49/1618265491118.png?wsSecret=d431e138a7d25aa5ce6a421ad419403a&wsTime=1700729054
IP
ASN #137280 Kingsoft cloud corporation limited
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type PNG image data, 330 x 301, 8-bit/color RGBA, non-interlaced\012- data
Hash c409e661a000f1962381ff5f777de1cd
d704b46cf2fc94a900967fc41fb2fb087befc1d7
11b867da5ece12977681eeeab1fd47283b68a9c4c3111cb86ba9d04e795901a7
GET /fserver/files/gb/388/sportTeam/49/1618265491118.png?wsSecret=d431e138a7d25aa5ce6a421ad419403a&wsTime=1700729054 HTTP/1.1
Host: 5y7wpn.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 73638
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-05
ETag: "6074c593-11fa6"
Date: Mon, 20 Nov 2023 16:47:52 GMT
Last-Modified: Mon, 12 Apr 2021 22:11:31 GMT
Expires: Wed, 20 Dec 2023 16:47:52 GMT
Age: 230184
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xg03:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-05, HIT from KS-CLOUD-XG-03-13
X-Cdn-Request-ID: a3eadfb848e00b06509ce5e971463a94
5y7wpn.gaokejd.xyz/fserver/files/gb/1272/sportTeam/18/1603968153514.png?wsSecret=8ce86f0c7d0cc33c171092285414087a&wsTime=1700729054
200 OK 7.3 kB URL GET HTTP/1.1 5y7wpn.gaokejd.xyz/fserver/files/gb/1272/sportTeam/18/1603968153514.png?wsSecret=8ce86f0c7d0cc33c171092285414087a&wsTime=1700729054
IP
ASN #137280 Kingsoft cloud corporation limited
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type PNG image data, 136 x 160, 8-bit colormap, non-interlaced\012- data
Hash 509b7230478889e18f451b582ae1e1f1
9c54c7ff942daeb72cb0177384c414431744db61
ed77f50ee6311dcdba32ccbb9fd579f3cdea9fc32cdea4585201bc4991e24960
GET /fserver/files/gb/1272/sportTeam/18/1603968153514.png?wsSecret=8ce86f0c7d0cc33c171092285414087a&wsTime=1700729054 HTTP/1.1
Host: 5y7wpn.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 7290
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-04
ETag: "5f9a9c99-1c7a"
Date: Wed, 22 Nov 2023 17:32:30 GMT
Last-Modified: Thu, 29 Oct 2020 10:42:33 GMT
Expires: Fri, 22 Dec 2023 17:32:30 GMT
Age: 54706
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xg03:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-04, HIT from KS-CLOUD-XG-03-12
X-Cdn-Request-ID: c91b88006a34a087759cd48c94cb9d01
5y7wpn.gaokejd.xyz/fserver/files/gb/1272/sportTeam/49/1596876673983.png?wsSecret=47e9e5e43d46661b3439269367237ec1&wsTime=1700729054
200 OK 45 kB URL GET HTTP/1.1 5y7wpn.gaokejd.xyz/fserver/files/gb/1272/sportTeam/49/1596876673983.png?wsSecret=47e9e5e43d46661b3439269367237ec1&wsTime=1700729054
IP
ASN #137280 Kingsoft cloud corporation limited
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type PNG image data, 1200 x 1215, 8-bit colormap, non-interlaced\012- data
Hash d4f78c62ee5534abb54ce487e059dc5d
c332e4faffdcb9250201223c00cbdaf3cee500b4
f1fd481825f198a3a5f5c303dbe8323a1566c6f27130063be0b81c3351d76860
GET /fserver/files/gb/1272/sportTeam/49/1596876673983.png?wsSecret=47e9e5e43d46661b3439269367237ec1&wsTime=1700729054 HTTP/1.1
Host: 5y7wpn.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 44669
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-04
ETag: "635dc5ad-ae7d"
Date: Mon, 20 Nov 2023 16:47:52 GMT
Last-Modified: Sun, 30 Oct 2022 00:30:37 GMT
Expires: Wed, 20 Dec 2023 16:47:52 GMT
Age: 230184
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xg03:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-04, HIT from KS-CLOUD-XG-FOREIGN-03-11
X-Cdn-Request-ID: c32ea172651d411ce250e2a0dae826a5
5y7wpn.gaokejd.xyz/fserver/files/gb/1555/sportTeam/50/1665654312303.png?wsSecret=cd72a7ea913a36172ab655e64f0e754e&wsTime=1700729054
200 OK 23 kB URL GET HTTP/1.1 5y7wpn.gaokejd.xyz/fserver/files/gb/1555/sportTeam/50/1665654312303.png?wsSecret=cd72a7ea913a36172ab655e64f0e754e&wsTime=1700729054
IP
ASN #138915 Kaopu Cloud HK Limited
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type PNG image data, 200 x 200, 8-bit/color RGBA, non-interlaced\012- data
Hash c6e9969a1a4893650501013f38f4b295
b188479ce75700e175f68ec80c8f0d48d7ae055b
43f528704e6900b168aadbe2f637ac78c1ebf033fb2723fd7c5435797ad4d216
GET /fserver/files/gb/1555/sportTeam/50/1665654312303.png?wsSecret=cd72a7ea913a36172ab655e64f0e754e&wsTime=1700729054 HTTP/1.1
Host: 5y7wpn.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 22959
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-05
ETag: "6347de28-59af"
Date: Wed, 22 Nov 2023 17:32:29 GMT
Last-Modified: Thu, 13 Oct 2022 09:45:12 GMT
Expires: Fri, 22 Dec 2023 17:32:29 GMT
Age: 54707
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-05, HIT from KS-CLOUD-XG-FOREIGN-21-12
X-Cdn-Request-ID: 11d20b7e088c0567828fc1e0126f1f7e
5y7wpn.gaokejd.xyz/fserver/files/sportTeam/football/en04.png?wsSecret=337e12bcfa520d34bcbcd75faa7c616d&wsTime=1700729054
200 OK 9.9 kB URL GET HTTP/1.1 5y7wpn.gaokejd.xyz/fserver/files/sportTeam/football/en04.png?wsSecret=337e12bcfa520d34bcbcd75faa7c616d&wsTime=1700729054
IP
ASN #137280 Kingsoft cloud corporation limited
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type PNG image data, 150 x 150, 8-bit colormap, non-interlaced\012- data
Hash e0114cbba5dc0fa0f5e0172547f90d3e
85503a6a0e47a9f73e31a0a49d7fe98cf5c6cd09
9a3a86c7b79b5a9f65eb18b3d582976d6baf3ea6b740e008307efb8b056a487b
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /fserver/files/sportTeam/football/en04.png?wsSecret=337e12bcfa520d34bcbcd75faa7c616d&wsTime=1700729054 HTTP/1.1
Host: 5y7wpn.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 9919
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-06
ETag: "5beb967e-26bf"
Date: Tue, 14 Nov 2023 04:55:16 GMT
Last-Modified: Wed, 14 Nov 2018 03:29:02 GMT
Expires: Thu, 14 Dec 2023 04:55:16 GMT
Age: 791340
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xg03:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-06, HIT from KS-CLOUD-XG-FOREIGN-03-06
X-Cdn-Request-ID: 89c07cc1c34f506420debffa5c3cd7a9
5y7wpn.gaokejd.xyz/fserver/files/gb/1272/sportTeam/1/1599878166834.png?wsSecret=3e049617eeafa06a42ee5d67a5439fb5&wsTime=1700729054
200 OK 115 kB URL GET HTTP/1.1 5y7wpn.gaokejd.xyz/fserver/files/gb/1272/sportTeam/1/1599878166834.png?wsSecret=3e049617eeafa06a42ee5d67a5439fb5&wsTime=1700729054
IP
ASN #137280 Kingsoft cloud corporation limited
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type PNG image data, 2254 x 3000, 8-bit colormap, non-interlaced\012- data
Size 115 kB (114693 bytes)
Hash da08a0611d7969e620a8cb738a9fb62e
7c2020422541084613882952f9e7ba5165fae5d9
83c611c5b6222261d0562274c9bbc8e654ab2e49c513e3f5ea644ad499c35474
GET /fserver/files/gb/1272/sportTeam/1/1599878166834.png?wsSecret=3e049617eeafa06a42ee5d67a5439fb5&wsTime=1700729054 HTTP/1.1
Host: 5y7wpn.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 114693
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-01
ETag: "6379b409-1c005"
Date: Fri, 17 Nov 2023 16:26:19 GMT
Last-Modified: Sun, 20 Nov 2022 04:58:49 GMT
Expires: Sun, 17 Dec 2023 16:26:19 GMT
Age: 490677
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xg03:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-01, HIT from KS-CLOUD-XG-03-12
X-Cdn-Request-ID: eb67e3a6230615978a66534df2a7fda6
5y7wpn.gaokejd.xyz/fserver/files/gb/1272/sportTeam/49/1596773325573.png?wsSecret=def625b8bbb455dd08cee73e186944ec&wsTime=1700729054
200 OK 95 kB URL GET HTTP/1.1 5y7wpn.gaokejd.xyz/fserver/files/gb/1272/sportTeam/49/1596773325573.png?wsSecret=def625b8bbb455dd08cee73e186944ec&wsTime=1700729054
IP
ASN #137280 Kingsoft cloud corporation limited
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type PNG image data, 1200 x 1683, 8-bit colormap, non-interlaced\012- data
Hash 9667fe384375641358e3d784742cd3fd
dc9ff20453eab03693b91defb163233978629688
91291411c3b2c01203eb1670110f9dd54b327af407b1721be67b3122b249accd
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /fserver/files/gb/1272/sportTeam/49/1596773325573.png?wsSecret=def625b8bbb455dd08cee73e186944ec&wsTime=1700729054 HTTP/1.1
Host: 5y7wpn.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 95107
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-04
ETag: "635dc5a1-17383"
Date: Wed, 22 Nov 2023 17:23:41 GMT
Last-Modified: Sun, 30 Oct 2022 00:30:25 GMT
Expires: Fri, 22 Dec 2023 17:23:41 GMT
Age: 55235
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xg03:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-04, HIT from KS-CLOUD-XG-FOREIGN-03-11
X-Cdn-Request-ID: 4ef994545d8c5de4928bba25c279f57e
5y7wpn.gaokejd.xyz/fserver/files/sportTeam/football/en01.png?wsSecret=4c797e7f9bc33ca94ff33eb4b9d3035a&wsTime=1700729054
200 OK 49 kB URL GET HTTP/1.1 5y7wpn.gaokejd.xyz/fserver/files/sportTeam/football/en01.png?wsSecret=4c797e7f9bc33ca94ff33eb4b9d3035a&wsTime=1700729054
IP
ASN #138915 Kaopu Cloud HK Limited
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced\012- data
Hash 5a0baa832720b327108f1551c3aad4a3
c7d0884bd10bf922986c98130a626d8ab9ce2747
10053ceb0259013248700786e1ead18a0d0bb947b5f83697232fc0833c0b3de1
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /fserver/files/sportTeam/football/en01.png?wsSecret=4c797e7f9bc33ca94ff33eb4b9d3035a&wsTime=1700729054 HTTP/1.1
Host: 5y7wpn.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 49300
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-05
ETag: "5beb963c-c094"
Date: Tue, 14 Nov 2023 04:55:14 GMT
Last-Modified: Wed, 14 Nov 2018 03:27:56 GMT
Expires: Thu, 14 Dec 2023 04:55:14 GMT
Age: 791342
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xg21:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-05, HIT from KS-CLOUD-XG-FOREIGN-21-17
X-Cdn-Request-ID: 680364ba860529213906e3c5c6579bb9
5y7wpn.gaokejd.xyz/fserver/files/sportTeam/football/en18.png?wsSecret=598df4ba30d1f5b9500b0ba5f321e9db&wsTime=1700729054
200 OK 3.0 kB URL GET HTTP/1.1 5y7wpn.gaokejd.xyz/fserver/files/sportTeam/football/en18.png?wsSecret=598df4ba30d1f5b9500b0ba5f321e9db&wsTime=1700729054
IP
ASN #137280 Kingsoft cloud corporation limited
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type PNG image data, 150 x 150, 8-bit colormap, non-interlaced\012- data
Hash 68607525a6a5940991ccd7bc9b98378f
0a1ae72e754180412b17d26ed70a5e9ff3a92110
82b3220756a2637c526467b98faeb1fc60a1b007e4d9f1499a3f03406f121165
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /fserver/files/sportTeam/football/en18.png?wsSecret=598df4ba30d1f5b9500b0ba5f321e9db&wsTime=1700729054 HTTP/1.1
Host: 5y7wpn.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 3044
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-02
ETag: "5bebb58c-be4"
Date: Fri, 17 Nov 2023 16:26:19 GMT
Last-Modified: Wed, 14 Nov 2018 05:41:32 GMT
Expires: Sun, 17 Dec 2023 16:26:19 GMT
Age: 490677
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xg03:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-02, HIT from KS-CLOUD-XG-FOREIGN-03-05
X-Cdn-Request-ID: 88d259593c3595545454a6681e3867a0
5y7wpn.gaokejd.xyz/fserver/files/gb/0/siteGameNavigation/0/1663921259266.png?wsSecret=325078768239958419ff80fd3b51469d&wsTime=1700729054
200 OK 9.9 kB URL GET HTTP/1.1 5y7wpn.gaokejd.xyz/fserver/files/gb/0/siteGameNavigation/0/1663921259266.png?wsSecret=325078768239958419ff80fd3b51469d&wsTime=1700729054
IP
ASN #137280 Kingsoft cloud corporation limited
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type PNG image data, 150 x 150, 8-bit colormap, non-interlaced\012- data
Hash bde2ef956bc333150f06f11a82e09aad
6a45da232d31fcb04c53ea9a57221c08fd176d08
c7bfe52050bcafc68a7b080e141cf5826761b67bc40fb89825b645eff5e8b3df
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /fserver/files/gb/0/siteGameNavigation/0/1663921259266.png?wsSecret=325078768239958419ff80fd3b51469d&wsTime=1700729054 HTTP/1.1
Host: 5y7wpn.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 9903
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-01
ETag: "632d6c6b-26af"
Date: Tue, 14 Nov 2023 04:55:14 GMT
Last-Modified: Fri, 23 Sep 2022 08:20:59 GMT
Expires: Thu, 14 Dec 2023 04:55:14 GMT
Age: 791343
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xg03:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-01, HIT from KS-CLOUD-XG-FOREIGN-03-08
X-Cdn-Request-ID: f4cdb8d3657ae754a6610d6539ef6cab
5y7wpn.gaokejd.xyz/fserver/files/sportTeam/football/en08.png?wsSecret=42a5b53b7a10ebd8c001df0bace4817d&wsTime=1700729054
200 OK 10 kB URL GET HTTP/1.1 5y7wpn.gaokejd.xyz/fserver/files/sportTeam/football/en08.png?wsSecret=42a5b53b7a10ebd8c001df0bace4817d&wsTime=1700729054
IP
ASN #138915 Kaopu Cloud HK Limited
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type PNG image data, 150 x 150, 8-bit colormap, non-interlaced\012- data
Hash f7b87ad1eaf860433f02fe9c1dbddea1
14aae2c75826d8225619fd8bbd91b4a1d2b96863
fbc843585a69f930d7efa0421832d1939cf45c73459ad5efad225e5041fcf63c
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /fserver/files/sportTeam/football/en08.png?wsSecret=42a5b53b7a10ebd8c001df0bace4817d&wsTime=1700729054 HTTP/1.1
Host: 5y7wpn.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 10483
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-03
ETag: "5beb9c48-28f3"
Date: Tue, 14 Nov 2023 04:55:15 GMT
Last-Modified: Wed, 14 Nov 2018 03:53:44 GMT
Expires: Thu, 14 Dec 2023 04:55:15 GMT
Age: 791341
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-03, HIT from KS-CLOUD-XG-FOREIGN-21-03
X-Cdn-Request-ID: 77c4e7bf8346b2fb0dee038b927af95f
5y7wpn.gaokejd.xyz/fserver/files/sportTeam/football/es12.png?wsSecret=2b93c0e34433876aee180d66800fd520&wsTime=1700729054
200 OK 8.2 kB URL GET HTTP/1.1 5y7wpn.gaokejd.xyz/fserver/files/sportTeam/football/es12.png?wsSecret=2b93c0e34433876aee180d66800fd520&wsTime=1700729054
IP
ASN #137280 Kingsoft cloud corporation limited
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type PNG image data, 150 x 150, 8-bit colormap, non-interlaced\012- data
Hash 7061c07a981e10b9e6c9c4bb345c5a42
f626c71322907a89b520e4fd432028ae9c2c16f7
b880fe92f0a2832c0f6d49eb558d6347dfe1d323cd77db796b21dab2216d8233
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /fserver/files/sportTeam/football/es12.png?wsSecret=2b93c0e34433876aee180d66800fd520&wsTime=1700729054 HTTP/1.1
Host: 5y7wpn.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 8169
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-03
ETag: "5bed35d0-1fe9"
Date: Tue, 14 Nov 2023 04:55:15 GMT
Last-Modified: Thu, 15 Nov 2018 09:01:04 GMT
Expires: Thu, 14 Dec 2023 04:55:15 GMT
Age: 791341
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xg03:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-03, HIT from KS-CLOUD-XG-FOREIGN-03-06
X-Cdn-Request-ID: 58fc8277f763f853be110d930f27ade2
5y7wpn.gaokejd.xyz/fserver/files/sportTeam/football/es07.png?wsSecret=a1abd355182c351e33004df65cc74960&wsTime=1700729054
200 OK 6.3 kB URL GET HTTP/1.1 5y7wpn.gaokejd.xyz/fserver/files/sportTeam/football/es07.png?wsSecret=a1abd355182c351e33004df65cc74960&wsTime=1700729054
IP
ASN #137280 Kingsoft cloud corporation limited
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type PNG image data, 150 x 150, 8-bit colormap, non-interlaced\012- data
Hash 0a5a822dd1a0e3dd352aa9f54390828a
630f04c1b8780645ec2e66e207e0591edbed4edc
18a8b3c7797fb4833a3348d600ee20868411dbd9b176df679a0cb22788c2992a
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /fserver/files/sportTeam/football/es07.png?wsSecret=a1abd355182c351e33004df65cc74960&wsTime=1700729054 HTTP/1.1
Host: 5y7wpn.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 6327
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-03
ETag: "5bed35ca-18b7"
Date: Tue, 14 Nov 2023 04:55:15 GMT
Last-Modified: Thu, 15 Nov 2018 09:00:58 GMT
Expires: Thu, 14 Dec 2023 04:55:15 GMT
Age: 791342
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xg03:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-03, HIT from KS-CLOUD-XG-03-14
X-Cdn-Request-ID: b4e623d7bcd353dd1c404b098283a268
5y7wpn.gaokejd.xyz/fserver/files/gb/627/sportTeam/91/1700068798763.png?wsSecret=06dfebd768a48526642725c89b1e0bf1&wsTime=1700729054
200 OK 13 kB URL GET HTTP/1.1 5y7wpn.gaokejd.xyz/fserver/files/gb/627/sportTeam/91/1700068798763.png?wsSecret=06dfebd768a48526642725c89b1e0bf1&wsTime=1700729054
IP
ASN #138915 Kaopu Cloud HK Limited
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type PNG image data, 200 x 200, 8-bit/color RGBA, non-interlaced\012- data
Hash 51ff7c9285d34d2cc2017208df3c5f44
7101461dbf1b468ec7474389c382bc21fe833f25
e5e8305b75588075dccf3a8e907dccc897bbd831f0984635b44a32eab3e30c0a
GET /fserver/files/gb/627/sportTeam/91/1700068798763.png?wsSecret=06dfebd768a48526642725c89b1e0bf1&wsTime=1700729054 HTTP/1.1
Host: 5y7wpn.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 12994
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-04
ETag: "6554fdbe-32c2"
Date: Wed, 15 Nov 2023 17:20:45 GMT
Last-Modified: Wed, 15 Nov 2023 17:19:58 GMT
Expires: Fri, 15 Dec 2023 17:20:45 GMT
Age: 660212
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xg21:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-04, HIT from KS-CLOUD-XG-FOREIGN-21-17
X-Cdn-Request-ID: 3ca1560b8813894816d8c4ebfc0c306a
5y7wpn.gaokejd.xyz/fserver/files/gb/1106/sportTeam/3/1660349131065.png?wsSecret=fbb38cbbc87cbe7b3124cd9f47b7f08f&wsTime=1700729054
200 OK 4.9 kB URL GET HTTP/1.1 5y7wpn.gaokejd.xyz/fserver/files/gb/1106/sportTeam/3/1660349131065.png?wsSecret=fbb38cbbc87cbe7b3124cd9f47b7f08f&wsTime=1700729054
IP
ASN #137280 Kingsoft cloud corporation limited
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type PNG image data, 96 x 96, 8-bit/color RGBA, non-interlaced\012- data
Hash 98341f317ca14a012fd2f8c8dbab1e56
11da0758bd6e7893d81bb665f0334832ba983aef
d899880da7811ae5b8d07f6f1d7eb1e93d9da3c4a1197a7a918491a2e71d835b
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /fserver/files/gb/1106/sportTeam/3/1660349131065.png?wsSecret=fbb38cbbc87cbe7b3124cd9f47b7f08f&wsTime=1700729054 HTTP/1.1
Host: 5y7wpn.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 4881
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-05
ETag: "62f6eacb-1311"
Date: Wed, 15 Nov 2023 17:13:42 GMT
Last-Modified: Sat, 13 Aug 2022 00:05:31 GMT
Expires: Fri, 15 Dec 2023 17:13:42 GMT
Age: 660635
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xg03:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-05, HIT from KS-CLOUD-XG-FOREIGN-03-07
X-Cdn-Request-ID: a3e09bf73592125749efaff56965086c
5y7wpn.gaokejd.xyz/fserver/files/gb/1272/sportTeam/18/1603181565361.png?wsSecret=da24c6f76e920967abe22c4347625b19&wsTime=1700729054
200 OK 9.4 kB URL GET HTTP/1.1 5y7wpn.gaokejd.xyz/fserver/files/gb/1272/sportTeam/18/1603181565361.png?wsSecret=da24c6f76e920967abe22c4347625b19&wsTime=1700729054
IP
ASN #137280 Kingsoft cloud corporation limited
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type PNG image data, 151 x 151, 8-bit colormap, non-interlaced\012- data
Hash 2fb4dd0419afd169e19a1eba1cca2099
03fb512b46794451e92a6612d9dd672c67559653
e5a51fd1dc52a263298a83eca300d1cbff1bb3d3266827a3c827cc4cfd121f0a
GET /fserver/files/gb/1272/sportTeam/18/1603181565361.png?wsSecret=da24c6f76e920967abe22c4347625b19&wsTime=1700729054 HTTP/1.1
Host: 5y7wpn.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 9365
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-01
ETag: "5f8e9bfd-2495"
Date: Wed, 22 Nov 2023 17:16:12 GMT
Last-Modified: Tue, 20 Oct 2020 08:12:45 GMT
Expires: Fri, 22 Dec 2023 17:16:12 GMT
Age: 55685
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xg03:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-01, HIT from KS-CLOUD-XG-03-14
X-Cdn-Request-ID: 60d7c387e63ab7f106af5286c5b1290c
5y7wpn.gaokejd.xyz/fserver/files/gb/1272/sportTeam/1/1609832470314.png?wsSecret=a26f7f7ab299eb615714a4a2a34c50de&wsTime=1700729054
200 OK 38 kB URL GET HTTP/1.1 5y7wpn.gaokejd.xyz/fserver/files/gb/1272/sportTeam/1/1609832470314.png?wsSecret=a26f7f7ab299eb615714a4a2a34c50de&wsTime=1700729054
IP
ASN #137280 Kingsoft cloud corporation limited
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type PNG image data, 220 x 220, 8-bit/color RGBA, non-interlaced\012- data
Hash 9407a5bd8b88c6b425bead4ff88eaee8
ddc5ad54dec603258f579f4c6824817cecc258d7
9804dbb56223e223577371c9e50a2b52c8621473b846350692b32221f26852e0
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /fserver/files/gb/1272/sportTeam/1/1609832470314.png?wsSecret=a26f7f7ab299eb615714a4a2a34c50de&wsTime=1700729054 HTTP/1.1
Host: 5y7wpn.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 38126
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-05
ETag: "5ff41816-94ee"
Date: Tue, 14 Nov 2023 04:55:14 GMT
Last-Modified: Tue, 05 Jan 2021 07:41:10 GMT
Expires: Thu, 14 Dec 2023 04:55:14 GMT
Age: 791343
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xg03:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-05, HIT from KS-CLOUD-XG-03-03
X-Cdn-Request-ID: b70dad59faf3e36b736445f01b6b55e2
5y7wpn.gaokejd.xyz/fserver/files/sportTeam/football/fr03.png?wsSecret=73199e4463ab50752c752b41fa2e411a&wsTime=1700729054
200 OK 4.6 kB URL GET HTTP/1.1 5y7wpn.gaokejd.xyz/fserver/files/sportTeam/football/fr03.png?wsSecret=73199e4463ab50752c752b41fa2e411a&wsTime=1700729054
IP
ASN #137280 Kingsoft cloud corporation limited
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type PNG image data, 150 x 150, 8-bit colormap, non-interlaced\012- data
Hash 09aa5c84ff28d137159577e1a7e30015
708dce5c55ff46c9e223ef729f1a3fe60b7216f2
1c41bffff1f4c67df313b96c9ae654cf645f94d862efaa3f1dab8b282793b3dd
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /fserver/files/sportTeam/football/fr03.png?wsSecret=73199e4463ab50752c752b41fa2e411a&wsTime=1700729054 HTTP/1.1
Host: 5y7wpn.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 4550
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-01
ETag: "5bed3720-11c6"
Date: Tue, 14 Nov 2023 04:55:13 GMT
Last-Modified: Thu, 15 Nov 2018 09:06:40 GMT
Expires: Thu, 14 Dec 2023 04:55:13 GMT
Age: 791344
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xg03:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-01, HIT from KS-CLOUD-XG-FOREIGN-03-08
X-Cdn-Request-ID: 5a7ada855896443e6aa1c3eff50027a5
5y7wpn.gaokejd.xyz/fserver/files/gb/1106/sportTeam/49/1697912534812.png?wsSecret=fe2aa3f1b4b8b7511de8d4faf313d4b4&wsTime=1700729054
200 OK 6.0 kB URL GET HTTP/1.1 5y7wpn.gaokejd.xyz/fserver/files/gb/1106/sportTeam/49/1697912534812.png?wsSecret=fe2aa3f1b4b8b7511de8d4faf313d4b4&wsTime=1700729054
IP
ASN #138915 Kaopu Cloud HK Limited
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type PNG image data, 60 x 60, 8-bit/color RGBA, non-interlaced\012- data
Hash 09b26642a398637f8b500eba1f93e886
c3fd1ecd1ff2d71135cdfd671a90e4a4dfb044bc
60b2471ea8ec7482a2fe2eac1484d39df81f71a517141f96c7e43fa60771615d
GET /fserver/files/gb/1106/sportTeam/49/1697912534812.png?wsSecret=fe2aa3f1b4b8b7511de8d4faf313d4b4&wsTime=1700729054 HTTP/1.1
Host: 5y7wpn.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 6046
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-01
ETag: "653416d6-179e"
Date: Wed, 22 Nov 2023 17:16:11 GMT
Last-Modified: Sat, 21 Oct 2023 18:22:14 GMT
Expires: Fri, 22 Dec 2023 17:16:11 GMT
Age: 55686
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xg21:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-01, HIT from KS-CLOUD-XG-FOREIGN-21-18
X-Cdn-Request-ID: 53247ebc9c38e114149132c92234bc73
5y7wpn.gaokejd.xyz/fserver/files/sportTeam/football/fr17.png?wsSecret=df7c11375afd8e83926e890fc6f37dc7&wsTime=1700729054
200 OK 28 kB URL GET HTTP/1.1 5y7wpn.gaokejd.xyz/fserver/files/sportTeam/football/fr17.png?wsSecret=df7c11375afd8e83926e890fc6f37dc7&wsTime=1700729054
IP
ASN #138915 Kaopu Cloud HK Limited
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced\012- data
Hash 2f761d1da3f6af908d555669f61c02ec
5279c7d0a45a971cbda27e6d316233511b811dc4
2bac9d2fae63619db11602562a291d00bb204a61a0bc63139fd8679d20b51c59
GET /fserver/files/sportTeam/football/fr17.png?wsSecret=df7c11375afd8e83926e890fc6f37dc7&wsTime=1700729054 HTTP/1.1
Host: 5y7wpn.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 27453
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-06
ETag: "5bed3720-6b3d"
Date: Tue, 14 Nov 2023 04:55:14 GMT
Last-Modified: Thu, 15 Nov 2018 09:06:40 GMT
Expires: Thu, 14 Dec 2023 04:55:14 GMT
Age: 791343
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xg21:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-06, HIT from KS-CLOUD-XG-FOREIGN-21-13
X-Cdn-Request-ID: 02d7790035a83a8c8b5520e9006d44e6
5y7wpn.gaokejd.xyz/fserver/files/gb/1106/sportTeam/49/1614016003184.png?wsSecret=8c5fc62adf2998639494f911789000c4&wsTime=1700729054
200 OK 36 kB URL GET HTTP/1.1 5y7wpn.gaokejd.xyz/fserver/files/gb/1106/sportTeam/49/1614016003184.png?wsSecret=8c5fc62adf2998639494f911789000c4&wsTime=1700729054
IP
ASN #137280 Kingsoft cloud corporation limited
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type PNG image data, 336 x 229, 8-bit/color RGB, non-interlaced\012- data
Hash 655cfdb3a75c04f426aa2e90d832fbfa
75c83af733e56fda74effa4517f6a1a6198d0134
f4dbe8c209ec66ddd43f31300f379b4a4b8bb204b3f906058cb78f46f4a4e1da
GET /fserver/files/gb/1106/sportTeam/49/1614016003184.png?wsSecret=8c5fc62adf2998639494f911789000c4&wsTime=1700729054 HTTP/1.1
Host: 5y7wpn.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 36529
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-02
ETag: "6033ee03-8eb1"
Date: Mon, 20 Nov 2023 16:18:47 GMT
Last-Modified: Mon, 22 Feb 2021 17:46:43 GMT
Expires: Wed, 20 Dec 2023 16:18:47 GMT
Age: 231930
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xg03:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-02, HIT from KS-CLOUD-XG-FOREIGN-03-11
X-Cdn-Request-ID: a17ccafb498c513434f6f30c9091f8b6
5y7wpn.gaokejd.xyz/fserver/files/gb/1377/sportTeam/49/1598439579092.png?wsSecret=c5f78c63213fd5bff04fa91bc931e4dc&wsTime=1700729054
200 OK 9.0 kB URL GET HTTP/1.1 5y7wpn.gaokejd.xyz/fserver/files/gb/1377/sportTeam/49/1598439579092.png?wsSecret=c5f78c63213fd5bff04fa91bc931e4dc&wsTime=1700729054
IP
ASN #137280 Kingsoft cloud corporation limited
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type PNG image data, 150 x 150, 8-bit colormap, non-interlaced\012- data
Hash a8b47580a8e98fd3e974737d1e26f997
0267cf4eb05e37c1ddb0518f2be176d9b745d75b
f4b91ddb0ee007c8812318cddf7b363a31aa974df11bb96fa15ff9ca33a0aa60
GET /fserver/files/gb/1377/sportTeam/49/1598439579092.png?wsSecret=c5f78c63213fd5bff04fa91bc931e4dc&wsTime=1700729054 HTTP/1.1
Host: 5y7wpn.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 8999
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-06
ETag: "5f462f9d-2327"
Date: Mon, 20 Nov 2023 16:18:58 GMT
Last-Modified: Wed, 26 Aug 2020 09:47:09 GMT
Expires: Wed, 20 Dec 2023 16:18:58 GMT
Age: 231919
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xg03:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-06, HIT from KS-CLOUD-XG-03-13
X-Cdn-Request-ID: 363d5bcca027c7fb288f8fe98c9d7643
5y7wpn.gaokejd.xyz/fserver/files/gb/627/floatImage/214/1679585540504.png?wsSecret=e76af7a8fd60695a1c391491a943fee0&wsTime=1700729054
200 OK 79 kB URL GET HTTP/1.1 5y7wpn.gaokejd.xyz/fserver/files/gb/627/floatImage/214/1679585540504.png?wsSecret=e76af7a8fd60695a1c391491a943fee0&wsTime=1700729054
IP
ASN #137280 Kingsoft cloud corporation limited
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type PNG image data, 231 x 264, 8-bit/color RGBA, non-interlaced\012- data
Hash 46460929e399113acb305aba30af23a7
b3c30801205fb2d5355160321680f61c4cda19fd
c336fa146bfe93a451911ae33196e76fb8dca24180111adba7dfa50b6e4d389a
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /fserver/files/gb/627/floatImage/214/1679585540504.png?wsSecret=e76af7a8fd60695a1c391491a943fee0&wsTime=1700729054 HTTP/1.1
Host: 5y7wpn.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 79341
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-06
ETag: "641c7104-135ed"
Date: Tue, 14 Nov 2023 04:55:13 GMT
Last-Modified: Thu, 23 Mar 2023 15:32:20 GMT
Expires: Thu, 14 Dec 2023 04:55:13 GMT
Age: 791344
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xg03:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-06, HIT from KS-CLOUD-XG-03-13
X-Cdn-Request-ID: dee610c469ba25b3e378ba4dc3eae429
5y7wpn.gaokejd.xyz/fserver/files/gb/627/floatImage/214/1679585540899.png?wsSecret=09658359fdfe011ab0bb21ba685030cd&wsTime=1700729054
200 OK 78 kB URL GET HTTP/1.1 5y7wpn.gaokejd.xyz/fserver/files/gb/627/floatImage/214/1679585540899.png?wsSecret=09658359fdfe011ab0bb21ba685030cd&wsTime=1700729054
IP
ASN #137280 Kingsoft cloud corporation limited
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type PNG image data, 231 x 264, 8-bit/color RGBA, non-interlaced\012- data
Hash f58aed9a2fc610b4a11b1a58f80dcd35
6c408b739f82e671b022834e0053578ae9256fb6
02804433c3d47717ee936052cfb2b4b71111ee1b61830fcfba4b1ee3d41c4b02
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /fserver/files/gb/627/floatImage/214/1679585540899.png?wsSecret=09658359fdfe011ab0bb21ba685030cd&wsTime=1700729054 HTTP/1.1
Host: 5y7wpn.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 77817
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-02
ETag: "641c7104-12ff9"
Date: Tue, 14 Nov 2023 04:55:13 GMT
Last-Modified: Thu, 23 Mar 2023 15:32:20 GMT
Expires: Thu, 14 Dec 2023 04:55:13 GMT
Age: 791345
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xg03:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-02, HIT from KS-CLOUD-XG-03-14
X-Cdn-Request-ID: 8ae49af29d599f60fbee8dcc4183f0a5
5y7wpn.gaokejd.xyz/ftl/bet365-627/images/index-casino.jpg?wsSecret=8913f804b060e60b81bb46ab3dd1ff92&wsTime=1700729054
200 OK 12 kB URL GET HTTP/1.1 5y7wpn.gaokejd.xyz/ftl/bet365-627/images/index-casino.jpg?wsSecret=8913f804b060e60b81bb46ab3dd1ff92&wsTime=1700729054
IP
ASN #137280 Kingsoft cloud corporation limited
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 271x81, components 3\012- data
Hash 62f912bb32aecad4ab710243a04a4ba9
f8a22eaaf6dc17329932db9c19484907332ea800
ecc11913678af89246c957fae2eaf6cbb07316f7ad24bdcc3e2b115293e46f60
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/bet365-627/images/index-casino.jpg?wsSecret=8913f804b060e60b81bb46ab3dd1ff92&wsTime=1700729054 HTTP/1.1
Host: 5y7wpn.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 11660
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-06
ETag: "5d2c7603-2d8c"
Date: Tue, 14 Nov 2023 04:55:14 GMT
Last-Modified: Mon, 15 Jul 2019 12:48:03 GMT
Expires: Thu, 14 Dec 2023 04:55:14 GMT
Age: 791343
Cache-Control: max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xg03:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-06, HIT from KS-CLOUD-XG-03-12
X-Cdn-Request-ID: a2f8fab022c9eaafa34f10e8d9982abb
5y7wpn.gaokejd.xyz/ftl/bet365-627/images/index-chess.jpg?wsSecret=233826ea9191a33be0c4d13c9e8fc675&wsTime=1700729054
14 kB URL GET 5y7wpn.gaokejd.xyz/ftl/bet365-627/images/index-chess.jpg?wsSecret=233826ea9191a33be0c4d13c9e8fc675&wsTime=1700729054
IP
ASN #137280 Kingsoft cloud corporation limited
Requested by https://d.313vip37.xyz:8989/
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 270x81, components 3\012- data
Hash e1940d5fdc029f1696c2178dddb10325
41f0ead6f18af44a92fe95e38e0432298612501c
0f62592e80088981c67c0a3c17eca2a92ef9281532328e1dfe8c310ab30b67b2
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/bet365-627/images/index-chess.jpg?wsSecret=233826ea9191a33be0c4d13c9e8fc675&wsTime=1700729054 HTTP/1.1
Host: 5y7wpn.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 14191
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-02
ETag: "5d2c7603-376f"
Date: Tue, 14 Nov 2023 04:55:14 GMT
Last-Modified: Mon, 15 Jul 2019 12:48:03 GMT
Expires: Thu, 14 Dec 2023 04:55:14 GMT
Age: 791343
Cache-Control: max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xg03:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-02, HIT from KS-CLOUD-XG-FOREIGN-03-05
X-Cdn-Request-ID: 14c32b3ec79fa01779d2be30e471e5c9
5y7wpn.gaokejd.xyz/fserver/files/gb/627/floatImage/222/1699200149092.gif?wsSecret=7eb339e4e04ee5b484193c32377af707&wsTime=1700729054
200 OK 73 kB URL GET HTTP/1.1 5y7wpn.gaokejd.xyz/fserver/files/gb/627/floatImage/222/1699200149092.gif?wsSecret=7eb339e4e04ee5b484193c32377af707&wsTime=1700729054
IP
ASN #138915 Kaopu Cloud HK Limited
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type GIF image data, version 89a, 150 x 514\012- data
Hash 67c96c5737bdb96ba1a99050cfd19a6c
ec106127d7dc7dfeb85f6f3598696ebe401e7db8
5e3230a540927735a1575b72dc7283d2702207e93c9baf40f1ad07e5281d0e56
GET /fserver/files/gb/627/floatImage/222/1699200149092.gif?wsSecret=7eb339e4e04ee5b484193c32377af707&wsTime=1700729054 HTTP/1.1
Host: 5y7wpn.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/gif
Content-Length: 73027
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-05
ETag: "6547bc95-11d43"
Date: Tue, 14 Nov 2023 04:55:13 GMT
Last-Modified: Sun, 05 Nov 2023 16:02:29 GMT
Expires: Thu, 14 Dec 2023 04:55:13 GMT
Age: 791344
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xg21:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-05, HIT from KS-CLOUD-XG-FOREIGN-21-15
X-Cdn-Request-ID: be26bede0952ff14867517d9e681e505
5y7wpn.gaokejd.xyz/ftl/bet365-627/images/index-game.jpg?wsSecret=32ba8c300016632b76ea4b124217d4f8&wsTime=1700729054
12 kB URL GET 5y7wpn.gaokejd.xyz/ftl/bet365-627/images/index-game.jpg?wsSecret=32ba8c300016632b76ea4b124217d4f8&wsTime=1700729054
IP
ASN #137280 Kingsoft cloud corporation limited
Requested by https://d.313vip37.xyz:8989/
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 271x81, components 3\012- data
Hash 6274335f5e37fb7e3aa19dba05a07ef3
d54c0b0cccf2158aee56d7f1f465d5bb907edf06
39d9bd9e19956bb52c4c880dc6987383c34dc0873aadaa6b3763e3421e06def7
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/bet365-627/images/index-game.jpg?wsSecret=32ba8c300016632b76ea4b124217d4f8&wsTime=1700729054 HTTP/1.1
Host: 5y7wpn.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 11478
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-04
ETag: "5d2c7603-2cd6"
Date: Tue, 14 Nov 2023 04:55:13 GMT
Last-Modified: Mon, 15 Jul 2019 12:48:03 GMT
Expires: Thu, 14 Dec 2023 04:55:13 GMT
Age: 791344
Cache-Control: max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xg03:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-04, HIT from KS-CLOUD-XG-FOREIGN-03-11
X-Cdn-Request-ID: db211395daf6b7b39a4f3632432c5ed1
5y7wpn.gaokejd.xyz/fserver/files/gb/627/floatImage/223/1673921769160.gif?wsSecret=a9363c267292931236a4443845ff896e&wsTime=1700729054
200 OK 511 kB URL GET HTTP/1.1 5y7wpn.gaokejd.xyz/fserver/files/gb/627/floatImage/223/1673921769160.gif?wsSecret=a9363c267292931236a4443845ff896e&wsTime=1700729054
IP
ASN #138915 Kaopu Cloud HK Limited
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type GIF image data, version 89a, 140 x 370\012- data
Size 511 kB (511147 bytes)
Hash bc9c51ed2062f071859af12e13f296a6
c76c66e33c784d7b32c8644c04201577fe8fd27d
3f423d8ff12c87020729e4d76dbc804ae7a2be7923e8cc89b0091984b6bf4544
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /fserver/files/gb/627/floatImage/223/1673921769160.gif?wsSecret=a9363c267292931236a4443845ff896e&wsTime=1700729054 HTTP/1.1
Host: 5y7wpn.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/gif
Content-Length: 511147
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-04
ETag: "63c604e9-7ccab"
Date: Tue, 14 Nov 2023 04:55:13 GMT
Last-Modified: Tue, 17 Jan 2023 02:16:09 GMT
Expires: Thu, 14 Dec 2023 04:55:13 GMT
Age: 791344
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xg21:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-04, HIT from KS-CLOUD-XG-FOREIGN-21-19
X-Cdn-Request-ID: f2ddfee3bb5b6167b313ebb098527b9a
5y7wpn.gaokejd.xyz/ftl/commonPage/images/favicon/favicon_627.png?wsSecret=f5b6822efbb43bf23ec1b1359f8ab59a&wsTime=1700729054
200 OK 4.7 kB URL GET HTTP/1.1 5y7wpn.gaokejd.xyz/ftl/commonPage/images/favicon/favicon_627.png?wsSecret=f5b6822efbb43bf23ec1b1359f8ab59a&wsTime=1700729054
IP
ASN #137280 Kingsoft cloud corporation limited
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type PNG image data, 64 x 64, 8-bit/color RGB, non-interlaced\012- data
Hash 834417d344a1bd995c78df66fe45edbd
79a5cd12dc1bf06043f38349e6dd492e58144a01
736b8041b08f7ec7a5f5a8e8d4d857dc58f1f03d4e2b6f738a2f1c9ae3892bbb
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/commonPage/images/favicon/favicon_627.png?wsSecret=f5b6822efbb43bf23ec1b1359f8ab59a&wsTime=1700729054 HTTP/1.1
Host: 5y7wpn.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 4704
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-05
ETag: "6311d300-1260"
Date: Tue, 14 Nov 2023 04:59:02 GMT
Last-Modified: Fri, 02 Sep 2022 09:55:12 GMT
Expires: Thu, 14 Dec 2023 04:59:02 GMT
Age: 791116
Cache-Control: max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xg03:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-05, HIT from KS-CLOUD-XG-03-03
X-Cdn-Request-ID: 3dd8d4c56ebed2dd5d096c0c6dfb886f
d.313vip37.xyz:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_88_b8rzo7uzqt4sw.png
24 kB URL GET d.313vip37.xyz:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_88_b8rzo7uzqt4sw.png
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerLet's Encrypt
Subjectd.313vip37.xyz
Fingerprint0C:CD:2A:92:60:DE:79:4F:60:49:33:D2:82:9F:3D:C6:6B:A2:F5:F9
ValiditySun, 19 Nov 2023 03:06:25 GMT - Sat, 17 Feb 2024 03:06:24 GMT
File type PNG image data, 250 x 215, 8-bit colormap, non-interlaced\012- data
Hash d7c26fb9503ab2caf040730495a59f32
06f8414b2709fac132dd2b3071843a86ab745b51
8d437af3cea1d4efc2bf19c763c17c3487f9a76db3a287a975a18f90dffea630
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_88_b8rzo7uzqt4sw.png HTTP/1.1
Host: d.313vip37.xyz:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
Content-Length: 23806
Content-Type: image/png
Date: Thu, 23 Nov 2023 08:44:12 GMT
Etag: "613c72bd-5cfe"
Expires: Fri, 24 Nov 2023 08:44:12 GMT
Last-Modified: Sat, 11 Sep 2021 09:11:25 GMT
Out-Line: gb-cdn-802
Uuid: -
X-Cache: HIT
X-Frame-Options: SAMEORIGIN
aus5.mozilla.org/update/3/GMP/111.0a1/20230218104546/Linux_x86_64-gcc3/null/default/Linux%205.15.0-76-generic%20(GTK%203.24.34%2Clibpulse%20not-available)/default/default/update.xml
444 B URL aus5.mozilla.org/update/3/GMP/111.0a1/20230218104546/Linux_x86_64-gcc3/null/default/Linux%205.15.0-76-generic%20(GTK%203.24.34%2Clibpulse%20not-available)/default/default/update.xml
IP
File type XML 1.0 document text\012- XML document, ASCII text, with very long lines (4527), with no line terminators, ASCII text, with very long lines (332)
Hash 3b324dec137a87ef7e24a30a65b13dd0
c0faa95b2f1018e264b3a14aaf50d1003e6c27b3
6cd0b591d9239fc8564627e92a804fc261951b1cbaf5fa58a8ada3cc13f51463
GET /update/3/GMP/111.0a1/20230218104546/Linux_x86_64-gcc3/null/default/Linux%205.15.0-76-generic%20(GTK%203.24.34%2Clibpulse%20not-available)/default/default/update.xml HTTP/1.1
Host: aus5.mozilla.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Cache-Control: no-cache
Pragma: no-cache
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
rule-id: 17856
rule-data-version: 3
content-signature: x5u=https://content-signature-2.cdn.mozilla.net/chains/aus.content-signature.mozilla.org-2023-12-29-19-51-25.chain; p384ecdsa=FO5w5DyAxJIpOHov21Vc3Z75hplHu7MomKmL3RW5c7UZb2KYbvI3po-JP8u9_KheeJFWyXRcfHT9E17R3igORF4vU2_cB1lamOJPI6vIyM24aKq_zp2AwIhj2wgKpABu
strict-transport-security: max-age=31536000;
x-content-type-options: nosniff
content-security-policy: default-src 'none'; frame-ancestors 'none'
x-proxy-cache-status: EXPIRED
content-encoding: gzip
via: 1.1 google
date: Thu, 23 Nov 2023 08:41:59 GMT
content-type: text/xml; charset=utf-8
vary: Accept-Encoding
content-length: 444
age: 148
cache-control: public,max-age=90
alt-svc: clear
X-Firefox-Spdy: h2
ciscobinary.openh264.org/openh264-linux64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
512 kB URL ciscobinary.openh264.org/openh264-linux64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
IP
ASN #1299 Telia Company AB
File type Zip archive data, at least v2.0 to extract, compression method=deflate\012- data
Size 512 kB (511815 bytes)
Hash 152eda253e242e18443ef3282495bc7c
ff0fa85565f21ec4931baad4573b4c0bd08c4019
8e03090fee16f6e0ee2e436af8e51d0c3deed6d9f0db80dec048e668fc009a48
GET /openh264-linux64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip HTTP/1.1
Host: ciscobinary.openh264.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
HTTP/1.1 200 OK
Last-Modified: Thu, 16 Nov 2023 07:38:15 GMT
ETag: 152eda253e242e18443ef3282495bc7c
Content-Length: 511815
Accept-Ranges: bytes
X-Timestamp: 1700120294.87662
Content-Type: application/zip
X-Trans-Id: tx15b69f172b404fa58b2bb-006555fb11dfw1
Cache-Control: public, max-age=126353
Expires: Fri, 24 Nov 2023 19:50:20 GMT
Date: Thu, 23 Nov 2023 08:44:27 GMT
Connection: keep-alive
vue.livehelp100service.com/visitorside/js/Button.1cda5041.js
200 OK 4.0 kB URL GET HTTP/2 vue.livehelp100service.com/visitorside/js/Button.1cda5041.js
IP
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerAmazon
Subject*.livehelp100service.com
Fingerprint77:2D:5A:72:73:6B:79:7B:5B:7B:23:F0:4F:18:3B:D1:07:EF:47:E1
ValidityMon, 30 Oct 2023 00:00:00 GMT - Thu, 28 Nov 2024 23:59:59 GMT
File type ASCII text, with very long lines (9562)
Hash 468b2dbcaf39d2481fe67f0466308d45
c160db49c2e6766907c2a6fc60c70e5f7c9c1f48
c9281b476a44a8995e3bca961c3baa6cf5e6fe10bf8167c4ceba703780523ebd
GET /visitorside/js/Button.1cda5041.js HTTP/1.1
Host: vue.livehelp100service.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://d.313vip37.xyz:8989
DNT: 1
Connection: keep-alive
Referer: https://vue.livehelp100service.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
date: Thu, 23 Nov 2023 07:04:43 GMT
server: nginx/1.22.1
last-modified: Tue, 14 Nov 2023 03:13:34 GMT
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
access-control-expose-headers: Content-Length,Content-Range
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: br
etag: W/"6552e5de-25cd"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 80d21802b1b80c40e55ccf83433b8eac.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 3uqDmKNgsauozfiR59TipSrUuZhPPxdln9bJdPV9F0OMXrs3eIoxeg==
age: 5972
X-Firefox-Spdy: h2
2949yj.33465aaabb.com/campaign.ashx?siteId=5001690&campaignId=dd000000-0000-0000-0000-008e004c51da&lastUpdateTime=000000000C0CED8B
200 OK 8.9 kB URL GET HTTP/2 2949yj.33465aaabb.com/campaign.ashx?siteId=5001690&campaignId=dd000000-0000-0000-0000-008e004c51da&lastUpdateTime=000000000C0CED8B
IP
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerAmazon
Subject*.livehelp100service.com
Fingerprint30:5B:92:F8:D3:3F:D6:BC:AB:CB:92:F8:DB:62:DE:57:A3:32:FC:AC
ValidityFri, 11 Aug 2023 00:00:00 GMT - Sun, 08 Sep 2024 23:59:59 GMT
File type troff or preprocessor input, Unicode text, UTF-8 text, with very long lines (7599), with no line terminators
Hash e71b8abc2c511cc04a7b010db4991d9d
13c7a74cd124ab19b80776cc6c443ae142027231
d8c45bfd3fb15a82aa09030b6f6a5dbe19a7dac1f744e7030f13ea53d5d2d982
GET /campaign.ashx?siteId=5001690&campaignId=dd000000-0000-0000-0000-008e004c51da&lastUpdateTime=000000000C0CED8B HTTP/1.1
Host: 2949yj.33465aaabb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://d.313vip37.xyz:8989
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 23 Nov 2023 08:44:15 GMT
content-type: text/json
server: nginx
access-control-allow-origin: *
cache-control: max-age=31536000
arrserver: chatserver1
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-security-policy: default-src 'self'
referrer-policy: no-referrer
X-Firefox-Spdy: h2
vue.livehelp100service.com/livechat.ashx?siteId=5001690
200 OK 1.9 kB URL GET HTTP/2 vue.livehelp100service.com/livechat.ashx?siteId=5001690
IP
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerAmazon
Subject*.livehelp100service.com
Fingerprint77:2D:5A:72:73:6B:79:7B:5B:7B:23:F0:4F:18:3B:D1:07:EF:47:E1
ValidityMon, 30 Oct 2023 00:00:00 GMT - Thu, 28 Nov 2024 23:59:59 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2050), with no line terminators
Hash d73ddb8a294c959514970f8b39e59807
b9e159756f9e5d4bec2c6dbb3de9a25913af6361
222295c97fcb2ca0c55e43a18caee957bab94ddfe45c227fbbfd882d48b20533
GET /livechat.ashx?siteId=5001690 HTTP/1.1
Host: vue.livehelp100service.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/x-javascript; charset=utf-8
date: Thu, 23 Nov 2023 07:05:14 GMT
server: Kestrel
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 aac54e3fe9825ce24d51e0204433c2c0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: YFB0BbT6dB4Hgda_sYPmIbtxVaQaBXUlRX3XRPTz5vumedDY1slP7g==
age: 5938
X-Firefox-Spdy: h2
5y7wpn.gaokejd.xyz/fserver/files/sportTeam/football/it08.png?wsSecret=b5a870fb0fad1a1fd16b8479ec8eccaa&wsTime=1700729054
200 OK 3.9 kB URL GET HTTP/1.1 5y7wpn.gaokejd.xyz/fserver/files/sportTeam/football/it08.png?wsSecret=b5a870fb0fad1a1fd16b8479ec8eccaa&wsTime=1700729054
IP
ASN #137280 Kingsoft cloud corporation limited
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerSectigo Limited
Subject*.gaokejd.xyz
FingerprintBF:3B:B1:34:33:54:2B:51:01:C2:15:B8:63:A1:ED:18:22:95:04:03
ValidityTue, 29 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type PNG image data, 150 x 150, 8-bit colormap, non-interlaced\012- data
Hash 3b1595192d34ac2e30e64165ab4ef54a
60938b7ba1de0854e7611416741536d6c51c0270
966bcca54c3e000d63390b3dd05d76e7d75979dd750f721cda95190566226d67
Analyzer Verdict Alert urlquery phishing Phishing - Bet365
GET /fserver/files/sportTeam/football/it08.png?wsSecret=b5a870fb0fad1a1fd16b8479ec8eccaa&wsTime=1700729054 HTTP/1.1
Host: 5y7wpn.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 3940
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-04
ETag: "5bed34c0-f64"
Date: Tue, 14 Nov 2023 04:55:14 GMT
Last-Modified: Thu, 15 Nov 2018 08:56:32 GMT
Expires: Thu, 14 Dec 2023 04:55:14 GMT
Age: 791341
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xg03:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-04, HIT from KS-CLOUD-XG-03-03
X-Cdn-Request-ID: 994a413ccb74c16a07d3261c80ef2bb8
vue.livehelp100service.com/visitorside/js/bundle.2efe1271.js
200 OK 542 kB URL GET HTTP/2 vue.livehelp100service.com/visitorside/js/bundle.2efe1271.js
IP
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerAmazon
Subject*.livehelp100service.com
Fingerprint77:2D:5A:72:73:6B:79:7B:5B:7B:23:F0:4F:18:3B:D1:07:EF:47:E1
ValidityMon, 30 Oct 2023 00:00:00 GMT - Thu, 28 Nov 2024 23:59:59 GMT
Size 542 kB (541868 bytes)
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /visitorside/js/bundle.2efe1271.js HTTP/1.1
Host: vue.livehelp100service.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://d.313vip37.xyz:8989
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript
date: Thu, 23 Nov 2023 07:04:24 GMT
server: nginx/1.22.1
last-modified: Tue, 14 Nov 2023 03:13:34 GMT
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
access-control-expose-headers: Content-Length,Content-Range
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: br
etag: W/"6552e5de-844ac"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 80d21802b1b80c40e55ccf83433b8eac.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 6pPDart40eES6LClE9iaYTApl8JgVXq2zeF-p17bS0ORKTDicJuGyQ==
age: 5988
X-Firefox-Spdy: h2
2949yj.33465aaabb.com/visitor.ashx?siteId=5001690
200 OK 1.3 kB URL POST HTTP/2 2949yj.33465aaabb.com/visitor.ashx?siteId=5001690
IP
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerAmazon
Subject*.livehelp100service.com
Fingerprint30:5B:92:F8:D3:3F:D6:BC:AB:CB:92:F8:DB:62:DE:57:A3:32:FC:AC
ValidityFri, 11 Aug 2023 00:00:00 GMT - Sun, 08 Sep 2024 23:59:59 GMT
File type HTML document, ASCII text, with very long lines (1405), with no line terminators
Hash 6d011d0a0cda38c41f63b5efc2a4a255
aa415aae6f7dc9dc30f949bc1787460ac600121f
2766a03b0d73e83b70ea1d98e54fba53275825e827ae0ad4796ca3c7ef683857
POST /visitor.ashx?siteId=5001690 HTTP/1.1
Host: 2949yj.33465aaabb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 69
Origin: https://d.313vip37.xyz:8989
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 23 Nov 2023 08:44:14 GMT
content-type: text/json
server: nginx
access-control-allow-credentials: true
access-control-allow-origin: https://d.313vip37.xyz:8989
arrserver: chatserver1
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-security-policy: default-src 'self'
referrer-policy: no-referrer
X-Firefox-Spdy: h2
2949yj.33465aaabb.com/visitor.ashx?siteId=5001690
200 OK 1.4 kB URL POST HTTP/2 2949yj.33465aaabb.com/visitor.ashx?siteId=5001690
IP
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerAmazon
Subject*.livehelp100service.com
Fingerprint30:5B:92:F8:D3:3F:D6:BC:AB:CB:92:F8:DB:62:DE:57:A3:32:FC:AC
ValidityFri, 11 Aug 2023 00:00:00 GMT - Sun, 08 Sep 2024 23:59:59 GMT
File type Unicode text, UTF-8 text, with very long lines (1523), with no line terminators
Hash fcfc91eb8e6d04639df0ac449abd406b
f032cf6b3ba44b45eecdec2bb561efc56c29b21f
cf35c73d03045a1b560228774d448dbb10ce7533df4c557a1de23d55470fa400
POST /visitor.ashx?siteId=5001690 HTTP/1.1
Host: 2949yj.33465aaabb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1343
Origin: https://d.313vip37.xyz:8989
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 23 Nov 2023 08:44:15 GMT
content-type: text/json
server: nginx
access-control-allow-credentials: true
access-control-allow-origin: https://d.313vip37.xyz:8989
set-cookie: visitorGuid_5001690=9cdc77a2-048b-49d4-a1fc-a473de735be4; expires=Wed, 26 Mar 3023 08:44:15 GMT; path=/; secure; samesite=none
arrserver: chatserver1
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-security-policy: default-src 'self'
referrer-policy: no-referrer
X-Firefox-Spdy: h2
vue.livehelp100service.com/visitorside/js/vendor.459da97c.js
200 OK 74 kB URL GET HTTP/2 vue.livehelp100service.com/visitorside/js/vendor.459da97c.js
IP
Requested by https://d.313vip37.xyz:8989/
Certificate IssuerAmazon
Subject*.livehelp100service.com
Fingerprint77:2D:5A:72:73:6B:79:7B:5B:7B:23:F0:4F:18:3B:D1:07:EF:47:E1
ValidityMon, 30 Oct 2023 00:00:00 GMT - Thu, 28 Nov 2024 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /visitorside/js/vendor.459da97c.js HTTP/1.1
Host: vue.livehelp100service.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://d.313vip37.xyz:8989
DNT: 1
Connection: keep-alive
Referer: https://d.313vip37.xyz:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript
date: Thu, 23 Nov 2023 07:04:17 GMT
server: nginx/1.22.1
last-modified: Tue, 14 Nov 2023 03:13:34 GMT
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
access-control-expose-headers: Content-Length,Content-Range
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: br
etag: W/"6552e5de-120cd"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 80d21802b1b80c40e55ccf83433b8eac.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: uIprIuSEc-Suaed0tmGGZdl0NX_9lEikAXYyLDcO4vCXvMK1ldTsXQ==
age: 5995
X-Firefox-Spdy: h2
20.205.118.3
99.83.207.187
62.115.252.115