588365.bet Open in urlscan Pro
154.23.184.215 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://588365.bet/
Effective URL:
https://588365.bet:8989/
Submission: On December 17 via api (December 17th 2023, 10:37:08 am UTC) from US — Scanned from US

Summary HTTP 30 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 4 IPs in 1 countries across 2 domains to perform 30 HTTP transactions. The main IP is 154.23.184.215, located in United States and belongs to HKCICL-AS-AP Hong Kong Communications International Co., Limited, HK. The main domain is 588365.bet.
TLS certificate: Issued by R3 on November 18th 2023. Valid for: 3 months.

This is the only time 588365.bet was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Bet365 (Entertainment)

Domain & IP information

	IP Address	AS Autonomous System
11	154.23.184.215 154.23.184.215	140227 (HKCICL-AS...) (HKCICL-AS-AP Hong Kong Communications International Co.)
2	104.250.33.35 104.250.33.35	() ()
2	2409:8c44:b00... 2409:8c44:b00:206::6	() ()
30	4

11 154.23.184.215 (United States)

ASN140227 (HKCICL-AS-AP Hong Kong Communications International Co., Limited, HK)

588365.bet	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.250.33.35 (None, )

ASN- ()

0btgia.eveday.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2409:8c44:b00:206::6 (None, )

ASN- ()

0btgia.eveday.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
11	588365.bet 588365.bet	541 KB
4	eveday.me 0btgia.eveday.me Failed	11 KB
30	2

	Domain	Requested by
11	588365.bet	588365.bet
4	0btgia.eveday.me	588365.bet
30	2

This site contains links to these domains. Also see Links.

Domain
get.adobe.com

Subject Issuer	Validity	Valid
588365.bet R3	`2023-11-18` - `2024-02-16`	3 months	crt.sh
*.eveday.me Sectigo RSA Domain Validation Secure Server CA	`2023-02-10` - `2024-02-10`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://588365.bet:8989/
Frame ID: 2D62F0DF9C6323E00C8C9A034BA014D7
Requests: 31 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

欢迎光临

Page URL History Show full URLs

http://588365.bet/ Page URL
https://588365.bet:8989/ Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Page Statistics

30
Requests

47 %
HTTPS

33 %
IPv6

2
Domains

2
Subdomains

4
IPs

1
Countries

552 kB
Transfer

1114 kB
Size

1
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://get.adobe.com/cn/flashplayer/
Title: 开启或下载安装Adobe Flash Player

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://588365.bet/ Page URL
https://588365.bet:8989/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

30 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK / Show response
588365.bet/ 82 B
411 B 789ms
229ms Document
text/html 154.23.184.215
HKCICL-AS-AP Hong...

General

Check archive.org

Show headers Download Go to

Full URL

http://588365.bet/

Protocol

HTTP/1.1

Server

154.23.184.215 , United States, ASN140227 (HKCICL-AS-AP Hong Kong Communications International Co., Limited, HK),

Reverse DNS

Software

Resource Hash

09c2f16084e4fd69e78de32748afa846a9fa2763a4e5e0729f6698ea7857bf5c

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

Cache-Control: private, no-store, no-cache, must-revalidate, proxy-revalidate
Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html; charset=utf-8
Date: Sun, 17 Dec 2023 10:37:03 GMT
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN

GET
H/1.1 200
OK Primary Request / Show response
588365.bet/ 390 KB
71 KB 963ms
488ms Document
text/html 154.23.184.215
HKCICL-AS-AP Hong...

General

Check archive.org

Show headers Download Go to

Full URL

https://588365.bet:8989/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

154.23.184.215 , United States, ASN140227 (HKCICL-AS-AP Hong Kong Communications International Co., Limited, HK),

Reverse DNS

Software

Resource Hash

14d41b5c49b94439fb314c477da54f28408137cc6c0502ddf453d87c72adcbd5

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: http://588365.bet/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html; charset=utf-8
Date: Sun, 17 Dec 2023 10:37:04 GMT
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
X-html-cache: HIT-3600
out-line: gb-site-095
uuid: -

GET
H/1.1 200
OK gui-base.css
588365.bet/ftl/commonPage/themes/ 81 KB
17 KB 454ms
233ms Stylesheet
text/css 154.23.184.215
HKCICL-AS-AP Hong...

General

Check archive.org

Show headers Download Go to

Full URL

https://588365.bet:8989/ftl/commonPage/themes/gui-base.css

Requested by

Host: 588365.bet
URL: https://588365.bet:8989/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

154.23.184.215 , United States, ASN140227 (HKCICL-AS-AP Hong Kong Communications International Co., Limited, HK),

Reverse DNS

Software

Resource Hash

2b9dad0dac3dfa7a8c10421bbf26c6c6d36fb42eb99c2746d9b4684546ab13d3

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-US,en;q=0.9
Referer: https://588365.bet:8989/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Sun, 17 Dec 2023 10:37:05 GMT
Content-Encoding: gzip
Last-Modified: Fri, 15 Dec 2023 09:00:14 GMT
ETag: W/"657c159e-14540"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: text/css
Access-Control-Allow-Origin: *
X-Cache: HIT
X-Frame-Options: SAMEORIGIN
Cache-Control: max-age=86400
Connection: keep-alive
uuid: -
out-line: gb-site-095
Expires: Mon, 18 Dec 2023 10:37:05 GMT

GET
H/1.1 200
OK gui-skin-default.css
588365.bet/ftl/commonPage/themes/ 31 KB
7 KB 670ms
224ms Stylesheet
text/css 154.23.184.215
HKCICL-AS-AP Hong...

General

Check archive.org

Show headers Download Go to

Full URL

https://588365.bet:8989/ftl/commonPage/themes/gui-skin-default.css

Requested by

Host: 588365.bet
URL: https://588365.bet:8989/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

154.23.184.215 , United States, ASN140227 (HKCICL-AS-AP Hong Kong Communications International Co., Limited, HK),

Reverse DNS

Software

Resource Hash

42a5a785e7ab2956f273d32e8c4a03e91a57a1c55cc9e952da66724bd9d48b5b

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-US,en;q=0.9
Referer: https://588365.bet:8989/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Sun, 17 Dec 2023 10:37:05 GMT
Content-Encoding: gzip
Last-Modified: Tue, 11 Jul 2023 08:40:09 GMT
ETag: W/"64ad1569-7b6e"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: text/css
Access-Control-Allow-Origin: *
X-Cache: HIT
X-Frame-Options: SAMEORIGIN
Cache-Control: max-age=86400
Connection: keep-alive
uuid: -
out-line: gb-site-095
Expires: Mon, 18 Dec 2023 10:37:05 GMT

GET
H/1.1 200
OK common.css
588365.bet/ftl/bet365-1750/themes/style/ 33 KB
8 KB 673ms
227ms Stylesheet
text/css 154.23.184.215
HKCICL-AS-AP Hong...

General

Check archive.org

Show headers Download Go to

Full URL

https://588365.bet:8989/ftl/bet365-1750/themes/style/common.css

Requested by

Host: 588365.bet
URL: https://588365.bet:8989/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

154.23.184.215 , United States, ASN140227 (HKCICL-AS-AP Hong Kong Communications International Co., Limited, HK),

Reverse DNS

Software

Resource Hash

f5efd000bee3c0b1f203febc006f219734610c45aeb55464fede017979c9c6e1

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-US,en;q=0.9
Referer: https://588365.bet:8989/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Sun, 17 Dec 2023 10:37:05 GMT
Content-Encoding: gzip
Last-Modified: Wed, 05 Jul 2023 03:30:05 GMT
ETag: W/"64a4e3bd-84c7"
Transfer-Encoding: chunked
Vary: Accept-Encoding, Accept-Encoding
Content-Type: text/css
Access-Control-Allow-Origin: *
X-Cache: HIT
X-Frame-Options: SAMEORIGIN
Cache-Control: max-age=86400
Connection: keep-alive
uuid: -
out-line: gb-site-095
Expires: Mon, 18 Dec 2023 10:37:05 GMT

GET
H/1.1 200
OK bootstrap-dialog.min.css
588365.bet/ftl/bet365-1750/themes/style/ 3 KB
1 KB 670ms
224ms Stylesheet
text/css 154.23.184.215
HKCICL-AS-AP Hong...

General

Check archive.org

Show headers Download Go to

Full URL

https://588365.bet:8989/ftl/bet365-1750/themes/style/bootstrap-dialog.min.css

Requested by

Host: 588365.bet
URL: https://588365.bet:8989/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

154.23.184.215 , United States, ASN140227 (HKCICL-AS-AP Hong Kong Communications International Co., Limited, HK),

Reverse DNS

Software

Resource Hash

cb1d0b332c0218bbb360fd25d693f88293b54389caf88c36ffcfd8adc948d0e4

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-US,en;q=0.9
Referer: https://588365.bet:8989/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Sun, 17 Dec 2023 10:37:05 GMT
Content-Encoding: gzip
Last-Modified: Mon, 26 Jun 2023 07:35:43 GMT
ETag: W/"64993fcf-adc"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: text/css
Access-Control-Allow-Origin: *
X-Cache: HIT
X-Frame-Options: SAMEORIGIN
Cache-Control: max-age=86400
Connection: keep-alive
uuid: -
out-line: gb-site-095
Expires: Mon, 18 Dec 2023 10:37:05 GMT

GET
H/1.1 200
OK i18n.js Show response
588365.bet/commonPage/lan/ 1 KB
1 KB 686ms
233ms Script
application/javascript 154.23.184.215
HKCICL-AS-AP Hong...

General

Check archive.org

Show headers Download Go to

Full URL

https://588365.bet:8989/commonPage/lan/i18n.js?t=1702809424.657

Requested by

Host: 588365.bet
URL: https://588365.bet:8989/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

154.23.184.215 , United States, ASN140227 (HKCICL-AS-AP Hong Kong Communications International Co., Limited, HK),

Reverse DNS

Software

Resource Hash

7c799e5a6274f7973c211e7ec2091295ad3735625bd895adbe4af1102083251d

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-US,en;q=0.9
Referer: https://588365.bet:8989/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Sun, 17 Dec 2023 10:37:05 GMT
Content-Encoding: gzip
X-Frame-Options: SAMEORIGIN
Transfer-Encoding: chunked
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Vary: Accept-Encoding
Connection: keep-alive
uuid: 01750-02-00000000-170280942523de
out-line: gb-site-095

GET jquery-1.11.3.min.js
0btgia.eveday.me/ftl/commonPage/js/jquery/ 0
0

GET float.js
0btgia.eveday.me/ftl/commonPage/js/ 0
0

GET idangerous.swiper.min.js
0btgia.eveday.me/ftl/commonPage/js/ 0
0

GET Comet.js
0btgia.eveday.me/ftl/commonPage/js/websocket/ 0
0

GET
H/1.1 200
OK CometMarathon.js Show response
0btgia.eveday.me/ftl/commonPage/js/websocket/ 12 KB
4 KB 3503ms
236ms Script
application/javascript 104.250.33.35

General

Check archive.org

Show headers Download Go to

Full URL

https://0btgia.eveday.me/ftl/commonPage/js/websocket/CometMarathon.js

Requested by

Host: 588365.bet
URL: https://588365.bet:8989/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.250.33.35 -, , ASN (),

Reverse DNS

Software

Default-server-KS-CLOUD-XG-FOREIGN-12-03 /

Resource Hash

e2bfb9fc21f2a1a6e33c7c5ed20de13ef2ef4bcf266aa4b2e6f2fee06f8f4eaf

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-US,en;q=0.9
Referer: https://588365.bet:8989/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Thu, 14 Dec 2023 05:13:50 GMT
Content-Encoding: gzip
Age: 278597
x-link-via: xg03:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-03, HIT from KS-CLOUD-XG-FOREIGN-03-10
X-Cache: HIT
Connection: keep-alive
uuid: -
Content-Length: 3316
Last-Modified: Thu, 21 Apr 2022 04:30:12 GMT
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-03
ETag: W/"6260ddd4-2f13"
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
Accept-Ranges: bytes
out-line: gb-cdn-204
X-Cdn-Request-ID: 9b1bbf59f25a86246be252d67657cbcc
Expires: Sat, 13 Jan 2024 05:13:50 GMT

GET
H/1.1 200
OK PopUp.js Show response
0btgia.eveday.me/ftl/commonPage/js/websocket/ 2 KB
2 KB 3506ms
237ms Script
application/javascript 104.250.33.35

General

Check archive.org

Show headers Download Go to

Full URL

https://0btgia.eveday.me/ftl/commonPage/js/websocket/PopUp.js

Requested by

Host: 588365.bet
URL: https://588365.bet:8989/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.250.33.35 -, , ASN (),

Reverse DNS

Software

Default-server-KS-CLOUD-XG-FOREIGN-12-03 /

Resource Hash

871bf30791bb89605b61cea815c3786246274b65ede3b8a8b8c2dd9244cfa89d

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-US,en;q=0.9
Referer: https://588365.bet:8989/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Thu, 14 Dec 2023 05:13:50 GMT
Content-Encoding: gzip
Age: 278598
x-link-via: xg03:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-03, HIT from KS-CLOUD-XG-FOREIGN-03-08
X-Cache: HIT
Connection: keep-alive
uuid: -
Content-Length: 797
Last-Modified: Thu, 21 Apr 2022 04:30:12 GMT
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-03
ETag: W/"6260ddd4-828"
Vary: Accept-Encoding, Accept-Encoding
X-Frame-Options: SAMEORIGIN
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
Accept-Ranges: bytes
out-line: gb-cdn-205
X-Cdn-Request-ID: ee04494011cb97ab7233bbae9518fc8a
Expires: Sat, 13 Jan 2024 05:13:50 GMT

GET
H/1.1 200 message_zh_CN.js Show response
588365.bet/ 32 KB
10 KB 893ms
225ms Script
application/javascript 154.23.184.215
HKCICL-AS-AP Hong...

General

Check archive.org

Show headers Download Go to

Full URL

https://588365.bet:8989/message_zh_CN.js?v=1701855930849

Requested by

Host: 588365.bet
URL: https://588365.bet:8989/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

154.23.184.215 , United States, ASN140227 (HKCICL-AS-AP Hong Kong Communications International Co., Limited, HK),

Reverse DNS

Software

Resource Hash

0aa3002021c50dd94fcd0eb615a6735db1b54723503264f1c24985e0bcdd868b

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-US,en;q=0.9
Referer: https://588365.bet:8989/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Sun, 17 Dec 2023 10:37:05 GMT
Content-Encoding: gzip
X-Frame-Options: SAMEORIGIN
Transfer-Encoding: chunked
Content-Type: application/javascript;charset=UTF-8
Access-Control-Allow-Origin: *
X-Cache: HIT
Vary: Accept-Encoding
Cache-Control: max-age=86400
Connection: keep-alive
uuid: 01750-02-00000000-17028094257bdd
out-line: gb-site-095
Expires: Mon, 18 Dec 2023 10:37:05 GMT

GET lazyload.js
0btgia.eveday.me/ftl/commonPage/js/ 0
0

GET gui-base.js
0btgia.eveday.me/ftl/commonPage/js/ 0
0

GET bootstrap-dialog.min.js
0btgia.eveday.me/ftl/commonPage/js/ 0
0

GET layer.js
0btgia.eveday.me/ftl/commonPage/js/ 0
0

GET jquery.super-marquee.js
0btgia.eveday.me/ftl/commonPage/js/jquery/ 0
0

GET jquery.nicescroll.min.js
0btgia.eveday.me/ftl/commonPage/js/jquery/ 0
0

GET jquery.validate.js
0btgia.eveday.me/061410/rcenter/common/js/jquery/plugins/jquery.validate/ 0
0

GET jquery.validate.extend.msites.js
0btgia.eveday.me/061410/rcenter/common/js/gamebox/common/ 0
0

GET moment.js
0btgia.eveday.me/ftl/commonPage/js/ 0
0

GET
H/1.1 200
OK pc.css
0btgia.eveday.me/ftl/commonPage/themes/hb/css/ 3 KB
2 KB 3497ms
284ms Stylesheet
text/css 2409:8c44:b00:206::6

General

Check archive.org

Show headers Download Go to

Full URL

https://0btgia.eveday.me/ftl/commonPage/themes/hb/css/pc.css

Requested by

Host: 588365.bet
URL: https://588365.bet:8989/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

2409:8c44:b00:206::6 -, , ASN (),

Reverse DNS

Software

Default-server-KS-CLOUD-LD-MP-13-19 /

Resource Hash

5eb4d895bcb33061cda238c8ff4985ede69a866819b980c732cf3802ec101e8d

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-US,en;q=0.9
Referer: https://588365.bet:8989/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Thu, 14 Dec 2023 07:40:44 GMT
Content-Encoding: gzip
Age: 269784
x-link-via: zzcm51:443;ldmp13:80;
X-Cache-Status: HIT from KS-CLOUD-LD-MP-13-19, HIT from KS-CLOUD-ZZ-CM-51-25
X-Cache: HIT
Connection: keep-alive
uuid: -
Content-Length: 911
Last-Modified: Fri, 20 Sep 2019 08:35:27 GMT
Server: Default-server-KS-CLOUD-LD-MP-13-19
ETag: W/"5d848f4f-b5d"
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
Content-Type: text/css
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
Accept-Ranges: bytes
out-line: gb-cdn-205
X-Cdn-Request-ID: cb29f3555de6ff39f26132a983fe335f
Expires: Sat, 13 Jan 2024 07:40:44 GMT

GET gb.validation.min.js
0btgia.eveday.me/061410/rcenter/common/static/js/ 0
0

GET
H/1.1 200
OK gb.validation.min.css
0btgia.eveday.me/061410/rcenter/common/static/css/ 11 KB
4 KB 3287ms
288ms Stylesheet
text/css 2409:8c44:b00:206::6

General

Check archive.org

Show headers Download Go to

Full URL

https://0btgia.eveday.me/061410/rcenter/common/static/css/gb.validation.min.css

Requested by

Host: 588365.bet
URL: https://588365.bet:8989/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

2409:8c44:b00:206::6 -, , ASN (),

Reverse DNS

Software

Default-server-KS-CLOUD-HA-MP-14-26 /

Resource Hash

3043f42fdd97ec607648da79c3abfa6f364404c7594143227c2541d1f0ac6069

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-US,en;q=0.9
Referer: https://588365.bet:8989/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Thu, 14 Dec 2023 06:40:37 GMT
Content-Encoding: gzip
Age: 273391
x-link-via: zzcm51:443;hamp14:80;
X-Cache-Status: HIT from KS-CLOUD-HA-MP-14-26, HIT from KS-CLOUD-ZZ-CM-51-15
X-Cache: HIT
Connection: keep-alive
uuid: -
Content-Length: 3788
Last-Modified: Wed, 05 Oct 2022 09:40:30 GMT
Server: Default-server-KS-CLOUD-HA-MP-14-26
ETag: W/"633d510e-2d52"
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
Content-Type: text/css
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
Accept-Ranges: bytes
out-line: gb-cdn-205
X-Cdn-Request-ID: 65d4eb43629ebbd9ab782114413e7537
Expires: Sat, 13 Jan 2024 06:40:37 GMT

GET special_3.jpg
0btgia.eveday.me/ftl/commonPage/zh_CN/mobileTopic/images/ 0
0

GET
H/1.1 200
OK hongbao.css
588365.bet/ftl/commonPage/themes/ 53 KB
6 KB 230ms
229ms Stylesheet
text/css 154.23.184.215
HKCICL-AS-AP Hong...

General

Check archive.org

Show headers Download Go to

Full URL

https://588365.bet:8989/ftl/commonPage/themes/hongbao.css

Requested by

Host: 588365.bet
URL: https://588365.bet:8989/ftl/commonPage/themes/gui-base.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

154.23.184.215 , United States, ASN140227 (HKCICL-AS-AP Hong Kong Communications International Co., Limited, HK),

Reverse DNS

Software

Resource Hash

5339bf22971b6400e64154decc06b84fd4be337c2758cc7ca565756c92c97894

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-US,en;q=0.9
Referer: https://588365.bet:8989/ftl/commonPage/themes/gui-base.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Sun, 17 Dec 2023 10:37:05 GMT
Content-Encoding: gzip
Last-Modified: Thu, 30 Mar 2023 06:38:07 GMT
ETag: W/"64252e4f-d530"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: text/css
Access-Control-Allow-Origin: *
X-Cache: HIT
X-Frame-Options: SAMEORIGIN
Cache-Control: max-age=86400
Connection: keep-alive
uuid: -
out-line: gb-site-095
Expires: Mon, 18 Dec 2023 10:37:05 GMT

GET
H/1.1 200
OK gui-layer.css
588365.bet/ftl/commonPage/themes/ 50 KB
7 KB 241ms
233ms Stylesheet
text/css 154.23.184.215
HKCICL-AS-AP Hong...

General

Check archive.org

Show headers Download Go to

Full URL

https://588365.bet:8989/ftl/commonPage/themes/gui-layer.css

Requested by

Host: 588365.bet
URL: https://588365.bet:8989/ftl/commonPage/themes/gui-base.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

154.23.184.215 , United States, ASN140227 (HKCICL-AS-AP Hong Kong Communications International Co., Limited, HK),

Reverse DNS

Software

Resource Hash

9f6a77c93f998e065f1ed52eb9943a3c560a50366bba2c8a34a4a1223c793caf

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-US,en;q=0.9
Referer: https://588365.bet:8989/ftl/commonPage/themes/gui-base.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Sun, 17 Dec 2023 10:37:05 GMT
Content-Encoding: gzip
Last-Modified: Thu, 17 Aug 2023 08:10:09 GMT
ETag: W/"64ddd5e1-c760"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: text/css
Access-Control-Allow-Origin: *
X-Cache: HIT
X-Frame-Options: SAMEORIGIN
Cache-Control: max-age=86400
Connection: keep-alive
uuid: -
out-line: gb-site-095
Expires: Mon, 18 Dec 2023 10:37:05 GMT

GET
DATA 200
OK truncated
/ 484 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 527228714a2a640b71788550f8dcd2c0964ee13fdfddc1c57ff377134f8fcecb

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 200
OK gui.ttf
588365.bet/ftl/commonPage/themes/fonts/gui-fonts/ 411 KB
412 KB 464ms
464ms Font
application/octet-stream 154.23.184.215
HKCICL-AS-AP Hong...

General

Check archive.org

Show headers Download Go to

Full URL

https://588365.bet:8989/ftl/commonPage/themes/fonts/gui-fonts/gui.ttf

Requested by

Host: 588365.bet
URL: https://588365.bet:8989/ftl/commonPage/themes/gui-base.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

154.23.184.215 , United States, ASN140227 (HKCICL-AS-AP Hong Kong Communications International Co., Limited, HK),

Reverse DNS

Software

Resource Hash

4ac2012dc9b9b5d77a75f421a662db9f2a28c3390ec407f0dc03bd4d5536b7c1

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://588365.bet:8989/ftl/commonPage/themes/gui-base.css
Origin: https://588365.bet:8989
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Sun, 17 Dec 2023 10:37:05 GMT
Last-Modified: Fri, 15 Dec 2023 09:00:14 GMT
ETag: "657c159e-66cac"
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
Content-Type: application/octet-stream
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
Connection: keep-alive
Accept-Ranges: bytes
out-line: gb-site-095
uuid: -
Content-Length: 421036
Expires: Mon, 18 Dec 2023 10:37:05 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: 0btgia.eveday.me
URL: https://0btgia.eveday.me/ftl/commonPage/js/jquery/jquery-1.11.3.min.js

Domain: 0btgia.eveday.me
URL: https://0btgia.eveday.me/ftl/commonPage/js/float.js

Domain: 0btgia.eveday.me
URL: https://0btgia.eveday.me/ftl/commonPage/js/idangerous.swiper.min.js

Domain: 0btgia.eveday.me
URL: https://0btgia.eveday.me/ftl/commonPage/js/websocket/Comet.js

Domain: 0btgia.eveday.me
URL: https://0btgia.eveday.me/ftl/commonPage/js/lazyload.js

Domain: 0btgia.eveday.me
URL: https://0btgia.eveday.me/ftl/commonPage/js/gui-base.js

Domain: 0btgia.eveday.me
URL: https://0btgia.eveday.me/ftl/commonPage/js/bootstrap-dialog.min.js

Domain: 0btgia.eveday.me
URL: https://0btgia.eveday.me/ftl/commonPage/js/layer.js

Domain: 0btgia.eveday.me
URL: https://0btgia.eveday.me/ftl/commonPage/js/jquery/jquery.super-marquee.js

Domain: 0btgia.eveday.me
URL: https://0btgia.eveday.me/ftl/commonPage/js/jquery/jquery.nicescroll.min.js

Domain: 0btgia.eveday.me
URL: https://0btgia.eveday.me/061410/rcenter/common/js/jquery/plugins/jquery.validate/jquery.validate.js

Domain: 0btgia.eveday.me
URL: https://0btgia.eveday.me/061410/rcenter/common/js/gamebox/common/jquery.validate.extend.msites.js

Domain: 0btgia.eveday.me
URL: https://0btgia.eveday.me/ftl/commonPage/js/moment.js

Domain: 0btgia.eveday.me
URL: https://0btgia.eveday.me/061410/rcenter/common/static/js/gb.validation.min.js?v=1701855930849

Domain: 0btgia.eveday.me
URL: https://0btgia.eveday.me/ftl/commonPage/zh_CN/mobileTopic/images/special_3.jpg

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Bet365 (Entertainment)

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			588365.bet/	1969-12-31 23:59:59	Name: sticket Value: ROakxUa3dNbUl0TTJ

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

0btgia.eveday.me
588365.bet
0btgia.eveday.me
104.250.33.35
154.23.184.215
2409:8c44:b00:206::6
09c2f16084e4fd69e78de32748afa846a9fa2763a4e5e0729f6698ea7857bf5c
0aa3002021c50dd94fcd0eb615a6735db1b54723503264f1c24985e0bcdd868b
14d41b5c49b94439fb314c477da54f28408137cc6c0502ddf453d87c72adcbd5
2b9dad0dac3dfa7a8c10421bbf26c6c6d36fb42eb99c2746d9b4684546ab13d3
3043f42fdd97ec607648da79c3abfa6f364404c7594143227c2541d1f0ac6069
42a5a785e7ab2956f273d32e8c4a03e91a57a1c55cc9e952da66724bd9d48b5b
4ac2012dc9b9b5d77a75f421a662db9f2a28c3390ec407f0dc03bd4d5536b7c1
527228714a2a640b71788550f8dcd2c0964ee13fdfddc1c57ff377134f8fcecb
5339bf22971b6400e64154decc06b84fd4be337c2758cc7ca565756c92c97894
5eb4d895bcb33061cda238c8ff4985ede69a866819b980c732cf3802ec101e8d
7c799e5a6274f7973c211e7ec2091295ad3735625bd895adbe4af1102083251d
871bf30791bb89605b61cea815c3786246274b65ede3b8a8b8c2dd9244cfa89d
9f6a77c93f998e065f1ed52eb9943a3c560a50366bba2c8a34a4a1223c793caf
cb1d0b332c0218bbb360fd25d693f88293b54389caf88c36ffcfd8adc948d0e4
e2bfb9fc21f2a1a6e33c7c5ed20de13ef2ef4bcf266aa4b2e6f2fee06f8f4eaf
f5efd000bee3c0b1f203febc006f219734610c45aeb55464fede017979c9c6e1

588365.bet Open in urlscan Pro 154.23.184.215 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

30 Requests

47 %HTTPS

33 %IPv6

2 Domains

2 Subdomains

4 IPs

1 Countries

552 kBTransfer

1114 kBSize

1 Cookies

1 Outgoing links

Page URL History

Redirected requests

30 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

5 JavaScript Global Variables

1 Cookies

Security Headers

Indicators

588365.bet Open in urlscan Pro
154.23.184.215 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

30
Requests

47 %
HTTPS

33 %
IPv6

2
Domains

2
Subdomains

4
IPs

1
Countries

552 kB
Transfer

1114 kB
Size

1
Cookies

30 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!