urlscan.io logo urlscan.io
SecurityTrails logo

www.3656bb.cc Open in urlscan Pro
34.85.36.87  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://www.bet365f.com/
Effective URL: https://www.3656bb.cc:2020/
Submission: On March 02 via automatic, source certstream-suspicious — Scanned from SG
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 8 HTTP transactions. The main IP is 34.85.36.87, located in Tokyo, Japan and belongs to GOOGLE-CLOUD-PLATFORM, US. The main domain is www.3656bb.cc.
TLS certificate: Issued by ZeroSSL RSA Domain Secure Site CA on February 13th 2023. Valid for: 3 months.
This is the only time www.3656bb.cc was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Bet365 (Entertainment)

Domain & IP information

IP Address AS Autonomous System
1 1 180.215.255.138 64050 (BCPL-SG B...)
8 34.85.36.87 396982 (GOOGLE-CL...)
8 2
Apex Domain
Subdomains		 Transfer
8 3656bb.cc
www.3656bb.cc
93 KB
1 bet365f.com
www.bet365f.com
75 B
8 2
Domain Requested by
8 www.3656bb.cc www.3656bb.cc
1 www.bet365f.com 1 redirects
8 2

This site contains links to these domains. Also see Links.

Domain
www.3656dd.cc
3656c.vip
Subject Issuer Validity Valid
3656bb.cc
ZeroSSL RSA Domain Secure Site CA		 2023-02-13 -
2023-05-14		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://www.3656bb.cc:2020/
Frame ID: 535133A22A241A533DB2A99183F3A3CB
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

bet365

Page URL History Show full URLs

  1. https://www.bet365f.com/ HTTP 301
    https://www.3656bb.cc:2020/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <[^>]+\sdata-v(?:ue)?-

Page Statistics

8
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

93 kB
Transfer

152 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://www.bet365f.com/ HTTP 301
    https://www.3656bb.cc:2020/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
www.3656bb.cc/
Redirect Chain
  • https://www.bet365f.com/
  • https://www.3656bb.cc:2020/
759 B
877 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.3656bb.cc:2020/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.85.36.87 Tokyo, Japan, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
87.36.85.34.bc.googleusercontent.com
Software
/
Resource Hash
11a9e71bb860caaae132168a724f2550b2f5de8544254fa78f6fddba19e889e3
Security Headers
Name Value
X-Frame-Options deny
X-Xss-Protection 1

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language
zh-SG,zh;q=0.9

Response headers

accept-ranges
bytes
content-length
759
content-type
text/html; charset=utf-8
date
Thu, 02 Mar 2023 16:27:39 GMT
x-frame-options
deny
x-xss-protection
1

Redirect headers

content-length
166
content-type
text/html
date
Thu, 02 Mar 2023 16:27:39 GMT
location
https://www.3656bb.cc:2020/
app.cc1c3205.css
www.3656bb.cc/css/ 		962 B
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.3656bb.cc:2020/css/app.cc1c3205.css
Requested by
Host: www.3656bb.cc
URL: https://www.3656bb.cc:2020/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.85.36.87 Tokyo, Japan, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
87.36.85.34.bc.googleusercontent.com
Software
/
Resource Hash
b8d0898b00d325573b82dd34f53da829ca6d8b3f648cc399f5e449dcec0786a7
Security Headers
Name Value
X-Frame-Options deny
X-Xss-Protection 1

Request headers

accept-language
zh-SG,zh;q=0.9
Referer
https://www.3656bb.cc:2020/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date
Thu, 02 Mar 2023 16:27:39 GMT
accept-ranges
bytes
content-length
962
x-frame-options
deny
x-xss-protection
1
content-type
text/css
app.276f2326.js
www.3656bb.cc/js/ 		8 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.3656bb.cc:2020/js/app.276f2326.js
Requested by
Host: www.3656bb.cc
URL: https://www.3656bb.cc:2020/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.85.36.87 Tokyo, Japan, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
87.36.85.34.bc.googleusercontent.com
Software
/
Resource Hash
40d8c7ff120d2699bcd3e36820e0496cfc1b6a50ad9a0da2e000368782e5a744
Security Headers
Name Value
X-Frame-Options deny
X-Xss-Protection 1

Request headers

accept-language
zh-SG,zh;q=0.9
Referer
https://www.3656bb.cc:2020/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date
Thu, 02 Mar 2023 16:27:39 GMT
content-encoding
gzip
x-frame-options
deny
x-xss-protection
1
content-type
application/javascript; charset=utf-8
chunk-vendors.28d0d835.js
www.3656bb.cc/js/ 		90 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.3656bb.cc:2020/js/chunk-vendors.28d0d835.js
Requested by
Host: www.3656bb.cc
URL: https://www.3656bb.cc:2020/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.85.36.87 Tokyo, Japan, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
87.36.85.34.bc.googleusercontent.com
Software
/
Resource Hash
2d77b784c916976de5cbc6d40a9c7027f049d7b2d8e25239bbb31fc9d3932ae3
Security Headers
Name Value
X-Frame-Options deny
X-Xss-Protection 1

Request headers

accept-language
zh-SG,zh;q=0.9
Referer
https://www.3656bb.cc:2020/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date
Thu, 02 Mar 2023 16:27:39 GMT
content-encoding
gzip
x-frame-options
deny
x-xss-protection
1
content-type
application/javascript; charset=utf-8
365log.5815821f.png
www.3656bb.cc/img/ 		18 KB
18 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.3656bb.cc:2020/img/365log.5815821f.png
Requested by
Host: www.3656bb.cc
URL: https://www.3656bb.cc:2020/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.85.36.87 Tokyo, Japan, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
87.36.85.34.bc.googleusercontent.com
Software
/
Resource Hash
5129914413793342f44f029107ac9b8631f9df589c55d8f159c080f953590549
Security Headers
Name Value
X-Frame-Options deny
X-Xss-Protection 1

Request headers

accept-language
zh-SG,zh;q=0.9
Referer
https://www.3656bb.cc:2020/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date
Thu, 02 Mar 2023 16:27:40 GMT
accept-ranges
bytes
content-length
18466
x-frame-options
deny
x-xss-protection
1
content-type
image/png
365xiazai.202211210321.png
www.3656bb.cc/img/ 		21 KB
21 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.3656bb.cc:2020/img/365xiazai.202211210321.png
Requested by
Host: www.3656bb.cc
URL: https://www.3656bb.cc:2020/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.85.36.87 Tokyo, Japan, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
87.36.85.34.bc.googleusercontent.com
Software
/
Resource Hash
6c92f3f5b7663dc0b3752af5cef81c177435b66fd6f750e31e73b5ca54bdf00c
Security Headers
Name Value
X-Frame-Options deny
X-Xss-Protection 1

Request headers

accept-language
zh-SG,zh;q=0.9
Referer
https://www.3656bb.cc:2020/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date
Thu, 02 Mar 2023 16:27:40 GMT
accept-ranges
bytes
content-length
21664
x-frame-options
deny
x-xss-protection
1
content-type
image/png
site1.33b883d6.gif
www.3656bb.cc/img/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.3656bb.cc:2020/img/site1.33b883d6.gif
Requested by
Host: www.3656bb.cc
URL: https://www.3656bb.cc:2020/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.85.36.87 Tokyo, Japan, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
87.36.85.34.bc.googleusercontent.com
Software
/
Resource Hash
0110a46c87c63762895d16e577697b7c1e532d6020536644d54bf83d50bc9836
Security Headers
Name Value
X-Frame-Options deny
X-Xss-Protection 1

Request headers

accept-language
zh-SG,zh;q=0.9
Referer
https://www.3656bb.cc:2020/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date
Thu, 02 Mar 2023 16:27:40 GMT
accept-ranges
bytes
content-length
5464
x-frame-options
deny
x-xss-protection
1
content-type
image/gif
site2.5c8a34c3.gif
www.3656bb.cc/img/ 		5 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.3656bb.cc:2020/img/site2.5c8a34c3.gif
Requested by
Host: www.3656bb.cc
URL: https://www.3656bb.cc:2020/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.85.36.87 Tokyo, Japan, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
87.36.85.34.bc.googleusercontent.com
Software
/
Resource Hash
e10b672a9a4d2082f1fabc517c77917f8a19407fb77765ded4dcc7d84f50430b
Security Headers
Name Value
X-Frame-Options deny
X-Xss-Protection 1

Request headers

accept-language
zh-SG,zh;q=0.9
Referer
https://www.3656bb.cc:2020/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date
Thu, 02 Mar 2023 16:27:40 GMT
accept-ranges
bytes
content-length
5553
x-frame-options
deny
x-xss-protection
1
content-type
image/gif
truncated
/ 		3 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
28f37bee5b1274e992c423ad7be007ccdffa6e9ecd032261fae056bb611f0319

Request headers

accept-language
zh-SG,zh;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Content-Type
image/gif

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Bet365 (Entertainment)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless object| webpackJsonp

0 Cookies

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Frame-Options deny
X-Xss-Protection 1