Exploits pull_subscribe JS bridge to receive live odds data via evaluateJavaScript callback. Data flows: bet365 server → native HTTPLoader → evaluateJavaScript → attacker JS → C2 server. No CORS, no same-origin — data comes through the native bridge layer.
Subscribes to multiple topics simultaneously. Each subscription generates a separate data feed.
When enabled, every data packet is POSTed to the C2 server in real-time.
Private subscriptions receive user-specific data: balance updates, bet status, account info.