| www.googletagmanager.com/gtm.js?id=GTM-KGKQDC7 |  142.250.74.168 | 200 OK | 106 kB |
URL GET HTTP/2www.googletagmanager.com/gtm.js?id=GTM-KGKQDC7 IP142.250.74.168:443
Requested byhttps://1wfwna.life/v3/fortune-tiger CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com FingerprintFC:B1:16:E0:D8:F3:2B:F3:AB:33:E5:E1:23:57:F4:48:66:FD:4D:52 ValidityMon, 08 Apr 2024 06:34:55 GMT - Mon, 01 Jul 2024 06:34:54 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (50345) Size106 kB (105637 bytes) Hash41b3bf62edd298618f5bdde96baf774f 5f35f45a363679b43ad2cee8418f1cc65969bd32 3d26965b6d4487f5d17a4ecfefd74d0ab83ccb898bb0c454c2ae5c9bdb13e9cd
GET /gtm.js?id=GTM-KGKQDC7 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wfwna.life/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 28 Apr 2024 14:30:50 GMT
expires: Sun, 28 Apr 2024 14:30:50 GMT
cache-control: private, max-age=900
last-modified: Sun, 28 Apr 2024 12:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 105637
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| www.googletagmanager.com/gtag/destination?id=DC-12688802&l=dataLayer&cx=c | 142.250.74.168 | 200 OK | 73 kB |
URL GET HTTP/3www.googletagmanager.com/gtag/destination?id=DC-12688802&l=dataLayer&cx=c IP142.250.74.168:443
Requested byhttps://1wfwna.life/v3/fortune-tiger CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com FingerprintFC:B1:16:E0:D8:F3:2B:F3:AB:33:E5:E1:23:57:F4:48:66:FD:4D:52 ValidityMon, 08 Apr 2024 06:34:55 GMT - Mon, 01 Jul 2024 06:34:54 GMT
File typeJavaScript source, ASCII text, with very long lines (1763) Hash3e9576bb98e1c8f858420acf65a9bfdf cd3b6e9dbc150e17252973d8fdfaae7f0976255f 3669bff32f4a4276fab87762b7b0b400de21939803ae8a02459a914591293f41
GET /gtag/destination?id=DC-12688802&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wfwna.life/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 28 Apr 2024 14:30:50 GMT
expires: Sun, 28 Apr 2024 14:30:50 GMT
cache-control: private, max-age=900
last-modified: Sun, 28 Apr 2024 12:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 72846
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| 1wfwna.life/v3/fortune-tiger/assets/tiger-logo-768-657a4ec6.avif |  190.115.24.78 | 200 OK | 95 kB |
URL GET HTTP/21wfwna.life/v3/fortune-tiger/assets/tiger-logo-768-657a4ec6.avif IP190.115.24.78:443
Requested byhttps://1wfwna.life/v3/fortune-tiger CertificateIssuerLet's Encrypt Subject1wfwna.life Fingerprint17:34:42:5E:B0:F3:A5:70:C7:67:6F:7F:34:FE:4E:00:89:6E:E5:00 ValidityTue, 16 Apr 2024 12:17:59 GMT - Mon, 15 Jul 2024 12:17:58 GMT
Hash660f255f8dba401226093c87d1be5f7f 29811e253e77ec0db82ee58e4e89e6a04a1499c1 5d469575d4c3b069237e727c62b0f4b0bc2954be79b0e015a1e2c98339e49fe7
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /v3/fortune-tiger/assets/tiger-logo-768-657a4ec6.avif HTTP/1.1
Host: 1wfwna.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wfwna.life/v3/fortune-tiger
Cookie: __ddg1_=B2D2WBTnO2pvCHAReR1b
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: ddos-guard
date: Sun, 28 Apr 2024 14:30:50 GMT
content-type: image/avif
accept-ranges: bytes
content-encoding: gzip
etag: "65f1baf0-107f"
last-modified: Wed, 13 Mar 2024 14:40:48 GMT
vary: Accept-Encoding
access-control-allow-origin: *
age: 0
ddg-cache-status: MISS,MISS
X-Firefox-Spdy: h2
|
|
| www.googletagmanager.com/gtag/js?id=AW-16482547739&l=dataLayer&cx=c | 142.250.74.168 | 200 OK | 86 kB |
URL GET HTTP/3www.googletagmanager.com/gtag/js?id=AW-16482547739&l=dataLayer&cx=c IP142.250.74.168:443
Requested byhttps://1wfwna.life/v3/fortune-tiger CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com FingerprintFC:B1:16:E0:D8:F3:2B:F3:AB:33:E5:E1:23:57:F4:48:66:FD:4D:52 ValidityMon, 08 Apr 2024 06:34:55 GMT - Mon, 01 Jul 2024 06:34:54 GMT
File typeJavaScript source, ASCII text, with very long lines (4179) Hasha58708cceb9b7147266d809cb62b01e8 387a7a743155e813710375dc28cc7cf21e6e1970 124a5df4d0941a1ebcb14d00a281283282b8b74e6bd46486e1c3dd2b67ecba1a
GET /gtag/js?id=AW-16482547739&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wfwna.life/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 28 Apr 2024 14:30:50 GMT
expires: Sun, 28 Apr 2024 14:30:50 GMT
cache-control: private, max-age=900
last-modified: Sun, 28 Apr 2024 12:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 86544
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| 1wfwna.life/v3/fortune-tiger/assets/Inter-Medium-aaa02aa0.woff2 | 190.115.24.78 | 200 OK | 111 kB |
URL GET HTTP/21wfwna.life/v3/fortune-tiger/assets/Inter-Medium-aaa02aa0.woff2 IP190.115.24.78:443
Requested byhttps://1wfwna.life/v3/fortune-tiger CertificateIssuerLet's Encrypt Subject1wfwna.life Fingerprint17:34:42:5E:B0:F3:A5:70:C7:67:6F:7F:34:FE:4E:00:89:6E:E5:00 ValidityTue, 16 Apr 2024 12:17:59 GMT - Mon, 15 Jul 2024 12:17:58 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 111192, version 3.1245 Size111 kB (111192 bytes) Hash823f35a845a9dfbf9800c8a37b635269 c3064c7e34213e30493c6a972f3d66f4d145885b aaa02aa09b0bc5bc5c57095aaa6e15bea07480136e9aab705f69886daa213325
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /v3/fortune-tiger/assets/Inter-Medium-aaa02aa0.woff2 HTTP/1.1
Host: 1wfwna.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://1wfwna.life/v3/fortune-tiger/assets/index-b8f437e1.css
Cookie: __ddg1_=B2D2WBTnO2pvCHAReR1b; _gcl_au=1.1.1085428183.1714314650
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: ddos-guard
date: Sun, 28 Apr 2024 14:30:50 GMT
content-type: font/woff2
content-length: 111192
accept-ranges: bytes
etag: "65f1baf0-1b258"
last-modified: Wed, 13 Mar 2024 14:40:48 GMT
vary: Accept-Encoding
access-control-allow-origin: *
age: 0
ddg-cache-status: MISS,MISS
X-Firefox-Spdy: h2
|
|
| 1win.direct/v4/socket.io/?Language=en&xorigin=1wfwna.life&EIO=4&transport=websocket |  134.122.54.186 | | 0 B |
URL 1win.direct/v4/socket.io/?Language=en&xorigin=1wfwna.life&EIO=4&transport=websocket IP134.122.54.186:0 ASN#14061 DIGITALOCEAN-ASN
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /v4/socket.io/?Language=en&xorigin=1wfwna.life&EIO=4&transport=websocket HTTP/1.1
Host: 1win.direct
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://1wfwna.life
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: erRdUBiJwZeZj7rh1p4vKQ==
DNT: 1
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Sec-Websocket-Accept: tNyQYBi5jHSA/iSbpzE499w9wW8=
Sec-Websocket-Extensions: permessage-deflate
Set-Cookie: core-sticky=77972f1471683818; Path=/; HttpOnly
Upgrade: websocket
|
|
| 1wfwna.life/v3/fortune-tiger/assets/Inter-Regular-f536bae0.woff2 | 190.115.24.78 | 200 OK | 103 kB |
URL GET HTTP/21wfwna.life/v3/fortune-tiger/assets/Inter-Regular-f536bae0.woff2 IP190.115.24.78:443
Requested byhttps://1wfwna.life/v3/fortune-tiger CertificateIssuerLet's Encrypt Subject1wfwna.life Fingerprint17:34:42:5E:B0:F3:A5:70:C7:67:6F:7F:34:FE:4E:00:89:6E:E5:00 ValidityTue, 16 Apr 2024 12:17:59 GMT - Mon, 15 Jul 2024 12:17:58 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 103152, version 3.1245 Size103 kB (103152 bytes) Hash5891e05821cbf2402b6dd3f4a84cfe12 43371fc7dd74393cb3f1de7f500164b4156a7a50 f536bae011685cdeb84a3ec10450fd024d62536949d870582f4651cd47404067
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /v3/fortune-tiger/assets/Inter-Regular-f536bae0.woff2 HTTP/1.1
Host: 1wfwna.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://1wfwna.life/v3/fortune-tiger/assets/index-b8f437e1.css
Cookie: __ddg1_=B2D2WBTnO2pvCHAReR1b; _gcl_au=1.1.1085428183.1714314650
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: ddos-guard
date: Sun, 28 Apr 2024 14:30:50 GMT
content-type: font/woff2
content-length: 103152
accept-ranges: bytes
etag: "65f1baf0-192f0"
last-modified: Wed, 13 Mar 2024 14:40:48 GMT
vary: Accept-Encoding
access-control-allow-origin: *
age: 0
ddg-cache-status: MISS,MISS
X-Firefox-Spdy: h2
|
|
| 1wfwna.life/v3/fortune-tiger/assets/Inter-Black-9bdfd3f7.woff2 | 190.115.24.78 | 200 OK | 108 kB |
URL GET HTTP/21wfwna.life/v3/fortune-tiger/assets/Inter-Black-9bdfd3f7.woff2 IP190.115.24.78:443
Requested byhttps://1wfwna.life/v3/fortune-tiger CertificateIssuerLet's Encrypt Subject1wfwna.life Fingerprint17:34:42:5E:B0:F3:A5:70:C7:67:6F:7F:34:FE:4E:00:89:6E:E5:00 ValidityTue, 16 Apr 2024 12:17:59 GMT - Mon, 15 Jul 2024 12:17:58 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 108304, version 3.1245 Size108 kB (108304 bytes) Hash1072249056f4f7a5be7f0471c9ab78f7 67bb20dbc035eda1d7ea59c6b5491bb1053cec63 9bdfd3f7659d5ce371d366c2a2b6106e746b3e3966fcc39c60d0ffced96cb858
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /v3/fortune-tiger/assets/Inter-Black-9bdfd3f7.woff2 HTTP/1.1
Host: 1wfwna.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://1wfwna.life/v3/fortune-tiger/assets/index-b8f437e1.css
Cookie: __ddg1_=B2D2WBTnO2pvCHAReR1b; _gcl_au=1.1.1085428183.1714314650
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: ddos-guard
date: Sun, 28 Apr 2024 14:30:50 GMT
content-type: font/woff2
content-length: 108304
accept-ranges: bytes
etag: "65f1baf0-1a710"
last-modified: Wed, 13 Mar 2024 14:40:48 GMT
vary: Accept-Encoding
access-control-allow-origin: *
age: 0
ddg-cache-status: MISS,MISS
X-Firefox-Spdy: h2
|
|
| www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-548949LWLW&cid=1823872497.1714314651>m=45je44o0v894728184z8894400803za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3lPl2l1&npa=1&z=419132253 | 142.250.74.163 | 200 OK | 42 B |
URL GET HTTP/2www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-548949LWLW&cid=1823872497.1714314651>m=45je44o0v894728184z8894400803za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3lPl2l1&npa=1&z=419132253 IP142.250.74.163:443
Requested byhttps://1wfwna.life/v3/fortune-tiger CertificateIssuerGoogle Trust Services LLC Subject*.google.no FingerprintDE:35:DD:F6:8A:FF:6F:9D:0E:3D:27:DD:E2:B8:DE:CE:A4:6A:C8:C9 ValidityMon, 08 Apr 2024 07:44:18 GMT - Mon, 01 Jul 2024 07:44:17 GMT
File typeGIF image data, version 89a, 1 x 1 Hashd89746888da2d9510b64a9f031eaecd5 d5fceb6532643d0d84ffe09c40c481ecdf59e15a ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-548949LWLW&cid=1823872497.1714314651>m=45je44o0v894728184z8894400803za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3lPl2l1&npa=1&z=419132253 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wfwna.life/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sun, 28 Apr 2024 14:30:51 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| region1.analytics.google.com/g/collect?v=2&tid=G-548949LWLW>m=45je44o0v894728184z8894400803za200&_p=1714314650000&_gaz=1&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=1823872497.1714314651&ul=en-us&sr=1280x1024&pscdl=noapi&_s=1&dp=%2Fv3%2Ffortune-tiger&sid=1714314650&sct=1&seg=0&dl=https%3A%2F%2F1wfwna.life%2Fv3%2Ffortune-tiger&dt=1win&en=page_view&_fv=1&_nsi=1&_ss=1&ep.page_url=https%3A%2F%2F1wfwna.life%2Fv3%2Ffortune-tiger&tfd=1307 | 216.239.34.36 | 204 No Content | 0 B |
URL POST HTTP/2region1.analytics.google.com/g/collect?v=2&tid=G-548949LWLW>m=45je44o0v894728184z8894400803za200&_p=1714314650000&_gaz=1&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=1823872497.1714314651&ul=en-us&sr=1280x1024&pscdl=noapi&_s=1&dp=%2Fv3%2Ffortune-tiger&sid=1714314650&sct=1&seg=0&dl=https%3A%2F%2F1wfwna.life%2Fv3%2Ffortune-tiger&dt=1win&en=page_view&_fv=1&_nsi=1&_ss=1&ep.page_url=https%3A%2F%2F1wfwna.life%2Fv3%2Ffortune-tiger&tfd=1307 IP216.239.34.36:443
Requested byhttps://1wfwna.life/v3/fortune-tiger CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com FingerprintFC:B1:16:E0:D8:F3:2B:F3:AB:33:E5:E1:23:57:F4:48:66:FD:4D:52 ValidityMon, 08 Apr 2024 06:34:55 GMT - Mon, 01 Jul 2024 06:34:54 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-548949LWLW>m=45je44o0v894728184z8894400803za200&_p=1714314650000&_gaz=1&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=1823872497.1714314651&ul=en-us&sr=1280x1024&pscdl=noapi&_s=1&dp=%2Fv3%2Ffortune-tiger&sid=1714314650&sct=1&seg=0&dl=https%3A%2F%2F1wfwna.life%2Fv3%2Ffortune-tiger&dt=1win&en=page_view&_fv=1&_nsi=1&_ss=1&ep.page_url=https%3A%2F%2F1wfwna.life%2Fv3%2Ffortune-tiger&tfd=1307 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1wfwna.life
DNT: 1
Connection: keep-alive
Referer: https://1wfwna.life/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: https://1wfwna.life
date: Sun, 28 Apr 2024 14:30:51 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| 1wfwna.life/v3/fortune-tiger/favicon/android-icon-512x512.png | 190.115.24.78 | 200 OK | 21 kB |
URL GET HTTP/21wfwna.life/v3/fortune-tiger/favicon/android-icon-512x512.png IP190.115.24.78:443
Requested byhttps://1wfwna.life/v3/fortune-tiger CertificateIssuerLet's Encrypt Subject1wfwna.life Fingerprint17:34:42:5E:B0:F3:A5:70:C7:67:6F:7F:34:FE:4E:00:89:6E:E5:00 ValidityTue, 16 Apr 2024 12:17:59 GMT - Mon, 15 Jul 2024 12:17:58 GMT
Hash84f445785696130739dd4bb74d0dd05e f40c63ffe806daa4c0b9779ee17999a73e6f7515 01c14c261471fee8d858620f6ff17521e535c8471a9e1394c81718ae940c7759
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /v3/fortune-tiger/favicon/android-icon-512x512.png HTTP/1.1
Host: 1wfwna.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wfwna.life/v3/fortune-tiger
Cookie: __ddg1_=B2D2WBTnO2pvCHAReR1b; _gcl_au=1.1.1085428183.1714314650; _ga_548949LWLW=GS1.1.1714314650.1.0.1714314650.60.0.0; _ga=GA1.1.1823872497.1714314651; visit_domain=1wfwna.life; sub_ids=%20; core-sticky=http://10.233.97.77:80
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: ddos-guard
date: Sun, 28 Apr 2024 14:30:51 GMT
content-type: image/png
accept-ranges: bytes
content-encoding: gzip
etag: "65f1baef-2b40"
last-modified: Wed, 13 Mar 2024 14:40:47 GMT
vary: Accept-Encoding
access-control-allow-origin: *
age: 2
ddg-cache-status: MISS,MISS
X-Firefox-Spdy: h2
|
|
| www.googletagmanager.com/gtag/js?id=G-548949LWLW&l=dataLayer&cx=c | 142.250.74.168 | 200 OK | 258 kB |
URL GET HTTP/3www.googletagmanager.com/gtag/js?id=G-548949LWLW&l=dataLayer&cx=c IP142.250.74.168:443
Requested byhttps://1wfwna.life/v3/fortune-tiger CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com FingerprintFC:B1:16:E0:D8:F3:2B:F3:AB:33:E5:E1:23:57:F4:48:66:FD:4D:52 ValidityMon, 08 Apr 2024 06:34:55 GMT - Mon, 01 Jul 2024 06:34:54 GMT
File typeJavaScript source, ASCII text, with very long lines (5945) Size258 kB (258497 bytes) Hash11c922b4c6d4e11d48d2ceefa2aeb0fc dbc5cc9cd5db4dbca9a38fa1006d87f65f03c31a 3631867175b4e34c7202675d3a80d2501883b7f61a5290c5b920b2abc527538f
GET /gtag/js?id=G-548949LWLW&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wfwna.life/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 28 Apr 2024 14:30:50 GMT
expires: Sun, 28 Apr 2024 14:30:50 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 90499
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| 1wfwna.life/v3/fortune-tiger/assets/rectangle-77e94fe0.svg | 190.115.24.78 | 200 OK | 184 B |
URL GET HTTP/21wfwna.life/v3/fortune-tiger/assets/rectangle-77e94fe0.svg IP190.115.24.78:443
Requested byhttps://1wfwna.life/v3/fortune-tiger CertificateIssuerLet's Encrypt Subject1wfwna.life Fingerprint17:34:42:5E:B0:F3:A5:70:C7:67:6F:7F:34:FE:4E:00:89:6E:E5:00 ValidityTue, 16 Apr 2024 12:17:59 GMT - Mon, 15 Jul 2024 12:17:58 GMT
File typeSVG Scalable Vector Graphics image Hash1abb9d782fd643317a03c4195ba193c9 f3d54c005f537b1cf10f170e014f02c3e8ab9a40 5e40cece26d590b641b884b3c5f5e03f5aac60936ec9026c86acb09726d19dba
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /v3/fortune-tiger/assets/rectangle-77e94fe0.svg HTTP/1.1
Host: 1wfwna.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wfwna.life/v3/fortune-tiger/assets/index-b8f437e1.css
Cookie: __ddg1_=B2D2WBTnO2pvCHAReR1b; _gcl_au=1.1.1085428183.1714314650
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: ddos-guard
date: Sun, 28 Apr 2024 14:30:50 GMT
content-type: image/svg+xml
accept-ranges: bytes
etag: W/"65f1baf0-b8"
last-modified: Wed, 13 Mar 2024 14:40:48 GMT
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: br
age: 0
ddg-cache-status: MISS,MISS
X-Firefox-Spdy: h2
|
|
| 1wfwna.life/v3/fortune-tiger | 190.115.24.78 | 200 OK | 36 kB |
URL User Request GET HTTP/21wfwna.life/v3/fortune-tiger IP190.115.24.78:443
CertificateIssuerLet's Encrypt Subject1wfwna.life Fingerprint17:34:42:5E:B0:F3:A5:70:C7:67:6F:7F:34:FE:4E:00:89:6E:E5:00 ValidityTue, 16 Apr 2024 12:17:59 GMT - Mon, 15 Jul 2024 12:17:58 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /v3/fortune-tiger HTTP/1.1
Host: 1wfwna.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg1_=B2D2WBTnO2pvCHAReR1b; Domain=.1wfwna.life; HttpOnly; Path=/; Expires=Mon, 28-Apr-2025 14:30:49 GMT
date: Sun, 28 Apr 2024 14:30:49 GMT
content-type: text/html
accept-ranges: bytes
content-encoding: gzip
etag: "65f1baf0-8e42"
last-modified: Wed, 13 Mar 2024 14:40:48 GMT
vary: Accept-Encoding
access-control-allow-origin: *
X-Firefox-Spdy: h2
|
|
| 1wfwna.life/v3/fortune-tiger/assets/index-b8f437e1.css | 190.115.24.78 | 200 OK | 58 kB |
URL GET HTTP/21wfwna.life/v3/fortune-tiger/assets/index-b8f437e1.css IP190.115.24.78:443
Requested byhttps://1wfwna.life/v3/fortune-tiger CertificateIssuerLet's Encrypt Subject1wfwna.life Fingerprint17:34:42:5E:B0:F3:A5:70:C7:67:6F:7F:34:FE:4E:00:89:6E:E5:00 ValidityTue, 16 Apr 2024 12:17:59 GMT - Mon, 15 Jul 2024 12:17:58 GMT
File typeASCII text, with very long lines (57974) Hash12ad0fa9503ebb1bce670c1582d45a25 1471f41471a955a2f0ed6ddeed0e57da886259d2 b8f437e18827c325ba56df32f47ae2918e00d67b23d0eb7f81e69e92fd4300d2
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /v3/fortune-tiger/assets/index-b8f437e1.css HTTP/1.1
Host: 1wfwna.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wfwna.life/v3/fortune-tiger
Cookie: __ddg1_=B2D2WBTnO2pvCHAReR1b
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: ddos-guard
date: Sun, 28 Apr 2024 14:30:50 GMT
content-type: text/css
accept-ranges: bytes
content-encoding: br
etag: W/"65f1baf0-e277"
last-modified: Wed, 13 Mar 2024 14:40:48 GMT
vary: Accept-Encoding
access-control-allow-origin: *
age: 0
ddg-cache-status: MISS,MISS
X-Firefox-Spdy: h2
|
|
| 1wfwna.life/v3/fortune-tiger/assets/logo-3c31be17.svg | 190.115.24.78 | 200 OK | 2.7 kB |
URL GET HTTP/21wfwna.life/v3/fortune-tiger/assets/logo-3c31be17.svg IP190.115.24.78:443
Requested byhttps://1wfwna.life/v3/fortune-tiger CertificateIssuerLet's Encrypt Subject1wfwna.life Fingerprint17:34:42:5E:B0:F3:A5:70:C7:67:6F:7F:34:FE:4E:00:89:6E:E5:00 ValidityTue, 16 Apr 2024 12:17:59 GMT - Mon, 15 Jul 2024 12:17:58 GMT
File typeSVG Scalable Vector Graphics image Hash205d9c9a0c052c7025acc733ef5ee217 aefa74a00d9bc0956043e44eda83aa534a2dbbc4 13c51a0697aa0d59d794a63730a1f04b5b563691abe5441a74559861a7dfb412
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /v3/fortune-tiger/assets/logo-3c31be17.svg HTTP/1.1
Host: 1wfwna.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wfwna.life/v3/fortune-tiger
Cookie: __ddg1_=B2D2WBTnO2pvCHAReR1b
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: ddos-guard
date: Sun, 28 Apr 2024 14:30:50 GMT
content-type: image/svg+xml
accept-ranges: bytes
content-encoding: br
etag: W/"65f1baf0-a8a"
last-modified: Wed, 13 Mar 2024 14:40:48 GMT
vary: Accept-Encoding
access-control-allow-origin: *
age: 0
ddg-cache-status: MISS,MISS
X-Firefox-Spdy: h2
|
|
| 1wfwna.life/v3/fortune-tiger/flags/flags.svg | 190.115.24.78 | 200 OK | 194 kB |
URL GET HTTP/21wfwna.life/v3/fortune-tiger/flags/flags.svg IP190.115.24.78:443
Requested byhttps://1wfwna.life/v3/fortune-tiger CertificateIssuerLet's Encrypt Subject1wfwna.life Fingerprint17:34:42:5E:B0:F3:A5:70:C7:67:6F:7F:34:FE:4E:00:89:6E:E5:00 ValidityTue, 16 Apr 2024 12:17:59 GMT - Mon, 15 Jul 2024 12:17:58 GMT
File typeSVG Scalable Vector Graphics image Size194 kB (194332 bytes) Hasha92bcc34e96e6149bbbf43a1bc9c52d8 cebda3ba8b9260a4de36e6f8ab10e4f192c882bc 46f7c85353be615eb961fca31f10d696cc75f317786b29fc250028fd70a081e7
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /v3/fortune-tiger/flags/flags.svg HTTP/1.1
Host: 1wfwna.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wfwna.life/v3/fortune-tiger
Cookie: __ddg1_=B2D2WBTnO2pvCHAReR1b
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: ddos-guard
date: Sun, 28 Apr 2024 14:30:50 GMT
content-type: image/svg+xml
accept-ranges: bytes
content-encoding: br
etag: W/"65f1baef-2f71c"
last-modified: Wed, 13 Mar 2024 14:40:47 GMT
vary: Accept-Encoding
access-control-allow-origin: *
age: 0
ddg-cache-status: MISS,MISS
X-Firefox-Spdy: h2
|
|
| 1wfwna.life/v3/fortune-tiger/assets/tiger-r-768-c5411fe8.avif | 190.115.24.78 | 200 OK | 8.6 kB |
URL GET HTTP/21wfwna.life/v3/fortune-tiger/assets/tiger-r-768-c5411fe8.avif IP190.115.24.78:443
Requested byhttps://1wfwna.life/v3/fortune-tiger CertificateIssuerLet's Encrypt Subject1wfwna.life Fingerprint17:34:42:5E:B0:F3:A5:70:C7:67:6F:7F:34:FE:4E:00:89:6E:E5:00 ValidityTue, 16 Apr 2024 12:17:59 GMT - Mon, 15 Jul 2024 12:17:58 GMT
Hash80cf29695ba775a0391f55c2028a24bc 0640f83065ccabcc6c957e07cd259d3c71b06041 c5411fe89ec5633aa24de81321da5a8e1c3a8f855a4e005da36055ec9308217b
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /v3/fortune-tiger/assets/tiger-r-768-c5411fe8.avif HTTP/1.1
Host: 1wfwna.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wfwna.life/v3/fortune-tiger/assets/index-b8f437e1.css
Cookie: __ddg1_=B2D2WBTnO2pvCHAReR1b; _gcl_au=1.1.1085428183.1714314650
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: ddos-guard
date: Sun, 28 Apr 2024 14:30:50 GMT
content-type: image/avif
accept-ranges: bytes
content-encoding: gzip
etag: "65f1baf0-21af"
last-modified: Wed, 13 Mar 2024 14:40:48 GMT
vary: Accept-Encoding
access-control-allow-origin: *
age: 0
ddg-cache-status: MISS,MISS
X-Firefox-Spdy: h2
|
|
| 1wfwna.life/v3/fortune-tiger/assets/index-3567fcd6.js | 190.115.24.78 | 200 OK | 154 kB |
URL GET HTTP/21wfwna.life/v3/fortune-tiger/assets/index-3567fcd6.js IP190.115.24.78:443
Requested byhttps://1wfwna.life/v3/fortune-tiger CertificateIssuerLet's Encrypt Subject1wfwna.life Fingerprint17:34:42:5E:B0:F3:A5:70:C7:67:6F:7F:34:FE:4E:00:89:6E:E5:00 ValidityTue, 16 Apr 2024 12:17:59 GMT - Mon, 15 Jul 2024 12:17:58 GMT
Size154 kB (154497 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /v3/fortune-tiger/assets/index-3567fcd6.js HTTP/1.1
Host: 1wfwna.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wfwna.life/v3/fortune-tiger
Cookie: __ddg1_=B2D2WBTnO2pvCHAReR1b
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: ddos-guard
date: Sun, 28 Apr 2024 14:30:50 GMT
content-type: application/javascript
accept-ranges: bytes
content-encoding: br
etag: W/"65f1baf0-25b81"
last-modified: Wed, 13 Mar 2024 14:40:48 GMT
vary: Accept-Encoding
access-control-allow-origin: *
age: 0
ddg-cache-status: MISS,MISS
X-Firefox-Spdy: h2
|
|
| 1win.direct/v4/socket.io/?Language=en&xorigin=1wfwna.life&EIO=4&transport=websocket | 134.122.54.186 | 101 Switching Protocols | 0 B |
URL GET HTTP/1.11win.direct/v4/socket.io/?Language=en&xorigin=1wfwna.life&EIO=4&transport=websocket IP134.122.54.186:443 ASN#14061 DIGITALOCEAN-ASN
Requested byhttps://1wfwna.life/v3/fortune-tiger CertificateIssuerLet's Encrypt Subject*.1win.direct Fingerprint52:A8:ED:F5:F8:3D:CF:F0:55:C1:2A:96:EA:32:49:27:6C:D8:26:27 ValiditySun, 17 Mar 2024 06:46:18 GMT - Sat, 15 Jun 2024 06:46:17 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /v4/socket.io/?Language=en&xorigin=1wfwna.life&EIO=4&transport=websocket HTTP/1.1
Host: 1win.direct
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://1wfwna.life
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: erRdUBiJwZeZj7rh1p4vKQ==
DNT: 1
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Sec-Websocket-Accept: tNyQYBi5jHSA/iSbpzE499w9wW8=
Sec-Websocket-Extensions: permessage-deflate
Set-Cookie: core-sticky=77972f1471683818; Path=/; HttpOnly
Upgrade: websocket
|
|
| 1wfwna.life/affiliate:link_visit?visit_domain=1wfwna.life&sub_ids=%20 | 190.115.24.78 | 200 OK | 37 B |
URL GET HTTP/21wfwna.life/affiliate:link_visit?visit_domain=1wfwna.life&sub_ids=%20 IP190.115.24.78:443
Requested byhttps://1wfwna.life/v3/fortune-tiger CertificateIssuerLet's Encrypt Subject1wfwna.life Fingerprint17:34:42:5E:B0:F3:A5:70:C7:67:6F:7F:34:FE:4E:00:89:6E:E5:00 ValidityTue, 16 Apr 2024 12:17:59 GMT - Mon, 15 Jul 2024 12:17:58 GMT
File typetroff or preprocessor input, ASCII text, with no line terminators Hash2f6af1a09e6d352c1603fe2326189744 baed183cee7c7fd534e8519a683c9f398e696329 7dbce63a298c62ef7fd9b97b1512bcfc0fb402338670dbd194362e0ffac42458
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /affiliate:link_visit?visit_domain=1wfwna.life&sub_ids=%20 HTTP/1.1
Host: 1wfwna.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-origin: 1wfwna.life
DNT: 1
Connection: keep-alive
Referer: https://1wfwna.life/v3/fortune-tiger
Cookie: __ddg1_=B2D2WBTnO2pvCHAReR1b; _gcl_au=1.1.1085428183.1714314650; _ga_548949LWLW=GS1.1.1714314650.1.0.1714314650.60.0.0; _ga=GA1.1.1823872497.1714314651; visit_domain=1wfwna.life; sub_ids=%20
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: ddos-guard
date: Sun, 28 Apr 2024 14:30:50 GMT
content-type: application/json; charset=utf-8
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Authorization, X-Origin
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin: undefined
access-control-expose-headers: Authorization
access-control-max-age: 7200
etag: W/"25-Zj67mG54TfZ031q1ea2QwFUXWX4"
set-cookie: core-sticky=http://10.233.97.77:80; Path=/; HttpOnly
x-powered-by: Express
x-frame-options: ALLOW-FROM ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan, ALLOW-FROM 1win-partner.com ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
|
|
| 1wfwna.life/v3/fortune-tiger/favicon/favicon.svg | 190.115.24.78 | 200 OK | 1.5 kB |
URL GET HTTP/21wfwna.life/v3/fortune-tiger/favicon/favicon.svg IP190.115.24.78:443
Requested byhttps://1wfwna.life/v3/fortune-tiger CertificateIssuerLet's Encrypt Subject1wfwna.life Fingerprint17:34:42:5E:B0:F3:A5:70:C7:67:6F:7F:34:FE:4E:00:89:6E:E5:00 ValidityTue, 16 Apr 2024 12:17:59 GMT - Mon, 15 Jul 2024 12:17:58 GMT
File typeSVG Scalable Vector Graphics image Hash7c9c6b5800335eb4a0d4f460331b278e 7e5fcd092fef1c364f1c50e72a6b7429b46a4c65 7b618779ed3c3bbb7e90ea7ed6c2c3aa46a3c4ef9605b4a0cc4e68f023c2f912
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /v3/fortune-tiger/favicon/favicon.svg HTTP/1.1
Host: 1wfwna.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wfwna.life/v3/fortune-tiger
Cookie: __ddg1_=B2D2WBTnO2pvCHAReR1b; _gcl_au=1.1.1085428183.1714314650; _ga_548949LWLW=GS1.1.1714314650.1.0.1714314650.60.0.0; _ga=GA1.1.1823872497.1714314651; visit_domain=1wfwna.life; sub_ids=%20; core-sticky=http://10.233.97.77:80
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: ddos-guard
date: Sun, 28 Apr 2024 14:30:51 GMT
content-type: image/svg+xml
accept-ranges: bytes
content-encoding: br
etag: W/"65f1baef-5b5"
last-modified: Wed, 13 Mar 2024 14:40:47 GMT
vary: Accept-Encoding
access-control-allow-origin: *
age: 2
ddg-cache-status: MISS,MISS
X-Firefox-Spdy: h2
|
|
| 1wfwna.life/v3/fortune-tiger/assets/tiger-l-768-06864715.avif | 190.115.24.78 | 200 OK | 8.9 kB |
URL GET HTTP/21wfwna.life/v3/fortune-tiger/assets/tiger-l-768-06864715.avif IP190.115.24.78:443
Requested byhttps://1wfwna.life/v3/fortune-tiger CertificateIssuerLet's Encrypt Subject1wfwna.life Fingerprint17:34:42:5E:B0:F3:A5:70:C7:67:6F:7F:34:FE:4E:00:89:6E:E5:00 ValidityTue, 16 Apr 2024 12:17:59 GMT - Mon, 15 Jul 2024 12:17:58 GMT
Hashe660933894c385789f67425e066fbc8f 91992af827fd4b9bec26f6f5ec3b59c657c91a7b 068647159729ef84b6df669c5699be44134ba022c7351c6ff6d2d2da83b6ddd2
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /v3/fortune-tiger/assets/tiger-l-768-06864715.avif HTTP/1.1
Host: 1wfwna.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wfwna.life/v3/fortune-tiger/assets/index-b8f437e1.css
Cookie: __ddg1_=B2D2WBTnO2pvCHAReR1b; _gcl_au=1.1.1085428183.1714314650
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: ddos-guard
date: Sun, 28 Apr 2024 14:30:50 GMT
content-type: image/avif
accept-ranges: bytes
content-encoding: gzip
etag: "65f1baf0-22f1"
last-modified: Wed, 13 Mar 2024 14:40:48 GMT
vary: Accept-Encoding
access-control-allow-origin: *
age: 0
ddg-cache-status: MISS,MISS
X-Firefox-Spdy: h2
|
|
| 1wfwna.life/v3/fortune-tiger/assets/body-back-1024-89ba2c21.avif | 190.115.24.78 | 200 OK | 24 kB |
URL GET HTTP/21wfwna.life/v3/fortune-tiger/assets/body-back-1024-89ba2c21.avif IP190.115.24.78:443
Requested byhttps://1wfwna.life/v3/fortune-tiger CertificateIssuerLet's Encrypt Subject1wfwna.life Fingerprint17:34:42:5E:B0:F3:A5:70:C7:67:6F:7F:34:FE:4E:00:89:6E:E5:00 ValidityTue, 16 Apr 2024 12:17:59 GMT - Mon, 15 Jul 2024 12:17:58 GMT
Hashc514e8db1d5660c5b87072fb933c6e38 f45ce1ac5e56ed9d5d2995f386335f4bf02abee1 89ba2c2137ca550b1a5193b10e2da8fb03d233067a715c5831c80d9c1bdfe62a
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /v3/fortune-tiger/assets/body-back-1024-89ba2c21.avif HTTP/1.1
Host: 1wfwna.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wfwna.life/v3/fortune-tiger/assets/index-b8f437e1.css
Cookie: __ddg1_=B2D2WBTnO2pvCHAReR1b; _gcl_au=1.1.1085428183.1714314650
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: ddos-guard
date: Sun, 28 Apr 2024 14:30:50 GMT
content-type: image/avif
accept-ranges: bytes
content-encoding: gzip
etag: "65f1baf0-5f0b"
last-modified: Wed, 13 Mar 2024 14:40:48 GMT
vary: Accept-Encoding
access-control-allow-origin: *
age: 0
ddg-cache-status: MISS,MISS
X-Firefox-Spdy: h2
|
|
| 1wfwna.life/v3/fortune-tiger/sprites/form-sprite.svg | 190.115.24.78 | 200 OK | 3.3 kB |
URL GET HTTP/21wfwna.life/v3/fortune-tiger/sprites/form-sprite.svg IP190.115.24.78:443
Requested byhttps://1wfwna.life/v3/fortune-tiger CertificateIssuerLet's Encrypt Subject1wfwna.life Fingerprint17:34:42:5E:B0:F3:A5:70:C7:67:6F:7F:34:FE:4E:00:89:6E:E5:00 ValidityTue, 16 Apr 2024 12:17:59 GMT - Mon, 15 Jul 2024 12:17:58 GMT
File typeSVG Scalable Vector Graphics image Hashe750583205bd2c93482615d3720d0bf0 2119d46f700b31768e6fbc308dd830ac3c48bbb8 210b9cd2bb26605ae91e0de6aa23fa95955532e41cc8c404b3c204c146cb6874
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /v3/fortune-tiger/sprites/form-sprite.svg HTTP/1.1
Host: 1wfwna.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wfwna.life/v3/fortune-tiger
Cookie: __ddg1_=B2D2WBTnO2pvCHAReR1b
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: ddos-guard
date: Sun, 28 Apr 2024 14:30:50 GMT
content-type: image/svg+xml
accept-ranges: bytes
content-encoding: br
etag: W/"65f1baef-cc4"
last-modified: Wed, 13 Mar 2024 14:40:47 GMT
vary: Accept-Encoding
access-control-allow-origin: *
age: 0
ddg-cache-status: MISS,MISS
X-Firefox-Spdy: h2
|
|