| 1win-cdn.com/font/SFNSDisplay-latin.50a4eaff3.woff2 |  154.197.121.128 | 200 OK | 33 kB |
URL GET HTTP/21win-cdn.com/font/SFNSDisplay-latin.50a4eaff3.woff2 IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 33064, version 1.0 Hashde175cbf569bb3ccf1f761c845cbd896 8d93663b858bae157ba5fc40e1400177104d71bd df3772666587111462634070c47969ad9687bbf80d0694bb2e6c33be39434d68
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /font/SFNSDisplay-latin.50a4eaff3.woff2 HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1wwvs.com/
Origin: https://1wwvs.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 19:54:40 GMT
content-type: application/octet-stream
content-length: 33064
last-modified: Fri, 10 May 2024 17:29:21 GMT
etag: "663e5971-8128"
expires: Mon, 08 May 2034 19:54:40 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: MISS
accept-ranges: bytes
set-cookie: __cf_bm=NDBiUFzXpM.j9b5.FEl0PvIpL5ZdOATmjak0_W4Uop8-1715370880-1.0.1.1-u1rCroGSqVdwLU55O.IO6NJvt54cLrhv2RrSnV2PXmLnBjlYuMNVbIEdWJIPlBDoDVj9t4nlGxlgaH_.Kojdgw; path=/; expires=Fri, 10-May-24 20:24:40 GMT; domain=.1win-cdn.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c7b8328c456c1-OSL
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/font/SFNSText-latin.f09aa5229.woff2 | 154.197.121.128 | 200 OK | 44 kB |
URL GET HTTP/21win-cdn.com/font/SFNSText-latin.f09aa5229.woff2 IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 43512, version 1.0 Hash426f20bb65ea80d35f3f2a999d5d7d1e 85f211a450f26d7f0822d718fc61085a506fa455 06e02d3d2d01bb2c88786b0a2dd2d692f6659c0159ec4754f7db49c12e03b0d6
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /font/SFNSText-latin.f09aa5229.woff2 HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1wwvs.com/
Origin: https://1wwvs.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 19:54:40 GMT
content-type: application/octet-stream
content-length: 43512
last-modified: Fri, 10 May 2024 17:29:21 GMT
etag: "663e5971-a9f8"
expires: Mon, 08 May 2034 19:54:40 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: MISS
accept-ranges: bytes
set-cookie: __cf_bm=1kkGfd8ZOxxal.jzvy1lMgYpbYj5maKutmhQMVsHgFs-1715370880-1.0.1.1-kAj48Orq07JbcFEF7FwKxs9v3xKiBkm.7EQ8C6XUTwH2uCD_bVPJUJdmXG6Fb6TfsjjLV3TF4V7GaIrQ31QGog; path=/; expires=Fri, 10-May-24 20:24:40 GMT; domain=.1win-cdn.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c7b8338c856c1-OSL
X-Firefox-Spdy: h2
|
|
| 1wwvs.com/img/icons/favicon-16x16-darkmode.png |  190.115.24.78 | 200 OK | 344 B |
URL GET HTTP/21wwvs.com/img/icons/favicon-16x16-darkmode.png IP190.115.24.78:443
CertificateIssuerLet's Encrypt Subject1wwvs.com FingerprintEA:DA:40:5C:68:3A:CA:F7:47:8D:6C:DE:0D:EA:85:14:EF:5C:DE:13 ValidityWed, 08 May 2024 17:01:29 GMT - Tue, 06 Aug 2024 17:01:28 GMT
File typePNG image data, 16 x 16, 8-bit colormap, non-interlaced Hash55101f46ace081073c98f0d75229ae94 384e813b0f35437de99eb269c7d5c76479e20886 e380e9db272a2b59fabadab58a1d0a0ba51fbba121eec2920d4ab7b239b85a5f
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/icons/favicon-16x16-darkmode.png HTTP/1.1
Host: 1wwvs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwvs.com/
Cookie: __ddg1_=N0oaF6Yk8maT24ZIxYQo; visit_domain=1wwvs.com
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: ddos-guard
date: Thu, 09 May 2024 23:42:51 GMT
content-type: image/png
content-length: 344
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: "663bfc40-158"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: ALLOW-FROM ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan, ALLOW-FROM 1win-partner.com ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan
accept-ranges: bytes
age: 72712
ddg-cache-status: HIT
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/21758.bc752219e.js | 154.197.121.128 | | 122 kB |
URL 1win-cdn.com/js/21758.bc752219e.js IP154.197.121.128:0 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Size122 kB (122013 bytes) Hashf68f11acbada1c53cf5ef5b5b3c674fd e93f52ee833a7a07b3ae40f1601eae6840c869c7 ae412deec7fdcfcb7f5bb418b53d1f1bad63e1a07ace7de263bbb38f2061a443
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/21758.bc752219e.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwvs.com/
Cookie: __cf_bm=Wq3EX7zczwCS9p_ulHYQmQqDou7Iht4EtZFlteAdx38-1715370880-1.0.1.1-0IX2ip5qCEd0q5X0XQzxXmIMQeNsrPpD6nTviJIdKZHDg6ObzYKpDPfcAtgcKlUNWWf8jmGQ8l1EQStFlDgLmQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 19:54:43 GMT
content-type: application/javascript; charset=utf-8
last-modified: Fri, 10 May 2024 17:29:21 GMT
etag: W/"663e5971-6559e"
expires: Mon, 08 May 2034 19:54:43 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 8420
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c7b93adf756bd-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win.direct/v4/socket.io/?Language=en&xorigin=1wwvs.com&EIO=4&transport=websocket |  134.122.54.186 | | 0 B |
URL 1win.direct/v4/socket.io/?Language=en&xorigin=1wwvs.com&EIO=4&transport=websocket IP134.122.54.186:0 ASN#14061 DIGITALOCEAN-ASN
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /v4/socket.io/?Language=en&xorigin=1wwvs.com&EIO=4&transport=websocket HTTP/1.1
Host: 1win.direct
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://1wwvs.com
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: IoE659sIBxBaWiQCe+PRrQ==
DNT: 1
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Sec-Websocket-Accept: 42l4BIgZp1Ls3DsYWdEMvlxizvY=
Sec-Websocket-Extensions: permessage-deflate
Set-Cookie: core-sticky=c56f73379f586fba; Path=/; HttpOnly
Upgrade: websocket
|
|
| 1win-cdn.com/img/present-with-light.bd57fb068-151.png | 154.197.121.128 | 200 OK | 5.6 kB |
URL GET HTTP/21win-cdn.com/img/present-with-light.bd57fb068-151.png IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typePNG image data, 151 x 161, 8-bit colormap, non-interlaced Hasha804ad67f4add53f8c251c2ebc80469d 4108aeab2f7a7c3720885edeb445e6131a383a49 06cee660e5b0dfa3ec59c1a1e03e4ab3da6cb22d1e49c9c51f9cf84ed925e304
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/present-with-light.bd57fb068-151.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwvs.com/
Cookie: __cf_bm=Wq3EX7zczwCS9p_ulHYQmQqDou7Iht4EtZFlteAdx38-1715370880-1.0.1.1-0IX2ip5qCEd0q5X0XQzxXmIMQeNsrPpD6nTviJIdKZHDg6ObzYKpDPfcAtgcKlUNWWf8jmGQ8l1EQStFlDgLmQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 19:54:44 GMT
content-type: image/png
content-length: 5600
cf-bgj: imgq:100,h2pri
cf-polished: origSize=6732
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "663e5971-1a4c"
last-modified: Fri, 10 May 2024 17:29:21 GMT
cf-cache-status: HIT
age: 1453
expires: Fri, 10 May 2024 23:54:44 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c7b99bcab56bd-OSL
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/css/58988.a289e8e93.css | 154.197.121.128 | | 116 kB |
URL 1win-cdn.com/css/58988.a289e8e93.css IP154.197.121.128:0 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Size116 kB (116439 bytes) Hash1eddc245e14cd83cceaeb452d0305dc1 6d93c62878b7fb59f010df72d12b1e1418102849 90e8053e5fa39e7ebe5b0163f673d6e41f0e103fd3013002ee8c9caf248968fc
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /css/58988.a289e8e93.css HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwvs.com/
Cookie: __cf_bm=Wq3EX7zczwCS9p_ulHYQmQqDou7Iht4EtZFlteAdx38-1715370880-1.0.1.1-0IX2ip5qCEd0q5X0XQzxXmIMQeNsrPpD6nTviJIdKZHDg6ObzYKpDPfcAtgcKlUNWWf8jmGQ8l1EQStFlDgLmQ
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 19:54:43 GMT
content-type: text/css
last-modified: Tue, 07 May 2024 13:17:22 GMT
etag: W/"663a29e2-af48"
expires: Mon, 08 May 2034 19:54:43 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 278350
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c7b985acc56bd-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1wwvs.com/firebase/8.1.1/firebase-messaging.js | 190.115.24.78 | | 13 kB |
URL 1wwvs.com/firebase/8.1.1/firebase-messaging.js IP190.115.24.78:0
CertificateIssuerLet's Encrypt Subject1wwvs.com FingerprintEA:DA:40:5C:68:3A:CA:F7:47:8D:6C:DE:0D:EA:85:14:EF:5C:DE:13 ValidityWed, 08 May 2024 17:01:29 GMT - Tue, 06 Aug 2024 17:01:28 GMT
File typeJavaScript source, ASCII text, with very long lines (40719) Hash450e8b32262706d42cfdd438c49208f5 31c7e4aac1d1303c1e83a0b591abc3501e278668 58a372bb9d424111a2e73c427edb10db91c0f05e8f323f046d20f5cf8fd6f30f
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /firebase/8.1.1/firebase-messaging.js HTTP/1.1
Host: 1wwvs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwvs.com/
Cookie: __ddg1_=N0oaF6Yk8maT24ZIxYQo; visit_domain=1wwvs.com; core-sticky=http://10.233.72.201:80; 1w_lang=en; 1w_locale=1; AMP_494cccfe21=JTdCJTIyZGV2aWNlSWQlMjIlM0ElMjIwYzczYmI4MS1kNjI0LTRlNDAtYjNiNC1mNjhiZWM1NTkxNDIlMjIlMkMlMjJzZXNzaW9uSWQlMjIlM0ExNzE1MzcwODgzNTEzJTJDJTIyb3B0T3V0JTIyJTNBZmFsc2UlMkMlMjJsYXN0RXZlbnRUaW1lJTIyJTNBMTcxNTM3MDg4MzU3MSUyQyUyMmxhc3RFdmVudElkJTIyJTNBMCU3RA==; AMP_MKTG_494cccfe21=JTdCJTdE
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: ddos-guard
date: Fri, 10 May 2024 19:54:44 GMT
content-type: application/javascript
last-modified: Fri, 10 May 2024 17:29:21 GMT
etag: W/"663e5971-9f25"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: ALLOW-FROM ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan, ALLOW-FROM 1win-partner.com ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan
content-encoding: br
vary: Accept-Encoding
age: 0
ddg-cache-status: MISS
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/31310.c605a9b9f.js | 154.197.121.128 | 200 OK | 20 kB |
URL GET HTTP/21win-cdn.com/js/31310.c605a9b9f.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hashccbee88eb6efe07e8466c33141a77467 35572ff2ba324a665f957b4f17e1aa8c517b5532 8b26b6ae6fc1821a0d3a479a9704d959d34f3dba67d4a18bfa24a8ee37fd438f
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/31310.c605a9b9f.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwvs.com/
Cookie: __cf_bm=Wq3EX7zczwCS9p_ulHYQmQqDou7Iht4EtZFlteAdx38-1715370880-1.0.1.1-0IX2ip5qCEd0q5X0XQzxXmIMQeNsrPpD6nTviJIdKZHDg6ObzYKpDPfcAtgcKlUNWWf8jmGQ8l1EQStFlDgLmQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 19:54:44 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-210"
expires: Mon, 08 May 2034 19:54:44 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 875718
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c7b9abdd856bd-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/banner_desktop_main_1x/plain/https://1win-cdn.com/img/bonus.8be9e8f98-362.png@png |  172.67.181.254 | 200 OK | 50 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/banner_desktop_main_1x/plain/https://1win-cdn.com/img/bonus.8be9e8f98-362.png@png IP172.67.181.254:443
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typePNG image data, 362 x 429, 8-bit colormap, non-interlaced Hashb0b99e0a3f5f6fc44052e30eae903c63 822d3283ea4b2e2dba9b7454a3cce37dd7b67d7a e8a9883494dafb98df5bc26bae6e699673f4dcc1ee90aa8b5296f3ff88f66954
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/banner_desktop_main_1x/plain/https://1win-cdn.com/img/bonus.8be9e8f98-362.png@png HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwvs.com/
Cookie: __cf_bm=Wq3EX7zczwCS9p_ulHYQmQqDou7Iht4EtZFlteAdx38-1715370880-1.0.1.1-0IX2ip5qCEd0q5X0XQzxXmIMQeNsrPpD6nTviJIdKZHDg6ObzYKpDPfcAtgcKlUNWWf8jmGQ8l1EQStFlDgLmQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 19:54:44 GMT
content-type: image/png
content-length: 49865
cache-control: public, max-age=31536000
content-disposition: inline; filename="bonus.8be9e8f98-362.png"
content-security-policy: script-src 'none'
etag: "bYO6A3TkrGzIprX68BfyOBGJEQnSmCYqqMK6NzP2zdM/RIjY2M2E3M2ZkLWMyMGQi"
x-request-id: 5homX3QX3km0rPlH6mr1e
cf-cache-status: HIT
age: 213086
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HDEEtdeHCcgl1W%2BAcJOFvZzgE6Yo3pUkKlxsiidlxRpuNi8df2y20rRHxqK%2FI4%2F14zFeqhx95CqF%2BnVmMiozhm0ghFkqZ%2FxJOraSR7zGN9PdZ6GJW%2BY5Am%2B2DNZZ6BFh6lXLp3YvHB0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c7b9b7c1356c0-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/speed-and-cash.dffacd6c5.svg | 154.197.121.128 | 200 OK | 68 kB |
URL GET HTTP/21win-cdn.com/img/speed-and-cash.dffacd6c5.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hash83ae218693795ddd735356b40e1feacb 9227d2fd19b6d9dc1ff4178a69a15a53b807b74d cb77fe14d9dba1254dbbb4b89f3c751b64a03235322ab13149c999de79b8a440
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/speed-and-cash.dffacd6c5.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwvs.com/
Cookie: __cf_bm=Wq3EX7zczwCS9p_ulHYQmQqDou7Iht4EtZFlteAdx38-1715370880-1.0.1.1-0IX2ip5qCEd0q5X0XQzxXmIMQeNsrPpD6nTviJIdKZHDg6ObzYKpDPfcAtgcKlUNWWf8jmGQ8l1EQStFlDgLmQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 19:54:44 GMT
content-type: image/svg+xml
last-modified: Fri, 10 May 2024 17:29:21 GMT
etag: W/"663e5971-5bb7"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 807
expires: Fri, 10 May 2024 23:54:44 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c7b9addf456bd-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/58258.98332d90c.js | 154.197.121.128 | | 6.4 kB |
URL 1win-cdn.com/js/58258.98332d90c.js IP154.197.121.128:0 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hash4b516c038963e893a96248174cff7233 05b5a3d053659b974385c1d1ed4c17ff73b5c0cf 34f24ce2e2ced3949f057ee0a7057467b8455db49fb7d67e701572e859c88b5e
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/58258.98332d90c.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwvs.com/
Cookie: __cf_bm=Wq3EX7zczwCS9p_ulHYQmQqDou7Iht4EtZFlteAdx38-1715370880-1.0.1.1-0IX2ip5qCEd0q5X0XQzxXmIMQeNsrPpD6nTviJIdKZHDg6ObzYKpDPfcAtgcKlUNWWf8jmGQ8l1EQStFlDgLmQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 19:54:44 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-a8c"
expires: Mon, 08 May 2034 19:54:44 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 868528
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c7b9bbf1656bd-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/62825.cf3a1caf6.js | 154.197.121.128 | 200 OK | 4.4 kB |
URL GET HTTP/21win-cdn.com/js/62825.cf3a1caf6.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hash1c93e78e7488290ddf5f155fbe560dc0 2f77afe12cca2c54a454f3ea782fab1d758af30c eb8bd78c4c2c9c01fde1574a99007ef23afbbc46fb1d1642f1bcea16058ded39
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/62825.cf3a1caf6.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwvs.com/
Cookie: __cf_bm=Wq3EX7zczwCS9p_ulHYQmQqDou7Iht4EtZFlteAdx38-1715370880-1.0.1.1-0IX2ip5qCEd0q5X0XQzxXmIMQeNsrPpD6nTviJIdKZHDg6ObzYKpDPfcAtgcKlUNWWf8jmGQ8l1EQStFlDgLmQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 19:54:44 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-2e0"
expires: Mon, 08 May 2034 19:54:44 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 862872
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c7b9c0f6056bd-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/62692.9dadb7398.js | 154.197.121.128 | | 28 kB |
URL 1win-cdn.com/js/62692.9dadb7398.js IP154.197.121.128:0 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hash5c17c225ea0cfb8f2cdcce8394657722 27f2fcddd91e878c8976db9f7619a0002897670a ab20a88156664e11fdc0e2939e5fd331a25a8a458a56ef60bf60c67f43331125
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/62692.9dadb7398.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwvs.com/
Cookie: __cf_bm=Wq3EX7zczwCS9p_ulHYQmQqDou7Iht4EtZFlteAdx38-1715370880-1.0.1.1-0IX2ip5qCEd0q5X0XQzxXmIMQeNsrPpD6nTviJIdKZHDg6ObzYKpDPfcAtgcKlUNWWf8jmGQ8l1EQStFlDgLmQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 19:54:44 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-34f"
expires: Mon, 08 May 2034 19:54:44 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 875718
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c7b998c8356bd-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/sprite-tvbet@2.888adc8ee-256.webp | 154.197.121.128 | | 354 kB |
URL 1win-cdn.com/img/sprite-tvbet@2.888adc8ee-256.webp IP154.197.121.128:0 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeRIFF (little-endian) data, Web/P image Size354 kB (353842 bytes) Hash8df817e5ef0af5dc8279d3f20cae9bc3 12c85bcc74a48053c92f3f75ce3c14e1a19e46d3 61a0f98511e6c60430ab044d1f80e1c9eff83f577064d465cc5f893ba3ce0fee
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/sprite-tvbet@2.888adc8ee-256.webp HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwvs.com/
Cookie: __cf_bm=Wq3EX7zczwCS9p_ulHYQmQqDou7Iht4EtZFlteAdx38-1715370880-1.0.1.1-0IX2ip5qCEd0q5X0XQzxXmIMQeNsrPpD6nTviJIdKZHDg6ObzYKpDPfcAtgcKlUNWWf8jmGQ8l1EQStFlDgLmQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 19:54:44 GMT
content-type: image/webp
content-length: 353842
last-modified: Fri, 10 May 2024 17:29:21 GMT
etag: "663e5971-56632"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 551
expires: Fri, 10 May 2024 23:54:44 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c7b9c7fe956bd-OSL
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/41543.9ecf6875c.js | 154.197.121.128 | 200 OK | 17 kB |
URL GET HTTP/21win-cdn.com/js/41543.9ecf6875c.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hashd343f9aa0de60950a49b0d7513e119b2 f0271053a1b43fd64a60f87e21aabb2799f41513 5979cc45566fe889628169479c1a618ba2415bc08d18d9d2efcec6b2824d1cdc
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/41543.9ecf6875c.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwvs.com/
Cookie: __cf_bm=Wq3EX7zczwCS9p_ulHYQmQqDou7Iht4EtZFlteAdx38-1715370880-1.0.1.1-0IX2ip5qCEd0q5X0XQzxXmIMQeNsrPpD6nTviJIdKZHDg6ObzYKpDPfcAtgcKlUNWWf8jmGQ8l1EQStFlDgLmQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 19:54:44 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-2b7"
expires: Mon, 08 May 2034 19:54:44 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 868221
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c7b9bdf3656bd-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/8726.6a357273b.js | 154.197.121.128 | 200 OK | 720 kB |
URL GET HTTP/21win-cdn.com/js/8726.6a357273b.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Size720 kB (720101 bytes) Hash50f5339ea511a0d68ff83f6c0af80783 a5b872b3a7b15dbf3a3feae1aeccac089031ec47 8ad2b43fde4617b29b21ff6b7cc0d3896d6c8536a1a27d6ab8b795f37d06a292
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/8726.6a357273b.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwvs.com/
Cookie: __cf_bm=Wq3EX7zczwCS9p_ulHYQmQqDou7Iht4EtZFlteAdx38-1715370880-1.0.1.1-0IX2ip5qCEd0q5X0XQzxXmIMQeNsrPpD6nTviJIdKZHDg6ObzYKpDPfcAtgcKlUNWWf8jmGQ8l1EQStFlDgLmQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 19:54:44 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-298"
expires: Mon, 08 May 2034 19:54:44 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 868528
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c7b9b9eeb56bd-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/css/48357.321450720.css | 154.197.121.128 | 200 OK | 25 kB |
URL GET HTTP/21win-cdn.com/css/48357.321450720.css IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hashf25ee02b6fc0893c13a4a2bd66c4523e 3c95f8c505f0a5dfc8160d007c5894eb4b85ea9c d29a6c63abcdf695a68f6ccbf02dd2e2599afe0d5ea18624e0735595267297dd
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /css/48357.321450720.css HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwvs.com/
Cookie: __cf_bm=Wq3EX7zczwCS9p_ulHYQmQqDou7Iht4EtZFlteAdx38-1715370880-1.0.1.1-0IX2ip5qCEd0q5X0XQzxXmIMQeNsrPpD6nTviJIdKZHDg6ObzYKpDPfcAtgcKlUNWWf8jmGQ8l1EQStFlDgLmQ
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 19:54:43 GMT
content-type: text/css
last-modified: Fri, 26 Apr 2024 11:07:10 GMT
etag: W/"662b8ade-4c23"
expires: Mon, 08 May 2034 19:54:43 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 872853
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c7b983aa756bd-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/font/SFNSDisplay-cyrillic.e423f3776.woff2 | 154.197.121.128 | | 17 kB |
URL 1win-cdn.com/font/SFNSDisplay-cyrillic.e423f3776.woff2 IP154.197.121.128:0 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 16852, version 1.0 Hashc4f31a30bdf4dbced79fb75fc03111cf 14765799051deb933539e19f1ffa26198cabd4c1 cded98e2b95ccbf34690d20e4d466e2457d754f960b819d052d188dae2c9e9fc
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /font/SFNSDisplay-cyrillic.e423f3776.woff2 HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1wwvs.com
DNT: 1
Connection: keep-alive
Referer: https://1win-cdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 19:54:44 GMT
content-type: application/octet-stream
content-length: 16852
last-modified: Fri, 10 May 2024 17:29:21 GMT
etag: "663e5971-41d4"
expires: Mon, 08 May 2034 19:54:44 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: MISS
accept-ranges: bytes
set-cookie: __cf_bm=ccSgDQw5JWUXVggdOaaRHFrR31nYn84iOOmG4YovLW8-1715370884-1.0.1.1-8iDKUAfaB8mVuzEfBXsu3Wlm7BNKmChrVpUge.pHfzu2Uz7vskFU6x_lrcfdXqmz1IvWpYgPzhY5Zh1tSbmPWA; path=/; expires=Fri, 10-May-24 20:24:44 GMT; domain=.1win-cdn.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c7b9c4f6356c1-OSL
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/sprite-dice@2.6e1ac0ed1-256.webp | 154.197.121.128 | | 430 kB |
URL 1win-cdn.com/img/sprite-dice@2.6e1ac0ed1-256.webp IP154.197.121.128:0 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeRIFF (little-endian) data, Web/P image Size430 kB (429680 bytes) Hashabaa6833958bdc5427e6fa573cbfa70a d43989916cc382e4e3d983933d9cd52a7d1dbeb2 51ba8ea694483e38020360731af53be7cd411671786008119b70b2a320e3bd92
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/sprite-dice@2.6e1ac0ed1-256.webp HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwvs.com/
Cookie: __cf_bm=Wq3EX7zczwCS9p_ulHYQmQqDou7Iht4EtZFlteAdx38-1715370880-1.0.1.1-0IX2ip5qCEd0q5X0XQzxXmIMQeNsrPpD6nTviJIdKZHDg6ObzYKpDPfcAtgcKlUNWWf8jmGQ8l1EQStFlDgLmQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 19:54:44 GMT
content-type: image/webp
content-length: 429680
last-modified: Fri, 10 May 2024 17:29:21 GMT
etag: "663e5971-68e70"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 551
expires: Fri, 10 May 2024 23:54:44 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c7b9ca82456bd-OSL
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/jetx.64787fc5c.svg | 154.197.121.128 | | 367 kB |
URL 1win-cdn.com/img/jetx.64787fc5c.svg IP154.197.121.128:0 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Size367 kB (366960 bytes) Hash0bad520b2523490d74b7424f5e1531b8 300addd1c47d6800921c018b9018de8f122cdcd8 cd80577020059644063a589ee490ad49b9bb9b3a31583f8bd6018f51bcca1f66
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/jetx.64787fc5c.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwvs.com/
Cookie: __cf_bm=Wq3EX7zczwCS9p_ulHYQmQqDou7Iht4EtZFlteAdx38-1715370880-1.0.1.1-0IX2ip5qCEd0q5X0XQzxXmIMQeNsrPpD6nTviJIdKZHDg6ObzYKpDPfcAtgcKlUNWWf8jmGQ8l1EQStFlDgLmQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 19:54:44 GMT
content-type: image/svg+xml
last-modified: Fri, 10 May 2024 17:29:21 GMT
etag: W/"663e5971-33f5"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 807
expires: Fri, 10 May 2024 23:54:44 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c7b9aee0556bd-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/pwa_android_en.b229a444a-690.png | 154.197.121.128 | | 33 kB |
URL 1win-cdn.com/img/pwa_android_en.b229a444a-690.png IP154.197.121.128:0 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typePNG image data, 690 x 450, 8-bit colormap, non-interlaced Hash43e03a24e305838eac0629c5cbf85550 85c71568d1008a17b928ac548987911daf187020 368a53c990be07280c5f3d3a726f0365f24befd9da404e98c139d88d8b5bf10b
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/pwa_android_en.b229a444a-690.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwvs.com/
Cookie: __cf_bm=Wq3EX7zczwCS9p_ulHYQmQqDou7Iht4EtZFlteAdx38-1715370880-1.0.1.1-0IX2ip5qCEd0q5X0XQzxXmIMQeNsrPpD6nTviJIdKZHDg6ObzYKpDPfcAtgcKlUNWWf8jmGQ8l1EQStFlDgLmQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 19:54:44 GMT
content-type: image/png
content-length: 33278
cf-bgj: imgq:100,h2pri
cf-polished: origSize=37637
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "663bfc40-9305"
last-modified: Wed, 08 May 2024 22:27:12 GMT
cf-cache-status: HIT
age: 3075
expires: Fri, 10 May 2024 23:54:44 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c7b9d18ca56bd-OSL
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/home-poker-banner-bg.a77f0d650-600.webp | 154.197.121.128 | 200 OK | 12 kB |
URL GET HTTP/21win-cdn.com/img/home-poker-banner-bg.a77f0d650-600.webp IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeRIFF (little-endian) data, Web/P image Hash45df6c11399190f031e9db37f9f4e785 a8a641e38f707a584b72a5ad5c010e7bbcd7920c 121521ac13372efb3f1ab4c324432d8660fbea196e96df7916ce7457699705a3
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/home-poker-banner-bg.a77f0d650-600.webp HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwvs.com/
Cookie: __cf_bm=Wq3EX7zczwCS9p_ulHYQmQqDou7Iht4EtZFlteAdx38-1715370880-1.0.1.1-0IX2ip5qCEd0q5X0XQzxXmIMQeNsrPpD6nTviJIdKZHDg6ObzYKpDPfcAtgcKlUNWWf8jmGQ8l1EQStFlDgLmQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 19:54:44 GMT
content-type: image/webp
content-length: 12264
last-modified: Fri, 10 May 2024 17:29:21 GMT
etag: "663e5971-2fe8"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 3075
expires: Fri, 10 May 2024 23:54:44 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c7b9d08c856bd-OSL
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/pwa_ios_en.f08ddb1e6-690.png | 154.197.121.128 | | 35 kB |
URL 1win-cdn.com/img/pwa_ios_en.f08ddb1e6-690.png IP154.197.121.128:0 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typePNG image data, 690 x 450, 8-bit colormap, non-interlaced Hash232d05b165c6b0fc9695db490aa71f47 f04ccc74ebd190747114ceeb882d51db8e9268c6 9f1c5e7317322a12fab89e9a96b3c4dcb22381d5751128217b168e3477e5e207
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/pwa_ios_en.f08ddb1e6-690.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwvs.com/
Cookie: __cf_bm=Wq3EX7zczwCS9p_ulHYQmQqDou7Iht4EtZFlteAdx38-1715370880-1.0.1.1-0IX2ip5qCEd0q5X0XQzxXmIMQeNsrPpD6nTviJIdKZHDg6ObzYKpDPfcAtgcKlUNWWf8jmGQ8l1EQStFlDgLmQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 19:54:44 GMT
content-type: image/png
content-length: 34925
cf-bgj: imgq:100,h2pri
cf-polished: origSize=39066
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "663e5971-989a"
last-modified: Fri, 10 May 2024 17:29:21 GMT
cf-cache-status: HIT
age: 551
expires: Fri, 10 May 2024 23:54:44 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c7b9df9fd56bd-OSL
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/banner_desktop_main_1x/plain/https://1win-cdn.com/img/cashback.f5a548e68-399.png@avif | 172.67.181.254 | | 6.5 kB |
URL imgproxy.1win-cdn.com/unsafe/banner_desktop_main_1x/plain/https://1win-cdn.com/img/cashback.f5a548e68-399.png@avif IP172.67.181.254:0
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hash6eb918cc26ed4d4b3f96d5b031ebdd69 aca2ee56704a569aa16df44cd5420c8bfb31c6f1 3fba98236326ef72ca6967cc5e0f6ccd4f0f8cce5d06df23e1cbd78713ada4e9
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/banner_desktop_main_1x/plain/https://1win-cdn.com/img/cashback.f5a548e68-399.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwvs.com/
Cookie: __cf_bm=Wq3EX7zczwCS9p_ulHYQmQqDou7Iht4EtZFlteAdx38-1715370880-1.0.1.1-0IX2ip5qCEd0q5X0XQzxXmIMQeNsrPpD6nTviJIdKZHDg6ObzYKpDPfcAtgcKlUNWWf8jmGQ8l1EQStFlDgLmQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 19:54:44 GMT
content-type: image/avif
content-length: 6537
cache-control: public, max-age=31536000
content-disposition: inline; filename="cashback.f5a548e68-399.avif"
content-security-policy: script-src 'none'
etag: "afr-jhlkuoDx_XrwjiuFbkzj6HdVsjvDmAeQvV8BbYs/RIjY2M2EyOWUyLWNjOTki"
x-request-id: Rvzg_t1LM6_b7wss0rpv6
cf-cache-status: HIT
age: 271863
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oGffqpGmRvobRSjO3Svk6%2Boq8O2xMzXnisEoi91YVCI33I7BlgOoZFLovW%2BfZfu3db8tR8Kfa%2FY3VfUJ53pvddrtiuLHmk069gPOzqGVHMEdJVMaM22CFx0vvBZ6rfIXlsYAUVckrV8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c7b9f187e56c0-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/css/index.fd224ee8e.css | 154.197.121.128 | | 28 kB |
URL 1win-cdn.com/css/index.fd224ee8e.css IP154.197.121.128:0 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hashb9225ad89d3495fb88c6555811fdfa56 70c184e75ad86cb84aa53145908035b8eb496a7c 6fe8b3144930f934a46c9eca17ba6e72cb0c53316bad7ffe858f5bf38dd7e6d2
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /css/index.fd224ee8e.css HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwvs.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 19:54:40 GMT
content-type: text/css
last-modified: Thu, 04 Apr 2024 11:31:45 GMT
etag: W/"660e8fa1-1823"
expires: Mon, 08 May 2034 19:54:40 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 876115
set-cookie: __cf_bm=ekpZRw3wcgEZ0r1qMcNMKJRJGdnSKXxCLMBOlpe1I0s-1715370880-1.0.1.1-IHUsmDajScwR.bWZTsBDKA1w51kj5jTb6IIhSJpzcXhAY9hzO6R01Ol.5tfgL6k.gn9BOJtjVxHVmvPdh8.h2Q; path=/; expires=Fri, 10-May-24 20:24:40 GMT; domain=.1win-cdn.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c7b833b8156bd-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/54591.6225c61c0.js | 154.197.121.128 | | 31 kB |
URL 1win-cdn.com/js/54591.6225c61c0.js IP154.197.121.128:0 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hashf67b014a876ca0535bafaf06c5540d83 aaee6a9ad7f0b12bef6e607218a1c3881af2e5ba 3401a3884e86aff9df749573d0cdcd32072917905971737fd8a4cab72c3d4a47
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/54591.6225c61c0.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwvs.com/
Cookie: __cf_bm=Wq3EX7zczwCS9p_ulHYQmQqDou7Iht4EtZFlteAdx38-1715370880-1.0.1.1-0IX2ip5qCEd0q5X0XQzxXmIMQeNsrPpD6nTviJIdKZHDg6ObzYKpDPfcAtgcKlUNWWf8jmGQ8l1EQStFlDgLmQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 19:54:43 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 06 May 2024 12:32:27 GMT
etag: W/"6638cddb-2100"
expires: Mon, 08 May 2034 19:54:43 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 371278
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c7b985ad856bd-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/cricket-betting-guru.cfe7d4265-500.png | 154.197.121.128 | 200 OK | 8.1 kB |
URL GET HTTP/21win-cdn.com/img/cricket-betting-guru.cfe7d4265-500.png IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typePNG image data, 500 x 500, 8-bit colormap, non-interlaced Hash953b3b7e0c94ed3c3af678f19b076c5a 993c897eadbd5f11f4fa712cda067ea633c8e68f d996933d2daf078f08f1460583730af70894c8e2317c273661c10aa3affc5acd
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/cricket-betting-guru.cfe7d4265-500.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwvs.com/
Cookie: __cf_bm=Wq3EX7zczwCS9p_ulHYQmQqDou7Iht4EtZFlteAdx38-1715370880-1.0.1.1-0IX2ip5qCEd0q5X0XQzxXmIMQeNsrPpD6nTviJIdKZHDg6ObzYKpDPfcAtgcKlUNWWf8jmGQ8l1EQStFlDgLmQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 19:54:45 GMT
content-type: image/png
content-length: 8067
cf-bgj: imgq:100,h2pri
cf-polished: origSize=9249
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "663e5971-2421"
last-modified: Fri, 10 May 2024 17:29:21 GMT
cf-cache-status: HIT
age: 2669
expires: Fri, 10 May 2024 23:54:45 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c7b9fcb8256bd-OSL
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/casino-mentor.f6b6387ac-172.png | 154.197.121.128 | | 1.9 kB |
URL 1win-cdn.com/img/casino-mentor.f6b6387ac-172.png IP154.197.121.128:0 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typePNG image data, 172 x 50, 8-bit colormap, non-interlaced Hash3ec6ec7d9016e953c300249c2af5704f e7b2ec568a2118a744cdd1fabe6fa8959c637532 135d5b6cdac55c8f3598b1d5d04bcf737608501709df2567d270fd30ba02b25a
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/casino-mentor.f6b6387ac-172.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwvs.com/
Cookie: __cf_bm=Wq3EX7zczwCS9p_ulHYQmQqDou7Iht4EtZFlteAdx38-1715370880-1.0.1.1-0IX2ip5qCEd0q5X0XQzxXmIMQeNsrPpD6nTviJIdKZHDg6ObzYKpDPfcAtgcKlUNWWf8jmGQ8l1EQStFlDgLmQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 19:54:45 GMT
content-type: image/png
content-length: 1857
cf-bgj: imgq:100,h2pri
cf-polished: origSize=1976
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "663e5971-7b8"
last-modified: Fri, 10 May 2024 17:29:21 GMT
cf-cache-status: HIT
age: 2669
expires: Fri, 10 May 2024 23:54:45 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c7b9fbb7e56bd-OSL
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/best-bitcoin-casino.9c1716b1a-50.png | 154.197.121.128 | 200 OK | 972 B |
URL GET HTTP/21win-cdn.com/img/best-bitcoin-casino.9c1716b1a-50.png IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typePNG image data, 50 x 50, 8-bit colormap, non-interlaced Hashd75b75efec83a2230764a8fed9d1dd3e ee4318789396290da2017d433fe622b9a005aff2 24397ec04f26d6b7c9465094a088ab89e4a4216accd5cb45e8563f694dd3fcd5
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/best-bitcoin-casino.9c1716b1a-50.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwvs.com/
Cookie: __cf_bm=Wq3EX7zczwCS9p_ulHYQmQqDou7Iht4EtZFlteAdx38-1715370880-1.0.1.1-0IX2ip5qCEd0q5X0XQzxXmIMQeNsrPpD6nTviJIdKZHDg6ObzYKpDPfcAtgcKlUNWWf8jmGQ8l1EQStFlDgLmQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 19:54:45 GMT
content-type: image/png
content-length: 972
cf-bgj: imgq:100,h2pri
cf-polished: origSize=1035
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "663e5971-40b"
last-modified: Fri, 10 May 2024 17:29:21 GMT
cf-cache-status: HIT
age: 5744
expires: Fri, 10 May 2024 23:54:45 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c7b9fcb8156bd-OSL
X-Firefox-Spdy: h2
|
|
| d16q5vvir3f28d.cloudfront.net/raffle-20240411/headerLink.png | 143.204.42.156 | | 3.9 kB |
URL d16q5vvir3f28d.cloudfront.net/raffle-20240411/headerLink.png IP143.204.42.156:0
File typePNG image data, 124 x 48, 8-bit colormap, non-interlaced Hash3219393f1efd01cf2db20820dff57cf2 ebdbcf916084a0d5a70680021d269680e9f41d41 8bb1195fc7bb92abd77f1a9bb21ce32e20e509d25d3aef4c412b50c8fae6ec06
GET /raffle-20240411/headerLink.png HTTP/1.1
Host: d16q5vvir3f28d.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwvs.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/png
content-length: 3884
date: Fri, 10 May 2024 03:33:37 GMT
last-modified: Thu, 11 Apr 2024 12:20:45 GMT
etag: "3219393f1efd01cf2db20820dff57cf2"
x-amz-server-side-encryption: AES256
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 aa34a836095df9de9d246a53dd63f1d6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: sxMhttPJXmcX6Ph3oYJzl9m1gVug86q1SF2xRrQONCnvGorTUvoGww==
age: 58869
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/500_i18_bg.0e037ee17-1320.webp | 154.197.121.128 | 200 OK | 40 kB |
URL GET HTTP/21win-cdn.com/img/500_i18_bg.0e037ee17-1320.webp IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 1320x427, Scaling: [none]x[none], YUV color, decoders should clamp Hash14de8fd7c8de24bb9f6f89ddd3c2d480 9635193c712dafa2c58339dee09588880a96a980 633593c73a175eabb2a5716a04aa84b1b49fc8e4ac4687b07509db36350076b7
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/500_i18_bg.0e037ee17-1320.webp HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwvs.com/
Cookie: __cf_bm=Wq3EX7zczwCS9p_ulHYQmQqDou7Iht4EtZFlteAdx38-1715370880-1.0.1.1-0IX2ip5qCEd0q5X0XQzxXmIMQeNsrPpD6nTviJIdKZHDg6ObzYKpDPfcAtgcKlUNWWf8jmGQ8l1EQStFlDgLmQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 19:54:45 GMT
content-type: image/webp
content-length: 39614
last-modified: Fri, 10 May 2024 17:29:21 GMT
etag: "663e5971-9abe"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 3
expires: Fri, 10 May 2024 23:54:45 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c7ba07cae56bd-OSL
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/500_i18_img.77110d4f9-1320.webp | 154.197.121.128 | 200 OK | 25 kB |
URL GET HTTP/21win-cdn.com/img/500_i18_img.77110d4f9-1320.webp IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeRIFF (little-endian) data, Web/P image Hash1f85b44a5305e8928fcae8922301d92a 7ecc0724a7560af7c4debc83014bab875eba685b 660ffadc474a5738fb2d93662e90e32d80dad0baa670e737854347ef8e4b904d
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/500_i18_img.77110d4f9-1320.webp HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwvs.com/
Cookie: __cf_bm=Wq3EX7zczwCS9p_ulHYQmQqDou7Iht4EtZFlteAdx38-1715370880-1.0.1.1-0IX2ip5qCEd0q5X0XQzxXmIMQeNsrPpD6nTviJIdKZHDg6ObzYKpDPfcAtgcKlUNWWf8jmGQ8l1EQStFlDgLmQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 19:54:45 GMT
content-type: image/webp
content-length: 25292
last-modified: Fri, 10 May 2024 17:29:21 GMT
etag: "663e5971-62cc"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 3
expires: Fri, 10 May 2024 23:54:45 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c7ba08cb456bd-OSL
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/common/banners/all-v2?lang=en&type=desktop&bannersType=main&localeId=1 | 154.197.121.128 | 200 OK | 206 kB |
URL GET HTTP/21win-cdn.com/common/banners/all-v2?lang=en&type=desktop&bannersType=main&localeId=1 IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (4958) Size206 kB (206342 bytes) Hash6e2712bf31bab0d90c160b1cb5fa8777 3909bfdde33d496483523e784021c2aa56c2d86b 793a7baaa77c62b9618cf0faabac81494987d1b4cc4fe7fde31a8c33c4a34bb4
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /common/banners/all-v2?lang=en&type=desktop&bannersType=main&localeId=1 HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1wwvs.com
DNT: 1
Connection: keep-alive
Referer: https://1wwvs.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 19:54:44 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: *
etag: W/"21ce-G+w/bJ5mwJlUDylGk/bOXwQAuRE"
vary: Origin
expires: Fri, 10 May 2024 19:54:44 GMT
cache-control: max-age=0
x-frame-options: DENY
cf-cache-status: DYNAMIC
set-cookie: __cf_bm=l.z_ml498_n3hSSub0VCVG1TZDhhSGiq.lcJq.YJev0-1715370884-1.0.1.1-cSiK3eqjJhQ1lg2mSsXtZOEvvolGs8yKVZrheqWPwUhkMs.WpjUx.AYGutUX6G8l0gdRCsOXpLVBRbfPp3mD4A; path=/; expires=Fri, 10-May-24 20:24:44 GMT; domain=.1win-cdn.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 881c7b9d183356c1-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| www.googletagmanager.com/gtag/destination?id=DC-12688802&l=dataLayer&cx=c | 142.250.74.40 | | 74 kB |
URL www.googletagmanager.com/gtag/destination?id=DC-12688802&l=dataLayer&cx=c IP142.250.74.40:0
File typeJavaScript source, ASCII text, with very long lines (1822) Hashd51200359160a8837500ddf01e3c5e01 2ace2ae3a0517508f9e2f37ecd46f254bbbca0e9 a03f9c06cc672988490f6bab548332b89008a7116968a5b3bc1ab6e4c4f318ab
GET /gtag/destination?id=DC-12688802&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwvs.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 10 May 2024 19:54:45 GMT
expires: Fri, 10 May 2024 19:54:45 GMT
cache-control: private, max-age=900
last-modified: Fri, 10 May 2024 18:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 74062
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| www.googletagmanager.com/gtag/js?id=G-548949LWLW&l=dataLayer&cx=c | 142.250.74.40 | 200 OK | 95 kB |
URL GET HTTP/3www.googletagmanager.com/gtag/js?id=G-548949LWLW&l=dataLayer&cx=c IP142.250.74.40:443
CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT
File typeJavaScript source, ASCII text, with very long lines (5955) Hash217157d607e5038c862497ab23e74bd3 e58e8dac6645310532fb6fb266d023bf850b0d18 0caeb97254463f2e42febb23345e4b911bb29e1705aa724f74b4163c45541200
GET /gtag/js?id=G-548949LWLW&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwvs.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 10 May 2024 19:54:45 GMT
expires: Fri, 10 May 2024 19:54:45 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 94636
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| www.googletagmanager.com/gtag/js?id=AW-16482547739&l=dataLayer&cx=c | 142.250.74.40 | | 90 kB |
URL www.googletagmanager.com/gtag/js?id=AW-16482547739&l=dataLayer&cx=c IP142.250.74.40:0
File typeJavaScript source, ASCII text, with very long lines (4179) Hash816f1dfdd425a2cfca555c55fb5ef275 358237d57cad3bcdce01be1779e69fdb010e783f b31dc2fdf3f62229d097fb04238b83ff0edf8d231d420c5db33279c6c80bed50
GET /gtag/js?id=AW-16482547739&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwvs.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 10 May 2024 19:54:45 GMT
expires: Fri, 10 May 2024 19:54:45 GMT
cache-control: private, max-age=900
last-modified: Fri, 10 May 2024 18:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 90353
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| 1win-cdn.com/img/ufc.0ef6261ee.svg | 154.197.121.128 | 200 OK | 7.0 kB |
URL GET HTTP/21win-cdn.com/img/ufc.0ef6261ee.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hashbd17099e589abd0ffae7ffaa08b66521 3f2bb795d9ee291aa7a64b1248c170ec484ea1c4 4a302b38e98d8c4ed63c4178db76777c700bdcb4160fb145dc40d5f763269d5d
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/ufc.0ef6261ee.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwvs.com/
Cookie: __cf_bm=Wq3EX7zczwCS9p_ulHYQmQqDou7Iht4EtZFlteAdx38-1715370880-1.0.1.1-0IX2ip5qCEd0q5X0XQzxXmIMQeNsrPpD6nTviJIdKZHDg6ObzYKpDPfcAtgcKlUNWWf8jmGQ8l1EQStFlDgLmQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 19:54:45 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: W/"663bfc40-527"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 4021
expires: Fri, 10 May 2024 23:54:45 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c7b9fab6856bd-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/spinomenal/61ea6817-a009-4c14-94a8-2d97fb8082c3.png@avif | 172.67.181.254 | | 6.1 kB |
URL imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/spinomenal/61ea6817-a009-4c14-94a8-2d97fb8082c3.png@avif IP172.67.181.254:0
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hash172757f78e8e2026f280f94f4d032035 17cea3940511dbbbb5077e78e28ddadef3090931 f0480a63411ce5b83d0c87ea580863a1a6908dc635db4309719cf9119d3df28f
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/spinomenal/61ea6817-a009-4c14-94a8-2d97fb8082c3.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwvs.com/
Cookie: __cf_bm=Wq3EX7zczwCS9p_ulHYQmQqDou7Iht4EtZFlteAdx38-1715370880-1.0.1.1-0IX2ip5qCEd0q5X0XQzxXmIMQeNsrPpD6nTviJIdKZHDg6ObzYKpDPfcAtgcKlUNWWf8jmGQ8l1EQStFlDgLmQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 19:54:45 GMT
content-type: image/avif
content-length: 6121
cache-control: public, max-age=31536000
content-disposition: inline; filename="61ea6817-a009-4c14-94a8-2d97fb8082c3.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1ODk1MmJlLTZhY2Q4Ig"
x-request-id: mDzQ5h6tWKlbyUv2bDsmx
cf-cache-status: HIT
age: 267652
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IKz%2Foq5qEknu0te1mT94mxrT7Hh0r1xZ%2FvE%2FFXLnkFq4vWyTemXUhzIXoIuZCNRucbtuOm%2FnjNO9vkh4f7lLKyY47epOxPCwOJg3YjJ1JRqjE8w7LSZKl1DO%2FAVNlWlZVABHo7R9TwM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c7ba2bd1f56c0-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/10400.f146ec26b.js | 154.197.121.128 | | 9.1 kB |
URL 1win-cdn.com/js/10400.f146ec26b.js IP154.197.121.128:0 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hash99755c51c9730902209ce9dd5c936897 5d276100b20f1708a0169b74094df830a82eb7fd 4d2c1097fa837675fa8a75ce6aeac26d413feeb1bcc400fe964257b16521c905
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/10400.f146ec26b.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwvs.com/
Cookie: __cf_bm=Wq3EX7zczwCS9p_ulHYQmQqDou7Iht4EtZFlteAdx38-1715370880-1.0.1.1-0IX2ip5qCEd0q5X0XQzxXmIMQeNsrPpD6nTviJIdKZHDg6ObzYKpDPfcAtgcKlUNWWf8jmGQ8l1EQStFlDgLmQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 19:54:43 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 06 May 2024 08:52:05 GMT
etag: W/"66389a35-27f3"
expires: Mon, 08 May 2034 19:54:43 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 385014
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c7b984abf56bd-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/1play/e47f89a4-3663-4c9d-bc45-fe1845d34e1b.png@avif | 172.67.181.254 | | 5.1 kB |
URL imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/1play/e47f89a4-3663-4c9d-bc45-fe1845d34e1b.png@avif IP172.67.181.254:0
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hash78c35d95a329313abe507e5fd846f7b7 31fb39c006cc6629f8e0c3041eb47bd3e07c4eec 0dd9631740338687b4b97e20f6f7df31f2b2a649af5da408f1283db108a8929e
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/1play/e47f89a4-3663-4c9d-bc45-fe1845d34e1b.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwvs.com/
Cookie: __cf_bm=Wq3EX7zczwCS9p_ulHYQmQqDou7Iht4EtZFlteAdx38-1715370880-1.0.1.1-0IX2ip5qCEd0q5X0XQzxXmIMQeNsrPpD6nTviJIdKZHDg6ObzYKpDPfcAtgcKlUNWWf8jmGQ8l1EQStFlDgLmQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 19:54:45 GMT
content-type: image/avif
content-length: 5097
cache-control: public, max-age=31536000
content-disposition: inline; filename="e47f89a4-3663-4c9d-bc45-fe1845d34e1b.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1YjM4MTA2LTRjMTU0Ig"
x-request-id: AgTsFYATSt543oOCtJFQF
cf-cache-status: HIT
age: 262407
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PcbLpXNGs%2Fcj%2B%2BGUS7sKQ%2FK1wZx%2B2ejzmDdEZ5L%2FPXZlkXN8%2BH%2B3ZEnuPIGvJbekw2hrb18ZpzJOCnRrHB0PE5PzHPluAWr5Gjp638bdTJ28ScIeOMj9WRUI9LM7yLxzkDEnNP0qmzs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c7ba33dff56c0-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/spinomenal/816dc231-c8b7-4ffb-bae9-d78caff7e923.jpg@avif | 172.67.181.254 | 200 OK | 7.4 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/spinomenal/816dc231-c8b7-4ffb-bae9-d78caff7e923.jpg@avif IP172.67.181.254:443
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hash7d78a951d170034c2ce027bf5ea6c69f 56ffbce11b718eceeb70ad7ac12f28f44f3c8b93 8edab6a41bf81d3abcef43bc57b4c446cd3c493af6eb231409f7b0ecaaf56dfd
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/spinomenal/816dc231-c8b7-4ffb-bae9-d78caff7e923.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwvs.com/
Cookie: __cf_bm=Wq3EX7zczwCS9p_ulHYQmQqDou7Iht4EtZFlteAdx38-1715370880-1.0.1.1-0IX2ip5qCEd0q5X0XQzxXmIMQeNsrPpD6nTviJIdKZHDg6ObzYKpDPfcAtgcKlUNWWf8jmGQ8l1EQStFlDgLmQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 19:54:46 GMT
content-type: image/avif
content-length: 7441
cache-control: public, max-age=31536000
content-disposition: inline; filename="816dc231-c8b7-4ffb-bae9-d78caff7e923.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1YjNhOTQ4LTI4YTY3Ig"
x-request-id: DqTBFz-huGT-LFs2ZsACa
cf-cache-status: HIT
age: 257301
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1sxe3L%2BPg9VUoqkrZRYhbVgMwuhozmuD6amiBOq6XryVAlvt7vGjlO5DiUaZKBRVKq6VcmrpXqG8hsk2bVgGHpRHf7HX9c5g3%2FkxolySlVdP3KDO2UUlK7ifvzhZVXZuYBgC9cUOnwk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c7ba8fda156c0-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/6c924d76-6964-4196-b545-1cc5c1ce019e.jpg@avif | 172.67.181.254 | 200 OK | 3.3 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/6c924d76-6964-4196-b545-1cc5c1ce019e.jpg@avif IP172.67.181.254:443
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hashb521bef6762ffadc98bae1073bc51102 d954bae917b2dbe88dd99f4861378026617c0051 5ea36ff6bcb73fe3cb477b259728a597be8b170546984eb824ec3582d1c6e207
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/6c924d76-6964-4196-b545-1cc5c1ce019e.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwvs.com/
Cookie: __cf_bm=Wq3EX7zczwCS9p_ulHYQmQqDou7Iht4EtZFlteAdx38-1715370880-1.0.1.1-0IX2ip5qCEd0q5X0XQzxXmIMQeNsrPpD6nTviJIdKZHDg6ObzYKpDPfcAtgcKlUNWWf8jmGQ8l1EQStFlDgLmQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 19:54:46 GMT
content-type: image/avif
content-length: 3320
cache-control: public, max-age=31536000
content-disposition: inline; filename="6c924d76-6964-4196-b545-1cc5c1ce019e.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1NTIwNWFmLTEwNzYxIg"
x-request-id: xOqcr0pspglCrlGtEnLgs
cf-cache-status: HIT
age: 263757
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ndG6YzHB8%2FTraxKsZLlHZeRtbqYCvBFQX%2BCw3TWknfgHqY2hxGBToNijdkd%2BeMB4nO%2B0fO5saK7%2BACiBvD9hfPbIDBOXwHMhsUGHVFAbiYMQ4d6yuymz29gEFFmJvARMTXcs7dTYWRE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c7ba90dab56c0-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/40223bea-129c-45a9-afed-277cad8ba9a1.png@avif | 172.67.181.254 | 200 OK | 5.9 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/40223bea-129c-45a9-afed-277cad8ba9a1.png@avif IP172.67.181.254:443
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hash9d19a8ee72d8c48af25fdc64baaa1377 845b03e70fa87c6cd8025abe3c257117e0d88bb6 02a25486cea99e7a7cbc3a72ed94b5466705f26440184d1a2f2f5ebff6695ce3
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/40223bea-129c-45a9-afed-277cad8ba9a1.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwvs.com/
Cookie: __cf_bm=Wq3EX7zczwCS9p_ulHYQmQqDou7Iht4EtZFlteAdx38-1715370880-1.0.1.1-0IX2ip5qCEd0q5X0XQzxXmIMQeNsrPpD6nTviJIdKZHDg6ObzYKpDPfcAtgcKlUNWWf8jmGQ8l1EQStFlDgLmQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 19:54:46 GMT
content-type: image/avif
content-length: 5859
cache-control: public, max-age=31536000
content-disposition: inline; filename="40223bea-129c-45a9-afed-277cad8ba9a1.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY0MDA5OTI1LTMwMWYwIg"
x-request-id: Gtd2gR3NIUujjGjkA0lEY
cf-cache-status: HIT
age: 257301
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Q4%2FIltguEAF4hZzuhq0aCY7ee27INyO94dITOGNpHErQNTKODU%2F0HBDyeKS3vK3okKb%2FdcRO0j%2FgPUYchiAnSAm4yqNW%2FZiU%2F64YYkLeOj5%2Fa7TyigMaJZTO7nmvcUrNLuR81n2fk4Q%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c7ba91dc056c0-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/mrslotty/7fdd4ca4-61a6-451c-9533-185b9f88a4da.png@avif | 172.67.181.254 | 200 OK | 7.4 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/mrslotty/7fdd4ca4-61a6-451c-9533-185b9f88a4da.png@avif IP172.67.181.254:443
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hash4841c7a15b396644ee7ba8554ffb5bf6 a2829093874a49809c29b2d4a186e1af8cea5153 1e8c5d052a6863b10764bb9391767143f9c6599b48d966322520927913fb3d9c
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/mrslotty/7fdd4ca4-61a6-451c-9533-185b9f88a4da.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwvs.com/
Cookie: __cf_bm=Wq3EX7zczwCS9p_ulHYQmQqDou7Iht4EtZFlteAdx38-1715370880-1.0.1.1-0IX2ip5qCEd0q5X0XQzxXmIMQeNsrPpD6nTviJIdKZHDg6ObzYKpDPfcAtgcKlUNWWf8jmGQ8l1EQStFlDgLmQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 19:54:46 GMT
content-type: image/avif
content-length: 7407
cache-control: public, max-age=31536000
content-disposition: inline; filename="7fdd4ca4-61a6-451c-9533-185b9f88a4da.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1MDg1NWMyLTQ5ZTFmIg"
x-request-id: ayKlLuwlDWjGizyzfc3h7
cf-cache-status: HIT
age: 265449
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mrXM7YlHiE9kLcCn%2BpmaT%2BC55xLzU9IpDNzkWhNDfkysgKfxpc1EjldYcefzPZ6SfFmGA3LlQxlk3x2tlkCY20JjZlfF1KzPPuS%2BcLOUq%2BLxzvzmivJEvXbm8qDniI7QuZYCV0VIspc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c7ba92dc956c0-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/a2d833f8-b8d6-4fb7-8063-08501557df20.png@avif | 172.67.181.254 | 200 OK | 7.7 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/a2d833f8-b8d6-4fb7-8063-08501557df20.png@avif IP172.67.181.254:443
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hasha301711d2f250aac2cf9a7b842d5639e f64334b263231df3e7505d31d155e4277e8337db c44c30f8bb76dda1f98ed40d6aa5eb9e0b906618ba0ef88033c315b926d51668
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/a2d833f8-b8d6-4fb7-8063-08501557df20.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwvs.com/
Cookie: __cf_bm=Wq3EX7zczwCS9p_ulHYQmQqDou7Iht4EtZFlteAdx38-1715370880-1.0.1.1-0IX2ip5qCEd0q5X0XQzxXmIMQeNsrPpD6nTviJIdKZHDg6ObzYKpDPfcAtgcKlUNWWf8jmGQ8l1EQStFlDgLmQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 19:54:46 GMT
content-type: image/avif
content-length: 7665
cache-control: public, max-age=31536000
content-disposition: inline; filename="a2d833f8-b8d6-4fb7-8063-08501557df20.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1ZmQ1ZTBlLTRmM2ViIg"
x-request-id: BJABdYmHfcvdKcjvabDcx
cf-cache-status: HIT
age: 268063
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kjO5ZZKXUx6b%2BcfV1N08p%2FxgCQQX0cg%2F8yiqJazyNy8BtvB553eRNhloAlflSKLQl1rYNBeqUHbV23w0ejTa8G6hSxAcV5k6lebiS%2FDefy%2BrXBih9ectugluP4ouwB6KcVyFNdLUOxw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c7ba92dcc56c0-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/spinomenal/b766d86a-eade-487b-98e3-7c58464e62de.png@avif | 172.67.181.254 | 200 OK | 9.3 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/spinomenal/b766d86a-eade-487b-98e3-7c58464e62de.png@avif IP172.67.181.254:443
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hash19ea6dc62a4b1d3b87a9940660698dd1 8c3052c6f52d60b40824437d282619e91034db7a 37fdf454398cc9c71d94e939cd12dc958e9380d776cc895395d52fca7ff78308
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/spinomenal/b766d86a-eade-487b-98e3-7c58464e62de.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwvs.com/
Cookie: __cf_bm=Wq3EX7zczwCS9p_ulHYQmQqDou7Iht4EtZFlteAdx38-1715370880-1.0.1.1-0IX2ip5qCEd0q5X0XQzxXmIMQeNsrPpD6nTviJIdKZHDg6ObzYKpDPfcAtgcKlUNWWf8jmGQ8l1EQStFlDgLmQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 19:54:46 GMT
content-type: image/avif
content-length: 9300
cache-control: public, max-age=31536000
content-disposition: inline; filename="b766d86a-eade-487b-98e3-7c58464e62de.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY0MTJlYmFlLTMwYjZmIg"
x-request-id: H5JlTxFxiug-gsAN0uQr1
cf-cache-status: HIT
age: 268063
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CQzMrGSbx7OLVe6lxIQJ%2B%2FIgvrIRHoaWbqzyDbN1WHYAzuu%2FjNKPg6aMIe6Y%2FnTCSD4FXXlSMNTMUCQZF6wxBXdjeXAWm5wn1v38mFe2WFB8U42VaSub5V0Cco7nfFozKc51jXfyQeM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c7ba92dd356c0-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/ada717cd-e63b-40b2-adbf-c1009964d6f0.png@avif | 172.67.181.254 | 200 OK | 7.8 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/ada717cd-e63b-40b2-adbf-c1009964d6f0.png@avif IP172.67.181.254:443
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hash6a86c5bb3ff2902051c8a5b9212df604 4c871b9b1b0da3cb252977e3177d302cad6230fd 131c4194037afc4e0e990751d6b75b478eef845d855d2d20bc2722612ddf671c
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/ada717cd-e63b-40b2-adbf-c1009964d6f0.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwvs.com/
Cookie: __cf_bm=Wq3EX7zczwCS9p_ulHYQmQqDou7Iht4EtZFlteAdx38-1715370880-1.0.1.1-0IX2ip5qCEd0q5X0XQzxXmIMQeNsrPpD6nTviJIdKZHDg6ObzYKpDPfcAtgcKlUNWWf8jmGQ8l1EQStFlDgLmQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 19:54:46 GMT
content-type: image/avif
content-length: 7785
cache-control: public, max-age=31536000
content-disposition: inline; filename="ada717cd-e63b-40b2-adbf-c1009964d6f0.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY2MWNlZTJkLTZiYjFhIg"
x-request-id: soAn6Cv9FDG1lRMNVYG9M
cf-cache-status: HIT
age: 263516
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FGCREWJNCzRYzfUVpOvAmA48Oo8hiLzwuzVooYZA9l3uyXhbvhN8pW%2F6VEK8agYHLkoo%2FLiMebkUdxRMrV12wxpghie09lY0EMHCm4Pw6bVctq%2BJLmrxs2pwzTk7ZmSx6TMjtiaEq0A%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c7ba93de356c0-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/endorphina/16b695c0-a55e-4b62-a358-7f28a054f5c3.png@avif | 172.67.181.254 | 200 OK | 8.1 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/endorphina/16b695c0-a55e-4b62-a358-7f28a054f5c3.png@avif IP172.67.181.254:443
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hash0e5690478eedfa1df868b3925ae7765f 2b5c93c92cd6c824f2b78e3eca5acdcd0848c5a7 efc476f654991ceb6e2ec648f67789fe3f5a56c2e85dcabae86175ee1a1f06d0
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/endorphina/16b695c0-a55e-4b62-a358-7f28a054f5c3.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwvs.com/
Cookie: __cf_bm=Wq3EX7zczwCS9p_ulHYQmQqDou7Iht4EtZFlteAdx38-1715370880-1.0.1.1-0IX2ip5qCEd0q5X0XQzxXmIMQeNsrPpD6nTviJIdKZHDg6ObzYKpDPfcAtgcKlUNWWf8jmGQ8l1EQStFlDgLmQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 19:54:46 GMT
content-type: image/avif
content-length: 8133
cache-control: public, max-age=31536000
content-disposition: inline; filename="16b695c0-a55e-4b62-a358-7f28a054f5c3.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1NmY0YzBmLTViZWY2Ig"
x-request-id: wIvVBE6Ca87qQK-_rWGwc
cf-cache-status: HIT
age: 268064
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4hQcYGxYUQSsM%2BD%2BbbfAXn0wrkdazMtBNrvtKhuLEkDhVv4JfAuO1nELuuw89d8szK1ttazdsoGjc0WWwQq0iZ6WoFp5DJhIV2brKm2mDuozipy4%2BXi7IRTUnx2Tjj6QT4iQXwjcrlo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c7ba93dea56c0-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/0ba3209c-cc88-4939-8825-8169ef474010.jpg@avif | 172.67.181.254 | 200 OK | 8.4 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/0ba3209c-cc88-4939-8825-8169ef474010.jpg@avif IP172.67.181.254:443
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hash19f229b84c704888d3b7a617d4ea0d5f ead41a6984c57debbde1fdbe6820dcdd07634f99 2ded6d38b4a260c8c2b217d42f160b0ad2e5f2ffba86bc3f4b98c660c29ff870
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/0ba3209c-cc88-4939-8825-8169ef474010.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwvs.com/
Cookie: __cf_bm=Wq3EX7zczwCS9p_ulHYQmQqDou7Iht4EtZFlteAdx38-1715370880-1.0.1.1-0IX2ip5qCEd0q5X0XQzxXmIMQeNsrPpD6nTviJIdKZHDg6ObzYKpDPfcAtgcKlUNWWf8jmGQ8l1EQStFlDgLmQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 19:54:46 GMT
content-type: image/avif
content-length: 8415
cache-control: public, max-age=31536000
content-disposition: inline; filename="0ba3209c-cc88-4939-8825-8169ef474010.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY2MjhiZjVkLTIwNzNlIg"
x-request-id: qm6oGx3zgZoAvqzoU-0Oq
cf-cache-status: HIT
age: 263757
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2r1XFJBlAFzLHRQHCHTd9CfD1H%2BuEkmYjEKJ4%2F4CJDyf8rCYEw6VL%2BotSxB3FnkA3D2NkBrenwBqol9Qjf282d%2Bw%2BS7cHTT%2Ba4nhbhoMXRfFmFbW33F8ZlLbpIBSdbYSOXTJAukwqc4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c7ba94dee56c0-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/bfgames/9d7c96cf-66aa-4580-9563-baa3f940db93.jpg@avif | 172.67.181.254 | | 9.9 kB |
URL imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/bfgames/9d7c96cf-66aa-4580-9563-baa3f940db93.jpg@avif IP172.67.181.254:0
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hash26af576690cab574a1d969032fdc5f16 8f279f854c9eaaf667d3a0c92c5a5276f9f01cd4 2a0d9e95e9d3526457ba6469ad12b84828057965145caee52dec0388ab28a614
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/bfgames/9d7c96cf-66aa-4580-9563-baa3f940db93.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwvs.com/
Cookie: __cf_bm=Wq3EX7zczwCS9p_ulHYQmQqDou7Iht4EtZFlteAdx38-1715370880-1.0.1.1-0IX2ip5qCEd0q5X0XQzxXmIMQeNsrPpD6nTviJIdKZHDg6ObzYKpDPfcAtgcKlUNWWf8jmGQ8l1EQStFlDgLmQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 19:54:46 GMT
content-type: image/avif
content-length: 9892
cache-control: public, max-age=31536000
content-disposition: inline; filename="9d7c96cf-66aa-4580-9563-baa3f940db93.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1MWQyN2EzLTIzOTk3Ig"
x-request-id: oLIa4BJLqwG1HB5BEqpqM
cf-cache-status: HIT
age: 263757
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AMQkzcDfEgkkcqz6VjP16wmx9adJKnAdvETxSjmYvsmRxZMhGy8w%2BhDoywcPHFcPOnp7ysbEAdZ%2Fif%2F84WlVvHKaspAgDxfmWPZ4YOPGl5ra3Dex67TbtghFq260Sg4GOcqZf4O8Dps%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c7ba94df056c0-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/1win%20games.9b8574150.svg | 154.197.121.128 | | 14 kB |
URL 1win-cdn.com/img/1win%20games.9b8574150.svg IP154.197.121.128:0 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hash2d4acf4103cafa6ab55bb6122411c957 2bd26a08d40440581d9a9ec37e7211af2ff12203 a23445289aa832f816d723d4fae6867c6fb52c695538e1edd30c41d60ca45fa7
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/1win%20games.9b8574150.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwvs.com/
Cookie: __cf_bm=Wq3EX7zczwCS9p_ulHYQmQqDou7Iht4EtZFlteAdx38-1715370880-1.0.1.1-0IX2ip5qCEd0q5X0XQzxXmIMQeNsrPpD6nTviJIdKZHDg6ObzYKpDPfcAtgcKlUNWWf8jmGQ8l1EQStFlDgLmQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 19:54:45 GMT
content-type: image/svg+xml
last-modified: Fri, 10 May 2024 17:29:21 GMT
etag: W/"663e5971-643"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 4286
expires: Fri, 10 May 2024 23:54:45 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c7ba2bf7a56bd-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/aviatrix.b5fd712c8.svg | 154.197.121.128 | 200 OK | 19 kB |
URL GET HTTP/21win-cdn.com/img/aviatrix.b5fd712c8.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hashff6e70b8dcaa140230b55f10f2e5d15e 2cc86dd9ba81e662df895d67f71d9872da89e59c 2949c582111d9f8c2b6485b2accc4296d9778869046ef0f24727667ad086a15b
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/aviatrix.b5fd712c8.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwvs.com/
Cookie: __cf_bm=Wq3EX7zczwCS9p_ulHYQmQqDou7Iht4EtZFlteAdx38-1715370880-1.0.1.1-0IX2ip5qCEd0q5X0XQzxXmIMQeNsrPpD6nTviJIdKZHDg6ObzYKpDPfcAtgcKlUNWWf8jmGQ8l1EQStFlDgLmQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 19:54:45 GMT
content-type: image/svg+xml
last-modified: Fri, 10 May 2024 17:29:21 GMT
etag: W/"663e5971-34fe"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1115
expires: Fri, 10 May 2024 23:54:45 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c7ba4d9e256bd-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/bd529428-aaab-4991-a790-150cd6317398.jpg@avif | 172.67.181.254 | 200 OK | 5.0 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/bd529428-aaab-4991-a790-150cd6317398.jpg@avif IP172.67.181.254:443
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hash3c7a3851260b12a9627faa9016f3ce1f 9df4442c906d9741c13ef21ed9eefb5f99d044c5 8b330aef0c0829a3f623aacd997fcae862db1c1b712f56cfdde0c267417d4942
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/bd529428-aaab-4991-a790-150cd6317398.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwvs.com/
Cookie: __cf_bm=Wq3EX7zczwCS9p_ulHYQmQqDou7Iht4EtZFlteAdx38-1715370880-1.0.1.1-0IX2ip5qCEd0q5X0XQzxXmIMQeNsrPpD6nTviJIdKZHDg6ObzYKpDPfcAtgcKlUNWWf8jmGQ8l1EQStFlDgLmQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 19:54:46 GMT
content-type: image/avif
content-length: 5004
cache-control: public, max-age=31536000
content-disposition: inline; filename="bd529428-aaab-4991-a790-150cd6317398.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY2MDQwNTUwLTEzNTFiIg"
x-request-id: POGVM5U7XburYgl2LOHs0
cf-cache-status: HIT
age: 271896
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WE5uU6Oidxqwh5SRMsIPpFwHxukdGDL58N0%2F5vjnySLmu%2BmeclbvGUXaEvbicnR%2Bc5DQpvPkuTGV%2FdI13oUHL8JPfgu8Saff04RDJBzaOSCWw4E19I7Fp6Rpx3gmZdlO%2F5rryfRG9us%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c7bab688256c0-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/pragmatic/2189ff93-376e-4fb5-bcd2-30ed6afb4cbb.png@avif | 172.67.181.254 | 200 OK | 6.0 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/pragmatic/2189ff93-376e-4fb5-bcd2-30ed6afb4cbb.png@avif IP172.67.181.254:443
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hash45ccd50f5dfaf7808c6795422417f214 38499698cec05af36aa2bc0e390952e400486003 50255b7836fb64aa3258a941253e4a85e7d77d42a4dd8b8129955c20945d7ebc
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/pragmatic/2189ff93-376e-4fb5-bcd2-30ed6afb4cbb.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwvs.com/
Cookie: __cf_bm=Wq3EX7zczwCS9p_ulHYQmQqDou7Iht4EtZFlteAdx38-1715370880-1.0.1.1-0IX2ip5qCEd0q5X0XQzxXmIMQeNsrPpD6nTviJIdKZHDg6ObzYKpDPfcAtgcKlUNWWf8jmGQ8l1EQStFlDgLmQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 19:54:46 GMT
content-type: image/avif
content-length: 5951
cache-control: public, max-age=31536000
content-disposition: inline; filename="2189ff93-376e-4fb5-bcd2-30ed6afb4cbb.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY2MTdiYTBhLTYyM2ZiIg"
x-request-id: vlwtQiswla1uj5KnUB_aU
cf-cache-status: HIT
age: 257301
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=atRHOeZbEQYwDc6OjjJwtI6cGvvfmumsT8rIelqktQN3SH4ohoxytgNweKleHbJ6UkZ%2FHlnYUkIn6i4en3BMWjUFo4Sbwf%2FBJe%2Fk0vt8K0TV1BOsd6xjk1QSjO7gqFX%2FHRhMykGf2iA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c7bab687356c0-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/pragmatic/096d2c09-0aad-4662-8a89-4d8777978e05.png@avif | 172.67.181.254 | | 5.0 kB |
URL imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/pragmatic/096d2c09-0aad-4662-8a89-4d8777978e05.png@avif IP172.67.181.254:0
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hash4ed163b7295ee97d380351dd868d4216 6987db5ad9f1b684e98e657aacb7dd38706e6a34 f612299c5c7d80db2a40298d6efbcce5aa740cbf02b0bfad807a91a60a11f606
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/pragmatic/096d2c09-0aad-4662-8a89-4d8777978e05.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwvs.com/
Cookie: __cf_bm=Wq3EX7zczwCS9p_ulHYQmQqDou7Iht4EtZFlteAdx38-1715370880-1.0.1.1-0IX2ip5qCEd0q5X0XQzxXmIMQeNsrPpD6nTviJIdKZHDg6ObzYKpDPfcAtgcKlUNWWf8jmGQ8l1EQStFlDgLmQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 19:54:46 GMT
content-type: image/avif
content-length: 4967
cache-control: public, max-age=31536000
content-disposition: inline; filename="096d2c09-0aad-4662-8a89-4d8777978e05.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1ZGRmMGJkLTRkZmFlIg"
x-request-id: tIWim6rSgFENbirgZB3aQ
cf-cache-status: HIT
age: 268063
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GrMyEkdEsm%2BsqH5EJ2YUejpuXLENm%2BD5yVcMZeLKJNR8qGh3Udj8dl9PPdlYQquYfiTSBilCTPJLh%2B%2B5eI%2FwSZ6KNVxjQFPbCFHaw487Twk79ope4sRB%2F1rCga3evupgA0%2FmoLksv6g%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c7bab689056c0-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/wazdan.1cf2cebcc.svg | 154.197.121.128 | | 5.6 kB |
URL 1win-cdn.com/img/wazdan.1cf2cebcc.svg IP154.197.121.128:0 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hashf6c61ec3862aa58819688b4c356dfa41 eb5142f2d16ec902844965dc9bcd9afc03847e48 503b9ef580c504c62bf3f9f843c326e0f21300e75c6ec869d6c85d073a37a700
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/wazdan.1cf2cebcc.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwvs.com/
Cookie: __cf_bm=Wq3EX7zczwCS9p_ulHYQmQqDou7Iht4EtZFlteAdx38-1715370880-1.0.1.1-0IX2ip5qCEd0q5X0XQzxXmIMQeNsrPpD6nTviJIdKZHDg6ObzYKpDPfcAtgcKlUNWWf8jmGQ8l1EQStFlDgLmQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 19:54:46 GMT
content-type: image/svg+xml
last-modified: Fri, 10 May 2024 17:29:21 GMT
etag: W/"663e5971-7bd"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 4017
expires: Fri, 10 May 2024 23:54:46 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c7ba86ea456bd-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/aaf2d443-c77f-48d2-b319-c986f21359b9.png@avif | 172.67.181.254 | | 11 kB |
URL imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/aaf2d443-c77f-48d2-b319-c986f21359b9.png@avif IP172.67.181.254:0
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hash69589818044ff973aa67c696e7e394fd 0f03ad92c7eb38789b111436be2e733faad871a4 11b7536dae29bf130716d915551940bb971627b613ef1ea7e1e351a0411bc534
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/aaf2d443-c77f-48d2-b319-c986f21359b9.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwvs.com/
Cookie: __cf_bm=Wq3EX7zczwCS9p_ulHYQmQqDou7Iht4EtZFlteAdx38-1715370880-1.0.1.1-0IX2ip5qCEd0q5X0XQzxXmIMQeNsrPpD6nTviJIdKZHDg6ObzYKpDPfcAtgcKlUNWWf8jmGQ8l1EQStFlDgLmQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 19:54:46 GMT
content-type: image/avif
content-length: 10793
cache-control: public, max-age=31536000
content-disposition: inline; filename="aaf2d443-c77f-48d2-b319-c986f21359b9.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY0MDljNTQ5LTRmZWNiIg"
x-request-id: BsBdAEl7D51TnYMcZ71aV
cf-cache-status: HIT
age: 257301
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eqeEpV0HDjnPNRRnI%2FcMxYgi66kXgc6MhaAvYZkGD7r7ersGp0%2BCNpXWc2XWto09kdxFOFT852m%2Fv%2FBo%2FmHJeweW8KU9CNITjAlGYZ5Zf1hTDznFAsJ8ulM%2Fj8oWluHJwc6Fac6fXmM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c7bab587156c0-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/tvbet/a6a15f20-ce33-4ddc-9763-e38986fcdb2c.jpg@avif | 172.67.181.254 | | 6.6 kB |
URL imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/tvbet/a6a15f20-ce33-4ddc-9763-e38986fcdb2c.jpg@avif IP172.67.181.254:0
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hashe96a71a5fe56033b87ca3809fb4fab55 22b9068fece941bf32a6e67885ea41fd70233ac6 e7d80eb4af58fe47ec89fadcf5b2e5969f43527c11668ae3f4af541fe61a5853
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/tvbet/a6a15f20-ce33-4ddc-9763-e38986fcdb2c.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwvs.com/
Cookie: __cf_bm=Wq3EX7zczwCS9p_ulHYQmQqDou7Iht4EtZFlteAdx38-1715370880-1.0.1.1-0IX2ip5qCEd0q5X0XQzxXmIMQeNsrPpD6nTviJIdKZHDg6ObzYKpDPfcAtgcKlUNWWf8jmGQ8l1EQStFlDgLmQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 19:54:46 GMT
content-type: image/avif
content-length: 6634
cache-control: public, max-age=31536000
content-disposition: inline; filename="a6a15f20-ce33-4ddc-9763-e38986fcdb2c.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY2MGMxZWU2LTNlZDNkIg"
x-request-id: qDJlJ2R-SOJh4usDIwbZn
cf-cache-status: HIT
age: 271896
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iaoNuQNQQKERzkNTacf3zu%2F5WToeArzdm0ePdlR5wDIKhSm2T3KqM3npnplsMmBBMcDfYT6FbznQq%2Bp8k6jBA8Q8b6nKacS0IfrM2Ed05gq7sTGfb5I2oJO6kWp1I4WtecKGtBQBvl0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c7bab689856c0-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/728d6758-6f50-4b1b-8132-2430ff7e0aa6.jpeg@avif | 172.67.181.254 | 200 OK | 7.5 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/728d6758-6f50-4b1b-8132-2430ff7e0aa6.jpeg@avif IP172.67.181.254:443
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hash91cb93c7b3bcfdaf5be22dd889c68647 20c0af4b44bfe11283e15f237fa8c762a10d4711 c8a4e944374127623a31b75cec94c6b6d3509cb961f03169774cd8d725b0cb4a
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/728d6758-6f50-4b1b-8132-2430ff7e0aa6.jpeg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwvs.com/
Cookie: __cf_bm=Wq3EX7zczwCS9p_ulHYQmQqDou7Iht4EtZFlteAdx38-1715370880-1.0.1.1-0IX2ip5qCEd0q5X0XQzxXmIMQeNsrPpD6nTviJIdKZHDg6ObzYKpDPfcAtgcKlUNWWf8jmGQ8l1EQStFlDgLmQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 19:54:46 GMT
content-type: image/avif
content-length: 7460
cache-control: public, max-age=31536000
content-disposition: inline; filename="728d6758-6f50-4b1b-8132-2430ff7e0aa6.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY0NzQ2ZGJmLWRhZDki"
x-request-id: nlnrqp76oKsPxZfPgQlZm
cf-cache-status: HIT
age: 257301
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ym%2FNW2nV937Ne7eRAxPncVZqHVWJ%2BxqDy%2FD5KJfi1950iXdHSCtu%2Fpj9SZ3ZX7n%2B92UhW5rrdbM%2B117ueoZ0rcnQT8i0ukG0vDJaNzEv2EJ8EMmcvEBVuZkEr9Qo5QaWPo9v5j9%2FK5A%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c7bab789e56c0-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/7mojos%20slots.c8ad63b4f.svg | 154.197.121.128 | | 18 kB |
URL 1win-cdn.com/img/7mojos%20slots.c8ad63b4f.svg IP154.197.121.128:0 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hash591549a6ca1bdf3c1201ea18264038ee 98eb097ebf60181c20977f72d3f5e5f961321c7a 2dd76ac54d02b0cbf4de5f00e6ecc99f30dda721803f0febde0be6d021feb5ee
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/7mojos%20slots.c8ad63b4f.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwvs.com/
Cookie: __cf_bm=Wq3EX7zczwCS9p_ulHYQmQqDou7Iht4EtZFlteAdx38-1715370880-1.0.1.1-0IX2ip5qCEd0q5X0XQzxXmIMQeNsrPpD6nTviJIdKZHDg6ObzYKpDPfcAtgcKlUNWWf8jmGQ8l1EQStFlDgLmQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 19:54:45 GMT
content-type: image/svg+xml
last-modified: Fri, 10 May 2024 17:29:21 GMT
etag: W/"663e5971-233d"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 3937
expires: Fri, 10 May 2024 23:54:45 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c7ba4091856bd-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/agt.893343a61.svg | 154.197.121.128 | | 42 kB |
URL 1win-cdn.com/img/agt.893343a61.svg IP154.197.121.128:0 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hash4ee19685bcfc476d9bb815d733477389 256e948deaea176c3d918dad6897f47a0612866e 294a71af8c1a6c0656320c97483039471e5df67c26d61a1a6ad7f37906992785
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/agt.893343a61.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwvs.com/
Cookie: __cf_bm=Wq3EX7zczwCS9p_ulHYQmQqDou7Iht4EtZFlteAdx38-1715370880-1.0.1.1-0IX2ip5qCEd0q5X0XQzxXmIMQeNsrPpD6nTviJIdKZHDg6ObzYKpDPfcAtgcKlUNWWf8jmGQ8l1EQStFlDgLmQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 19:54:45 GMT
content-type: image/svg+xml
last-modified: Fri, 10 May 2024 17:29:21 GMT
etag: W/"663e5971-4be"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 4229
expires: Fri, 10 May 2024 23:54:45 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c7ba4293f56bd-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/pragmatic/c_d25464ae840baf966d3d1019c718c0fc.png@avif | 172.67.181.254 | 200 OK | 6.4 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/pragmatic/c_d25464ae840baf966d3d1019c718c0fc.png@avif IP172.67.181.254:443
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hash4e7067f0087797bc8a2752288c82d468 7a97f30b9cf7b7c0167847006aefcd3411e4c414 626952781c5dcc08fb5dc238ced257f7bcc86ed4e656e61c829199ab4f023e62
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/pragmatic/c_d25464ae840baf966d3d1019c718c0fc.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwvs.com/
Cookie: __cf_bm=Wq3EX7zczwCS9p_ulHYQmQqDou7Iht4EtZFlteAdx38-1715370880-1.0.1.1-0IX2ip5qCEd0q5X0XQzxXmIMQeNsrPpD6nTviJIdKZHDg6ObzYKpDPfcAtgcKlUNWWf8jmGQ8l1EQStFlDgLmQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 19:54:46 GMT
content-type: image/avif
content-length: 6364
cache-control: public, max-age=31536000
content-disposition: inline; filename="c_d25464ae840baf966d3d1019c718c0fc.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjYyOGUyMTVlLTRiYWM1Ig"
x-request-id: TlNWZ38pE9uIHD6irnmEj
cf-cache-status: HIT
age: 263197
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=c%2FGsIr%2F%2BYKl%2Bl2yio2qp8UKAD4Bh80Z3KrhfbhJ5ysgZvhS7MXV5hyubdENHymz5BU86vN50pJ49qew1kpkGk8SNQI8xtx7zZglYVHcs7WUTKSUCF4SSoiaUHVqFvyVTLqs4AhWqOUo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c7bab98e056c0-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1wwvs.com/firebase/8.1.1/firebase-app.js | 190.115.24.78 | | 21 kB |
URL 1wwvs.com/firebase/8.1.1/firebase-app.js IP190.115.24.78:0
CertificateIssuerLet's Encrypt Subject1wwvs.com FingerprintEA:DA:40:5C:68:3A:CA:F7:47:8D:6C:DE:0D:EA:85:14:EF:5C:DE:13 ValidityWed, 08 May 2024 17:01:29 GMT - Tue, 06 Aug 2024 17:01:28 GMT
File typeJavaScript source, ASCII text, with very long lines (19927) Hash5b9dcee25dd464bbf914b48e05e770c7 3f4e99ad6ce1fb6eb6be51dbd50ffab375eb0533 01a87f9f8138f66274cfedb855c0bfbe1529600a65ed26b0c863533e1e94abce
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /firebase/8.1.1/firebase-app.js HTTP/1.1
Host: 1wwvs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwvs.com/
Cookie: __ddg1_=N0oaF6Yk8maT24ZIxYQo; visit_domain=1wwvs.com; core-sticky=http://10.233.72.201:80; 1w_lang=en; 1w_locale=1; AMP_494cccfe21=JTdCJTIyZGV2aWNlSWQlMjIlM0ElMjIwYzczYmI4MS1kNjI0LTRlNDAtYjNiNC1mNjhiZWM1NTkxNDIlMjIlMkMlMjJzZXNzaW9uSWQlMjIlM0ExNzE1MzcwODgzNTEzJTJDJTIyb3B0T3V0JTIyJTNBZmFsc2UlMkMlMjJsYXN0RXZlbnRUaW1lJTIyJTNBMTcxNTM3MDg4MzU3MSUyQyUyMmxhc3RFdmVudElkJTIyJTNBMCU3RA==; AMP_MKTG_494cccfe21=JTdCJTdE
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: ddos-guard
date: Fri, 10 May 2024 19:54:43 GMT
content-type: application/javascript
last-modified: Fri, 10 May 2024 17:29:21 GMT
etag: W/"663e5971-4ded"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: ALLOW-FROM ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan, ALLOW-FROM 1win-partner.com ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan
content-encoding: br
vary: Accept-Encoding
age: 0
ddg-cache-status: MISS
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/46719.c1d2eb9c5.js | 154.197.121.128 | 200 OK | 13 kB |
URL GET HTTP/21win-cdn.com/js/46719.c1d2eb9c5.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hash983ae5e66a073353a0060563b0c7c62e 9642ed5741b435e00b6ba90852b3f0fda635fcef 47aaac2798ebdc901b6a8c10b0fa044ee001dfc55ac25c22b7b7c2b785e21483
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/46719.c1d2eb9c5.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwvs.com/
Cookie: __cf_bm=Wq3EX7zczwCS9p_ulHYQmQqDou7Iht4EtZFlteAdx38-1715370880-1.0.1.1-0IX2ip5qCEd0q5X0XQzxXmIMQeNsrPpD6nTviJIdKZHDg6ObzYKpDPfcAtgcKlUNWWf8jmGQ8l1EQStFlDgLmQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 19:54:45 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-20f"
expires: Mon, 08 May 2034 19:54:45 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 875718
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c7ba3381956bd-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/netgame.8e28ed366.svg | 154.197.121.128 | | 1.5 kB |
URL 1win-cdn.com/img/netgame.8e28ed366.svg IP154.197.121.128:0 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hash77f66d6a20f0cbe9bdf18335f3f38917 ffdcba367c134f36f8b92c49c28ecb8606c347fe f15b6f381e912d5a7331954b9356816d065dcb220496f4e5042b7637b46d9922
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/netgame.8e28ed366.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwvs.com/
Cookie: __cf_bm=Wq3EX7zczwCS9p_ulHYQmQqDou7Iht4EtZFlteAdx38-1715370880-1.0.1.1-0IX2ip5qCEd0q5X0XQzxXmIMQeNsrPpD6nTviJIdKZHDg6ObzYKpDPfcAtgcKlUNWWf8jmGQ8l1EQStFlDgLmQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 19:54:46 GMT
content-type: image/svg+xml
last-modified: Fri, 10 May 2024 17:29:21 GMT
etag: W/"663e5971-b65"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1140
expires: Fri, 10 May 2024 23:54:46 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c7ba75d5456bd-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-548949LWLW&cid=105206376.1715370888>m=45je4580v894728184z8894400803za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3lPl2l1&npa=1&frm=0&z=290825140 | 142.250.74.163 | 200 OK | 42 B |
URL GET HTTP/2www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-548949LWLW&cid=105206376.1715370888>m=45je4580v894728184z8894400803za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3lPl2l1&npa=1&frm=0&z=290825140 IP142.250.74.163:443
CertificateIssuerGoogle Trust Services LLC Subject*.google.no Fingerprint7D:68:6D:B1:32:34:52:51:20:C9:53:FF:B9:B7:8F:7E:05:F9:F5:97 ValidityTue, 16 Apr 2024 04:31:00 GMT - Tue, 09 Jul 2024 04:30:59 GMT
File typeGIF image data, version 89a, 1 x 1 Hashd89746888da2d9510b64a9f031eaecd5 d5fceb6532643d0d84ffe09c40c481ecdf59e15a ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-548949LWLW&cid=105206376.1715370888>m=45je4580v894728184z8894400803za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3lPl2l1&npa=1&frm=0&z=290825140 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwvs.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 10 May 2024 19:54:48 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| region1.analytics.google.com/g/collect?v=2&tid=G-548949LWLW>m=45je4580v894728184z8894400803za200&_p=1715370883810&_gaz=1&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=105206376.1715370888&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&_s=1&dp=%2F&sid=1715370888&sct=1&seg=0&dl=https%3A%2F%2F1wwvs.com%2F&dt=1win&en=page_view&_fv=1&_nsi=1&_ss=1&ep.page_url=https%3A%2F%2F1wwvs.com%2F&up.UserID=&up.platform_language=en&up.device_type=desktop&up.platform=web&up.os=other&tfd=8440 | 216.239.32.36 | 204 No Content | 0 B |
URL POST HTTP/2region1.analytics.google.com/g/collect?v=2&tid=G-548949LWLW>m=45je4580v894728184z8894400803za200&_p=1715370883810&_gaz=1&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=105206376.1715370888&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&_s=1&dp=%2F&sid=1715370888&sct=1&seg=0&dl=https%3A%2F%2F1wwvs.com%2F&dt=1win&en=page_view&_fv=1&_nsi=1&_ss=1&ep.page_url=https%3A%2F%2F1wwvs.com%2F&up.UserID=&up.platform_language=en&up.device_type=desktop&up.platform=web&up.os=other&tfd=8440 IP216.239.32.36:443
CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-548949LWLW>m=45je4580v894728184z8894400803za200&_p=1715370883810&_gaz=1&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=105206376.1715370888&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&_s=1&dp=%2F&sid=1715370888&sct=1&seg=0&dl=https%3A%2F%2F1wwvs.com%2F&dt=1win&en=page_view&_fv=1&_nsi=1&_ss=1&ep.page_url=https%3A%2F%2F1wwvs.com%2F&up.UserID=&up.platform_language=en&up.device_type=desktop&up.platform=web&up.os=other&tfd=8440 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1wwvs.com
DNT: 1
Connection: keep-alive
Referer: https://1wwvs.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: https://1wwvs.com
date: Fri, 10 May 2024 19:54:48 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| www.googletagmanager.com/a?v=3&t=l&pid=1205758320&rv=4580&u=AAAAAAAIAAAAAIA&h=Ag>m=45je4580v894728184za200&ccid=94728184&cid=G-548949LWLW&l=L4174.S68.B59.E1504.I3384.EC10.TC16.HTC0~gtm.init.S1.V1.TS5ogtautoevents.TI19.TE3.TS5ogtcookiesettings.TI21.TE1.TS5ogtipmark.TI22.TE1.TS5ogtipmark.TI23.TE1.TS5ogtipmark.TI24.TE0.TS5ogt1pdatav2.TI27.TE3.TS5ccdgalast.TI28.TE0.TS5ccdautoredact.TI29.TE2.TS5ccdconversionmarking.TI30.TE0.TS5ccdempageview.TI31.TE2.TS5ccdgaregscope.TI32.TE3.TS5ogtgooglesignals.TI33.TE4.TS5setproductsettings.TI34.TE1.TS5ccdgafirst.TI35.TE1~*.S0.V0.E1470~*.S0.V0.E1470~*.S0.V0.E1469~*.S0.V0.E1469~*.S1.V0.TS5gct.TI16.TE0~*.S0.V0.E1450~gtm.dom.S0.V0.E1450~gtm.load.S1.V0.E1450~gtm.init_consent.S1.V1.TS5ogtdma.TI25.TE2~GA4268 | 142.250.74.40 | 200 OK | 0 B |
URL GET HTTP/3www.googletagmanager.com/a?v=3&t=l&pid=1205758320&rv=4580&u=AAAAAAAIAAAAAIA&h=Ag>m=45je4580v894728184za200&ccid=94728184&cid=G-548949LWLW&l=L4174.S68.B59.E1504.I3384.EC10.TC16.HTC0~gtm.init.S1.V1.TS5ogtautoevents.TI19.TE3.TS5ogtcookiesettings.TI21.TE1.TS5ogtipmark.TI22.TE1.TS5ogtipmark.TI23.TE1.TS5ogtipmark.TI24.TE0.TS5ogt1pdatav2.TI27.TE3.TS5ccdgalast.TI28.TE0.TS5ccdautoredact.TI29.TE2.TS5ccdconversionmarking.TI30.TE0.TS5ccdempageview.TI31.TE2.TS5ccdgaregscope.TI32.TE3.TS5ogtgooglesignals.TI33.TE4.TS5setproductsettings.TI34.TE1.TS5ccdgafirst.TI35.TE1~*.S0.V0.E1470~*.S0.V0.E1470~*.S0.V0.E1469~*.S0.V0.E1469~*.S1.V0.TS5gct.TI16.TE0~*.S0.V0.E1450~gtm.dom.S0.V0.E1450~gtm.load.S1.V0.E1450~gtm.init_consent.S1.V1.TS5ogtdma.TI25.TE2~GA4268 IP142.250.74.40:443
CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /a?v=3&t=l&pid=1205758320&rv=4580&u=AAAAAAAIAAAAAIA&h=Ag>m=45je4580v894728184za200&ccid=94728184&cid=G-548949LWLW&l=L4174.S68.B59.E1504.I3384.EC10.TC16.HTC0~gtm.init.S1.V1.TS5ogtautoevents.TI19.TE3.TS5ogtcookiesettings.TI21.TE1.TS5ogtipmark.TI22.TE1.TS5ogtipmark.TI23.TE1.TS5ogtipmark.TI24.TE0.TS5ogt1pdatav2.TI27.TE3.TS5ccdgalast.TI28.TE0.TS5ccdautoredact.TI29.TE2.TS5ccdconversionmarking.TI30.TE0.TS5ccdempageview.TI31.TE2.TS5ccdgaregscope.TI32.TE3.TS5ogtgooglesignals.TI33.TE4.TS5setproductsettings.TI34.TE1.TS5ccdgafirst.TI35.TE1~*.S0.V0.E1470~*.S0.V0.E1470~*.S0.V0.E1469~*.S0.V0.E1469~*.S1.V0.TS5gct.TI16.TE0~*.S0.V0.E1450~gtm.dom.S0.V0.E1450~gtm.load.S1.V0.E1450~gtm.init_consent.S1.V1.TS5ogtdma.TI25.TE2~GA4268 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwvs.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 10 May 2024 19:54:49 GMT
content-type: text/html
server: Google Tag Manager
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| region1.analytics.google.com/g/collect?v=2&tid=G-548949LWLW>m=45je4580v894728184z8894400803za200&_p=1715370883810&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=105206376.1715370888&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&_s=2&dp=%2F&sid=1715370888&sct=1&seg=0&dl=https%3A%2F%2F1wwvs.com%2F&dt=1win&en=slider_banner_view&ep.page_url=https%3A%2F%2F1wwvs.com%2F&ep.device_type=desktop&ep.platform=web&ep.os=other&ep.domain=1wwvs.com&tfd=14928 | 216.239.32.36 | 204 No Content | 0 B |
URL POST HTTP/3region1.analytics.google.com/g/collect?v=2&tid=G-548949LWLW>m=45je4580v894728184z8894400803za200&_p=1715370883810&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=105206376.1715370888&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&_s=2&dp=%2F&sid=1715370888&sct=1&seg=0&dl=https%3A%2F%2F1wwvs.com%2F&dt=1win&en=slider_banner_view&ep.page_url=https%3A%2F%2F1wwvs.com%2F&ep.device_type=desktop&ep.platform=web&ep.os=other&ep.domain=1wwvs.com&tfd=14928 IP216.239.32.36:443
CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-548949LWLW>m=45je4580v894728184z8894400803za200&_p=1715370883810&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=105206376.1715370888&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&_s=2&dp=%2F&sid=1715370888&sct=1&seg=0&dl=https%3A%2F%2F1wwvs.com%2F&dt=1win&en=slider_banner_view&ep.page_url=https%3A%2F%2F1wwvs.com%2F&ep.device_type=desktop&ep.platform=web&ep.os=other&ep.domain=1wwvs.com&tfd=14928 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1wwvs.com
DNT: 1
Connection: keep-alive
Referer: https://1wwvs.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/3 204 No Content
access-control-allow-origin: https://1wwvs.com
date: Fri, 10 May 2024 19:54:55 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| 1win-cdn.com/img/bonus_hover_1.eb9b2d69a-1320.webp | 154.197.121.128 | | 48 kB |
URL 1win-cdn.com/img/bonus_hover_1.eb9b2d69a-1320.webp IP154.197.121.128:0 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 1320x427, Scaling: [none]x[none], YUV color, decoders should clamp Hash5495ba7e07dc7a05a6008b8585bca92b f8dadc060dcf17862805f72d7815c9b9b119375e 570d0b7b7b49c540125d6b4636dcd2284e0c18a2c015ea56035b21ae91e400c7
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/bonus_hover_1.eb9b2d69a-1320.webp HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwvs.com/
Cookie: __cf_bm=Wq3EX7zczwCS9p_ulHYQmQqDou7Iht4EtZFlteAdx38-1715370880-1.0.1.1-0IX2ip5qCEd0q5X0XQzxXmIMQeNsrPpD6nTviJIdKZHDg6ObzYKpDPfcAtgcKlUNWWf8jmGQ8l1EQStFlDgLmQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 19:55:03 GMT
content-type: image/webp
content-length: 47816
last-modified: Fri, 10 May 2024 17:29:21 GMT
etag: "663e5971-bac8"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 3
expires: Fri, 10 May 2024 23:55:03 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c7c14484256bd-OSL
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/bonus.75b0226c8-1320.webp | 154.197.121.128 | 200 OK | 48 kB |
URL GET HTTP/21win-cdn.com/img/bonus.75b0226c8-1320.webp IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 1320x427, Scaling: [none]x[none], YUV color, decoders should clamp Hash8c760c7064f0128ae142377fd17b2a06 edfcaffb6cd42075bfecedd2153fd44764d69df7 32161eece0cfdf13f56657eae013b7c465da15413d352eb0eca7ad536808750c
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/bonus.75b0226c8-1320.webp HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwvs.com/
Cookie: __cf_bm=Wq3EX7zczwCS9p_ulHYQmQqDou7Iht4EtZFlteAdx38-1715370880-1.0.1.1-0IX2ip5qCEd0q5X0XQzxXmIMQeNsrPpD6nTviJIdKZHDg6ObzYKpDPfcAtgcKlUNWWf8jmGQ8l1EQStFlDgLmQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 19:55:03 GMT
content-type: image/webp
content-length: 47824
last-modified: Fri, 10 May 2024 17:29:21 GMT
etag: "663e5971-bad0"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 3
expires: Fri, 10 May 2024 23:55:03 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c7c14484656bd-OSL
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/rubyplay.b4553f39e.svg | 154.197.121.128 | 200 OK | 7.6 kB |
URL GET HTTP/21win-cdn.com/img/rubyplay.b4553f39e.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash3858ea5c6be5319073b0453eac475c1b 72be49666df66401b531cfe9658ae2b64f897b0b fb96a6365440b705da9c72c59a869499f4872ed922243f9d248536974a860980
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/rubyplay.b4553f39e.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwvs.com/
Cookie: __cf_bm=Wq3EX7zczwCS9p_ulHYQmQqDou7Iht4EtZFlteAdx38-1715370880-1.0.1.1-0IX2ip5qCEd0q5X0XQzxXmIMQeNsrPpD6nTviJIdKZHDg6ObzYKpDPfcAtgcKlUNWWf8jmGQ8l1EQStFlDgLmQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 19:54:46 GMT
content-type: image/svg+xml
last-modified: Fri, 10 May 2024 17:29:21 GMT
etag: W/"663e5971-1d85"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1140
expires: Fri, 10 May 2024 23:54:46 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c7ba7cde856bd-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/sa%20gaming.396c34ca4.svg | 154.197.121.128 | 200 OK | 2.4 kB |
URL GET HTTP/21win-cdn.com/img/sa%20gaming.396c34ca4.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hasheec27b0a30619e016eae50d11f9a53b9 ff3da2add15102d508e5f361ba5fef6c01bafcc4 d980864e2bbbbf04843596ec55869200f0fb749ae5113b85b17d377bc8acbab8
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/sa%20gaming.396c34ca4.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwvs.com/
Cookie: __cf_bm=Wq3EX7zczwCS9p_ulHYQmQqDou7Iht4EtZFlteAdx38-1715370880-1.0.1.1-0IX2ip5qCEd0q5X0XQzxXmIMQeNsrPpD6nTviJIdKZHDg6ObzYKpDPfcAtgcKlUNWWf8jmGQ8l1EQStFlDgLmQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 19:54:46 GMT
content-type: image/svg+xml
last-modified: Fri, 10 May 2024 17:29:21 GMT
etag: W/"663e5971-948"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 552
expires: Fri, 10 May 2024 23:54:46 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c7ba7cdef56bd-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/uefa.093dd4fef.svg | 154.197.121.128 | 200 OK | 1.9 kB |
URL GET HTTP/21win-cdn.com/img/uefa.093dd4fef.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash252f6dec5cdba134798b102acab7283f a159330042e787e62a548cbf2dc4dcb59a00fced 7bcf663e19c650e822b1f795b49a01535cc7994e2aaf701b8b3f7a98fbbd9696
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/uefa.093dd4fef.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwvs.com/
Cookie: __cf_bm=Wq3EX7zczwCS9p_ulHYQmQqDou7Iht4EtZFlteAdx38-1715370880-1.0.1.1-0IX2ip5qCEd0q5X0XQzxXmIMQeNsrPpD6nTviJIdKZHDg6ObzYKpDPfcAtgcKlUNWWf8jmGQ8l1EQStFlDgLmQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 19:54:45 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: W/"663bfc40-782"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 4021
expires: Fri, 10 May 2024 23:54:45 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c7b9fab6556bd-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/46665.703cfe1de.js | 154.197.121.128 | 200 OK | 1.0 kB |
URL GET HTTP/21win-cdn.com/js/46665.703cfe1de.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (1042), with no line terminators Hash530c1fc3208b67ba84edf563465386ad d2ae074df39f95da703f5a582a2dadec59962e2c 82df31a277f44a4f8045b7081e23b00003dcadb0f695354354559aaff26a392a
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/46665.703cfe1de.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwvs.com/
Cookie: __cf_bm=Wq3EX7zczwCS9p_ulHYQmQqDou7Iht4EtZFlteAdx38-1715370880-1.0.1.1-0IX2ip5qCEd0q5X0XQzxXmIMQeNsrPpD6nTviJIdKZHDg6ObzYKpDPfcAtgcKlUNWWf8jmGQ8l1EQStFlDgLmQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 19:54:45 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-3fe"
expires: Mon, 08 May 2034 19:54:45 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 876117
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c7ba3e8f356bd-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/relax.1a68769f8.svg | 154.197.121.128 | 200 OK | 1.4 kB |
URL GET HTTP/21win-cdn.com/img/relax.1a68769f8.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hashd29d9c49a3e8be4842246e8b658651b1 71129bcf41f71edffe3fb4db0b4ff2faf37bd536 67d8edefc6b96e711c297519bc268d93c477cebc6a6cd0f912bb1567ee2a71eb
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/relax.1a68769f8.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwvs.com/
Cookie: __cf_bm=Wq3EX7zczwCS9p_ulHYQmQqDou7Iht4EtZFlteAdx38-1715370880-1.0.1.1-0IX2ip5qCEd0q5X0XQzxXmIMQeNsrPpD6nTviJIdKZHDg6ObzYKpDPfcAtgcKlUNWWf8jmGQ8l1EQStFlDgLmQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 19:54:46 GMT
content-type: image/svg+xml
last-modified: Fri, 10 May 2024 17:29:21 GMT
etag: W/"663e5971-57f"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 3279
expires: Fri, 10 May 2024 23:54:46 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c7ba7bdbd56bd-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/netent.95417a961.svg | 154.197.121.128 | 200 OK | 1.0 kB |
URL GET HTTP/21win-cdn.com/img/netent.95417a961.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash24c2a93da817e20deb8796b20655510d e0e0acc2a55fd9623907272dac8f96c8f30360c6 01707112895fbab90532a0afbe23c9ec0402c8f73656fb87e74eca54550a5bcf
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/netent.95417a961.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwvs.com/
Cookie: __cf_bm=Wq3EX7zczwCS9p_ulHYQmQqDou7Iht4EtZFlteAdx38-1715370880-1.0.1.1-0IX2ip5qCEd0q5X0XQzxXmIMQeNsrPpD6nTviJIdKZHDg6ObzYKpDPfcAtgcKlUNWWf8jmGQ8l1EQStFlDgLmQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 19:54:46 GMT
content-type: image/svg+xml
last-modified: Fri, 10 May 2024 17:29:21 GMT
etag: W/"663e5971-3f7"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 4586
expires: Fri, 10 May 2024 23:54:46 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c7ba74d5056bd-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/spinomenal/61ea6817-a009-4c14-94a8-2d97fb8082c3.png@png |  0.0.0.0 | | 0 B |
URL GET imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/spinomenal/61ea6817-a009-4c14-94a8-2d97fb8082c3.png@png IP0.0.0.0:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/spinomenal/61ea6817-a009-4c14-94a8-2d97fb8082c3.png@png HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwvs.com/
Cookie: __cf_bm=Wq3EX7zczwCS9p_ulHYQmQqDou7Iht4EtZFlteAdx38-1715370880-1.0.1.1-0IX2ip5qCEd0q5X0XQzxXmIMQeNsrPpD6nTviJIdKZHDg6ObzYKpDPfcAtgcKlUNWWf8jmGQ8l1EQStFlDgLmQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
|
|
| 1win-cdn.com/img/revolver.25aaacada.svg | 154.197.121.128 | 200 OK | 3.9 kB |
URL GET HTTP/21win-cdn.com/img/revolver.25aaacada.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash49db2026a7b56b5525113dde1df88e5f 145eaf3e89aaa41bc641b6cfd321d900f74065d6 6f0a14e96df44350c7101bb3382f02983f1eb98fced9d4309cf99b2210a96adc
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/revolver.25aaacada.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwvs.com/
Cookie: __cf_bm=Wq3EX7zczwCS9p_ulHYQmQqDou7Iht4EtZFlteAdx38-1715370880-1.0.1.1-0IX2ip5qCEd0q5X0XQzxXmIMQeNsrPpD6nTviJIdKZHDg6ObzYKpDPfcAtgcKlUNWWf8jmGQ8l1EQStFlDgLmQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 19:54:46 GMT
content-type: image/svg+xml
last-modified: Fri, 10 May 2024 17:29:21 GMT
etag: W/"663e5971-f28"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1134
expires: Fri, 10 May 2024 23:54:46 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c7ba7bdd756bd-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/57228a66-bd62-4072-a80c-3bef549a758c.jpg@avif | 172.67.181.254 | 200 OK | 9.4 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/57228a66-bd62-4072-a80c-3bef549a758c.jpg@avif IP172.67.181.254:443
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hash7eb2cba4654091d306b65c6fe0a8f631 e1a4eecb3f5db01aa2774cf811e3c2cda95f426b ffd6b30a5e9e4e68ea1f492d19ba67578359d3a390dd90ea295cbc4bd81827d9
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/57228a66-bd62-4072-a80c-3bef549a758c.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwvs.com/
Cookie: __cf_bm=Wq3EX7zczwCS9p_ulHYQmQqDou7Iht4EtZFlteAdx38-1715370880-1.0.1.1-0IX2ip5qCEd0q5X0XQzxXmIMQeNsrPpD6nTviJIdKZHDg6ObzYKpDPfcAtgcKlUNWWf8jmGQ8l1EQStFlDgLmQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 19:54:46 GMT
content-type: image/avif
content-length: 9433
cache-control: public, max-age=31536000
content-disposition: inline; filename="57228a66-bd62-4072-a80c-3bef549a758c.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY0MzY4Mzc0LTI1MTcxIg"
x-request-id: Y_S_l8ymuWqEP5rYiQsvA
cf-cache-status: HIT
age: 271896
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Zz7sMcxXMM6GwDp6G3jPkMn5Yl388l1QqetYzed4fUKfrSkUTVAkpA7f5fFKrxv9U9my7JgqoVMdyuRCiAdEu2QSwqZV7%2FNt93E%2FahIKxr7QidRia9FC7a2sf90cYoO4KaMIdllFgBI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c7bab88d856c0-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/edict.ca67383de.svg | 154.197.121.128 | 200 OK | 13 kB |
URL GET HTTP/21win-cdn.com/img/edict.ca67383de.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash7794e14088c92dc44e186b65dfd0782b f81ec0b93e38339b2e2f8f94d2f7c568b8943fff c7f35f1baf838b1d2df12f6f0c9ec002d9fc4f57fcee414b74fad3cabb71864a
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/edict.ca67383de.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwvs.com/
Cookie: __cf_bm=Wq3EX7zczwCS9p_ulHYQmQqDou7Iht4EtZFlteAdx38-1715370880-1.0.1.1-0IX2ip5qCEd0q5X0XQzxXmIMQeNsrPpD6nTviJIdKZHDg6ObzYKpDPfcAtgcKlUNWWf8jmGQ8l1EQStFlDgLmQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 19:54:45 GMT
content-type: image/svg+xml
last-modified: Fri, 10 May 2024 17:29:21 GMT
etag: W/"663e5971-3206"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1429
expires: Fri, 10 May 2024 23:54:45 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c7ba56ad556bd-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/betraja.5cf6f15c0-75.png | 154.197.121.128 | 200 OK | 1.1 kB |
URL GET HTTP/21win-cdn.com/img/betraja.5cf6f15c0-75.png IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typePNG image data, 75 x 75, 8-bit colormap, non-interlaced Hash2840e342f235c6d7d76db654ff6a0edd 8f81dc2954a1e234394d7b284e02742730f25f37 2ad89292fa4c717acf6c24a9fa1f4c795f1e63f7e03bd4800c73f989c595a950
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/betraja.5cf6f15c0-75.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwvs.com/
Cookie: __cf_bm=Wq3EX7zczwCS9p_ulHYQmQqDou7Iht4EtZFlteAdx38-1715370880-1.0.1.1-0IX2ip5qCEd0q5X0XQzxXmIMQeNsrPpD6nTviJIdKZHDg6ObzYKpDPfcAtgcKlUNWWf8jmGQ8l1EQStFlDgLmQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 19:54:45 GMT
content-type: image/png
content-length: 1054
cf-bgj: imgq:100,h2pri
cf-polished: origSize=1174
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "663e5971-496"
last-modified: Fri, 10 May 2024 17:29:21 GMT
cf-cache-status: HIT
age: 2669
expires: Fri, 10 May 2024 23:54:45 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c7b9fbb7b56bd-OSL
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/superlotto.0b2069aeb.svg | 154.197.121.128 | 200 OK | 7.0 kB |
URL GET HTTP/21win-cdn.com/img/superlotto.0b2069aeb.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash128046b1d7f6f312cc287763f0c22336 4d2984a448e97d8b6e5b34a4c9fd08dfceb6f4a1 8531767fbaba9dae9a2f659ba50799bef2f9f0c207105bd1010f5e0a12b84f89
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/superlotto.0b2069aeb.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwvs.com/
Cookie: __cf_bm=Wq3EX7zczwCS9p_ulHYQmQqDou7Iht4EtZFlteAdx38-1715370880-1.0.1.1-0IX2ip5qCEd0q5X0XQzxXmIMQeNsrPpD6nTviJIdKZHDg6ObzYKpDPfcAtgcKlUNWWf8jmGQ8l1EQStFlDgLmQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 19:54:46 GMT
content-type: image/svg+xml
last-modified: Fri, 10 May 2024 17:29:21 GMT
etag: W/"663e5971-1b55"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1472
expires: Fri, 10 May 2024 23:54:46 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c7ba81e4556bd-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/css/desktop.916d40f3f.css | 154.197.121.128 | 200 OK | 74 kB |
URL GET HTTP/21win-cdn.com/css/desktop.916d40f3f.css IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeASCII text, with very long lines (65536), with no line terminators Hash51c6f2c7a39234d9d61b540fd4da7f5c 019a5c21cdb9372330136e8bd5482b856b213842 65b38b11c54688030a8e2a3293fe595ceca56b8a053fe5ea7b099ac220480bb6
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /css/desktop.916d40f3f.css HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwvs.com/
Cookie: __cf_bm=Wq3EX7zczwCS9p_ulHYQmQqDou7Iht4EtZFlteAdx38-1715370880-1.0.1.1-0IX2ip5qCEd0q5X0XQzxXmIMQeNsrPpD6nTviJIdKZHDg6ObzYKpDPfcAtgcKlUNWWf8jmGQ8l1EQStFlDgLmQ
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 19:54:43 GMT
content-type: text/css
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-121d6"
expires: Mon, 08 May 2034 19:54:42 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 200215
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c7b92bcce56bd-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/20420.30b3c996e.js | 154.197.121.128 | 200 OK | 573 B |
URL GET HTTP/21win-cdn.com/js/20420.30b3c996e.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (591), with no line terminators Hash41330d1d45db0c752d96abc28dbb0644 3e716caf3e130d706d19fff163b8fda8b91574eb fbcbcecc2dd56e59b3e7ae495a64eafdbee9d493cd3b86ba0ebe14f75e031dc0
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/20420.30b3c996e.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwvs.com/
Cookie: __cf_bm=Wq3EX7zczwCS9p_ulHYQmQqDou7Iht4EtZFlteAdx38-1715370880-1.0.1.1-0IX2ip5qCEd0q5X0XQzxXmIMQeNsrPpD6nTviJIdKZHDg6ObzYKpDPfcAtgcKlUNWWf8jmGQ8l1EQStFlDgLmQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 19:54:45 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-23d"
expires: Mon, 08 May 2034 19:54:45 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 876117
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c7ba4fa3156bd-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/habanero.92654c79c.svg | 154.197.121.128 | 200 OK | 3.6 kB |
URL GET HTTP/21win-cdn.com/img/habanero.92654c79c.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash9d25ca67fcccda561c314873654994a8 0e5592059d8c6114a25d0affd4af7e50e44d36af e43f0e0abd0ae12393dc2b91c459fdcf045669e63be099f9cb44cd37904bd761
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/habanero.92654c79c.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwvs.com/
Cookie: __cf_bm=Wq3EX7zczwCS9p_ulHYQmQqDou7Iht4EtZFlteAdx38-1715370880-1.0.1.1-0IX2ip5qCEd0q5X0XQzxXmIMQeNsrPpD6nTviJIdKZHDg6ObzYKpDPfcAtgcKlUNWWf8jmGQ8l1EQStFlDgLmQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 19:54:46 GMT
content-type: image/svg+xml
last-modified: Fri, 10 May 2024 17:29:21 GMT
etag: W/"663e5971-de9"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 4549
expires: Fri, 10 May 2024 23:54:46 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c7ba6ccb256bd-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/home-poker-banner-bg.daea5f5cb-600.png | 154.197.121.128 | 200 OK | 20 kB |
URL GET HTTP/21win-cdn.com/img/home-poker-banner-bg.daea5f5cb-600.png IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typePNG image data, 600 x 295, 8-bit colormap, non-interlaced Hashb924bd42443557a1ef9d41f043ddf175 a9db601e2941557cba7e3e688390aa43e8411e2e 8103c7873a41f0c2d28c5738b5bfb26bf324123930e0f49f7cf83964211b1def
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/home-poker-banner-bg.daea5f5cb-600.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwvs.com/
Cookie: __cf_bm=Wq3EX7zczwCS9p_ulHYQmQqDou7Iht4EtZFlteAdx38-1715370880-1.0.1.1-0IX2ip5qCEd0q5X0XQzxXmIMQeNsrPpD6nTviJIdKZHDg6ObzYKpDPfcAtgcKlUNWWf8jmGQ8l1EQStFlDgLmQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 19:54:44 GMT
content-type: image/png
content-length: 19467
cf-bgj: imgq:100,h2pri
cf-polished: origSize=21524
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "663e5971-5414"
last-modified: Fri, 10 May 2024 17:29:21 GMT
cf-cache-status: HIT
age: 3
expires: Fri, 10 May 2024 23:54:44 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c7b9b8ebc56bd-OSL
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/wta.c6d5e2ef3.svg | 154.197.121.128 | 200 OK | 3.3 kB |
URL GET HTTP/21win-cdn.com/img/wta.c6d5e2ef3.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash040d7f0a9e965031fe2520530582a5d3 015a448fc7cbd8ca0b74360915ee71513921dbc1 fac8ba2fc8936b7a7f9faf5e0f94031ec8ad096c8094f026fc5fb67d5b2bff59
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/wta.c6d5e2ef3.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwvs.com/
Cookie: __cf_bm=Wq3EX7zczwCS9p_ulHYQmQqDou7Iht4EtZFlteAdx38-1715370880-1.0.1.1-0IX2ip5qCEd0q5X0XQzxXmIMQeNsrPpD6nTviJIdKZHDg6ObzYKpDPfcAtgcKlUNWWf8jmGQ8l1EQStFlDgLmQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 19:54:45 GMT
content-type: image/svg+xml
last-modified: Fri, 10 May 2024 17:29:21 GMT
etag: W/"663e5971-d04"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 644
expires: Fri, 10 May 2024 23:54:45 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c7b9fab6b56bd-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/fifa.604717ea7.svg | 154.197.121.128 | 200 OK | 924 B |
URL GET HTTP/21win-cdn.com/img/fifa.604717ea7.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash27cf15a53b2412f9ed5eed8d31e3e42c 7e36a8980f616c440e2be62e539ea1dbd932f668 da435f1ef957744b70f4ce88d8463e883b23601054fc39e53c31a80536ec590f
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/fifa.604717ea7.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwvs.com/
Cookie: __cf_bm=Wq3EX7zczwCS9p_ulHYQmQqDou7Iht4EtZFlteAdx38-1715370880-1.0.1.1-0IX2ip5qCEd0q5X0XQzxXmIMQeNsrPpD6nTviJIdKZHDg6ObzYKpDPfcAtgcKlUNWWf8jmGQ8l1EQStFlDgLmQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 19:54:45 GMT
content-type: image/svg+xml
last-modified: Fri, 10 May 2024 17:29:21 GMT
etag: W/"663e5971-39c"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 3076
expires: Fri, 10 May 2024 23:54:45 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c7b9fbb7656bd-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/57552.ee60d28a1.js | 154.197.121.128 | 200 OK | 75 kB |
URL GET HTTP/21win-cdn.com/js/57552.ee60d28a1.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Hash3640868f35b73089eee8ce1f80955ad1 80e813108a8b082c210e8139451264d1e45bf4be a1f29c8068358d69428bf58353a89d61180a115876810909ca98e9268fac09ff
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/57552.ee60d28a1.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwvs.com/
Cookie: __cf_bm=Wq3EX7zczwCS9p_ulHYQmQqDou7Iht4EtZFlteAdx38-1715370880-1.0.1.1-0IX2ip5qCEd0q5X0XQzxXmIMQeNsrPpD6nTviJIdKZHDg6ObzYKpDPfcAtgcKlUNWWf8jmGQ8l1EQStFlDgLmQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 19:54:43 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 24 Apr 2024 12:10:29 GMT
etag: W/"6628f6b5-1262b"
expires: Mon, 08 May 2034 19:54:43 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 872853
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c7b982a9a56bd-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/hacksaw.5f0e80ecd.svg | 154.197.121.128 | 200 OK | 841 B |
URL GET HTTP/21win-cdn.com/img/hacksaw.5f0e80ecd.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash3371207f99abc98b9fb8ae8e13877c7c 82efe0611bab5262b245fbc98522a20bb2fc6529 ca3477693ffb8842144691591c6344d96dd368cb41b51aaf5e9e40ece7338831
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/hacksaw.5f0e80ecd.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwvs.com/
Cookie: __cf_bm=Wq3EX7zczwCS9p_ulHYQmQqDou7Iht4EtZFlteAdx38-1715370880-1.0.1.1-0IX2ip5qCEd0q5X0XQzxXmIMQeNsrPpD6nTviJIdKZHDg6ObzYKpDPfcAtgcKlUNWWf8jmGQ8l1EQStFlDgLmQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 19:54:46 GMT
content-type: image/svg+xml
last-modified: Fri, 10 May 2024 17:29:21 GMT
etag: W/"663e5971-349"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 3279
expires: Fri, 10 May 2024 23:54:46 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c7ba6ecda56bd-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/8653.ed7806659.js | 154.197.121.128 | 200 OK | 952 B |
URL GET HTTP/21win-cdn.com/js/8653.ed7806659.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (994), with no line terminators Hash1a63c0338e50d3b4dfe4a7cea9098d20 3915a35a401582840fc4139f2a94260a8cc21c12 5876ed8be9f28ec2128149035402d973d5b243d80e470048018ec6df9c3d6439
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/8653.ed7806659.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwvs.com/
Cookie: __cf_bm=Wq3EX7zczwCS9p_ulHYQmQqDou7Iht4EtZFlteAdx38-1715370880-1.0.1.1-0IX2ip5qCEd0q5X0XQzxXmIMQeNsrPpD6nTviJIdKZHDg6ObzYKpDPfcAtgcKlUNWWf8jmGQ8l1EQStFlDgLmQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 19:54:44 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-3b8"
expires: Mon, 08 May 2034 19:54:44 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 867225
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c7b9bdf3456bd-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/90511.4bc374431.js | 154.197.121.128 | 200 OK | 637 B |
URL GET HTTP/21win-cdn.com/js/90511.4bc374431.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (655), with no line terminators Hasha148eff943a30bc50c489b0cf73349ca 757f5c140878aca4fd1e3c8936e54f6abe59f95f ce9597252bbb61b1a89d84ac59a501e64985510009e7521964cdbf9933e32c09
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/90511.4bc374431.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwvs.com/
Cookie: __cf_bm=Wq3EX7zczwCS9p_ulHYQmQqDou7Iht4EtZFlteAdx38-1715370880-1.0.1.1-0IX2ip5qCEd0q5X0XQzxXmIMQeNsrPpD6nTviJIdKZHDg6ObzYKpDPfcAtgcKlUNWWf8jmGQ8l1EQStFlDgLmQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 19:54:44 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-27d"
expires: Mon, 08 May 2034 19:54:44 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 862449
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c7b9b2e5a56bd-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/gamebeat.5649e97f9.svg | 154.197.121.128 | 200 OK | 1.1 kB |
URL GET HTTP/21win-cdn.com/img/gamebeat.5649e97f9.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hashf47237dc478a7b0d1ed4d2687cc13396 66ce5afa1722b78b22858e1ae057290f36a13c81 af0e90737145635ae2a9807d550dfc2bd2746cbc50f74b828a3aa4c0e9a8ca19
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/gamebeat.5649e97f9.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwvs.com/
Cookie: __cf_bm=Wq3EX7zczwCS9p_ulHYQmQqDou7Iht4EtZFlteAdx38-1715370880-1.0.1.1-0IX2ip5qCEd0q5X0XQzxXmIMQeNsrPpD6nTviJIdKZHDg6ObzYKpDPfcAtgcKlUNWWf8jmGQ8l1EQStFlDgLmQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 19:54:46 GMT
content-type: image/svg+xml
last-modified: Fri, 10 May 2024 17:29:21 GMT
etag: W/"663e5971-472"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 4230
expires: Fri, 10 May 2024 23:54:46 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c7ba5fb9756bd-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/fugaso.1a40d61ad.svg | 154.197.121.128 | 200 OK | 2.4 kB |
URL GET HTTP/21win-cdn.com/img/fugaso.1a40d61ad.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hashfbe83afa72fe7a858d1fcd467a7e3acb 5dc85aabeac449d7287662a7b6ffe2936e447b84 21f646343e711bc51884ff1699ff6dc11de867dd10a58fee0ad946c197d46cc0
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/fugaso.1a40d61ad.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwvs.com/
Cookie: __cf_bm=Wq3EX7zczwCS9p_ulHYQmQqDou7Iht4EtZFlteAdx38-1715370880-1.0.1.1-0IX2ip5qCEd0q5X0XQzxXmIMQeNsrPpD6nTviJIdKZHDg6ObzYKpDPfcAtgcKlUNWWf8jmGQ8l1EQStFlDgLmQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 19:54:46 GMT
content-type: image/svg+xml
last-modified: Fri, 10 May 2024 17:29:21 GMT
etag: W/"663e5971-951"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 4017
expires: Fri, 10 May 2024 23:54:46 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c7ba5db5b56bd-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/1x2%20multiplayer.00302c7de.svg | 154.197.121.128 | 200 OK | 2.6 kB |
URL GET HTTP/21win-cdn.com/img/1x2%20multiplayer.00302c7de.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash113eb6d7137f5f70e8e824f5487e85bd 3d4d5852693e551b81b3d8106608e11bdb3a5080 72f4e464420bdd29f86767f770246a82e37d7d54e601f3f460fdcaf351339a0b
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/1x2%20multiplayer.00302c7de.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwvs.com/
Cookie: __cf_bm=Wq3EX7zczwCS9p_ulHYQmQqDou7Iht4EtZFlteAdx38-1715370880-1.0.1.1-0IX2ip5qCEd0q5X0XQzxXmIMQeNsrPpD6nTviJIdKZHDg6ObzYKpDPfcAtgcKlUNWWf8jmGQ8l1EQStFlDgLmQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 19:54:45 GMT
content-type: image/svg+xml
last-modified: Fri, 10 May 2024 17:29:21 GMT
etag: W/"663e5971-9fb"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1471
expires: Fri, 10 May 2024 23:54:45 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c7ba3a8ac56bd-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/spadegaming.8dc1e9a8e.svg | 154.197.121.128 | 200 OK | 3.8 kB |
URL GET HTTP/21win-cdn.com/img/spadegaming.8dc1e9a8e.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash747a1c4577c4f0216b3c2312e11b1950 c38313a9fb030d29f16ed7bbc1dab939a874aff5 e6e69bc9af907311e8e0d47d368dc74a985349748dc05803b4717e4aa8a3f6c1
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/spadegaming.8dc1e9a8e.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwvs.com/
Cookie: __cf_bm=Wq3EX7zczwCS9p_ulHYQmQqDou7Iht4EtZFlteAdx38-1715370880-1.0.1.1-0IX2ip5qCEd0q5X0XQzxXmIMQeNsrPpD6nTviJIdKZHDg6ObzYKpDPfcAtgcKlUNWWf8jmGQ8l1EQStFlDgLmQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 19:54:46 GMT
content-type: image/svg+xml
last-modified: Fri, 10 May 2024 17:29:21 GMT
etag: W/"663e5971-edd"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1140
expires: Fri, 10 May 2024 23:54:46 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c7ba80e3956bd-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/worldmatch.9f3d40aa7.svg | 154.197.121.128 | 200 OK | 522 B |
URL GET HTTP/21win-cdn.com/img/worldmatch.9f3d40aa7.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hashc3aab966ecda4dadceb7b556b4205478 e8e501768b244593d7e5a59b6a7cf77e3b0d4581 ba1ec219d7a5dafe4c7ce5aa35171278f90b26d55c3ce4b1fd2474ce69487bf1
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/worldmatch.9f3d40aa7.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwvs.com/
Cookie: __cf_bm=Wq3EX7zczwCS9p_ulHYQmQqDou7Iht4EtZFlteAdx38-1715370880-1.0.1.1-0IX2ip5qCEd0q5X0XQzxXmIMQeNsrPpD6nTviJIdKZHDg6ObzYKpDPfcAtgcKlUNWWf8jmGQ8l1EQStFlDgLmQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 19:54:46 GMT
content-type: image/svg+xml
last-modified: Fri, 10 May 2024 17:29:21 GMT
etag: W/"663e5971-20a"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 3279
expires: Fri, 10 May 2024 23:54:46 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c7ba87eae56bd-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/57652.297e4ecc2.js | 154.197.121.128 | 200 OK | 647 B |
URL GET HTTP/21win-cdn.com/js/57652.297e4ecc2.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (667), with no line terminators Hash53d580c5f29a2a838b6595fa6ff0f0a3 ab60adb7207a806d271778effe677ed01dc144b0 d09039f573818646e722fef48f6f9d999dc7382548877a5699e9b45be29ec6dc
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/57652.297e4ecc2.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwvs.com/
Cookie: __cf_bm=Wq3EX7zczwCS9p_ulHYQmQqDou7Iht4EtZFlteAdx38-1715370880-1.0.1.1-0IX2ip5qCEd0q5X0XQzxXmIMQeNsrPpD6nTviJIdKZHDg6ObzYKpDPfcAtgcKlUNWWf8jmGQ8l1EQStFlDgLmQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 19:54:44 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-287"
expires: Mon, 08 May 2034 19:54:44 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 875718
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c7b9aee0b56bd-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/kalamba.6e06f7faa.svg | 154.197.121.128 | 200 OK | 2.7 kB |
URL GET HTTP/21win-cdn.com/img/kalamba.6e06f7faa.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash7c40c808f85699562366c94d8075727c daba803ead149eec52b19b82e57afa940922e3c1 8b130bc8c17d44e469cdaabdb68bf8bd4fd819a3763227a6c5601b28a637b8d1
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/kalamba.6e06f7faa.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwvs.com/
Cookie: __cf_bm=Wq3EX7zczwCS9p_ulHYQmQqDou7Iht4EtZFlteAdx38-1715370880-1.0.1.1-0IX2ip5qCEd0q5X0XQzxXmIMQeNsrPpD6nTviJIdKZHDg6ObzYKpDPfcAtgcKlUNWWf8jmGQ8l1EQStFlDgLmQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 19:54:46 GMT
content-type: image/svg+xml
last-modified: Fri, 10 May 2024 17:29:21 GMT
etag: W/"663e5971-a9c"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1140
expires: Fri, 10 May 2024 23:54:46 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c7ba70cf856bd-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/salsa.8d18d113d.svg | 154.197.121.128 | 200 OK | 4.5 kB |
URL GET HTTP/21win-cdn.com/img/salsa.8d18d113d.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash8ddc56d0a9c2b1ae996c3521eddfae36 db430c81bcb0d7090c4067b858c8d48f0ba5d320 08bcd575204796b49e6590b14d0aef61c53647132f039606f45957b971c37844
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/salsa.8d18d113d.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwvs.com/
Cookie: __cf_bm=Wq3EX7zczwCS9p_ulHYQmQqDou7Iht4EtZFlteAdx38-1715370880-1.0.1.1-0IX2ip5qCEd0q5X0XQzxXmIMQeNsrPpD6nTviJIdKZHDg6ObzYKpDPfcAtgcKlUNWWf8jmGQ8l1EQStFlDgLmQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 19:54:46 GMT
content-type: image/svg+xml
last-modified: Fri, 10 May 2024 17:29:21 GMT
etag: W/"663e5971-1187"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 552
expires: Fri, 10 May 2024 23:54:46 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c7ba7ee0456bd-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/turbo%20games.0a45ae56b.svg | 154.197.121.128 | 200 OK | 1.0 kB |
URL GET HTTP/21win-cdn.com/img/turbo%20games.0a45ae56b.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hasha3d3ed5aaed2f3fd7a089aa6b6e00aea d366f4c84c203fd116575a62676b89bcd97c5816 8c7289cbe7f24989aef5f3b52bf00d1178c03b134a718bdbf54d7ffa7d8426ed
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/turbo%20games.0a45ae56b.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwvs.com/
Cookie: __cf_bm=Wq3EX7zczwCS9p_ulHYQmQqDou7Iht4EtZFlteAdx38-1715370880-1.0.1.1-0IX2ip5qCEd0q5X0XQzxXmIMQeNsrPpD6nTviJIdKZHDg6ObzYKpDPfcAtgcKlUNWWf8jmGQ8l1EQStFlDgLmQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 19:54:46 GMT
content-type: image/svg+xml
last-modified: Fri, 10 May 2024 17:29:21 GMT
etag: W/"663e5971-416"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1472
expires: Fri, 10 May 2024 23:54:46 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c7ba85e8b56bd-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/games%20inc.64fb099a0.svg | 154.197.121.128 | 200 OK | 695 B |
URL GET HTTP/21win-cdn.com/img/games%20inc.64fb099a0.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash3d90ca2a78e19006ff1926510ed316d4 0becc591fcf773fa9e56396884dfd0f963a46e73 e7d7da9c1e3909de31009cba4f854e960403196039b489c7e42d4d6ad3acec0c
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/games%20inc.64fb099a0.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwvs.com/
Cookie: __cf_bm=Wq3EX7zczwCS9p_ulHYQmQqDou7Iht4EtZFlteAdx38-1715370880-1.0.1.1-0IX2ip5qCEd0q5X0XQzxXmIMQeNsrPpD6nTviJIdKZHDg6ObzYKpDPfcAtgcKlUNWWf8jmGQ8l1EQStFlDgLmQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 19:54:46 GMT
content-type: image/svg+xml
last-modified: Fri, 10 May 2024 17:29:21 GMT
etag: W/"663e5971-2b7"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1472
expires: Fri, 10 May 2024 23:54:46 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c7ba61bf556bd-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/big%20time%20gaming.e2bd46001.svg | 154.197.121.128 | 200 OK | 5.6 kB |
URL GET HTTP/21win-cdn.com/img/big%20time%20gaming.e2bd46001.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash736482b909f3d90f4b87845b06343f95 05501f25bbd97642449a87b6113fbb3a2cf36f41 68f08269f37245370fb3122fa2c76f755644e1a9cce3e1abb1cda283aff2de62
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/big%20time%20gaming.e2bd46001.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwvs.com/
Cookie: __cf_bm=Wq3EX7zczwCS9p_ulHYQmQqDou7Iht4EtZFlteAdx38-1715370880-1.0.1.1-0IX2ip5qCEd0q5X0XQzxXmIMQeNsrPpD6nTviJIdKZHDg6ObzYKpDPfcAtgcKlUNWWf8jmGQ8l1EQStFlDgLmQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 19:54:45 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: W/"663bfc40-15e9"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 3741
expires: Fri, 10 May 2024 23:54:45 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c7ba52a7c56bd-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/fantasma.8f4e2392c.svg | 154.197.121.128 | 200 OK | 3.4 kB |
URL GET HTTP/21win-cdn.com/img/fantasma.8f4e2392c.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash2b6e488681e5af743e430cce2f0c2187 5a3102291017d617e6346a59664b1ec7eece4423 f34079a7f0c56e9ef5af475418998e11aa38c64bf4900827c830263eb9e8ac11
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/fantasma.8f4e2392c.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwvs.com/
Cookie: __cf_bm=Wq3EX7zczwCS9p_ulHYQmQqDou7Iht4EtZFlteAdx38-1715370880-1.0.1.1-0IX2ip5qCEd0q5X0XQzxXmIMQeNsrPpD6nTviJIdKZHDg6ObzYKpDPfcAtgcKlUNWWf8jmGQ8l1EQStFlDgLmQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 19:54:46 GMT
content-type: image/svg+xml
last-modified: Fri, 10 May 2024 17:29:21 GMT
etag: W/"663e5971-d34"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 3742
expires: Fri, 10 May 2024 23:54:46 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c7ba5cb4c56bd-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/1win-normal.34748aac6.svg | 154.197.121.128 | 200 OK | 4.6 kB |
URL GET HTTP/21win-cdn.com/img/1win-normal.34748aac6.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash6a657a7851fa92f791304f1cdb123e9a ae2def67a366ffe67578bf82e3c47b4f1966e784 8443e4838f78a5ad2efa628846e3337e1cec32b94cfce323eb25f2e97989a02f
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/1win-normal.34748aac6.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwvs.com/
Cookie: __cf_bm=Wq3EX7zczwCS9p_ulHYQmQqDou7Iht4EtZFlteAdx38-1715370880-1.0.1.1-0IX2ip5qCEd0q5X0XQzxXmIMQeNsrPpD6nTviJIdKZHDg6ObzYKpDPfcAtgcKlUNWWf8jmGQ8l1EQStFlDgLmQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 19:54:44 GMT
content-type: image/svg+xml
last-modified: Fri, 10 May 2024 17:29:21 GMT
etag: W/"663e5971-1221"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 95
expires: Fri, 10 May 2024 23:54:44 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c7b9acddf56bd-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/18860.cc0fd1e0e.js | 154.197.121.128 | 200 OK | 28 kB |
URL GET HTTP/21win-cdn.com/js/18860.cc0fd1e0e.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeJavaScript source, ASCII text, with very long lines (27990), with no line terminators Hash4b143001b05330bb316fe6b48531dbb6 ffa1e8fc89a58cf47350481057028603fe7fff91 d2384a77cb70880903f3d1b81d47cdaf69af5bfb006fd23fb938c512ee2f486e
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/18860.cc0fd1e0e.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwvs.com/
Cookie: __cf_bm=Wq3EX7zczwCS9p_ulHYQmQqDou7Iht4EtZFlteAdx38-1715370880-1.0.1.1-0IX2ip5qCEd0q5X0XQzxXmIMQeNsrPpD6nTviJIdKZHDg6ObzYKpDPfcAtgcKlUNWWf8jmGQ8l1EQStFlDgLmQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 19:54:43 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 06 May 2024 12:32:27 GMT
etag: W/"6638cddb-6d56"
expires: Mon, 08 May 2034 19:54:43 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 371285
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c7b939de756bd-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| | 190.115.24.78 | 200 OK | 438 kB |
URL User Request GET HTTP/2IP190.115.24.78:443
CertificateIssuerLet's Encrypt Subject1wwvs.com FingerprintEA:DA:40:5C:68:3A:CA:F7:47:8D:6C:DE:0D:EA:85:14:EF:5C:DE:13 ValidityWed, 08 May 2024 17:01:29 GMT - Tue, 06 Aug 2024 17:01:28 GMT
Size438 kB (438350 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET / HTTP/1.1
Host: 1wwvs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg1_=N0oaF6Yk8maT24ZIxYQo; Domain=.1wwvs.com; HttpOnly; Path=/; Expires=Sat, 10-May-2025 19:54:40 GMT
date: Fri, 10 May 2024 19:54:40 GMT
content-type: text/html; charset=utf-8
x-request-id: rARNfi7FqlC9NAPm
vary: Origin
access-control-allow-origin: *
x-match-domain: 1wwvs.com
x-frame-options: ALLOW-FROM ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan, ALLOW-FROM 1win-partner.com ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/spinomenal.e0cf93b3a.svg | 154.197.121.128 | 200 OK | 2.3 kB |
URL GET HTTP/21win-cdn.com/img/spinomenal.e0cf93b3a.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hashcccb25968af8377b09aaabb6aac79736 84938c2eeb2043bd681550b012601b0b0a2395b0 59b22e2b3007555e659e3a56f1c622f3635e7e0a7f284ce7b9a56dfe5fde9e9d
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/spinomenal.e0cf93b3a.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwvs.com/
Cookie: __cf_bm=Wq3EX7zczwCS9p_ulHYQmQqDou7Iht4EtZFlteAdx38-1715370880-1.0.1.1-0IX2ip5qCEd0q5X0XQzxXmIMQeNsrPpD6nTviJIdKZHDg6ObzYKpDPfcAtgcKlUNWWf8jmGQ8l1EQStFlDgLmQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 19:54:45 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: W/"663bfc40-8d0"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 4229
expires: Fri, 10 May 2024 23:54:45 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c7ba2cf7d56bd-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/zillion.c0e3dd6f0.svg | 154.197.121.128 | 200 OK | 684 B |
URL GET HTTP/21win-cdn.com/img/zillion.c0e3dd6f0.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hashd9e09ca4e933fc8dabb60c1335cb7cd6 37b3bb2ea200f88ae0f7c681547dfba6fcce1449 fb15bc779be9be33fbb41082ce8c6defe5cbeb6273b2a3cf620e40ef4416c177
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/zillion.c0e3dd6f0.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwvs.com/
Cookie: __cf_bm=Wq3EX7zczwCS9p_ulHYQmQqDou7Iht4EtZFlteAdx38-1715370880-1.0.1.1-0IX2ip5qCEd0q5X0XQzxXmIMQeNsrPpD6nTviJIdKZHDg6ObzYKpDPfcAtgcKlUNWWf8jmGQ8l1EQStFlDgLmQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 19:54:46 GMT
content-type: image/svg+xml
last-modified: Fri, 10 May 2024 17:29:21 GMT
etag: W/"663e5971-2ac"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1140
expires: Fri, 10 May 2024 23:54:46 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c7ba87ebc56bd-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/sprite-roulette@2.255074856-256.webp | 154.197.121.128 | 200 OK | 720 kB |
URL GET HTTP/21win-cdn.com/img/sprite-roulette@2.255074856-256.webp IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeRIFF (little-endian) data, Web/P image Size720 kB (719644 bytes) Hash344d71695bd0f387fedd84fba6ace2c1 1d37e2d66ab1098072febc0a0dc3769d44090048 7775854f4b641fa2c9f954c79de9d4bd51ffea8b9bc74d8e01768718cc438003
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/sprite-roulette@2.255074856-256.webp HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwvs.com/
Cookie: __cf_bm=Wq3EX7zczwCS9p_ulHYQmQqDou7Iht4EtZFlteAdx38-1715370880-1.0.1.1-0IX2ip5qCEd0q5X0XQzxXmIMQeNsrPpD6nTviJIdKZHDg6ObzYKpDPfcAtgcKlUNWWf8jmGQ8l1EQStFlDgLmQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 19:54:44 GMT
content-type: image/webp
content-length: 719644
last-modified: Fri, 10 May 2024 17:29:21 GMT
etag: "663e5971-afb1c"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 551
expires: Fri, 10 May 2024 23:54:44 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c7b9c7ffd56bd-OSL
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/cq9.5d5072e17.svg | 154.197.121.128 | 200 OK | 4.6 kB |
URL GET HTTP/21win-cdn.com/img/cq9.5d5072e17.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash47469c2cd9d79b1305e3e02f76d0dc24 d63ca4b97bbdd2533e5c1ac86bacd621a4150410 cbdced2050313c54915ec2417995b7de59675fffbbedf861202570a6e4ad5536
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/cq9.5d5072e17.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwvs.com/
Cookie: __cf_bm=Wq3EX7zczwCS9p_ulHYQmQqDou7Iht4EtZFlteAdx38-1715370880-1.0.1.1-0IX2ip5qCEd0q5X0XQzxXmIMQeNsrPpD6nTviJIdKZHDg6ObzYKpDPfcAtgcKlUNWWf8jmGQ8l1EQStFlDgLmQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 19:54:45 GMT
content-type: image/svg+xml
last-modified: Fri, 10 May 2024 17:29:21 GMT
etag: W/"663e5971-120b"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 3741
expires: Fri, 10 May 2024 23:54:45 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c7ba55abb56bd-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/gamomat.593230062.svg | 154.197.121.128 | 200 OK | 643 B |
URL GET HTTP/21win-cdn.com/img/gamomat.593230062.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hashbfaa3d42e6ab264b9080e74f867e85de 5026f5b14a42af9eaaf3d09468fa27728287cdae 9911098f481a732b6e8ae3ff8ce922ae03f087eba0d8359f1ad1a23b8a71e630
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/gamomat.593230062.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwvs.com/
Cookie: __cf_bm=Wq3EX7zczwCS9p_ulHYQmQqDou7Iht4EtZFlteAdx38-1715370880-1.0.1.1-0IX2ip5qCEd0q5X0XQzxXmIMQeNsrPpD6nTviJIdKZHDg6ObzYKpDPfcAtgcKlUNWWf8jmGQ8l1EQStFlDgLmQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 19:54:46 GMT
content-type: image/svg+xml
last-modified: Fri, 10 May 2024 17:29:21 GMT
etag: W/"663e5971-283"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1134
expires: Fri, 10 May 2024 23:54:46 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c7ba65c3f56bd-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/gameart.7beff0d18.svg | 154.197.121.128 | 200 OK | 2.6 kB |
URL GET HTTP/21win-cdn.com/img/gameart.7beff0d18.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash0316280cc350cb02b448e29142cbc493 16182a01de1fe9f3918bdfff51002844776c1b08 be85aab3a3bd01ae6471157366d278a01d650882cccaa670c8d5472eda92a073
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/gameart.7beff0d18.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwvs.com/
Cookie: __cf_bm=Wq3EX7zczwCS9p_ulHYQmQqDou7Iht4EtZFlteAdx38-1715370880-1.0.1.1-0IX2ip5qCEd0q5X0XQzxXmIMQeNsrPpD6nTviJIdKZHDg6ObzYKpDPfcAtgcKlUNWWf8jmGQ8l1EQStFlDgLmQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 19:54:46 GMT
content-type: image/svg+xml
last-modified: Fri, 10 May 2024 17:29:21 GMT
etag: W/"663e5971-a30"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1140
expires: Fri, 10 May 2024 23:54:46 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c7ba5eb8f56bd-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/liw.134f23084.svg | 154.197.121.128 | 200 OK | 7.8 kB |
URL GET HTTP/21win-cdn.com/img/liw.134f23084.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash264daa943330a145d35b4c46632ff260 9eb716994914e9640f1a2965a0cef6eeb6c2eba0 f0224d25386512226df690d731c56ff27c141f6c608684d2c3d67fa9e26594de
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/liw.134f23084.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwvs.com/
Cookie: __cf_bm=Wq3EX7zczwCS9p_ulHYQmQqDou7Iht4EtZFlteAdx38-1715370880-1.0.1.1-0IX2ip5qCEd0q5X0XQzxXmIMQeNsrPpD6nTviJIdKZHDg6ObzYKpDPfcAtgcKlUNWWf8jmGQ8l1EQStFlDgLmQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 19:54:46 GMT
content-type: image/svg+xml
last-modified: Fri, 10 May 2024 17:29:21 GMT
etag: W/"663e5971-1e9e"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 552
expires: Fri, 10 May 2024 23:54:46 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c7ba73d2856bd-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/spearhead.27c37f3dd.svg | 154.197.121.128 | 200 OK | 1.2 kB |
URL GET HTTP/21win-cdn.com/img/spearhead.27c37f3dd.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hashb7d0037b4b499acbf11a3a7d22d9f7e8 b4a122e841ea28158af2f35adaf0b802713ffda3 aaa2c2f064d9c7709062169ce8ef64c7e6158b89d6700351c1be538cb0bdc0fe
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/spearhead.27c37f3dd.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwvs.com/
Cookie: __cf_bm=Wq3EX7zczwCS9p_ulHYQmQqDou7Iht4EtZFlteAdx38-1715370880-1.0.1.1-0IX2ip5qCEd0q5X0XQzxXmIMQeNsrPpD6nTviJIdKZHDg6ObzYKpDPfcAtgcKlUNWWf8jmGQ8l1EQStFlDgLmQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 19:54:46 GMT
content-type: image/svg+xml
last-modified: Fri, 10 May 2024 17:29:21 GMT
etag: W/"663e5971-4aa"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1134
expires: Fri, 10 May 2024 23:54:46 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c7ba81e3d56bd-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/1play/0c8b561e-d1d5-4e08-903f-f0b53d280c7c.jpg@avif | 172.67.181.254 | 200 OK | 5.6 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/1play/0c8b561e-d1d5-4e08-903f-f0b53d280c7c.jpg@avif IP172.67.181.254:443
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hashbaf3f199ffdfb682bbcd9d3837e517c0 3803d7a122952937942ab92c0724af229c4f2dfe 2e33b0efc808c5c2e8e2741821e0b3aa7f595fd7c5d14b51a5b0b75c5fd87058
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/1play/0c8b561e-d1d5-4e08-903f-f0b53d280c7c.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwvs.com/
Cookie: __cf_bm=Wq3EX7zczwCS9p_ulHYQmQqDou7Iht4EtZFlteAdx38-1715370880-1.0.1.1-0IX2ip5qCEd0q5X0XQzxXmIMQeNsrPpD6nTviJIdKZHDg6ObzYKpDPfcAtgcKlUNWWf8jmGQ8l1EQStFlDgLmQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 19:54:45 GMT
content-type: image/avif
content-length: 5627
cache-control: public, max-age=31536000
content-disposition: inline; filename="0c8b561e-d1d5-4e08-903f-f0b53d280c7c.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1YjM4MThkLTE2MjkwIg"
x-request-id: sqvHPCw8RSGhIoq_jQMf2
cf-cache-status: HIT
age: 271864
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kvtqPp9vY6KCNWD0BV%2FOjG7SE13QW9x1X4aA4eI7HhkhoM9s6Pf83fk1ezilnFxKIBTp517CH%2BoGDuXr3ON1l5ibRGrxsjH3Af%2FpeUTiXsBCTtRKsFvm9G64vZDTFAMjrsRdrJ%2Brw1I%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c7ba2bd2256c0-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/atp.e87cf2801.svg | 154.197.121.128 | 200 OK | 12 kB |
URL GET HTTP/21win-cdn.com/img/atp.e87cf2801.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash3fc6d0c6036c51b4dfe66e116e849214 86ce1aaadafc27a3777f00411012d449f3ae9637 8f671c058e48d1614f577f5acae1f1c27c7ce6af1cc2bcebb8cdacc1280f5207
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/atp.e87cf2801.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwvs.com/
Cookie: __cf_bm=Wq3EX7zczwCS9p_ulHYQmQqDou7Iht4EtZFlteAdx38-1715370880-1.0.1.1-0IX2ip5qCEd0q5X0XQzxXmIMQeNsrPpD6nTviJIdKZHDg6ObzYKpDPfcAtgcKlUNWWf8jmGQ8l1EQStFlDgLmQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 19:54:45 GMT
content-type: image/svg+xml
last-modified: Fri, 10 May 2024 17:29:21 GMT
etag: W/"663e5971-2f1a"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 514
expires: Fri, 10 May 2024 23:54:45 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c7b9fbb7156bd-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/cyberslots.988fdd12e.svg | 154.197.121.128 | 200 OK | 2.3 kB |
URL GET HTTP/21win-cdn.com/img/cyberslots.988fdd12e.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hashaeeace00abaabb5ae6a47e900873f09b d6e4385ea3efcfbfba30b6f0a58ea08ec9a11a95 0c1fdd20cf809c07733b67a12eb0f3cdc88a57ebcbb2ba293a717b4b9b3865ab
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/cyberslots.988fdd12e.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwvs.com/
Cookie: __cf_bm=Wq3EX7zczwCS9p_ulHYQmQqDou7Iht4EtZFlteAdx38-1715370880-1.0.1.1-0IX2ip5qCEd0q5X0XQzxXmIMQeNsrPpD6nTviJIdKZHDg6ObzYKpDPfcAtgcKlUNWWf8jmGQ8l1EQStFlDgLmQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 19:54:45 GMT
content-type: image/svg+xml
last-modified: Fri, 10 May 2024 17:29:21 GMT
etag: W/"663e5971-901"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 551
expires: Fri, 10 May 2024 23:54:45 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c7ba55ac756bd-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/endorphina.20b721ba6.svg | 154.197.121.128 | 200 OK | 7.1 kB |
URL GET HTTP/21win-cdn.com/img/endorphina.20b721ba6.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hasha89aae2f962bcb01ecb8e3ddd113b797 706e09d5fa8312ec4cd3c7ca606ad19edca158d9 3a3f4f70b1c092a12634c8a8fbf3409fa001ee6d9a1eed7f0a3a5cfe5866dd6a
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/endorphina.20b721ba6.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwvs.com/
Cookie: __cf_bm=Wq3EX7zczwCS9p_ulHYQmQqDou7Iht4EtZFlteAdx38-1715370880-1.0.1.1-0IX2ip5qCEd0q5X0XQzxXmIMQeNsrPpD6nTviJIdKZHDg6ObzYKpDPfcAtgcKlUNWWf8jmGQ8l1EQStFlDgLmQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 19:54:45 GMT
content-type: image/svg+xml
last-modified: Fri, 10 May 2024 17:29:21 GMT
etag: W/"663e5971-1bc9"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1831
expires: Fri, 10 May 2024 23:54:45 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c7ba57ae756bd-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/genii.367222bbe.svg | 154.197.121.128 | 200 OK | 3.8 kB |
URL GET HTTP/21win-cdn.com/img/genii.367222bbe.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash237593257bbdb3559e06330cf7e76c54 c3e1a90bb3397fff3428fdd71d2a4d7df74ea164 2b84c2a6e55531b52b615ebaba90cd7bb757fe1399e901927b4aba9f1718b097
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/genii.367222bbe.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwvs.com/
Cookie: __cf_bm=Wq3EX7zczwCS9p_ulHYQmQqDou7Iht4EtZFlteAdx38-1715370880-1.0.1.1-0IX2ip5qCEd0q5X0XQzxXmIMQeNsrPpD6nTviJIdKZHDg6ObzYKpDPfcAtgcKlUNWWf8jmGQ8l1EQStFlDgLmQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 19:54:46 GMT
content-type: image/svg+xml
last-modified: Fri, 10 May 2024 17:29:21 GMT
etag: W/"663e5971-ecd"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1140
expires: Fri, 10 May 2024 23:54:46 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c7ba67c5656bd-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| www.gstatic.com/recaptcha/releases/vjbW55W42X033PfTdVf6Ft4q/recaptcha__en.js | 142.250.74.35 | 200 OK | 514 kB |
URL GET HTTP/2www.gstatic.com/recaptcha/releases/vjbW55W42X033PfTdVf6Ft4q/recaptcha__en.js IP142.250.74.35:443
CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT
File typeJavaScript source, ASCII text, with very long lines (632) Size514 kB (514225 bytes) Hashadd520996e437bff5d081315da187fbf 2e489fe16f3712bf36df00b03a8a5af8fa8d4b42 922b951591d52d44aa7015ebc95cab08192aa435b64f9016673ac5da1124a8b4
GET /recaptcha/releases/vjbW55W42X033PfTdVf6Ft4q/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1wwvs.com
DNT: 1
Connection: keep-alive
Referer: https://1wwvs.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 204445
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 06 May 2024 16:12:34 GMT
expires: Tue, 06 May 2025 16:12:34 GMT
cache-control: public, max-age=31536000
last-modified: Sun, 05 May 2024 20:00:16 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 358931
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/icons-pack-payment-full.c748a9e6d.js | 154.197.121.128 | 200 OK | 121 kB |
URL GET HTTP/21win-cdn.com/js/icons-pack-payment-full.c748a9e6d.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size121 kB (121043 bytes) Hash3db61399d0d4c57b17b5a337d59e3f0e 9312e9b832f7c0cc755c7c8b867986babdac8628 876516cc68bca8bef6cc55a91e8f13c040dfd4d63be038326fcc515eb22ad026
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/icons-pack-payment-full.c748a9e6d.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwvs.com/
Cookie: __cf_bm=Wq3EX7zczwCS9p_ulHYQmQqDou7Iht4EtZFlteAdx38-1715370880-1.0.1.1-0IX2ip5qCEd0q5X0XQzxXmIMQeNsrPpD6nTviJIdKZHDg6ObzYKpDPfcAtgcKlUNWWf8jmGQ8l1EQStFlDgLmQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 19:54:44 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-1d8d3"
expires: Mon, 08 May 2034 19:54:44 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 872854
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c7b9c0f6e56bd-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/index.53e277048.js | 154.197.121.128 | 200 OK | 201 kB |
URL GET HTTP/21win-cdn.com/js/index.53e277048.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Size201 kB (201376 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/index.53e277048.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwvs.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 19:54:40 GMT
content-type: application/javascript; charset=utf-8
last-modified: Fri, 10 May 2024 17:29:21 GMT
etag: W/"663e5971-312a0"
expires: Mon, 08 May 2034 19:54:40 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 8417
set-cookie: __cf_bm=t23iEdnGiv3DeHc2P2dnTmx.BNkJDyJeEa6VnyZ8CXU-1715370880-1.0.1.1-C7T7nOL9erGEQCedpjCriM8bhAcdw9WkHkiVntCh1O4lbS81zM0y0.7G9wF0cpn1A9sbmVAacvkgol.4tIRtsw; path=/; expires=Fri, 10-May-24 20:24:40 GMT; domain=.1win-cdn.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c7b833b7c56bd-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/bombay%20live.ab678ab94.svg | 154.197.121.128 | 200 OK | 1.5 kB |
URL GET HTTP/21win-cdn.com/img/bombay%20live.ab678ab94.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash291aed0c4eee33d7354cb7440283934c ed96adcc70c1f20adad6a9b7a4fa494c45a0d66e e74a67564e0b43deb9d4a6cf97c232567d7dc8111c457c32360d695c21692291
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/bombay%20live.ab678ab94.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwvs.com/
Cookie: __cf_bm=Wq3EX7zczwCS9p_ulHYQmQqDou7Iht4EtZFlteAdx38-1715370880-1.0.1.1-0IX2ip5qCEd0q5X0XQzxXmIMQeNsrPpD6nTviJIdKZHDg6ObzYKpDPfcAtgcKlUNWWf8jmGQ8l1EQStFlDgLmQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 19:54:45 GMT
content-type: image/svg+xml
last-modified: Fri, 10 May 2024 17:29:21 GMT
etag: W/"663e5971-5b4"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 4750
expires: Fri, 10 May 2024 23:54:45 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c7ba52a8656bd-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/onetouch.b026a50c5.svg | 154.197.121.128 | 200 OK | 2.4 kB |
URL GET HTTP/21win-cdn.com/img/onetouch.b026a50c5.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hashf04cb7d15621db8eda5af2216a4f824f a0aa7231bfbe4ddc48be81716c3b31ba5c1702ec de4ec671f76aa1afb93d074c5ea3b64d3d759cf404a142b359be0d9fccedb84e
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/onetouch.b026a50c5.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwvs.com/
Cookie: __cf_bm=Wq3EX7zczwCS9p_ulHYQmQqDou7Iht4EtZFlteAdx38-1715370880-1.0.1.1-0IX2ip5qCEd0q5X0XQzxXmIMQeNsrPpD6nTviJIdKZHDg6ObzYKpDPfcAtgcKlUNWWf8jmGQ8l1EQStFlDgLmQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 19:54:46 GMT
content-type: image/svg+xml
last-modified: Fri, 10 May 2024 17:29:21 GMT
etag: W/"663e5971-95a"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1140
expires: Fri, 10 May 2024 23:54:46 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c7ba77d7956bd-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/spinmatic.f74cf69af.svg | 154.197.121.128 | 200 OK | 2.2 kB |
URL GET HTTP/21win-cdn.com/img/spinmatic.f74cf69af.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash12c6733c47b71d93b36447dcb999d080 f6440015ef35215d9009b4f08340145df1f7d9e1 fb365d3e4d36a26db4aae3e00690d0b35f5289b5e80c371ed687b7239be22f07
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/spinmatic.f74cf69af.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwvs.com/
Cookie: __cf_bm=Wq3EX7zczwCS9p_ulHYQmQqDou7Iht4EtZFlteAdx38-1715370880-1.0.1.1-0IX2ip5qCEd0q5X0XQzxXmIMQeNsrPpD6nTviJIdKZHDg6ObzYKpDPfcAtgcKlUNWWf8jmGQ8l1EQStFlDgLmQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 19:54:46 GMT
content-type: image/svg+xml
last-modified: Fri, 10 May 2024 17:29:21 GMT
etag: W/"663e5971-86d"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1140
expires: Fri, 10 May 2024 23:54:46 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c7ba81e4056bd-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/dummy/plain/https://1win-cdn.com/img/bonus.8be9e8f98-362.png@png | 0.0.0.0 | | 0 B |
URL GET imgproxy.1win-cdn.com/unsafe/dummy/plain/https://1win-cdn.com/img/bonus.8be9e8f98-362.png@png IP0.0.0.0:0
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/dummy/plain/https://1win-cdn.com/img/bonus.8be9e8f98-362.png@png HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwvs.com/
Cookie: __cf_bm=Wq3EX7zczwCS9p_ulHYQmQqDou7Iht4EtZFlteAdx38-1715370880-1.0.1.1-0IX2ip5qCEd0q5X0XQzxXmIMQeNsrPpD6nTviJIdKZHDg6ObzYKpDPfcAtgcKlUNWWf8jmGQ8l1EQStFlDgLmQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
|
|
| 1win-cdn.com/img/apparat.f7a706d8e.svg | 154.197.121.128 | 200 OK | 387 B |
URL GET HTTP/21win-cdn.com/img/apparat.f7a706d8e.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hashc263fae5892b9bdd3fa5e761a8aeb723 4646d9080fe51e04962c1f2dabf13119c6d71a41 2a333baf6e1f1e4d92fa73faae466563009d96e860c1423519b890b68153b70d
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/apparat.f7a706d8e.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwvs.com/
Cookie: __cf_bm=Wq3EX7zczwCS9p_ulHYQmQqDou7Iht4EtZFlteAdx38-1715370880-1.0.1.1-0IX2ip5qCEd0q5X0XQzxXmIMQeNsrPpD6nTviJIdKZHDg6ObzYKpDPfcAtgcKlUNWWf8jmGQ8l1EQStFlDgLmQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 19:54:45 GMT
content-type: image/svg+xml
last-modified: Fri, 10 May 2024 17:29:21 GMT
etag: W/"663e5971-183"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 3934
expires: Fri, 10 May 2024 23:54:45 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c7ba4b9cb56bd-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/ezugi.a9c66babd.svg | 154.197.121.128 | 200 OK | 1.4 kB |
URL GET HTTP/21win-cdn.com/img/ezugi.a9c66babd.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash329b99ccd51d8cd3e1a5c8a1b83a84eb ad907259ddfcffb089829ad24a4411ff1cd4b1c0 96e851dca3bca1d7d99061ec91cab28bd2c037ce8732e80a4ed601e86c0e67c4
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/ezugi.a9c66babd.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwvs.com/
Cookie: __cf_bm=Wq3EX7zczwCS9p_ulHYQmQqDou7Iht4EtZFlteAdx38-1715370880-1.0.1.1-0IX2ip5qCEd0q5X0XQzxXmIMQeNsrPpD6nTviJIdKZHDg6ObzYKpDPfcAtgcKlUNWWf8jmGQ8l1EQStFlDgLmQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 19:54:46 GMT
content-type: image/svg+xml
last-modified: Fri, 10 May 2024 17:29:21 GMT
etag: W/"663e5971-59f"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 4769
expires: Fri, 10 May 2024 23:54:46 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c7ba5bb4056bd-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/reelplay.06dc7f4c0.svg | 154.197.121.128 | 200 OK | 25 kB |
URL GET HTTP/21win-cdn.com/img/reelplay.06dc7f4c0.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hashb322085b94eec118c20d5acba9ea8465 616f9440231bd629e6d2b6aea1d1baac51386151 542c8ac685d4bf37c20fe8c1b758db347c1300495f467ee0cf4d335239c42b26
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/reelplay.06dc7f4c0.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwvs.com/
Cookie: __cf_bm=Wq3EX7zczwCS9p_ulHYQmQqDou7Iht4EtZFlteAdx38-1715370880-1.0.1.1-0IX2ip5qCEd0q5X0XQzxXmIMQeNsrPpD6nTviJIdKZHDg6ObzYKpDPfcAtgcKlUNWWf8jmGQ8l1EQStFlDgLmQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 19:54:46 GMT
content-type: image/svg+xml
last-modified: Fri, 10 May 2024 17:29:21 GMT
etag: W/"663e5971-60b9"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 552
expires: Fri, 10 May 2024 23:54:46 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c7ba7bdba56bd-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/sprite-poker@2.a38733e7a-256.webp | 154.197.121.128 | 200 OK | 361 kB |
URL GET HTTP/21win-cdn.com/img/sprite-poker@2.a38733e7a-256.webp IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeRIFF (little-endian) data, Web/P image Size361 kB (360930 bytes) Hash3da44652926631bc4fc847cfcbad6c71 a5f7955272162e543d5db897e200d00d3af22b22 354fe37cee669fe141e1e1dcb3b5a12df1ff2b9b34be38b4f2e20dd46fdb7d2a
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/sprite-poker@2.a38733e7a-256.webp HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwvs.com/
Cookie: __cf_bm=Wq3EX7zczwCS9p_ulHYQmQqDou7Iht4EtZFlteAdx38-1715370880-1.0.1.1-0IX2ip5qCEd0q5X0XQzxXmIMQeNsrPpD6nTviJIdKZHDg6ObzYKpDPfcAtgcKlUNWWf8jmGQ8l1EQStFlDgLmQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 19:54:44 GMT
content-type: image/webp
content-length: 360930
last-modified: Fri, 10 May 2024 17:29:21 GMT
etag: "663e5971-581e2"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 551
expires: Fri, 10 May 2024 23:54:44 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c7b9cb83656bd-OSL
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/1play/8cd3ae6e-3840-454e-8e42-434cd48af16c.jpg@png | 0.0.0.0 | | 0 B |
URL GET imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/1play/8cd3ae6e-3840-454e-8e42-434cd48af16c.jpg@png IP0.0.0.0:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/1play/8cd3ae6e-3840-454e-8e42-434cd48af16c.jpg@png HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwvs.com/
Cookie: __cf_bm=Wq3EX7zczwCS9p_ulHYQmQqDou7Iht4EtZFlteAdx38-1715370880-1.0.1.1-0IX2ip5qCEd0q5X0XQzxXmIMQeNsrPpD6nTviJIdKZHDg6ObzYKpDPfcAtgcKlUNWWf8jmGQ8l1EQStFlDgLmQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
|
|
| 1win-cdn.com/img/pg%20soft.fdb9d6567.svg | 154.197.121.128 | 200 OK | 1.4 kB |
URL GET HTTP/21win-cdn.com/img/pg%20soft.fdb9d6567.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash71eb5806fcdd473839d2654d03c3fd5e 76a63507f2c2a26ffc343182aaa5d3278197ab88 dcf4ddaaf54ac6541b02df2c9198fe4743b219ec65ec8caa67b999e6a07335dd
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/pg%20soft.fdb9d6567.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwvs.com/
Cookie: __cf_bm=Wq3EX7zczwCS9p_ulHYQmQqDou7Iht4EtZFlteAdx38-1715370880-1.0.1.1-0IX2ip5qCEd0q5X0XQzxXmIMQeNsrPpD6nTviJIdKZHDg6ObzYKpDPfcAtgcKlUNWWf8jmGQ8l1EQStFlDgLmQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 19:54:46 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: W/"663bfc40-5a0"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 4586
expires: Fri, 10 May 2024 23:54:46 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c7ba78d8c56bd-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/swintt.7c851d380.svg | 154.197.121.128 | 200 OK | 427 B |
URL GET HTTP/21win-cdn.com/img/swintt.7c851d380.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash90e9054f87471fee18244fbfaa5c2434 e4f14ab709714096c57f1e9941c4f28aacdae8f0 b0bec97d4b607d5aafa8a013b13b9cd75579c41d514ddba2caa53070867e95ef
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/swintt.7c851d380.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwvs.com/
Cookie: __cf_bm=Wq3EX7zczwCS9p_ulHYQmQqDou7Iht4EtZFlteAdx38-1715370880-1.0.1.1-0IX2ip5qCEd0q5X0XQzxXmIMQeNsrPpD6nTviJIdKZHDg6ObzYKpDPfcAtgcKlUNWWf8jmGQ8l1EQStFlDgLmQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 19:54:46 GMT
content-type: image/svg+xml
last-modified: Fri, 10 May 2024 17:29:21 GMT
etag: W/"663e5971-1ab"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1391
expires: Fri, 10 May 2024 23:54:46 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c7ba82e4e56bd-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/chunk-common.1cc012ae5.js | 154.197.121.128 | 200 OK | 192 kB |
URL GET HTTP/21win-cdn.com/js/chunk-common.1cc012ae5.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Size192 kB (191566 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/chunk-common.1cc012ae5.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwvs.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 19:54:40 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: W/"663bfc40-2ec4e"
expires: Mon, 08 May 2034 19:54:40 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 163371
set-cookie: __cf_bm=ztjtiDHFBa.aNfOLL3g1XkgW2XOyEbFVxhE8Pt4ABk4-1715370880-1.0.1.1-GPXFSYEfn..BLex9mNSXRIHUndBwTnFzJ3RHmM289ujp_sVjcqcz_g3lOjSHswveeMOL50o4nWF_XSuWVuH48Q; path=/; expires=Fri, 10-May-24 20:24:40 GMT; domain=.1win-cdn.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c7b833b7856bd-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
0.0.0.0