Report - aviatoroficial.com/wp-content/

Report Overview

Submitted URL
aviatoroficial.com/wp-content/
IP
193.168.131.85
ASN
#35278 Sprinthost.ru LLC
Submitted
2024-05-07 18:20:57
Access
public
Website Title
Anmeldung | SwissPass
Final URL
1win-pro.kz/sola/
Tags
swosspass phishing transport
urlquery detections
Phishing - SwissPass

Detections

urlquery
29
Network Intrusion Detection
0
Threat Detection Systems
42

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
1win-pro.kz	unknown	2023-06-07	2023-06-07	2023-08-26	10 kB	263 kB	193.168.131.85
userstatics.com	unknown	2020-11-05	2020-11-06	2024-05-03	436 B	809 B	0.0.0.0

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2024-05-06	medium	1win-pro.kz/sola/	SBB

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-07	medium	1win-pro.kz	Sinkholed
2024-05-07	medium	1win-pro.kz	Sinkholed
2024-05-07	medium	1win-pro.kz	Sinkholed
2024-05-07	medium	1win-pro.kz	Sinkholed
2024-05-07	medium	1win-pro.kz	Sinkholed
2024-05-07	medium	1win-pro.kz	Sinkholed
2024-05-07	medium	1win-pro.kz	Sinkholed
2024-05-07	medium	1win-pro.kz	Sinkholed
2024-05-07	medium	1win-pro.kz	Sinkholed
2024-05-07	medium	1win-pro.kz	Sinkholed
2024-05-07	medium	1win-pro.kz	Sinkholed
2024-05-07	medium	1win-pro.kz	Sinkholed
2024-05-07	medium	1win-pro.kz	Sinkholed
2024-05-07	medium	1win-pro.kz	Sinkholed
2024-05-07	medium	1win-pro.kz	Sinkholed
2024-05-07	medium	1win-pro.kz	Sinkholed
2024-05-07	medium	1win-pro.kz	Sinkholed
2024-05-07	medium	1win-pro.kz	Sinkholed
2024-05-07	medium	1win-pro.kz	Sinkholed
2024-05-07	medium	1win-pro.kz	Sinkholed

ThreatFox

No alerts detected

JavaScript (14)

	URL	Size	First Seen	Last Seen
	1win-pro.kz/sola/js/jquery-20200819.js	97 kB	2023-11-18	2024-05-19
Pretty URL 1win-pro.kz/sola/js/jquery-20200819.js IP 193.168.131.85 ASN #35278 Sprinthost.ru LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-18 18:24:47 Last Seen2024-05-19 09:13:54 Times Seen349 Hash b6c9978c306ef264158551c140a4c475 a8316d0f66cc97376d60ae86a47c7efb3b8134ac 2b2485b0669a2f73c4846e82eb5a37421358591a8ac8ba21d8149bfb88adcbfb Loading...

	1win-pro.kz/sola/	122 B	2023-04-01	2024-05-19
Pretty URL 1win-pro.kz/sola/ IP 193.168.131.85 ASN #35278 Sprinthost.ru LLC Introduced by scriptElement Embedded in HTML true Observations First Seen2023-04-01 10:47:26 Last Seen2024-05-19 09:13:54 Times Seen689 Hash 713aeea58cd01d7b9ac09bfcea2367e1 0edb9d4d94e7eaec5ece698656d35f26913eb570 cebaedab49b32eba60e39fd9412496c01d842a714005e33c90a1a6bdfc60a558 Loading...

	1win-pro.kz/sola/js/modernizr-20200819.js	7.8 kB	2023-11-18	2024-05-19
Pretty URL 1win-pro.kz/sola/js/modernizr-20200819.js IP 193.168.131.85 ASN #35278 Sprinthost.ru LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-18 18:24:47 Last Seen2024-05-19 09:13:54 Times Seen421 Hash 1fa235981d7cbf5eb6098a7523afc383 b764fad44ab2448d9924c2b0cf73ccee7b768c16 7a9fa521a58ee93001981f3a7db498c589233d8cc616e8d09af0119388a865bc Loading...

	1win-pro.kz/sola/	1.2 kB	2024-02-24	2024-05-15
Pretty URL 1win-pro.kz/sola/ IP 193.168.131.85 ASN #35278 Sprinthost.ru LLC Introduced by scriptElement Embedded in HTML true Observations First Seen2024-02-24 11:55:29 Last Seen2024-05-15 07:14:23 Times Seen56 Hash 0003a35913d88e064084cdc8757c5a10 87e8484e41958958700a8adfbef092b4eb59d978 78ff2848f2b16000ceb27138b4a6472562f94609f64e1b7bf011e048b278f036 Loading...

	1win-pro.kz/sola/js/swisspass.min-20200819.js	99 kB	2023-11-18	2024-05-19
Pretty URL 1win-pro.kz/sola/js/swisspass.min-20200819.js IP 193.168.131.85 ASN #35278 Sprinthost.ru LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-18 18:24:47 Last Seen2024-05-19 09:13:54 Times Seen248 Hash a8deceea0458745a7c0f562c65e01e27 850c4796889f9173e30e016916155941cab3ae31 9c50211b34ab0377f3b35c243c98e402315127bfa5b51e147cb22c702174ca60 Loading...

	1win-pro.kz/sola/	1.3 kB	2023-04-01	2024-05-19
Pretty URL 1win-pro.kz/sola/ IP 193.168.131.85 ASN #35278 Sprinthost.ru LLC Introduced by scriptElement Embedded in HTML true Observations First Seen2023-04-01 10:47:26 Last Seen2024-05-19 09:13:54 Times Seen689 Hash 801a46fa9aeeaf954acd83bf806928d9 1f04f3395a9267b3b49f05e332faaf526083d8f8 bb0e4a47c01bfbef3dfe6bab3fa0c8b411b201a287702a2722d155bd1a1b6298 Loading...

	1win-pro.kz/sola/js/otSDKStub.js	21 kB	2023-12-11	2024-05-15
Pretty URL 1win-pro.kz/sola/js/otSDKStub.js IP 193.168.131.85 ASN #35278 Sprinthost.ru LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-11 10:24:41 Last Seen2024-05-15 07:14:23 Times Seen17214 Hash 2f292f6a7adb6a596ad8f4393d846320 2d0c36d9bb4485ac0fbdf3d21afd24b55ba9ffdd 6d72fa0f78c80b1874d3ee4aadf43d973edc442a65fef83d37e684ac559893b7 Loading...

	1win-pro.kz/sola/	78 B	2023-04-01	2024-05-19
Pretty URL 1win-pro.kz/sola/ IP 193.168.131.85 ASN #35278 Sprinthost.ru LLC Introduced by scriptElement Embedded in HTML true Observations First Seen2023-04-01 10:47:26 Last Seen2024-05-19 09:13:54 Times Seen689 Hash d4f26d1da47678006e67e5fd79a88ad9 fe725245d62d62b88207e35da5fceb09e43aac50 d7d7889cb348f7e9cf13d05d8eeea3a489b72e8ab58bb74d2cf729a3ab1d0377 Loading...

	1win-pro.kz/sola/	3.6 kB	2023-04-01	2024-05-19
Pretty URL 1win-pro.kz/sola/ IP 193.168.131.85 ASN #35278 Sprinthost.ru LLC Introduced by scriptElement Embedded in HTML true Observations First Seen2023-04-01 10:47:26 Last Seen2024-05-19 09:13:54 Times Seen688 Hash 399145ad4b661f389b189a7859447fca 8f84097c65c1ae82fa7c9f44af016277d44f5489 d79ff28f0b8b29873e29747e25953c44056b945cfd7d66bc16442950676deed1 Loading...

	1win-pro.kz/sola/	874 B	2023-04-01	2024-05-19
Pretty URL 1win-pro.kz/sola/ IP 193.168.131.85 ASN #35278 Sprinthost.ru LLC Introduced by scriptElement Embedded in HTML true Observations First Seen2023-04-01 10:47:26 Last Seen2024-05-19 09:13:54 Times Seen688 Hash 1f11ff1516de147edbc859172b88b90f ff41ecad197c7a41e95c051691f24f7c4809ecce ec11e1250a7ae1b1b398c4c87c7faff45940cebf586c6ace0a61bc0cfbffce47 Loading...

	1win-pro.kz/sola/js/launch-6cc731e967aa.min.js	127 kB	2023-11-23	2024-05-15
Pretty URL 1win-pro.kz/sola/js/launch-6cc731e967aa.min.js IP 193.168.131.85 ASN #35278 Sprinthost.ru LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-23 03:47:24 Last Seen2024-05-15 07:14:23 Times Seen1198 Hash d5bf712a6ebd7590bb155ad6e1290f49 7161acdca9b24c3189fe2d8e9807faee2cccd345 f053f049a78c3afbce0d34f57d0bea4a24f7964d0e1e45197a35c06124b5e357 Loading...

	1win-pro.kz/sola/js/vendor.min-20200819.js	180 kB	2024-02-24	2024-05-15
Pretty URL 1win-pro.kz/sola/js/vendor.min-20200819.js IP 193.168.131.85 ASN #35278 Sprinthost.ru LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2024-02-24 11:55:29 Last Seen2024-05-15 07:14:23 Times Seen69 Hash 8f916bd4e6cfe62afe2cae47700cb217 a00a66f4035990b014b1184c7d8ce0ad761c0204 233ddeda2a0fbeee053d13f25669fe187bdef4fe708aacfadddd560905d209f1 Loading...

	1win-pro.kz/sola/	0 B	2023-03-07	2024-05-19
Pretty URL 1win-pro.kz/sola/ IP 193.168.131.85 ASN #35278 Sprinthost.ru LLC Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-19 17:01:55 Times Seen37835173 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	userstatics.com/get/script.js?referrer=https://1win-pro.kz/sola/	133 B	2023-11-04	2024-05-19
Pretty URL userstatics.com/get/script.js?referrer=https://1win-pro.kz/sola/ IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-04 00:48:23 Last Seen2024-05-19 12:37:32 Times Seen1011 Hash fea7fbf2c619fd4b7716fcaa64070c6c f192732937981a26f526b7c1293a2ae13bc59a22 df9690fea031319de38a437cb6d393026c4aae70642ed394c4254ed64f035b26 Loading...

HTTP Transactions (21)

URL IP Response Size

1win-pro.kz/sola/js/modernizr-20200819.js

193.168.131.85

200 OK

3.5 kB

URL GET HTTP/2
1win-pro.kz/sola/js/modernizr-20200819.js
IP
193.168.131.85:443
ASN
#35278 Sprinthost.ru LLC

Requested by
https://1win-pro.kz/sola/
Certificate
IssuerLet's Encrypt
Subject1win-pro.kz
Fingerprint13:51:1F:5B:AD:15:EC:A1:F0:3C:FD:3D:17:46:71:3F:E8:83:3B:24
ValidityMon, 08 Apr 2024 21:35:14 GMT - Sun, 07 Jul 2024 21:35:13 GMT

File type
JavaScript source, ASCII text, with very long lines (7466), with CRLF line terminators
Size
3.5 kB (3456 bytes)
Hash
1fa235981d7cbf5eb6098a7523afc383
b764fad44ab2448d9924c2b0cf73ccee7b768c16
7a9fa521a58ee93001981f3a7db498c589233d8cc616e8d09af0119388a865bc

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - SwissPass
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sola/js/modernizr-20200819.js HTTP/1.1
Host: 1win-pro.kz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1win-pro.kz/sola/
Cookie: __ddg1_=ZicbXGANuX5TBTYgnicj
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: ddos-guard
date: Tue, 07 May 2024 15:52:43 GMT
content-type: application/x-javascript
last-modified: Wed, 03 Jan 2024 10:19:56 GMT
vary: Accept-Encoding
etag: W/"659534cc-1e5c"
expires: Tue, 14 May 2024 15:52:43 GMT
cache-control: max-age=604800
content-encoding: br
age: 8871
content-length: 3456
ddg-cache-status: HIT
X-Firefox-Spdy: h2

1win-pro.kz/sola/css/sso.min-20200819.css

193.168.131.85

200 OK

22 kB

URL GET HTTP/2
1win-pro.kz/sola/css/sso.min-20200819.css
IP
193.168.131.85:443
ASN
#35278 Sprinthost.ru LLC

Requested by
https://1win-pro.kz/sola/
Certificate
IssuerLet's Encrypt
Subject1win-pro.kz
Fingerprint13:51:1F:5B:AD:15:EC:A1:F0:3C:FD:3D:17:46:71:3F:E8:83:3B:24
ValidityMon, 08 Apr 2024 21:35:14 GMT - Sun, 07 Jul 2024 21:35:13 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
22 kB (22020 bytes)
Hash
2ddb1225dc6584163d71ce40e8de59a7
7a609fb32c570a34fd49d22756b3d0290da9aea3
c365cf63e0edecc072b99e919e45604dfbca32ec0a19dac39275c9c67d334caf

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - SwissPass
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sola/css/sso.min-20200819.css HTTP/1.1
Host: 1win-pro.kz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1win-pro.kz/sola/
Cookie: __ddg1_=ZicbXGANuX5TBTYgnicj
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: ddos-guard
date: Tue, 07 May 2024 15:27:06 GMT
content-type: text/css
last-modified: Wed, 03 Jan 2024 10:19:56 GMT
vary: Accept-Encoding
etag: W/"659534cc-2ce1f"
expires: Tue, 14 May 2024 15:27:06 GMT
cache-control: max-age=604800
content-encoding: br
age: 10407
content-length: 22020
ddg-cache-status: HIT
X-Firefox-Spdy: h2

1win-pro.kz/sola/

193.168.131.85

200 OK

13 kB

URL User Request GET HTTP/2
1win-pro.kz/sola/
IP
193.168.131.85:443
ASN
#35278 Sprinthost.ru LLC

Certificate
IssuerLet's Encrypt
Subject1win-pro.kz
Fingerprint13:51:1F:5B:AD:15:EC:A1:F0:3C:FD:3D:17:46:71:3F:E8:83:3B:24
ValidityMon, 08 Apr 2024 21:35:14 GMT - Sun, 07 Jul 2024 21:35:13 GMT

File type
gzip compressed data, from Unix
Size
13 kB (12827 bytes)
Hash
09f570a2d9b2f9108d044db1e467b299
9f559fc5139db4f354d4cd6ab503ac9b64e190b8
c82eecf70e131871b2879d4e215bfe6c38ca3232aca21b5d7f78e509927f6b04

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - SwissPass
OpenPhish	phishing	SBB
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sola/ HTTP/1.1
Host: 1win-pro.kz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg1_=ZicbXGANuX5TBTYgnicj; Domain=.1win-pro.kz; HttpOnly; Path=/; Expires=Wed, 07-May-2025 18:20:32 GMT
date: Tue, 07 May 2024 18:20:32 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

1win-pro.kz/sola/images/logo_text_de-20200819.svg

193.168.131.85

200 OK

14 kB

URL GET HTTP/2
1win-pro.kz/sola/images/logo_text_de-20200819.svg
IP
193.168.131.85:443
ASN
#35278 Sprinthost.ru LLC

Requested by
https://1win-pro.kz/sola/
Certificate
IssuerLet's Encrypt
Subject1win-pro.kz
Fingerprint13:51:1F:5B:AD:15:EC:A1:F0:3C:FD:3D:17:46:71:3F:E8:83:3B:24
ValidityMon, 08 Apr 2024 21:35:14 GMT - Sun, 07 Jul 2024 21:35:13 GMT

File type
SVG Scalable Vector Graphics image
Size
14 kB (14476 bytes)
Hash
512410d9227bb0c2481e175dce0eda72
1deb5d9f09592101e632a8351865d54b1d6a27f7
c337d42ed7979c6be0282900bd957dd9d112a430dc7761463d655eb8f0d9bc07

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - SwissPass
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sola/images/logo_text_de-20200819.svg HTTP/1.1
Host: 1win-pro.kz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1win-pro.kz/sola/
Cookie: __ddg1_=ZicbXGANuX5TBTYgnicj
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: ddos-guard
date: Tue, 07 May 2024 15:27:07 GMT
content-type: image/svg+xml
last-modified: Wed, 03 Jan 2024 10:19:56 GMT
vary: Accept-Encoding
etag: W/"659534cc-222c3"
expires: Tue, 14 May 2024 15:27:07 GMT
cache-control: max-age=604800
content-encoding: br
age: 10407
content-length: 14476
ddg-cache-status: HIT
X-Firefox-Spdy: h2

1win-pro.kz/sola/js/launch-6cc731e967aa.min.js

193.168.131.85

200 OK

38 kB

URL GET HTTP/2
1win-pro.kz/sola/js/launch-6cc731e967aa.min.js
IP
193.168.131.85:443
ASN
#35278 Sprinthost.ru LLC

Requested by
https://1win-pro.kz/sola/
Certificate
IssuerLet's Encrypt
Subject1win-pro.kz
Fingerprint13:51:1F:5B:AD:15:EC:A1:F0:3C:FD:3D:17:46:71:3F:E8:83:3B:24
ValidityMon, 08 Apr 2024 21:35:14 GMT - Sun, 07 Jul 2024 21:35:13 GMT

File type
JavaScript source, ASCII text, with very long lines (32765)
Size
38 kB (38310 bytes)
Hash
d5bf712a6ebd7590bb155ad6e1290f49
7161acdca9b24c3189fe2d8e9807faee2cccd345
f053f049a78c3afbce0d34f57d0bea4a24f7964d0e1e45197a35c06124b5e357

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - SwissPass
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sola/js/launch-6cc731e967aa.min.js HTTP/1.1
Host: 1win-pro.kz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1win-pro.kz/sola/
Cookie: __ddg1_=ZicbXGANuX5TBTYgnicj
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: ddos-guard
date: Tue, 07 May 2024 15:52:44 GMT
content-type: application/x-javascript
last-modified: Wed, 03 Jan 2024 10:19:56 GMT
vary: Accept-Encoding
etag: W/"659534cc-1efde"
expires: Tue, 14 May 2024 15:52:44 GMT
cache-control: max-age=604800
content-encoding: br
age: 8869
content-length: 38310
ddg-cache-status: HIT
X-Firefox-Spdy: h2

1win-pro.kz/sola/images/logo-20200819.svg

193.168.131.85

200 OK

2.5 kB

URL GET HTTP/2
1win-pro.kz/sola/images/logo-20200819.svg
IP
193.168.131.85:443
ASN
#35278 Sprinthost.ru LLC

Requested by
https://1win-pro.kz/sola/
Certificate
IssuerLet's Encrypt
Subject1win-pro.kz
Fingerprint13:51:1F:5B:AD:15:EC:A1:F0:3C:FD:3D:17:46:71:3F:E8:83:3B:24
ValidityMon, 08 Apr 2024 21:35:14 GMT - Sun, 07 Jul 2024 21:35:13 GMT

File type
SVG Scalable Vector Graphics image
Size
2.5 kB (2490 bytes)
Hash
795242580bfa3135028bd0750fdc1654
2c344b6662e62ddbdba49f635e1c33a827fe75d4
deeee170c3759a6ed35c0c05c5b935d0e7638f1c0c5677166918ecff6edb1909

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - SwissPass
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sola/images/logo-20200819.svg HTTP/1.1
Host: 1win-pro.kz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1win-pro.kz/sola/
Cookie: __ddg1_=ZicbXGANuX5TBTYgnicj
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: ddos-guard
date: Tue, 07 May 2024 15:52:43 GMT
content-type: image/svg+xml
last-modified: Wed, 03 Jan 2024 10:19:56 GMT
vary: Accept-Encoding
etag: W/"659534cc-1cce"
expires: Tue, 14 May 2024 15:52:43 GMT
cache-control: max-age=604800
content-encoding: br
age: 8871
content-length: 2490
ddg-cache-status: HIT
X-Firefox-Spdy: h2

1win-pro.kz/sola/images/loader-20200819.png

193.168.131.85

200 OK

272 B

URL GET HTTP/2
1win-pro.kz/sola/images/loader-20200819.png
IP
193.168.131.85:443
ASN
#35278 Sprinthost.ru LLC

Requested by
https://1win-pro.kz/sola/
Certificate
IssuerLet's Encrypt
Subject1win-pro.kz
Fingerprint13:51:1F:5B:AD:15:EC:A1:F0:3C:FD:3D:17:46:71:3F:E8:83:3B:24
ValidityMon, 08 Apr 2024 21:35:14 GMT - Sun, 07 Jul 2024 21:35:13 GMT

File type
PNG image data, 24 x 24, 4-bit colormap, non-interlaced
Size
272 B (272 bytes)
Hash
1a7ca896940219da5393e26600e0ee7b
558e1d3bad16b2faa7527f1f3133e21bf89cd507
f766c7457c6ec463eaa85778aa47261344f1772e0b7cf1987ad212f889f472f5

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - SwissPass
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sola/images/loader-20200819.png HTTP/1.1
Host: 1win-pro.kz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1win-pro.kz/sola/
Cookie: __ddg1_=ZicbXGANuX5TBTYgnicj
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: ddos-guard
date: Mon, 06 May 2024 14:52:20 GMT
content-type: image/png
content-length: 272
last-modified: Wed, 03 Jan 2024 10:19:56 GMT
etag: "659534cc-110"
expires: Mon, 13 May 2024 14:52:20 GMT
cache-control: max-age=604800
accept-ranges: bytes
age: 98893
ddg-cache-status: HIT
X-Firefox-Spdy: h2

1win-pro.kz/sola/js/jquery-20200819.js

193.168.131.85

200 OK

33 kB

URL GET HTTP/2
1win-pro.kz/sola/js/jquery-20200819.js
IP
193.168.131.85:443
ASN
#35278 Sprinthost.ru LLC

Requested by
https://1win-pro.kz/sola/
Certificate
IssuerLet's Encrypt
Subject1win-pro.kz
Fingerprint13:51:1F:5B:AD:15:EC:A1:F0:3C:FD:3D:17:46:71:3F:E8:83:3B:24
ValidityMon, 08 Apr 2024 21:35:14 GMT - Sun, 07 Jul 2024 21:35:13 GMT

File type
JavaScript source, ASCII text, with very long lines (32060), with CRLF line terminators
Size
33 kB (33390 bytes)
Hash
b6c9978c306ef264158551c140a4c475
a8316d0f66cc97376d60ae86a47c7efb3b8134ac
2b2485b0669a2f73c4846e82eb5a37421358591a8ac8ba21d8149bfb88adcbfb

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - SwissPass
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sola/js/jquery-20200819.js HTTP/1.1
Host: 1win-pro.kz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1win-pro.kz/sola/
Cookie: __ddg1_=ZicbXGANuX5TBTYgnicj
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: ddos-guard
date: Tue, 07 May 2024 15:52:44 GMT
content-type: application/x-javascript
last-modified: Wed, 03 Jan 2024 10:19:56 GMT
vary: Accept-Encoding
etag: W/"659534cc-17c58"
expires: Tue, 14 May 2024 15:52:44 GMT
cache-control: max-age=604800
content-encoding: br
age: 8869
content-length: 33390
ddg-cache-status: HIT
X-Firefox-Spdy: h2

1win-pro.kz/sola/js/vendor.min-20200819.js

193.168.131.85

200 OK

52 kB

URL GET HTTP/2
1win-pro.kz/sola/js/vendor.min-20200819.js
IP
193.168.131.85:443
ASN
#35278 Sprinthost.ru LLC

Requested by
https://1win-pro.kz/sola/
Certificate
IssuerLet's Encrypt
Subject1win-pro.kz
Fingerprint13:51:1F:5B:AD:15:EC:A1:F0:3C:FD:3D:17:46:71:3F:E8:83:3B:24
ValidityMon, 08 Apr 2024 21:35:14 GMT - Sun, 07 Jul 2024 21:35:13 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
52 kB (51752 bytes)
Hash
8f916bd4e6cfe62afe2cae47700cb217
a00a66f4035990b014b1184c7d8ce0ad761c0204
233ddeda2a0fbeee053d13f25669fe187bdef4fe708aacfadddd560905d209f1

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - SwissPass
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sola/js/vendor.min-20200819.js HTTP/1.1
Host: 1win-pro.kz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1win-pro.kz/sola/
Cookie: __ddg1_=ZicbXGANuX5TBTYgnicj
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: ddos-guard
date: Tue, 07 May 2024 15:52:44 GMT
content-type: application/x-javascript
last-modified: Wed, 03 Jan 2024 10:19:58 GMT
vary: Accept-Encoding
etag: W/"659534ce-2beeb"
expires: Tue, 14 May 2024 15:52:44 GMT
cache-control: max-age=604800
content-encoding: br
age: 8869
content-length: 51752
ddg-cache-status: HIT
X-Firefox-Spdy: h2

1win-pro.kz/sola/js/swisspass.min-20200819.js

193.168.131.85

200 OK

24 kB

URL GET HTTP/2
1win-pro.kz/sola/js/swisspass.min-20200819.js
IP
193.168.131.85:443
ASN
#35278 Sprinthost.ru LLC

Requested by
https://1win-pro.kz/sola/
Certificate
IssuerLet's Encrypt
Subject1win-pro.kz
Fingerprint13:51:1F:5B:AD:15:EC:A1:F0:3C:FD:3D:17:46:71:3F:E8:83:3B:24
ValidityMon, 08 Apr 2024 21:35:14 GMT - Sun, 07 Jul 2024 21:35:13 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
24 kB (24366 bytes)
Hash
a8deceea0458745a7c0f562c65e01e27
850c4796889f9173e30e016916155941cab3ae31
9c50211b34ab0377f3b35c243c98e402315127bfa5b51e147cb22c702174ca60

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - SwissPass
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sola/js/swisspass.min-20200819.js HTTP/1.1
Host: 1win-pro.kz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1win-pro.kz/sola/
Cookie: __ddg1_=ZicbXGANuX5TBTYgnicj
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: ddos-guard
date: Tue, 07 May 2024 15:52:44 GMT
content-type: application/x-javascript
last-modified: Wed, 03 Jan 2024 10:19:56 GMT
vary: Accept-Encoding
etag: W/"659534cc-18410"
expires: Tue, 14 May 2024 15:52:44 GMT
cache-control: max-age=604800
content-encoding: br
age: 8869
content-length: 24366
ddg-cache-status: HIT
X-Firefox-Spdy: h2

1win-pro.kz/sola/fonts/SBBWeb-Light.woff2

193.168.131.85

200 OK

14 kB

URL GET HTTP/2
1win-pro.kz/sola/fonts/SBBWeb-Light.woff2
IP
193.168.131.85:443
ASN
#35278 Sprinthost.ru LLC

Requested by
https://1win-pro.kz/sola/
Certificate
IssuerLet's Encrypt
Subject1win-pro.kz
Fingerprint13:51:1F:5B:AD:15:EC:A1:F0:3C:FD:3D:17:46:71:3F:E8:83:3B:24
ValidityMon, 08 Apr 2024 21:35:14 GMT - Sun, 07 Jul 2024 21:35:13 GMT

File type
Web Open Font Format (Version 2), TrueType, length 14212, version 1.0
Size
14 kB (14212 bytes)
Hash
8b70a44a98a0ac5d721df7d8f5136f7b
10e10c01e732f3d35a78e1051bfcc9fe2589ddda
5c7f0e173844556da7ca5eb8936fa3dab1c00206960920a49a1eea9cde2bfaaf

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - SwissPass
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sola/fonts/SBBWeb-Light.woff2 HTTP/1.1
Host: 1win-pro.kz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://1win-pro.kz/sola/css/sso.min-20200819.css
Cookie: __ddg1_=ZicbXGANuX5TBTYgnicj
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: ddos-guard
date: Tue, 07 May 2024 17:02:25 GMT
content-type: application/octet-stream
content-length: 14212
last-modified: Wed, 03 Jan 2024 10:19:56 GMT
etag: "659534cc-3784"
expires: Tue, 14 May 2024 17:02:25 GMT
cache-control: max-age=604800
accept-ranges: bytes
age: 4688
ddg-cache-status: HIT
X-Firefox-Spdy: h2

1win-pro.kz/fonts/icomoon/icomoon.woff2?7m5yri

193.168.131.85

404 Not Found

292 B

URL GET HTTP/2
1win-pro.kz/fonts/icomoon/icomoon.woff2?7m5yri
IP
193.168.131.85:443
ASN
#35278 Sprinthost.ru LLC

Requested by
https://1win-pro.kz/sola/
Certificate
IssuerLet's Encrypt
Subject1win-pro.kz
Fingerprint13:51:1F:5B:AD:15:EC:A1:F0:3C:FD:3D:17:46:71:3F:E8:83:3B:24
ValidityMon, 08 Apr 2024 21:35:14 GMT - Sun, 07 Jul 2024 21:35:13 GMT

File type
HTML document, ASCII text
Size
292 B (292 bytes)
Hash
e1f511543e539abbe5e4091a36aa9865
fc2753bb52f386fde25c1112b6b5c5c3573c27fa
981c454d49c96326ffa7672a78ba68636f72c75f7b624c98a14d8cfdb361533e

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - SwissPass
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /fonts/icomoon/icomoon.woff2?7m5yri HTTP/1.1
Host: 1win-pro.kz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://1win-pro.kz/sola/css/sso.min-20200819.css
Cookie: __ddg1_=ZicbXGANuX5TBTYgnicj
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 404 Not Found
server: ddos-guard
date: Tue, 07 May 2024 18:20:33 GMT
content-type: text/html; charset=iso-8859-1
content-length: 292
age: 0
ddg-cache-status: MISS
X-Firefox-Spdy: h2

1win-pro.kz/fonts/icomoon/icomoon.woff?7m5yri

193.168.131.85

404 Not Found

291 B

URL GET HTTP/2
1win-pro.kz/fonts/icomoon/icomoon.woff?7m5yri
IP
193.168.131.85:443
ASN
#35278 Sprinthost.ru LLC

Requested by
https://1win-pro.kz/sola/
Certificate
IssuerLet's Encrypt
Subject1win-pro.kz
Fingerprint13:51:1F:5B:AD:15:EC:A1:F0:3C:FD:3D:17:46:71:3F:E8:83:3B:24
ValidityMon, 08 Apr 2024 21:35:14 GMT - Sun, 07 Jul 2024 21:35:13 GMT

File type
HTML document, ASCII text
Size
291 B (291 bytes)
Hash
c0d50c629cf16e1081e102d3b8c3c35e
970454aefa48659e16921823e275793a83f17661
b41e2333019708f5b31f99f2167ce818bb3b3de20172953759fa09117f627a9b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - SwissPass
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /fonts/icomoon/icomoon.woff?7m5yri HTTP/1.1
Host: 1win-pro.kz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://1win-pro.kz/sola/css/sso.min-20200819.css
Cookie: __ddg1_=ZicbXGANuX5TBTYgnicj; pa_privacy=%22optin%22; _pctx=%7Bu%7DN4IgrgzgpgThIC4B2YA2qA05owMoBcBDfSREQpAeyRCwgEt8oBJAE0RXSwH18yBbAEaoALBABMhMAB9UANwDuABzABrAJ5gQAXyA
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 404 Not Found
server: ddos-guard
date: Tue, 07 May 2024 18:20:33 GMT
content-type: text/html; charset=iso-8859-1
content-length: 291
age: 0
ddg-cache-status: MISS
X-Firefox-Spdy: h2

1win-pro.kz/sola/js/otSDKStub.js/consent/e91f4b90-f9aa-4ace-891b-96dd07595d9f-test/e91f4b90-f9aa-4ace-891b-96dd07595d9f-test.json

193.168.131.85

404 Not Found

11 kB

URL GET HTTP/2
1win-pro.kz/sola/js/otSDKStub.js/consent/e91f4b90-f9aa-4ace-891b-96dd07595d9f-test/e91f4b90-f9aa-4ace-891b-96dd07595d9f-test.json
IP
193.168.131.85:443
ASN
#35278 Sprinthost.ru LLC

Requested by
https://1win-pro.kz/sola/
Certificate
IssuerLet's Encrypt
Subject1win-pro.kz
Fingerprint13:51:1F:5B:AD:15:EC:A1:F0:3C:FD:3D:17:46:71:3F:E8:83:3B:24
ValidityMon, 08 Apr 2024 21:35:14 GMT - Sun, 07 Jul 2024 21:35:13 GMT

File type
HTML document, ASCII text
Size
11 kB (10762 bytes)
Hash
dd5af51cf369f160178ee80ac25ebf27
386d3a332bfcfa98ebcc5390b69f43f9e6af3f9d
cb5fc44f3f69ab7603b48f7aad0851236952845e3757b67fce9f0e0990b3d83d

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - SwissPass
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sola/js/otSDKStub.js/consent/e91f4b90-f9aa-4ace-891b-96dd07595d9f-test/e91f4b90-f9aa-4ace-891b-96dd07595d9f-test.json HTTP/1.1
Host: 1win-pro.kz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1win-pro.kz/sola/
Cookie: __ddg1_=ZicbXGANuX5TBTYgnicj
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 404 Not Found
server: ddos-guard
date: Tue, 07 May 2024 18:20:33 GMT
content-type: text/html; charset=iso-8859-1
content-encoding: br
vary: Accept-Encoding
X-Firefox-Spdy: h2

1win-pro.kz/sola/resources/img/login_bg.jpg

193.168.131.85

404 Not Found

4.8 kB

URL GET HTTP/2
1win-pro.kz/sola/resources/img/login_bg.jpg
IP
193.168.131.85:443
ASN
#35278 Sprinthost.ru LLC

Requested by
https://1win-pro.kz/sola/
Certificate
IssuerLet's Encrypt
Subject1win-pro.kz
Fingerprint13:51:1F:5B:AD:15:EC:A1:F0:3C:FD:3D:17:46:71:3F:E8:83:3B:24
ValidityMon, 08 Apr 2024 21:35:14 GMT - Sun, 07 Jul 2024 21:35:13 GMT

File type
HTML document, ASCII text
Size
4.8 kB (4789 bytes)
Hash
3ffbda7d67861b01984e8d8f3b8d0fb8
60f6f58d35b4c6e06ab88a8da15c02e46bdeffcd
d9b3062449c1f96a21c7c0f8950c8040ee16d8780cdc07e0be0d91bf52f5320a

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - SwissPass
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sola/resources/img/login_bg.jpg HTTP/1.1
Host: 1win-pro.kz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1win-pro.kz/sola/
Cookie: PHPREFS=full; __ddg1_=ZicbXGANuX5TBTYgnicj
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 404 Not Found
server: ddos-guard
date: Tue, 07 May 2024 18:20:33 GMT
content-type: text/html; charset=iso-8859-1
content-encoding: br
vary: Accept-Encoding
age: 0
ddg-cache-status: MISS
X-Firefox-Spdy: h2

1win-pro.kz/fonts/icomoon/icomoon.ttf?7m5yri

193.168.131.85

404 Not Found

290 B

URL GET HTTP/2
1win-pro.kz/fonts/icomoon/icomoon.ttf?7m5yri
IP
193.168.131.85:443
ASN
#35278 Sprinthost.ru LLC

Requested by
https://1win-pro.kz/sola/
Certificate
IssuerLet's Encrypt
Subject1win-pro.kz
Fingerprint13:51:1F:5B:AD:15:EC:A1:F0:3C:FD:3D:17:46:71:3F:E8:83:3B:24
ValidityMon, 08 Apr 2024 21:35:14 GMT - Sun, 07 Jul 2024 21:35:13 GMT

File type
HTML document, ASCII text, with very long lines (301), with no line terminators
Size
290 B (290 bytes)
Hash
a46522be02ede44ef8fbba9b72885110
58fa513ec2d85df5f16fd1c4fe453811859cc126
b39f4c65c8f8bb566aa9fc07c2568e64cc490c5cb9bfb65fecf3f62919bed934

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - SwissPass
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /fonts/icomoon/icomoon.ttf?7m5yri HTTP/1.1
Host: 1win-pro.kz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1win-pro.kz/sola/css/sso.min-20200819.css
Cookie: __ddg1_=ZicbXGANuX5TBTYgnicj; pa_privacy=%22optin%22; _pctx=%7Bu%7DN4IgrgzgpgThIC4B2YA2qA05owMoBcBDfSREQpAeyRCwgEt8oBJAE0RXSwH18yBbAEaoALBABMhMAB9UANwDuABzABrAJ5gQAXyA
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
server: ddos-guard
date: Tue, 07 May 2024 18:20:33 GMT
content-type: text/html; charset=iso-8859-1
content-encoding: br
vary: Accept-Encoding
age: 0
ddg-cache-status: MISS
X-Firefox-Spdy: h2

1win-pro.kz/idp/co-branding?resource=co-branding&lang=de&provider=

193.168.131.85

404 Not Found

280 B

URL GET HTTP/2
1win-pro.kz/idp/co-branding?resource=co-branding&lang=de&provider=
IP
193.168.131.85:443
ASN
#35278 Sprinthost.ru LLC

Requested by
https://1win-pro.kz/sola/
Certificate
IssuerLet's Encrypt
Subject1win-pro.kz
Fingerprint13:51:1F:5B:AD:15:EC:A1:F0:3C:FD:3D:17:46:71:3F:E8:83:3B:24
ValidityMon, 08 Apr 2024 21:35:14 GMT - Sun, 07 Jul 2024 21:35:13 GMT

File type
HTML document, ASCII text, with no line terminators
Size
280 B (280 bytes)
Hash
7922a96477f9ddae9c9ce2079759ddd4
4bb9110383eac502c359a57e0e10a79922a81b2d
2282a9d3b7ff0d8e59fc650386cad739e3b548f49ca67900dd9788ed9c4ff680

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - SwissPass
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /idp/co-branding?resource=co-branding&lang=de&provider= HTTP/1.1
Host: 1win-pro.kz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://1win-pro.kz/sola/
Cookie: __ddg1_=ZicbXGANuX5TBTYgnicj
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
server: ddos-guard
date: Tue, 07 May 2024 18:20:33 GMT
content-type: text/html; charset=iso-8859-1
content-encoding: br
vary: Accept-Encoding
X-Firefox-Spdy: h2

userstatics.com/get/script.js?referrer=https://1win-pro.kz/sola/

0.0.0.0

0 B

URL GET
userstatics.com/get/script.js?referrer=https://1win-pro.kz/sola/
IP
0.0.0.0:0
ASN
#0

Requested by
https://1win-pro.kz/sola/
Certificate
IssuerLet's Encrypt
Subjectuserstatics.com
FingerprintAB:62:24:6D:5D:BB:D9:D8:00:B7:CB:47:DD:7C:74:69:C8:48:16:49
ValidityThu, 28 Mar 2024 13:34:23 GMT - Wed, 26 Jun 2024 13:34:22 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /get/script.js?referrer=https://1win-pro.kz/sola/ HTTP/1.1
Host: userstatics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1win-pro.kz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 18:20:34 GMT
content-type: text/html; charset=utf-8
x-powered-by: PHP/8.2.1
access-control-allow-origin: https://1win-pro.kz
access-control-allow-methods: GET, POST
access-control-allow-headers: X-Requested-With,content-type
access-control-allow-credentials: true
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MgIUCydz8U9cydd08MzEISY9jJLzUR7j8JrYy3Z79Uz8ipZ1rC8s6gdblL%2FTQtZLYchV0nH2dF99%2FJKohp2whajb%2BJbhqbrOL%2FTTGNBe1O4ETl6a5Lc022uGhQwjH5LM2UY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8803398a6a05568f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

1win-pro.kz/sola/js/otSDKStub.js

193.168.131.85

200 OK

21 kB

URL GET HTTP/2
1win-pro.kz/sola/js/otSDKStub.js
IP
193.168.131.85:443
ASN
#35278 Sprinthost.ru LLC

Requested by
https://1win-pro.kz/sola/
Certificate
IssuerLet's Encrypt
Subject1win-pro.kz
Fingerprint13:51:1F:5B:AD:15:EC:A1:F0:3C:FD:3D:17:46:71:3F:E8:83:3B:24
ValidityMon, 08 Apr 2024 21:35:14 GMT - Sun, 07 Jul 2024 21:35:13 GMT

File type
JavaScript source, ASCII text, with very long lines (21099)
Size
21 kB (21100 bytes)
Hash
2f292f6a7adb6a596ad8f4393d846320
2d0c36d9bb4485ac0fbdf3d21afd24b55ba9ffdd
6d72fa0f78c80b1874d3ee4aadf43d973edc442a65fef83d37e684ac559893b7

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - SwissPass
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sola/js/otSDKStub.js HTTP/1.1
Host: 1win-pro.kz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1win-pro.kz/sola/
Cookie: __ddg1_=ZicbXGANuX5TBTYgnicj
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
date: Tue, 07 May 2024 15:52:43 GMT
content-type: application/x-javascript
last-modified: Wed, 03 Jan 2024 10:19:56 GMT
vary: Accept-Encoding
etag: W/"659534cc-526c"
expires: Tue, 14 May 2024 15:52:43 GMT
cache-control: max-age=604800
content-encoding: br
age: 8870
content-length: 6799
ddg-cache-status: HIT
X-Firefox-Spdy: h2

1win-pro.kz/sola/resources/ico/apple-touch-icon-precomposed-20200819.png

193.168.131.85

404 Not Found

325 B

URL GET HTTP/2
1win-pro.kz/sola/resources/ico/apple-touch-icon-precomposed-20200819.png
IP
193.168.131.85:443
ASN
#35278 Sprinthost.ru LLC

Requested by
https://1win-pro.kz/sola/
Certificate
IssuerLet's Encrypt
Subject1win-pro.kz
Fingerprint13:51:1F:5B:AD:15:EC:A1:F0:3C:FD:3D:17:46:71:3F:E8:83:3B:24
ValidityMon, 08 Apr 2024 21:35:14 GMT - Sun, 07 Jul 2024 21:35:13 GMT

File type
HTML document, ASCII text, with very long lines (336), with no line terminators
Size
325 B (325 bytes)
Hash
2d0a0280749c52bd0119bee03c9e4fca
0684ea9c1493f8d12620c986d52ef37d7508b6ed
7b7dc9c685d329bb200ae8245e6201601c8e4edfafca545af0cd3e035239e8f7

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - SwissPass
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sola/resources/ico/apple-touch-icon-precomposed-20200819.png HTTP/1.1
Host: 1win-pro.kz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1win-pro.kz/sola/
Cookie: PHPREFS=full; __ddg1_=ZicbXGANuX5TBTYgnicj; pa_privacy=%22optin%22; _pctx=%7Bu%7DN4IgrgzgpgThIC4B2YA2qA05owMoBcBDfSREQpAeyRCwgEt8oBJAE0RXSwH18yBbAEaoALBABMhMAB9UANwDuABzABrAJ5gQAXyA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
server: ddos-guard
date: Tue, 07 May 2024 18:20:33 GMT
content-type: text/html; charset=iso-8859-1
content-encoding: br
vary: Accept-Encoding
age: 0
ddg-cache-status: MISS
X-Firefox-Spdy: h2

1win-pro.kz/sola/favicon.ico

193.168.131.85

200 OK

1.2 kB

URL GET HTTP/2
1win-pro.kz/sola/favicon.ico
IP
193.168.131.85:443
ASN
#35278 Sprinthost.ru LLC

Requested by
https://1win-pro.kz/sola/
Certificate
IssuerLet's Encrypt
Subject1win-pro.kz
Fingerprint13:51:1F:5B:AD:15:EC:A1:F0:3C:FD:3D:17:46:71:3F:E8:83:3B:24
ValidityMon, 08 Apr 2024 21:35:14 GMT - Sun, 07 Jul 2024 21:35:13 GMT

File type
MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
Size
1.2 kB (1150 bytes)
Hash
6d866d9c4568bf7fc03e597e74ce7e28
e1b3d9f0e9cdcb785a94b6c1e1fe651a4ff98dcb
7c1925da382279a72f94990d0a1456f78918619f35780ea0905e4ae0db684677

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - SwissPass
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sola/favicon.ico HTTP/1.1
Host: 1win-pro.kz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1win-pro.kz/sola/
Cookie: PHPREFS=full; __ddg1_=ZicbXGANuX5TBTYgnicj; pa_privacy=%22optin%22; _pctx=%7Bu%7DN4IgrgzgpgThIC4B2YA2qA05owMoBcBDfSREQpAeyRCwgEt8oBJAE0RXSwH18yBbAEaoALBABMhMAB9UANwDuABzABrAJ5gQAXyA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
date: Mon, 06 May 2024 18:22:14 GMT
content-type: image/x-icon
last-modified: Wed, 03 Jan 2024 10:19:56 GMT
etag: W/"659534cc-47e"
expires: Mon, 13 May 2024 18:22:14 GMT
cache-control: max-age=604800
accept-ranges: bytes
age: 86300
ddg-cache-status: HIT
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (14)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML