Report - 1wtsso.life/v3/aviator-fortune-wheel?sub1=3997762a67a9db66d0396a23ad8d06f1

Report Overview

Submitted URL
1wtsso.life/v3/aviator-fortune-wheel?sub1=3997762a67a9db66d0396a23ad8d06f1
IP
190.115.24.78
ASN
#59692 IQWeb FZ-LLC
Submitted
2024-05-04 16:02:10
Access
public
Website Title
1win
Final URL
1wtsso.life/v3/aviator-fortune-wheel?
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
34

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
www.google.no	25607	2001-02-26	2016-04-05	2024-05-03	585 B	578 B	142.250.74.163
region1.analytics.google.com	unknown	1997-09-15	2022-03-17	2024-05-04	1.7 kB	864 B	216.239.32.36
1wtsso.life	unknown	unknown	No data	No data	10 kB	588 kB	190.115.24.78
www.googletagmanager.com	75	2011-11-11	2013-05-22	2024-05-03	1.8 kB	362 kB	142.250.74.168

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-04	medium	1wtsso.life	Sinkholed
2024-05-04	medium	1wtsso.life	Sinkholed
2024-05-04	medium	1wtsso.life	Sinkholed
2024-05-04	medium	1wtsso.life	Sinkholed
2024-05-04	medium	1wtsso.life	Sinkholed
2024-05-04	medium	1wtsso.life	Sinkholed
2024-05-04	medium	1wtsso.life	Sinkholed
2024-05-04	medium	1wtsso.life	Sinkholed
2024-05-04	medium	1wtsso.life	Sinkholed
2024-05-04	medium	1wtsso.life	Sinkholed
2024-05-04	medium	1wtsso.life	Sinkholed
2024-05-04	medium	1wtsso.life	Sinkholed
2024-05-04	medium	1wtsso.life	Sinkholed
2024-05-04	medium	1wtsso.life	Sinkholed
2024-05-04	medium	1wtsso.life	Sinkholed
2024-05-04	medium	1wtsso.life	Sinkholed
2024-05-04	medium	1wtsso.life	Sinkholed

ThreatFox

No alerts detected

JavaScript (21)

	URL	Size	First Seen	Last Seen
	www.googletagmanager.com/gtm.js?id=GTM-KGKQDC7	366 kB	2024-05-04	2024-05-04
Pretty URL www.googletagmanager.com/gtm.js?id=GTM-KGKQDC7 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-04 15:06:09 Last Seen2024-05-04 21:38:12 Times Seen4 Hash 0c1443858d8b4bf5862df8e4528dded6 a64e5752d9b236df96b9d362371037a810f52c1a de9ad9725cd37a13b39498a2f559a660d46b7a9bc86390470b23e97744808594 Loading...

	unknown	317 B	2024-04-25	2024-05-18
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 08:15:32 Last Seen2024-05-18 08:40:26 Times Seen22 Hash e9fe7cf10fc485b4a799637103165af7 44d71eff2240b2b91640137130267f9c0935ce50 2d58e0d47b9f3ce8a6eb7eaea7d3b80ec2667177f307ceab869a8d05688eebf9 Loading...

	unknown	351 B	2024-04-25	2024-05-18
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 08:15:32 Last Seen2024-05-18 08:40:26 Times Seen22 Hash 6e5d8e7020d5ea8518ff418159b2c449 23c3d97d478a31792f7c8015ee996024d757e447 019fd2b2e2962821bba76ce4b655f57177e243d4cdb59b8abd54a31c98eb5bc9 Loading...

	1wtsso.life/v3/aviator-fortune-wheel?sub1=3997762a67a9db66d0396a23ad8d06f1	3.0 kB	2023-10-24	2024-05-18
Pretty URL 1wtsso.life/v3/aviator-fortune-wheel?sub1=3997762a67a9db66d0396a23ad8d06f1 IP 190.115.24.78 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML true Observations First Seen2023-10-24 17:39:51 Last Seen2024-05-18 08:26:15 Times Seen136 Hash b69442c8805fbe9fb0be0d9671d0acf7 0dbe79cf79574b95076c0b4eade7fc9314074b67 45ea98a4007c992d67da469da7d5f5d0ae34af0c390bce75873c0360215ce44c Loading...

	unknown	320 B	2024-04-25	2024-05-18
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 08:15:32 Last Seen2024-05-18 08:40:26 Times Seen22 Hash a3dc02f9a446c1d0b92d1d255f6d6aca dc38346494ef01492ac98581b80e1a5d54c17cc4 0f50264484c77b2ca8495900cd9d92dea396e31dbd233e9f2b45262210b1a899 Loading...

	unknown	320 B	2024-04-25	2024-05-18
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 08:15:32 Last Seen2024-05-18 08:40:26 Times Seen22 Hash 2b18aeec9bf5b10fc112b55307c20140 865d1eaee49062b257e747372bb7a9c9196c95b7 f4b1aa1cd6c26cb12c7bee93581f3f63e4d9d99fc3b1f2dc7c148b5e4a32430a Loading...

	unknown	320 B	2024-04-25	2024-05-18
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 08:15:32 Last Seen2024-05-18 08:40:25 Times Seen19 Hash 847af62d0cb678130fd7a8084f939f99 d5f6efd2037821f54d88bf1d7ef6f8650f02ebb0 fe74299e19a3cb50a36b7247ebced910ad35e35764897b465bd1467e62b23d44 Loading...

	1wtsso.life/v3/aviator-fortune-wheel?sub1=3997762a67a9db66d0396a23ad8d06f1	500 B	2023-10-24	2024-05-18
Pretty URL 1wtsso.life/v3/aviator-fortune-wheel?sub1=3997762a67a9db66d0396a23ad8d06f1 IP 190.115.24.78 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML true Observations First Seen2023-10-24 17:39:51 Last Seen2024-05-18 08:26:16 Times Seen136 Hash 4231b98643503d9e0e3074b85536dae7 4b3496ff695be3ce156b4f525e7ce3023bbb5a04 701b6e1c448f28dff6dd03ef945ca8dd1b3c4cb8f677ba62b86233763e4cee35 Loading...

	1wtsso.life/v3/aviator-fortune-wheel/assets/index-b1b91dcf.js	125 kB	2024-04-30	2024-05-04
Pretty URL 1wtsso.life/v3/aviator-fortune-wheel/assets/index-b1b91dcf.js IP 190.115.24.78 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-30 01:30:55 Last Seen2024-05-04 18:02:18 Times Seen6 Hash f069ef747497342a0adf68fe1b9a33bc 9bbc97a443f85786d3b9e02e883e66a522ab6821 1171263498bddd50798a6554bcc3bb54c637262c33a589af96cd49828aca7e14 Loading...

	unknown	409 B	2023-03-10	2024-05-18
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 00:21:10 Last Seen2024-05-18 08:40:25 Times Seen1485 Hash efc54365d1ba6c4fb4bdf7ea1996bdbd 9f89f3485cd56eac910d9c0d6f9bd3b201074e24 da89215c040a91b80faf28d6030c58dab9d599794ef9bd1feba0fb01c621cf40 Loading...

	unknown	468 B	2023-05-19	2024-05-18
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-19 10:04:18 Last Seen2024-05-18 08:26:15 Times Seen175 Hash f4aa10577822d528d7d95fbb8ce8d1f1 d9f3ad1a724192488e547dc9a46784badde74113 ffc6fc82ac2dd2be4163a30990ce2952502dfa4b88e7e52eb65ea20c9796929a Loading...

	unknown	421 B	2023-03-12	2024-05-18
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 20:22:06 Last Seen2024-05-18 08:40:25 Times Seen1485 Hash dc37ec839376756d26f9c8925e173ac0 c7aff54b91a363e452e3338b3cf8441b3a82cbbb f139f19f43bcda296441234e4cb82550d94bde81758de7cf37bfe55df1c96717 Loading...

	unknown	287 B	2023-09-10	2024-05-07
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-10 00:55:10 Last Seen2024-05-07 19:40:36 Times Seen161 Hash 66822daf496a288ba191a460bf51c7f1 453c95b3b2b2ce229bd4d80c2d7970dc2708a6f3 75aec4091c9860658b914b7d7d07f6ed242a14102ea73dbaa236195fc8f2ae70 Loading...

	unknown	199 B	2024-05-03	2024-05-06
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-03 19:30:53 Last Seen2024-05-06 23:12:04 Times Seen14 Hash c0ed801b112fd4a63e7c440e74a11f64 6fbdd9c1584d2afd786e4b1172dec3bb31e24046 b8a56d443900bfee5335b20da8fc6ab167185133dddc40231ab24da65fdaef96 Loading...

	unknown	347 B	2023-09-18	2024-05-18
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-18 10:51:18 Last Seen2024-05-18 08:40:25 Times Seen118 Hash dc24919eb26f2a63e544bd26e58a23a5 3811cea125d31352f3a20cca521d82d9a3469cb4 beb1db9cfddf40682243dee231991acb8b2a04a25c061d0a3ec489ba38355310 Loading...

	unknown	351 B	2023-06-26	2024-05-18
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-06-26 22:52:58 Last Seen2024-05-18 08:40:25 Times Seen809 Hash 0673c7f330c1ac44ad83205bb517e3de 3890b0da1d481f37cee66b2f8d97a4ca2edf40b9 58cca9fb8425db78c1b9abd4e83fae44a378bf2eff7875d4e0d2154643139c13 Loading...

	unknown	351 B	2023-11-19	2024-05-18
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-19 21:19:45 Last Seen2024-05-18 08:40:26 Times Seen21 Hash a235f44140440780f5c675186a6a33ad dc142b172e6fdf7da1894480766a438812f1c706 4d77fd2cb0b381da2865b06fcef7bb23cb1a456097347216116326eaae76aae5 Loading...

	www.googletagmanager.com/gtag/js?id=AW-16482547739&l=dataLayer&cx=c	253 kB	2024-05-04	2024-05-04
Pretty URL www.googletagmanager.com/gtag/js?id=AW-16482547739&l=dataLayer&cx=c IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-04 18:02:17 Last Seen2024-05-04 21:38:14 Times Seen4 Hash ddeaab27f8f5b49485c0156a3f0a6b7f dae835121e51545d54ac4bd90f499291dbaeb4cc 767ac7029ac821fb34dac1cda4dd1a9ab9626040096fb27bae3d8f38b164eed6 Loading...

	www.googletagmanager.com/gtag/js?id=G-548949LWLW&l=dataLayer&cx=c	263 kB	2024-05-04	2024-05-04
Pretty URL www.googletagmanager.com/gtag/js?id=G-548949LWLW&l=dataLayer&cx=c IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-04 18:02:18 Last Seen2024-05-04 18:02:18 Times Seen2 Hash 332ca6b9a4e30af55889f808fc16b149 e9ea432020140a52ce492a629ea66cc0aa2bcc61 f41b2d88bac14f9952a3b01f567719d88b2f0ad0bf5a4cbcbc621e6c8927b79e Loading...

	www.googletagmanager.com/gtag/destination?id=DC-12688802&l=dataLayer&cx=c	204 kB	2024-05-04	2024-05-04
Pretty URL www.googletagmanager.com/gtag/destination?id=DC-12688802&l=dataLayer&cx=c IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-04 18:02:18 Last Seen2024-05-04 18:02:18 Times Seen2 Hash b7b4dfa2902cc45ef641e7de5db34470 c08378c1676ad5e65ec2b586c516c4662ac4ccf5 1e42f720571dfd381191c89578f572a2125cd13a4a36c108719cc8cce5f8ff41 Loading...

		Size	First Seen	Last Seen
	#1 Eval - 0bf001dcdb310567c52654a935c4f92a	80 B	2023-03-26	2024-05-18
Pretty Observations First Seen2023-03-26 10:50:54 Last Seen2024-05-18 08:40:26 Times Seen818 Hash 0bf001dcdb310567c52654a935c4f92a fddc3d16a5af259bcfa6b87a02bde4e3bcdc7109 a3b73a3b1e36d2bfad6fe9530c9c943f28a99cbe84d0674b555d14c3ae26c780 Loading...

HTTP Transactions (24)

URL IP Response Size

1wtsso.life/v3/aviator-fortune-wheel/assets/index-b1b91dcf.js

190.115.24.78

200 OK

36 kB

URL GET HTTP/2
1wtsso.life/v3/aviator-fortune-wheel/assets/index-b1b91dcf.js
IP
190.115.24.78:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://1wtsso.life/v3/aviator-fortune-wheel?sub1=3997762a67a9db66d0396a23ad8d06f1
Certificate
IssuerLet's Encrypt
Subject1wtsso.life
FingerprintED:11:A9:B8:48:3F:E0:84:9D:82:E4:25:9F:C9:0D:03:D8:E4:CC:C0
ValidityFri, 19 Apr 2024 07:02:26 GMT - Thu, 18 Jul 2024 07:02:25 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (34972)
Size
36 kB (35825 bytes)
Hash
f069ef747497342a0adf68fe1b9a33bc
9bbc97a443f85786d3b9e02e883e66a522ab6821
1171263498bddd50798a6554bcc3bb54c637262c33a589af96cd49828aca7e14

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /v3/aviator-fortune-wheel/assets/index-b1b91dcf.js HTTP/1.1
Host: 1wtsso.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/v3/aviator-fortune-wheel?sub1=3997762a67a9db66d0396a23ad8d06f1
Cookie: __ddg1_=zX40Z7Ti7Vp7Wv754sDM
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: ddos-guard
date: Sat, 04 May 2024 14:52:57 GMT
content-type: application/javascript
accept-ranges: bytes
content-encoding: br
last-modified: Thu, 14 Mar 2024 14:04:40 GMT
vary: Accept-Encoding
access-control-allow-origin: *
etag: "65f303f8-1e9e9"
age: 4128
content-length: 35825
ddg-cache-status: HIT
X-Firefox-Spdy: h2

1wtsso.life/v3/aviator-fortune-wheel/assets/index-998fd568.css

190.115.24.78

200 OK

5.2 kB

URL GET HTTP/2
1wtsso.life/v3/aviator-fortune-wheel/assets/index-998fd568.css
IP
190.115.24.78:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://1wtsso.life/v3/aviator-fortune-wheel?sub1=3997762a67a9db66d0396a23ad8d06f1
Certificate
IssuerLet's Encrypt
Subject1wtsso.life
FingerprintED:11:A9:B8:48:3F:E0:84:9D:82:E4:25:9F:C9:0D:03:D8:E4:CC:C0
ValidityFri, 19 Apr 2024 07:02:26 GMT - Thu, 18 Jul 2024 07:02:25 GMT

File type
ASCII text, with very long lines (27986)
Size
5.2 kB (5237 bytes)
Hash
50af75fca359d93e7f01fb2b583f623a
9ad180241305d47697ded21bbbe4c77c65d28a3d
998fd568b39eaeee0442fdcebcf9d91045854b2bb4cec3e4607f9941856856a6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /v3/aviator-fortune-wheel/assets/index-998fd568.css HTTP/1.1
Host: 1wtsso.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/v3/aviator-fortune-wheel?sub1=3997762a67a9db66d0396a23ad8d06f1
Cookie: __ddg1_=zX40Z7Ti7Vp7Wv754sDM
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: ddos-guard
date: Sat, 04 May 2024 14:44:43 GMT
content-type: text/css
accept-ranges: bytes
content-encoding: br
last-modified: Thu, 14 Mar 2024 14:04:40 GMT
vary: Accept-Encoding
access-control-allow-origin: *
etag: "65f303f8-6d53"
age: 4621
content-length: 5237
ddg-cache-status: HIT
X-Firefox-Spdy: h2

1wtsso.life/v3/aviator-fortune-wheel/img/logo/logo.svg

190.115.24.78

200 OK

2.0 kB

URL GET HTTP/2
1wtsso.life/v3/aviator-fortune-wheel/img/logo/logo.svg
IP
190.115.24.78:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://1wtsso.life/v3/aviator-fortune-wheel?sub1=3997762a67a9db66d0396a23ad8d06f1
Certificate
IssuerLet's Encrypt
Subject1wtsso.life
FingerprintED:11:A9:B8:48:3F:E0:84:9D:82:E4:25:9F:C9:0D:03:D8:E4:CC:C0
ValidityFri, 19 Apr 2024 07:02:26 GMT - Thu, 18 Jul 2024 07:02:25 GMT

File type
SVG Scalable Vector Graphics image
Size
2.0 kB (2014 bytes)
Hash
ba27fb9d4014988fc7265a496e58707f
0f998059be8924deb891e503d0e144834b530da9
b95859d9bb8d6684ec30c19bf00acb5ea323ff30eb155ce2fa30b053c98a011e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /v3/aviator-fortune-wheel/img/logo/logo.svg HTTP/1.1
Host: 1wtsso.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/v3/aviator-fortune-wheel?sub1=3997762a67a9db66d0396a23ad8d06f1
Cookie: __ddg1_=zX40Z7Ti7Vp7Wv754sDM
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: ddos-guard
date: Sat, 04 May 2024 14:44:43 GMT
content-type: image/svg+xml
accept-ranges: bytes
content-encoding: br
last-modified: Thu, 14 Mar 2024 14:04:39 GMT
vary: Accept-Encoding
access-control-allow-origin: *
etag: "65f303f7-1453"
age: 4621
content-length: 2014
ddg-cache-status: HIT
X-Firefox-Spdy: h2

1wtsso.life/v3/aviator-fortune-wheel/flags/flags.svg

190.115.24.78

200 OK

42 kB

URL GET HTTP/2
1wtsso.life/v3/aviator-fortune-wheel/flags/flags.svg
IP
190.115.24.78:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://1wtsso.life/v3/aviator-fortune-wheel?sub1=3997762a67a9db66d0396a23ad8d06f1
Certificate
IssuerLet's Encrypt
Subject1wtsso.life
FingerprintED:11:A9:B8:48:3F:E0:84:9D:82:E4:25:9F:C9:0D:03:D8:E4:CC:C0
ValidityFri, 19 Apr 2024 07:02:26 GMT - Thu, 18 Jul 2024 07:02:25 GMT

File type
SVG Scalable Vector Graphics image
Size
42 kB (41917 bytes)
Hash
a92bcc34e96e6149bbbf43a1bc9c52d8
cebda3ba8b9260a4de36e6f8ab10e4f192c882bc
46f7c85353be615eb961fca31f10d696cc75f317786b29fc250028fd70a081e7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /v3/aviator-fortune-wheel/flags/flags.svg HTTP/1.1
Host: 1wtsso.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/v3/aviator-fortune-wheel?sub1=3997762a67a9db66d0396a23ad8d06f1
Cookie: __ddg1_=zX40Z7Ti7Vp7Wv754sDM
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: ddos-guard
date: Sat, 04 May 2024 14:44:44 GMT
content-type: image/svg+xml
accept-ranges: bytes
content-encoding: br
last-modified: Thu, 14 Mar 2024 14:04:39 GMT
vary: Accept-Encoding
access-control-allow-origin: *
etag: "65f303f7-2f71c"
age: 4620
content-length: 41917
ddg-cache-status: HIT
X-Firefox-Spdy: h2

1wtsso.life/v3/aviator-fortune-wheel/img/wheel/wheel-sprite.svg

190.115.24.78

200 OK

1.1 kB

URL GET HTTP/2
1wtsso.life/v3/aviator-fortune-wheel/img/wheel/wheel-sprite.svg
IP
190.115.24.78:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://1wtsso.life/v3/aviator-fortune-wheel?sub1=3997762a67a9db66d0396a23ad8d06f1
Certificate
IssuerLet's Encrypt
Subject1wtsso.life
FingerprintED:11:A9:B8:48:3F:E0:84:9D:82:E4:25:9F:C9:0D:03:D8:E4:CC:C0
ValidityFri, 19 Apr 2024 07:02:26 GMT - Thu, 18 Jul 2024 07:02:25 GMT

File type
SVG Scalable Vector Graphics image
Size
1.1 kB (1054 bytes)
Hash
6439fc014b64f52880f54ea4a8f0e822
8980278996b6451c5ebd21a3b9ae6194cd216ab1
d0e462db3b129508fdc18a56fe6e5673546ec1bc65ac41e0aea0322a129d96ba

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /v3/aviator-fortune-wheel/img/wheel/wheel-sprite.svg HTTP/1.1
Host: 1wtsso.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/v3/aviator-fortune-wheel?sub1=3997762a67a9db66d0396a23ad8d06f1
Cookie: __ddg1_=zX40Z7Ti7Vp7Wv754sDM
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: ddos-guard
date: Sat, 04 May 2024 14:44:44 GMT
content-type: image/svg+xml
accept-ranges: bytes
content-encoding: br
last-modified: Thu, 14 Mar 2024 14:04:39 GMT
vary: Accept-Encoding
access-control-allow-origin: *
etag: "65f303f7-b3e"
age: 4620
content-length: 1054
ddg-cache-status: HIT
X-Firefox-Spdy: h2

1wtsso.life/v3/aviator-fortune-wheel/sprites/form-sprite.svg

190.115.24.78

200 OK

972 B

URL GET HTTP/2
1wtsso.life/v3/aviator-fortune-wheel/sprites/form-sprite.svg
IP
190.115.24.78:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://1wtsso.life/v3/aviator-fortune-wheel?sub1=3997762a67a9db66d0396a23ad8d06f1
Certificate
IssuerLet's Encrypt
Subject1wtsso.life
FingerprintED:11:A9:B8:48:3F:E0:84:9D:82:E4:25:9F:C9:0D:03:D8:E4:CC:C0
ValidityFri, 19 Apr 2024 07:02:26 GMT - Thu, 18 Jul 2024 07:02:25 GMT

File type
SVG Scalable Vector Graphics image
Size
972 B (972 bytes)
Hash
5d84dacb892c665bc273d5135dab8648
3467d74a1b31fca2271e6b3359c39adde9e58c2f
05e953033ae3e658b5446465f2ac81e96fa9cc3104ace6469a18b1655bc56acf

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /v3/aviator-fortune-wheel/sprites/form-sprite.svg HTTP/1.1
Host: 1wtsso.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/v3/aviator-fortune-wheel?sub1=3997762a67a9db66d0396a23ad8d06f1
Cookie: __ddg1_=zX40Z7Ti7Vp7Wv754sDM
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: ddos-guard
date: Sat, 04 May 2024 14:44:44 GMT
content-type: image/svg+xml
accept-ranges: bytes
content-encoding: br
last-modified: Thu, 14 Mar 2024 14:04:39 GMT
vary: Accept-Encoding
access-control-allow-origin: *
etag: "65f303f7-a3e"
age: 4620
content-length: 972
ddg-cache-status: HIT
X-Firefox-Spdy: h2

1wtsso.life/v3/aviator-fortune-wheel/assets/background-body-1b46dd1b.svg

190.115.24.78

200 OK

505 B

URL GET HTTP/2
1wtsso.life/v3/aviator-fortune-wheel/assets/background-body-1b46dd1b.svg
IP
190.115.24.78:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://1wtsso.life/v3/aviator-fortune-wheel?sub1=3997762a67a9db66d0396a23ad8d06f1
Certificate
IssuerLet's Encrypt
Subject1wtsso.life
FingerprintED:11:A9:B8:48:3F:E0:84:9D:82:E4:25:9F:C9:0D:03:D8:E4:CC:C0
ValidityFri, 19 Apr 2024 07:02:26 GMT - Thu, 18 Jul 2024 07:02:25 GMT

File type
SVG Scalable Vector Graphics image
Size
505 B (505 bytes)
Hash
94d688a46e21e4ebf2e41ff85c97e3e8
680819ade7a866cc379d74c936a89c355ade091a
1b46dd1b6c113a0b15de655eae7244683b3055e38f5b9f7d90fa2f12389d6213

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /v3/aviator-fortune-wheel/assets/background-body-1b46dd1b.svg HTTP/1.1
Host: 1wtsso.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/v3/aviator-fortune-wheel/assets/index-998fd568.css
Cookie: __ddg1_=zX40Z7Ti7Vp7Wv754sDM
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: ddos-guard
date: Sat, 04 May 2024 14:44:44 GMT
content-type: image/svg+xml
accept-ranges: bytes
content-encoding: br
last-modified: Thu, 14 Mar 2024 14:04:40 GMT
vary: Accept-Encoding
access-control-allow-origin: *
etag: "65f303f8-c36"
age: 4620
content-length: 505
ddg-cache-status: HIT
X-Firefox-Spdy: h2

1wtsso.life/v3/aviator-fortune-wheel/assets/plane-background-bfe3a236.svg

190.115.24.78

200 OK

1.8 kB

URL GET HTTP/2
1wtsso.life/v3/aviator-fortune-wheel/assets/plane-background-bfe3a236.svg
IP
190.115.24.78:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://1wtsso.life/v3/aviator-fortune-wheel?sub1=3997762a67a9db66d0396a23ad8d06f1
Certificate
IssuerLet's Encrypt
Subject1wtsso.life
FingerprintED:11:A9:B8:48:3F:E0:84:9D:82:E4:25:9F:C9:0D:03:D8:E4:CC:C0
ValidityFri, 19 Apr 2024 07:02:26 GMT - Thu, 18 Jul 2024 07:02:25 GMT

File type
SVG Scalable Vector Graphics image
Size
1.8 kB (1809 bytes)
Hash
c700c17f6caf6473e6b50d4b6c7ad1b7
ceb12f486b21c00953c28554b0588cd908fde01d
bfe3a236f95d439f20c90ca6861e7c6b690b435c19a800c55942e1c74a635fbc

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /v3/aviator-fortune-wheel/assets/plane-background-bfe3a236.svg HTTP/1.1
Host: 1wtsso.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/v3/aviator-fortune-wheel/assets/index-998fd568.css
Cookie: __ddg1_=zX40Z7Ti7Vp7Wv754sDM
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: ddos-guard
date: Sat, 04 May 2024 14:45:37 GMT
content-type: image/svg+xml
accept-ranges: bytes
content-encoding: br
last-modified: Thu, 14 Mar 2024 14:04:40 GMT
vary: Accept-Encoding
access-control-allow-origin: *
etag: "65f303f8-f1f"
age: 4567
content-length: 1809
ddg-cache-status: HIT
X-Firefox-Spdy: h2

1wtsso.life/v3/aviator-fortune-wheel/assets/wheel-background-2f0830b2.svg

190.115.24.78

200 OK

130 B

URL GET HTTP/2
1wtsso.life/v3/aviator-fortune-wheel/assets/wheel-background-2f0830b2.svg
IP
190.115.24.78:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://1wtsso.life/v3/aviator-fortune-wheel?sub1=3997762a67a9db66d0396a23ad8d06f1
Certificate
IssuerLet's Encrypt
Subject1wtsso.life
FingerprintED:11:A9:B8:48:3F:E0:84:9D:82:E4:25:9F:C9:0D:03:D8:E4:CC:C0
ValidityFri, 19 Apr 2024 07:02:26 GMT - Thu, 18 Jul 2024 07:02:25 GMT

File type
SVG Scalable Vector Graphics image
Size
130 B (130 bytes)
Hash
64b88816cf1d30bdd9ae21bcf66fe7ee
9ab1b55af37f24941a622fb99fd54652ed53f011
2f0830b2331c5213c1791b534bc144b1ed0db4623bb42e6041198062eae460a2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /v3/aviator-fortune-wheel/assets/wheel-background-2f0830b2.svg HTTP/1.1
Host: 1wtsso.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/v3/aviator-fortune-wheel/assets/index-998fd568.css
Cookie: __ddg1_=zX40Z7Ti7Vp7Wv754sDM
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: ddos-guard
date: Sat, 04 May 2024 14:44:43 GMT
content-type: image/svg+xml
accept-ranges: bytes
last-modified: Thu, 14 Mar 2024 14:04:40 GMT
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: br
etag: "65f303f8-aa"
age: 4621
content-length: 130
ddg-cache-status: HIT
X-Firefox-Spdy: h2

1wtsso.life/v3/aviator-fortune-wheel/assets/Inter-Regular-f536bae0.woff2

190.115.24.78

200 OK

103 kB

URL GET HTTP/2
1wtsso.life/v3/aviator-fortune-wheel/assets/Inter-Regular-f536bae0.woff2
IP
190.115.24.78:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://1wtsso.life/v3/aviator-fortune-wheel?sub1=3997762a67a9db66d0396a23ad8d06f1
Certificate
IssuerLet's Encrypt
Subject1wtsso.life
FingerprintED:11:A9:B8:48:3F:E0:84:9D:82:E4:25:9F:C9:0D:03:D8:E4:CC:C0
ValidityFri, 19 Apr 2024 07:02:26 GMT - Thu, 18 Jul 2024 07:02:25 GMT

File type
Web Open Font Format (Version 2), TrueType, length 103152, version 3.1245
Size
103 kB (103152 bytes)
Hash
5891e05821cbf2402b6dd3f4a84cfe12
43371fc7dd74393cb3f1de7f500164b4156a7a50
f536bae011685cdeb84a3ec10450fd024d62536949d870582f4651cd47404067

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /v3/aviator-fortune-wheel/assets/Inter-Regular-f536bae0.woff2 HTTP/1.1
Host: 1wtsso.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/v3/aviator-fortune-wheel/assets/index-998fd568.css
Cookie: __ddg1_=zX40Z7Ti7Vp7Wv754sDM; visit_domain=1wtsso.life; sub_ids=sub1=3997762a67a9db66d0396a23ad8d06f1
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: ddos-guard
date: Tue, 30 Apr 2024 21:48:23 GMT
content-type: font/woff2
content-length: 103152
accept-ranges: bytes
last-modified: Thu, 14 Mar 2024 14:04:40 GMT
vary: Accept-Encoding
access-control-allow-origin: *
etag: "65f303f8-192f0"
age: 324802
ddg-cache-status: HIT
X-Firefox-Spdy: h2

1wtsso.life/v3/aviator-fortune-wheel/assets/Inter-ExtraBold-9a3b0ab4.woff2

190.115.24.78

200 OK

112 kB

URL GET HTTP/2
1wtsso.life/v3/aviator-fortune-wheel/assets/Inter-ExtraBold-9a3b0ab4.woff2
IP
190.115.24.78:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://1wtsso.life/v3/aviator-fortune-wheel?sub1=3997762a67a9db66d0396a23ad8d06f1
Certificate
IssuerLet's Encrypt
Subject1wtsso.life
FingerprintED:11:A9:B8:48:3F:E0:84:9D:82:E4:25:9F:C9:0D:03:D8:E4:CC:C0
ValidityFri, 19 Apr 2024 07:02:26 GMT - Thu, 18 Jul 2024 07:02:25 GMT

File type
Web Open Font Format (Version 2), TrueType, length 112048, version 3.1245
Size
112 kB (112048 bytes)
Hash
1cec0b5ab0d8902d2863446f33ce5b63
973753eb1254976025b41946648c53fd6907b71d
9a3b0ab41e62faadd1d744d43c783f5f66b7c58e60cfc37075f153ce4a75351e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /v3/aviator-fortune-wheel/assets/Inter-ExtraBold-9a3b0ab4.woff2 HTTP/1.1
Host: 1wtsso.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/v3/aviator-fortune-wheel/assets/index-998fd568.css
Cookie: __ddg1_=zX40Z7Ti7Vp7Wv754sDM; visit_domain=1wtsso.life; sub_ids=sub1=3997762a67a9db66d0396a23ad8d06f1
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: ddos-guard
date: Tue, 30 Apr 2024 21:26:10 GMT
content-type: font/woff2
content-length: 112048
accept-ranges: bytes
last-modified: Thu, 14 Mar 2024 14:04:40 GMT
vary: Accept-Encoding
access-control-allow-origin: *
etag: "65f303f8-1b5b0"
age: 326135
ddg-cache-status: HIT
X-Firefox-Spdy: h2

www.googletagmanager.com/gtm.js?id=GTM-KGKQDC7

142.250.74.168

200 OK

106 kB

URL GET HTTP/2
www.googletagmanager.com/gtm.js?id=GTM-KGKQDC7
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://1wtsso.life/v3/aviator-fortune-wheel?sub1=3997762a67a9db66d0396a23ad8d06f1
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE
ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (50345)
Size
106 kB (106330 bytes)
Hash
0c1443858d8b4bf5862df8e4528dded6
a64e5752d9b236df96b9d362371037a810f52c1a
de9ad9725cd37a13b39498a2f559a660d46b7a9bc86390470b23e97744808594

HTTP Headers

GET /gtm.js?id=GTM-KGKQDC7 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 04 May 2024 16:01:45 GMT
expires: Sat, 04 May 2024 16:01:45 GMT
cache-control: private, max-age=900
last-modified: Sat, 04 May 2024 15:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 106330
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

1wtsso.life/v3/aviator-fortune-wheel/assets/Inter-Bold-b5d5e626.woff2

190.115.24.78

200 OK

112 kB

URL GET HTTP/2
1wtsso.life/v3/aviator-fortune-wheel/assets/Inter-Bold-b5d5e626.woff2
IP
190.115.24.78:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://1wtsso.life/v3/aviator-fortune-wheel?sub1=3997762a67a9db66d0396a23ad8d06f1
Certificate
IssuerLet's Encrypt
Subject1wtsso.life
FingerprintED:11:A9:B8:48:3F:E0:84:9D:82:E4:25:9F:C9:0D:03:D8:E4:CC:C0
ValidityFri, 19 Apr 2024 07:02:26 GMT - Thu, 18 Jul 2024 07:02:25 GMT

File type
Web Open Font Format (Version 2), TrueType, length 111736, version 3.1245
Size
112 kB (111736 bytes)
Hash
68011c0b032270d83de4f546ce48bf57
d1e442dbf714552c132e26d55da0234d61b305ff
b5d5e626a01da63aa252c7c469046a0f31ef2c2c9c09a176213eb0e6290d83f7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /v3/aviator-fortune-wheel/assets/Inter-Bold-b5d5e626.woff2 HTTP/1.1
Host: 1wtsso.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/v3/aviator-fortune-wheel/assets/index-998fd568.css
Cookie: __ddg1_=zX40Z7Ti7Vp7Wv754sDM; visit_domain=1wtsso.life; sub_ids=sub1=3997762a67a9db66d0396a23ad8d06f1
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: ddos-guard
date: Wed, 01 May 2024 17:16:43 GMT
content-type: font/woff2
content-length: 111736
accept-ranges: bytes
etag: "65f303f8-1b478"
last-modified: Thu, 14 Mar 2024 14:04:40 GMT
vary: Accept-Encoding
access-control-allow-origin: *
age: 254702
ddg-cache-status: HIT
X-Firefox-Spdy: h2

1wtsso.life/v3/aviator-fortune-wheel/assets/Inter-Medium-aaa02aa0.woff2

190.115.24.78

200 OK

111 kB

URL GET HTTP/2
1wtsso.life/v3/aviator-fortune-wheel/assets/Inter-Medium-aaa02aa0.woff2
IP
190.115.24.78:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://1wtsso.life/v3/aviator-fortune-wheel?sub1=3997762a67a9db66d0396a23ad8d06f1
Certificate
IssuerLet's Encrypt
Subject1wtsso.life
FingerprintED:11:A9:B8:48:3F:E0:84:9D:82:E4:25:9F:C9:0D:03:D8:E4:CC:C0
ValidityFri, 19 Apr 2024 07:02:26 GMT - Thu, 18 Jul 2024 07:02:25 GMT

File type
Web Open Font Format (Version 2), TrueType, length 111192, version 3.1245
Size
111 kB (111192 bytes)
Hash
823f35a845a9dfbf9800c8a37b635269
c3064c7e34213e30493c6a972f3d66f4d145885b
aaa02aa09b0bc5bc5c57095aaa6e15bea07480136e9aab705f69886daa213325

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /v3/aviator-fortune-wheel/assets/Inter-Medium-aaa02aa0.woff2 HTTP/1.1
Host: 1wtsso.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/v3/aviator-fortune-wheel/assets/index-998fd568.css
Cookie: __ddg1_=zX40Z7Ti7Vp7Wv754sDM; visit_domain=1wtsso.life; sub_ids=sub1=3997762a67a9db66d0396a23ad8d06f1
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: ddos-guard
date: Wed, 01 May 2024 00:36:23 GMT
content-type: font/woff2
content-length: 111192
accept-ranges: bytes
last-modified: Thu, 14 Mar 2024 14:04:40 GMT
vary: Accept-Encoding
access-control-allow-origin: *
etag: "65f303f8-1b258"
age: 314723
ddg-cache-status: HIT
X-Firefox-Spdy: h2

1wtsso.life/v3/aviator-fortune-wheel/favicon/android-icon-512x512.png

190.115.24.78

200 OK

10 kB

URL GET HTTP/2
1wtsso.life/v3/aviator-fortune-wheel/favicon/android-icon-512x512.png
IP
190.115.24.78:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://1wtsso.life/v3/aviator-fortune-wheel?sub1=3997762a67a9db66d0396a23ad8d06f1
Certificate
IssuerLet's Encrypt
Subject1wtsso.life
FingerprintED:11:A9:B8:48:3F:E0:84:9D:82:E4:25:9F:C9:0D:03:D8:E4:CC:C0
ValidityFri, 19 Apr 2024 07:02:26 GMT - Thu, 18 Jul 2024 07:02:25 GMT

File type
PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced
Size
10 kB (10129 bytes)
Hash
822df36448d97877853abf2cce421ddb
be6c97c312a28bd1a458e90cdaff592e38163f5e
8707e7b56f89a25ba382128e12ba37988d4afe442f33bc3a5b34a2a04a692667

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /v3/aviator-fortune-wheel/favicon/android-icon-512x512.png HTTP/1.1
Host: 1wtsso.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/v3/aviator-fortune-wheel?sub1=3997762a67a9db66d0396a23ad8d06f1
Cookie: __ddg1_=zX40Z7Ti7Vp7Wv754sDM; visit_domain=1wtsso.life; sub_ids=sub1=3997762a67a9db66d0396a23ad8d06f1; core-sticky=http://10.233.80.55:80
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: ddos-guard
date: Sat, 04 May 2024 14:46:12 GMT
content-type: image/png
accept-ranges: bytes
content-encoding: gzip
last-modified: Thu, 14 Mar 2024 14:04:39 GMT
vary: Accept-Encoding
access-control-allow-origin: *
etag: "65f303f7-2b40"
age: 4533
content-length: 10129
ddg-cache-status: HIT
X-Firefox-Spdy: h2

1wtsso.life/v3/aviator-fortune-wheel/favicon/favicon.svg

190.115.24.78

200 OK

486 B

URL GET HTTP/2
1wtsso.life/v3/aviator-fortune-wheel/favicon/favicon.svg
IP
190.115.24.78:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://1wtsso.life/v3/aviator-fortune-wheel?sub1=3997762a67a9db66d0396a23ad8d06f1
Certificate
IssuerLet's Encrypt
Subject1wtsso.life
FingerprintED:11:A9:B8:48:3F:E0:84:9D:82:E4:25:9F:C9:0D:03:D8:E4:CC:C0
ValidityFri, 19 Apr 2024 07:02:26 GMT - Thu, 18 Jul 2024 07:02:25 GMT

File type
SVG Scalable Vector Graphics image
Size
486 B (486 bytes)
Hash
d2260239c47a557dc50312dc01cbad3f
dac1c20799be1d52a444de7c1838d4e38fc06c93
da27421d59a3829fd6292f822eed7c6b1b7a745870d6b736dc67220627d9d656

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /v3/aviator-fortune-wheel/favicon/favicon.svg HTTP/1.1
Host: 1wtsso.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/v3/aviator-fortune-wheel?sub1=3997762a67a9db66d0396a23ad8d06f1
Cookie: __ddg1_=zX40Z7Ti7Vp7Wv754sDM; visit_domain=1wtsso.life; sub_ids=sub1=3997762a67a9db66d0396a23ad8d06f1; core-sticky=http://10.233.80.55:80
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: ddos-guard
date: Sat, 04 May 2024 14:46:32 GMT
content-type: image/svg+xml
accept-ranges: bytes
content-encoding: br
last-modified: Thu, 14 Mar 2024 14:04:39 GMT
vary: Accept-Encoding
access-control-allow-origin: *
etag: "65f303f7-5b5"
age: 4513
content-length: 486
ddg-cache-status: HIT
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=AW-16482547739&l=dataLayer&cx=c

142.250.74.168

200 OK

87 kB

URL GET HTTP/3
www.googletagmanager.com/gtag/js?id=AW-16482547739&l=dataLayer&cx=c
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://1wtsso.life/v3/aviator-fortune-wheel?sub1=3997762a67a9db66d0396a23ad8d06f1
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE
ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT

File type
JavaScript source, ASCII text, with very long lines (4179)
Size
87 kB (87444 bytes)
Hash
ddeaab27f8f5b49485c0156a3f0a6b7f
dae835121e51545d54ac4bd90f499291dbaeb4cc
767ac7029ac821fb34dac1cda4dd1a9ab9626040096fb27bae3d8f38b164eed6

HTTP Headers

GET /gtag/js?id=AW-16482547739&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 04 May 2024 16:01:45 GMT
expires: Sat, 04 May 2024 16:01:45 GMT
cache-control: private, max-age=900
last-modified: Sat, 04 May 2024 15:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 87444
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.googletagmanager.com/gtag/js?id=G-548949LWLW&l=dataLayer&cx=c

142.250.74.168

200 OK

92 kB

URL GET HTTP/3
www.googletagmanager.com/gtag/js?id=G-548949LWLW&l=dataLayer&cx=c
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://1wtsso.life/v3/aviator-fortune-wheel?sub1=3997762a67a9db66d0396a23ad8d06f1
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE
ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT

File type
JavaScript source, ASCII text, with very long lines (5955)
Size
92 kB (91465 bytes)
Hash
332ca6b9a4e30af55889f808fc16b149
e9ea432020140a52ce492a629ea66cc0aa2bcc61
f41b2d88bac14f9952a3b01f567719d88b2f0ad0bf5a4cbcbc621e6c8927b79e

HTTP Headers

GET /gtag/js?id=G-548949LWLW&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 04 May 2024 16:01:45 GMT
expires: Sat, 04 May 2024 16:01:45 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 91465
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.googletagmanager.com/gtag/destination?id=DC-12688802&l=dataLayer&cx=c

142.250.74.168

200 OK

74 kB

URL GET HTTP/3
www.googletagmanager.com/gtag/destination?id=DC-12688802&l=dataLayer&cx=c
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://1wtsso.life/v3/aviator-fortune-wheel?sub1=3997762a67a9db66d0396a23ad8d06f1
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE
ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT

File type
JavaScript source, ASCII text, with very long lines (1822)
Size
74 kB (73914 bytes)
Hash
b7b4dfa2902cc45ef641e7de5db34470
c08378c1676ad5e65ec2b586c516c4662ac4ccf5
1e42f720571dfd381191c89578f572a2125cd13a4a36c108719cc8cce5f8ff41

HTTP Headers

GET /gtag/destination?id=DC-12688802&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 04 May 2024 16:01:45 GMT
expires: Sat, 04 May 2024 16:01:45 GMT
cache-control: private, max-age=900
last-modified: Sat, 04 May 2024 15:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 73914
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

1wtsso.life/affiliate:link_visit?visit_domain=1wtsso.life&sub_ids=sub1%3D3997762a67a9db66d0396a23ad8d06f1

190.115.24.78

200 OK

521 B

URL GET HTTP/2
1wtsso.life/affiliate:link_visit?visit_domain=1wtsso.life&sub_ids=sub1%3D3997762a67a9db66d0396a23ad8d06f1
IP
190.115.24.78:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://1wtsso.life/v3/aviator-fortune-wheel?sub1=3997762a67a9db66d0396a23ad8d06f1
Certificate
IssuerLet's Encrypt
Subject1wtsso.life
FingerprintED:11:A9:B8:48:3F:E0:84:9D:82:E4:25:9F:C9:0D:03:D8:E4:CC:C0
ValidityFri, 19 Apr 2024 07:02:26 GMT - Thu, 18 Jul 2024 07:02:25 GMT

File type
gzip compressed data, from Unix
Size
521 B (521 bytes)
Hash
d64839ec0b831738b1a016739717a0da
1f2471e6d615eb7677d2ac5a7bf6dcf30141394d
1c9c003546a5231355ffd1f2faa1a8a2da65cab092a46fa54ae43872ada1fe0b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /affiliate:link_visit?visit_domain=1wtsso.life&sub_ids=sub1%3D3997762a67a9db66d0396a23ad8d06f1 HTTP/1.1
Host: 1wtsso.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/v3/aviator-fortune-wheel?
Cookie: __ddg1_=zX40Z7Ti7Vp7Wv754sDM; visit_domain=1wtsso.life; sub_ids=sub1=3997762a67a9db66d0396a23ad8d06f1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: ddos-guard
date: Sat, 04 May 2024 16:01:45 GMT
content-type: application/json; charset=utf-8
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Authorization, X-Origin
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin: undefined
access-control-expose-headers: Authorization
access-control-max-age: 7200
etag: W/"25-Zj67mG54TfZ031q1ea2QwFUXWX4"
set-cookie: core-sticky=http://10.233.80.55:80; Path=/; HttpOnly
x-powered-by: Express
x-frame-options: ALLOW-FROM   ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan, ALLOW-FROM 1win-partner.com  ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2

www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-548949LWLW&cid=433977750.1714838506&gtm=45je4510v894728184z8894400803za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3lPl2l1&npa=1&z=660106282

142.250.74.163

200 OK

42 B

URL GET HTTP/2
www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-548949LWLW&cid=433977750.1714838506&gtm=45je4510v894728184z8894400803za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3lPl2l1&npa=1&z=660106282
IP
142.250.74.163:443
ASN
#15169 GOOGLE

Requested by
https://1wtsso.life/v3/aviator-fortune-wheel?sub1=3997762a67a9db66d0396a23ad8d06f1
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.no
Fingerprint7D:68:6D:B1:32:34:52:51:20:C9:53:FF:B9:B7:8F:7E:05:F9:F5:97
ValidityTue, 16 Apr 2024 04:31:00 GMT - Tue, 09 Jul 2024 04:30:59 GMT

File type
GIF image data, version 89a, 1 x 1
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-548949LWLW&cid=433977750.1714838506&gtm=45je4510v894728184z8894400803za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3lPl2l1&npa=1&z=660106282 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 04 May 2024 16:01:45 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

region1.analytics.google.com/g/collect?v=2&tid=G-548949LWLW&gtm=45je4510v894728184z8894400803za200&_p=1714838504806&_gaz=1&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=433977750.1714838506&ul=en-us&sr=1280x1024&pscdl=noapi&_s=1&dp=%2Fv3%2Faviator-fortune-wheel&sid=1714838505&sct=1&seg=0&dl=https%3A%2F%2F1wtsso.life%2Fv3%2Faviator-fortune-wheel&dt=1win&en=page_view&_fv=1&_nsi=1&_ss=1&ep.page_url=https%3A%2F%2F1wtsso.life%2Fv3%2Faviator-fortune-wheel%3F&tfd=1416

216.239.32.36

204 No Content

0 B

URL POST HTTP/2
region1.analytics.google.com/g/collect?v=2&tid=G-548949LWLW&gtm=45je4510v894728184z8894400803za200&_p=1714838504806&_gaz=1&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=433977750.1714838506&ul=en-us&sr=1280x1024&pscdl=noapi&_s=1&dp=%2Fv3%2Faviator-fortune-wheel&sid=1714838505&sct=1&seg=0&dl=https%3A%2F%2F1wtsso.life%2Fv3%2Faviator-fortune-wheel&dt=1win&en=page_view&_fv=1&_nsi=1&_ss=1&ep.page_url=https%3A%2F%2F1wtsso.life%2Fv3%2Faviator-fortune-wheel%3F&tfd=1416
IP
216.239.32.36:443
ASN
#15169 GOOGLE

Requested by
https://1wtsso.life/v3/aviator-fortune-wheel?sub1=3997762a67a9db66d0396a23ad8d06f1
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE
ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /g/collect?v=2&tid=G-548949LWLW&gtm=45je4510v894728184z8894400803za200&_p=1714838504806&_gaz=1&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=433977750.1714838506&ul=en-us&sr=1280x1024&pscdl=noapi&_s=1&dp=%2Fv3%2Faviator-fortune-wheel&sid=1714838505&sct=1&seg=0&dl=https%3A%2F%2F1wtsso.life%2Fv3%2Faviator-fortune-wheel&dt=1win&en=page_view&_fv=1&_nsi=1&_ss=1&ep.page_url=https%3A%2F%2F1wtsso.life%2Fv3%2Faviator-fortune-wheel%3F&tfd=1416 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1wtsso.life
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

HTTP/2 204 No Content
access-control-allow-origin: https://1wtsso.life
date: Sat, 04 May 2024 16:01:46 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

region1.analytics.google.com/g/collect?v=2&tid=G-548949LWLW&gtm=45je4510v894728184z8894400803za200&_p=1714838504806&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=433977750.1714838506&ul=en-us&sr=1280x1024&pscdl=noapi&_s=2&dp=%2Fv3%2Faviator-fortune-wheel&sid=1714838505&sct=1&seg=0&dl=https%3A%2F%2F1wtsso.life%2Fv3%2Faviator-fortune-wheel&dt=1win&en=(not_set)&ep.page_url=https%3A%2F%2F1wtsso.life%2Fv3%2Faviator-fortune-wheel%3F&ep.device_type=desktop&ep.platform=en&ep.os=other&ep.domain=1wtsso.life&tfd=6425

216.239.32.36

204 No Content

0 B

URL POST HTTP/3
region1.analytics.google.com/g/collect?v=2&tid=G-548949LWLW&gtm=45je4510v894728184z8894400803za200&_p=1714838504806&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=433977750.1714838506&ul=en-us&sr=1280x1024&pscdl=noapi&_s=2&dp=%2Fv3%2Faviator-fortune-wheel&sid=1714838505&sct=1&seg=0&dl=https%3A%2F%2F1wtsso.life%2Fv3%2Faviator-fortune-wheel&dt=1win&en=(not_set)&ep.page_url=https%3A%2F%2F1wtsso.life%2Fv3%2Faviator-fortune-wheel%3F&ep.device_type=desktop&ep.platform=en&ep.os=other&ep.domain=1wtsso.life&tfd=6425
IP
216.239.32.36:443
ASN
#15169 GOOGLE

Requested by
https://1wtsso.life/v3/aviator-fortune-wheel?sub1=3997762a67a9db66d0396a23ad8d06f1
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE
ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /g/collect?v=2&tid=G-548949LWLW&gtm=45je4510v894728184z8894400803za200&_p=1714838504806&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=433977750.1714838506&ul=en-us&sr=1280x1024&pscdl=noapi&_s=2&dp=%2Fv3%2Faviator-fortune-wheel&sid=1714838505&sct=1&seg=0&dl=https%3A%2F%2F1wtsso.life%2Fv3%2Faviator-fortune-wheel&dt=1win&en=(not_set)&ep.page_url=https%3A%2F%2F1wtsso.life%2Fv3%2Faviator-fortune-wheel%3F&ep.device_type=desktop&ep.platform=en&ep.os=other&ep.domain=1wtsso.life&tfd=6425 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1wtsso.life
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers

HTTP/3 204 No Content
access-control-allow-origin: https://1wtsso.life
date: Sat, 04 May 2024 16:01:51 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

1wtsso.life/v3/aviator-fortune-wheel?sub1=3997762a67a9db66d0396a23ad8d06f1

190.115.24.78

200 OK

42 kB

URL User Request GET HTTP/2
1wtsso.life/v3/aviator-fortune-wheel?sub1=3997762a67a9db66d0396a23ad8d06f1
IP
190.115.24.78:443
ASN
#59692 IQWeb FZ-LLC

Certificate
IssuerLet's Encrypt
Subject1wtsso.life
FingerprintED:11:A9:B8:48:3F:E0:84:9D:82:E4:25:9F:C9:0D:03:D8:E4:CC:C0
ValidityFri, 19 Apr 2024 07:02:26 GMT - Thu, 18 Jul 2024 07:02:25 GMT

File type

Size
42 kB (42240 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /v3/aviator-fortune-wheel?sub1=3997762a67a9db66d0396a23ad8d06f1 HTTP/1.1
Host: 1wtsso.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg1_=zX40Z7Ti7Vp7Wv754sDM; Domain=.1wtsso.life; HttpOnly; Path=/; Expires=Sun, 04-May-2025 16:01:44 GMT
date: Sat, 04 May 2024 16:01:44 GMT
content-type: text/html
accept-ranges: bytes
content-encoding: gzip
etag: "65f303f8-a500"
last-modified: Thu, 14 Mar 2024 14:04:40 GMT
vary: Accept-Encoding
access-control-allow-origin: *
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (21)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML