Report - 1wwyv.top/

Report Overview

Submitted URL
1wwyv.top/
IP
190.115.24.78
ASN
#59692 IQWeb FZ-LLC
Submitted
2024-05-10 05:45:13
Access
public
Website Title
1win
Final URL
1wwyv.top/
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
238

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
region1.analytics.google.com	unknown	1997-09-15	2022-03-17	2024-05-09	2.5 kB	1.3 kB	216.239.34.36
1win-cdn.com	unknown	2022-12-12	2022-12-12	2024-05-08	59 kB	3.7 MB	154.197.121.128
1wwyv.top	unknown	2023-12-27	2022-03-06	2024-03-24	2.8 kB	56 kB	190.115.24.78
1win.direct	unknown	2022-08-16	2022-08-16	2024-04-30	599 B	233 B	134.122.54.186
imgproxy.1win-cdn.com	unknown	2022-12-12	2022-12-22	2024-04-30	13 kB	174 kB	188.114.96.1
www.googletagmanager.com	75	2011-11-11	2013-05-22	2024-05-09	902 B	168 kB	142.250.74.168
www.google.no	25607	2001-02-26	2016-04-05	2024-05-09	591 B	578 B	142.250.74.163

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (79)

	URL	Size	First Seen	Last Seen
	1wwyv.top/	398 kB	2024-05-09	2024-05-11
Pretty URL 1wwyv.top/ IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-09 16:06:05 Last Seen2024-05-11 00:48:13 Times Seen15 Hash 5ce135d1fb50395a428a21dbebaee49c 29c8073a776474454d41b354a4d3fec3fe53ea5d ca9e79d2214654d3ecb5cfd410b65b8f4dc242dc9b46e33e143c00372adf04f1 Loading...

	1wwyv.top/	275 B	2024-05-09	2024-05-10
Pretty URL 1wwyv.top/ IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-09 05:16:26 Last Seen2024-05-10 09:38:16 Times Seen13 Hash 6013f66f4b2085b76054df9fc5e6e56e c1094a220346151b233c7aee380fe5ef9bb6e16f 698fc68e4824bdd6249aa0349a168eeaf0cc0c4172dcfdf4a953429212976a42 Loading...

	1win-cdn.com/js/62825.cf3a1caf6.js	736 B	2023-12-01	2024-05-20
Pretty URL 1win-cdn.com/js/62825.cf3a1caf6.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 05:14:32 Last Seen2024-05-20 07:56:49 Times Seen352 Hash 28e8d81ce74785fd3e402ba70f30570e ac5e4809cee47c9ac0f08221da5ab8358986d564 a7928d556c13082bd24d471ea1824a8771b146b4010e05159c35dddc32927c18 Loading...

	1win-cdn.com/js/46665.703cfe1de.js	1.0 kB	2023-12-01	2024-05-20
Pretty URL 1win-cdn.com/js/46665.703cfe1de.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 05:14:32 Last Seen2024-05-20 07:56:50 Times Seen445 Hash a8e8453b85165d96566b9b00409adb90 ba4c50613470a3fc260501bdc9fedad671c0c21b c7909ffee12406973b236af27c311a6b83d035e1b134ff32a56c918195194c1b Loading...

	1wwyv.top/core-js/3.33.3/minified.js	244 kB	2023-11-30	2024-05-20
Pretty URL 1wwyv.top/core-js/3.33.3/minified.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-30 12:06:40 Last Seen2024-05-20 07:56:49 Times Seen414 Hash 97ef15810bfd714fbb6955466693fa81 c33a9988b77ff3a02fd14874f2308ccf1739f8c4 e150f69a7ae98980592fe81f0f664c242834976066cb0fc326331d8983b63515 Loading...

	1win-cdn.com/js/10400.f146ec26b.js	10 kB	2024-04-23	2024-05-14
Pretty URL 1win-cdn.com/js/10400.f146ec26b.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-23 21:53:40 Last Seen2024-05-14 20:25:18 Times Seen110 Hash 15eac69773e4a58c28d83941ba68a74d d7a102d8e5b17065207de75d40e50e4406ff6e4a 57cf3cf3d84271aa5926a0aea38039976c7778b8cf9e182e3b1412211339994b Loading...

	1win-cdn.com/js/88971.a170f9f22.js	529 B	2023-12-01	2024-05-20
Pretty URL 1win-cdn.com/js/88971.a170f9f22.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 05:14:32 Last Seen2024-05-20 07:56:49 Times Seen319 Hash 88e4f6d7cb0faf6b16c158636a8553bf 357a27adf1b5615ee1897f13e0de0344254d9bea ad7459bd9492984b70993c16807c05a1b962c1e366d793cdd5646259f02b34c2 Loading...

	1win-cdn.com/js/46719.c1d2eb9c5.js	527 B	2023-12-01	2024-05-20
Pretty URL 1win-cdn.com/js/46719.c1d2eb9c5.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 05:14:33 Last Seen2024-05-20 07:56:49 Times Seen326 Hash 4aed1e3e32871424dc1c549529ea26b8 1d2f8b2c24659b65a6c8fd249b156d8f668d46fa 579590204e7c01d12d85ed9d70750b3260a0212c70a9fdb264bce2a83449721a Loading...

	1wwyv.top/	25 B	2023-07-19	2024-05-20
Pretty URL 1wwyv.top/ IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-07-19 21:15:56 Last Seen2024-05-20 07:56:49 Times Seen806 Hash 2a9c68b4e7022ff8ab044251b6be11b0 6ca1d5c1984d89a849b7aafd0cc76b1efe8d77dc 6cfd8751a565c9e7d402eaa68a6d30afdf9967813d60cc28d655578e1bec7b9c Loading...

	1win-cdn.com/js/32005.5701eb106.js	9.3 kB	2024-05-07	2024-05-20
Pretty URL 1win-cdn.com/js/32005.5701eb106.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-07 21:14:52 Last Seen2024-05-20 07:56:49 Times Seen57 Hash 1fefe270c6ad1d582d8d3a9b5e0f4ba5 f40d1b45cd1b557e0dc683049f1476dd1b43993d 07e6355d73ec40ac0c272dd48e0679af4edf782cae6c0b5c9c9c2cbbf585e9ba Loading...

	1win-cdn.com/js/58988.1061f60b1.js	58 kB	2024-05-07	2024-05-14
Pretty URL 1win-cdn.com/js/58988.1061f60b1.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-07 21:14:53 Last Seen2024-05-14 20:25:16 Times Seen29 Hash 00a0e92fe0516c2348f0d32d0f24e188 ae4c653dc67c0d7f603c2211595dca6b3428dd52 e3fb67b98f4011aeea175d52497fe529b2a1e9df2666dd000b28fa8942950f47 Loading...

	1win-cdn.com/js/62692.9dadb7398.js	847 B	2023-12-01	2024-05-20
Pretty URL 1win-cdn.com/js/62692.9dadb7398.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 05:14:33 Last Seen2024-05-20 07:56:49 Times Seen454 Hash 9afe6681b5ea10a8c7663a970eeafd54 1e3dafa83d751066892246ba0fbc85966e83fcb2 a31e32a08b75b8ee000531454e3e63f3814ab6cb885e9f0434fe426bbcbc87e7 Loading...

	1win-cdn.com/js/28852.501b5fba6.js	906 B	2023-12-01	2024-05-20
Pretty URL 1win-cdn.com/js/28852.501b5fba6.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 05:14:32 Last Seen2024-05-20 07:56:49 Times Seen450 Hash 8c454f4f9b542fe39f23206bc649d0ad 5c87d1e9b3f6f05694adea0524cd5c421222b368 429057a98cbc1fc117e33580ec952a3b52377602b06e702e1099b11891183cf9 Loading...

	unknown	316 B	2024-04-18	2024-05-16
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-18 07:36:04 Last Seen2024-05-16 16:24:10 Times Seen117 Hash 51e2b24c7620b63ffea046457fbc4af5 d9bcd9eb3b1a690e47f50fa5ba6383b3bc53b1a6 147b62c7a4294c2c35bc4030c5fd6ad0601b851f35879596b29e4215a3d63cc6 Loading...

	unknown	320 B	2024-04-18	2024-05-16
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-18 07:36:05 Last Seen2024-05-16 16:24:10 Times Seen117 Hash b2cb4c2391077a9866f15278e2f22e28 b3c7c896176736a5c7964d09571b1d3db0a26a11 52ba3ec64c619c6ff3388e641a53b7e58ca9e9d92fab48f4da1128a3dba9de15 Loading...

	www.googletagmanager.com/gtag/js?id=AW-16482547739&l=dataLayer&cx=c	260 kB	2024-05-10	2024-05-10
Pretty URL www.googletagmanager.com/gtag/js?id=AW-16482547739&l=dataLayer&cx=c IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-10 07:45:18 Last Seen2024-05-10 07:54:42 Times Seen3 Hash e87f891fef299c1dc131b904e9c8271a 4792c0e3d454d953921d5f8aa40d42faa5845ccf 5c7476821fccec6ab0fcabcb4505c5990d33ddb6cb1485ddf09d73da21d65d0e Loading...

	1win-cdn.com/js/20420.30b3c996e.js	573 B	2023-12-01	2024-05-20
Pretty URL 1win-cdn.com/js/20420.30b3c996e.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 05:14:32 Last Seen2024-05-20 07:56:49 Times Seen445 Hash f5d89fb15e17f73b8c6bf23ec49acf32 451fa7acd3e8f232c6d8e5a9e2685226771fbb41 a763f290f9b6982825ca91925709d7ba82ca508514f91786fa29c44b4afa763a Loading...

	1wwyv.top/	5.0 kB	2024-05-03	2024-05-20
Pretty URL 1wwyv.top/ IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-03 19:30:53 Last Seen2024-05-20 07:56:49 Times Seen72 Hash bfbec13abf687324d384873ac418bc73 f6058c01634ffc9a756dba5352b5044daf1df6a7 5f1f26b2b510665b395d61f61237b2a5d562554a423aa9fe4075ddb021b448ed Loading...

	1wwyv.top/	87 B	2023-07-19	2024-05-20
Pretty URL 1wwyv.top/ IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-07-19 21:15:56 Last Seen2024-05-20 07:56:49 Times Seen810 Hash 3795446a4317a989b0632a668bb1a334 56d14bb87a67b3ceb620bb61633db5e43099bd33 d28b1d0dcd44e2fdbb9ed061c9c7f5e0e0595e93b092464d38d76e335de3aed5 Loading...

	1wwyv.top/firebase/8.1.1/firebase-app.js	20 kB	2023-03-07	2024-05-20
Pretty URL 1wwyv.top/firebase/8.1.1/firebase-app.js IP 190.115.24.78 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:45:05 Last Seen2024-05-20 07:56:50 Times Seen2209 Hash 5b9dcee25dd464bbf914b48e05e770c7 3f4e99ad6ce1fb6eb6be51dbd50ffab375eb0533 01a87f9f8138f66274cfedb855c0bfbe1529600a65ed26b0c863533e1e94abce Loading...

	unknown	456 B	2024-04-18	2024-05-20
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-18 07:36:05 Last Seen2024-05-20 07:56:50 Times Seen121 Hash e52b0f59624f8e74a8b3057ff5435c61 2751ea57dea85000a4310b8ce1ed42f128e15669 59024c214314c5b5bf32ca19d50e94e1bdd916c1876a2c3b982dc22bffa98340 Loading...

	unknown	187 B	2024-05-08	2024-05-20
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 16:32:30 Last Seen2024-05-20 10:09:38 Times Seen65 Hash c62663da65566d7648acad86d0716e74 04d1b6a0920e85c0ccb506bc2041716e881bff25 0c8c5787dccbe2d8b1b5a935a773c631ec8785dbdde7e3c24fa3e130c234bfe9 Loading...

	1win-cdn.com/js/icons-pack-payment-full.c748a9e6d.js	121 kB	2024-04-13	2024-05-16
Pretty URL 1win-cdn.com/js/icons-pack-payment-full.c748a9e6d.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-13 04:19:49 Last Seen2024-05-16 16:24:12 Times Seen183 Hash 3db61399d0d4c57b17b5a337d59e3f0e 9312e9b832f7c0cc755c7c8b867986babdac8628 876516cc68bca8bef6cc55a91e8f13c040dfd4d63be038326fcc515eb22ad026 Loading...

	1win-cdn.com/js/desktop.b9c515d35.js	136 kB	2024-05-08	2024-05-12
Pretty URL 1win-cdn.com/js/desktop.b9c515d35.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 16:32:30 Last Seen2024-05-12 12:19:03 Times Seen45 Hash d7a9ad8bd4dcb4009607dc52a7e3f3d9 3b3035ec2737cd847dc6b3805a0b192f387ffb7a 67526207ef6c971e8c9df978a52cd85959aecc4a66f3e6400fb1b0afc669f9f3 Loading...

	1win-cdn.com/js/48430.9af74daeb.js	1.2 kB	2023-12-01	2024-05-20
Pretty URL 1win-cdn.com/js/48430.9af74daeb.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 05:14:32 Last Seen2024-05-20 07:56:50 Times Seen453 Hash 1ff7975a9909675793b03da1294f9681 04198fea02ca2f61451191a0916f7a3b87967bfa 06b058e9e4542070b7052f3cdb79599a4353b89529357a5a4df7258c3b1656bc Loading...

	www.googletagmanager.com/gtm.js?id=GTM-KGKQDC7	373 kB	2024-05-10	2024-05-10
Pretty URL www.googletagmanager.com/gtm.js?id=GTM-KGKQDC7 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-10 07:45:18 Last Seen2024-05-10 07:45:18 Times Seen1 Hash 52961b126948e45bc89437cbcb1bfc2c 04cfc21f179da7c8899c49f90023777817189f2d 146bfe75ac3d3bfc63952ab503c774c2f5b2d038813e1dbc6cbf48f6fe05f02e Loading...

	unknown	351 B	2023-10-25	2024-05-16
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-25 01:40:40 Last Seen2024-05-16 16:24:10 Times Seen127 Hash 50725e8bd51942770349d377e402887e 6fc749ca36fea5616e06fad9c3d730b40501ef97 480c402fbf1153a0a745e8cd392330a938c972ee0302364e3a252fd90c58f719 Loading...

	www.googletagmanager.com/gtag/destination?id=DC-12688802&l=dataLayer&cx=c	204 kB	2024-05-10	2024-05-10
Pretty URL www.googletagmanager.com/gtag/destination?id=DC-12688802&l=dataLayer&cx=c IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-10 07:45:18 Last Seen2024-05-10 07:45:19 Times Seen2 Hash 09241348ecef7327722125c713977a10 1dbdeb3e0f3de054c3ddc8ef45092f81c3a90203 265ab0c2bb5e21407f28e83e99a27b5b56157b643cf6c3e35773c090595deb92 Loading...

	1wwyv.top/	524 B	2023-10-13	2024-05-20
Pretty URL 1wwyv.top/ IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-10-13 04:25:36 Last Seen2024-05-20 07:56:49 Times Seen654 Hash 1cba076a7bc43f6c027239039206c8e3 b51a0930ec4aa4c5317c4771ade558fadec24239 c716ec7c8a8774ae64a4dc26521542f54ab78b436008474e797b7136299c9407 Loading...

	1wwyv.top/	113 B	2024-05-09	2024-05-10
Pretty URL 1wwyv.top/ IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-09 05:16:26 Last Seen2024-05-10 09:38:17 Times Seen13 Hash 1ba36f0baa4e3caaf604ab00917cf2dc 04959b5e9107008e8d1f5272a3d90de23c196944 94bf1461d85fa937b24224f63a41889cd5515481b77cf65abe86d069d53d1f15 Loading...

	1win-cdn.com/js/745.e45080fd0.js	24 kB	2024-05-08	2024-05-16
Pretty URL 1win-cdn.com/js/745.e45080fd0.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 16:32:30 Last Seen2024-05-16 16:24:09 Times Seen36 Hash 35ecce18a88d19d86d2476cc0cb2cbc2 a150377fa230410a3ea30a4e45fb8cdc419ff807 2acdfd21589d8e628e58753c311dccbaab4380b8fcbf903b67b2f8f7ffdc6369 Loading...

	1win-cdn.com/js/35967.a72ac7974.js	958 B	2023-12-01	2024-05-20
Pretty URL 1win-cdn.com/js/35967.a72ac7974.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 05:14:33 Last Seen2024-05-20 07:56:49 Times Seen337 Hash 9806bcc449ce96d93fe65bcffdc05c40 1a041edc174e43e94299ee18ebdb25b7b49b3036 56aec7b45747b8a8d71302ffa3af8d1f05dda5ae85e3dcc26905549c63c251a6 Loading...

	1win-cdn.com/js/58258.98332d90c.js	2.7 kB	2023-12-01	2024-05-20
Pretty URL 1win-cdn.com/js/58258.98332d90c.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 05:14:32 Last Seen2024-05-20 07:56:50 Times Seen331 Hash 429e788491131cf7a26b1e1b4b80ee2e f03316b5749e994f600acf4730886b5be0d136f8 30993561b31b29a22b8b7e999f66952c341241534c5494303bcb8bc07b5ad3e3 Loading...

	1win-cdn.com/js/8653.ed7806659.js	952 B	2023-12-01	2024-05-20
Pretty URL 1win-cdn.com/js/8653.ed7806659.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 05:14:32 Last Seen2024-05-20 07:56:49 Times Seen343 Hash 6cb37362c9f47f9da06554dee435ff92 e34a75d99c356fe77ecca00e4bf6ce46fbe51e6c 8c951bf88d9566dc954964f5498e4acc49f3080391c11c96500964f87ddf701d Loading...

	unknown	421 B	2023-03-12	2024-05-20
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 20:22:06 Last Seen2024-05-20 10:09:38 Times Seen1493 Hash dc37ec839376756d26f9c8925e173ac0 c7aff54b91a363e452e3338b3cf8441b3a82cbbb f139f19f43bcda296441234e4cb82550d94bde81758de7cf37bfe55df1c96717 Loading...

	unknown	199 B	2024-05-08	2024-05-16
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 16:32:30 Last Seen2024-05-16 16:24:10 Times Seen54 Hash d91a91e2c91fb9b3214b286dde6c2689 9cd4256b11ab7cb5ed893a7be05447a6711c6ceb 3499d3874e9e3c424d57e6cc448c7d42a37a6b3cb28699a6ef2c70a9caf27e0f Loading...

	1win-cdn.com/js/78449.1776bac9f.js	786 B	2023-12-01	2024-05-20
Pretty URL 1win-cdn.com/js/78449.1776bac9f.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 05:14:33 Last Seen2024-05-20 07:56:49 Times Seen458 Hash c9e05b247ec4862225558c72b113350d 7708f2815c38e06b3f5ed4e9c6c98622b69e3f4a ba979bcf79cb56027207dfba2cb71ac9b41ad1f38b55a0977f72091dddaa6486 Loading...

	1wwyv.top/	168 B	2023-12-28	2024-05-20
Pretty URL 1wwyv.top/ IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-12-28 18:15:05 Last Seen2024-05-20 07:56:50 Times Seen320 Hash 457845cec6d736fd4ef36c7ef4b151f2 07936d0ba74365a8800c77fef3fb1407ec380ce5 bdb9495702f089c6d0a6d88e2e925a54c5ed3bb903835340562ce54d54dbd7e1 Loading...

	1win-cdn.com/js/63502.d79807f7c.js	135 kB	2024-05-02	2024-05-14
Pretty URL 1win-cdn.com/js/63502.d79807f7c.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 14:26:19 Last Seen2024-05-14 20:25:15 Times Seen95 Hash a96e8f77207eb314deed6396463ffefa 2aa9286dba017fbcf9ff859e59b5a051cdfd73c7 227d6d7911161549ffd703d7ee317ba6994b18b40241ecfd5873768851bb5e4c Loading...

	1win-cdn.com/js/86359.48c462178.js	634 B	2023-12-01	2024-05-20
Pretty URL 1win-cdn.com/js/86359.48c462178.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 05:14:33 Last Seen2024-05-20 07:56:49 Times Seen440 Hash a9c94358d9375f9d5d2475ee6c117033 ab71f0dfde4e0ea9e5a78c68934867a868f36a8a f4a61473edf04efa0863e90c136ec67d5fcb0f78eae6a2cecdb477669c06033c Loading...

	1win-cdn.com/js/8726.6a357273b.js	664 B	2023-12-01	2024-05-20
Pretty URL 1win-cdn.com/js/8726.6a357273b.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 05:14:32 Last Seen2024-05-20 07:56:49 Times Seen431 Hash d3791eaee8c4e61b0a5a83f911a88cee 1f439da3d55903466d31fb89708dac067916c057 c9810fa2298b1f0e1df7375b8259ba26174bb1a3d71cd5e33e2a584557179620 Loading...

	1win-cdn.com/js/1279.7681fe15f.js	911 B	2023-12-01	2024-05-20
Pretty URL 1win-cdn.com/js/1279.7681fe15f.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 05:14:32 Last Seen2024-05-20 07:56:49 Times Seen453 Hash 28141e290f6ef740409a896799581b45 68034ac9fe2c0e71bb8ccc868540963adf4ebc7f b563de728f7ad9022ef94968360931749d32898f02f524b66a73c2630126f4a3 Loading...

	www.googletagmanager.com/gtag/js?id=G-548949LWLW&l=dataLayer&cx=c	266 kB	2024-05-10	2024-05-10
Pretty URL www.googletagmanager.com/gtag/js?id=G-548949LWLW&l=dataLayer&cx=c IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-10 07:45:18 Last Seen2024-05-10 07:54:42 Times Seen3 Hash 948ff24e5a85379d9d34e29e415f98b2 f29b5f738a3783fb67985584089343f1e77a1643 d0814cbd523b2ee1a109a1228e83801bb13a70d2d584b1b508117aecf64f6a49 Loading...

	1wwyv.top/	4.2 kB	2024-03-30	2024-05-20
Pretty URL 1wwyv.top/ IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2024-03-30 16:44:18 Last Seen2024-05-20 07:56:50 Times Seen136 Hash f03d5c5d4651c5185cf95e29770acbf4 d228cd1a34da6c7d7a6fc2c3b3691d3578bd92f4 5ba081585bdcc91f38ed16b0cbdbf9dbfb3aef0886a4afa935f0a08ddf467088 Loading...

	1win-cdn.com/js/37061.57ea53f4c.js	25 kB	2024-04-26	2024-05-20
Pretty URL 1win-cdn.com/js/37061.57ea53f4c.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 23:59:52 Last Seen2024-05-20 07:56:50 Times Seen124 Hash de6e0b19135b6714ea2184522788b0cb 0ef4cc5a6d0f2da9e4f29efdeef574fc55e04242 43ffcac2b1cb66acc051e53facf49692a2dbeca50e872059c1135f0fb39867aa Loading...

	unknown	320 B	2024-05-07	2024-05-16
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-07 21:14:53 Last Seen2024-05-16 16:24:10 Times Seen51 Hash 4a3cee776b59bbcab837381d996ca47b 7117afc5c4f794658c2749d78bc3ec121b9cca02 ab0398c10ed50c9ddc450035ddbb1a62aef3bce3816ee9fdfec26ae40d949a14 Loading...

	1win-cdn.com/js/21758.b3eaa9414.js	415 kB	2024-05-09	2024-05-10
Pretty URL 1win-cdn.com/js/21758.b3eaa9414.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-09 05:16:26 Last Seen2024-05-10 09:38:17 Times Seen14 Hash 1419b97e561b995be2e28a1b97541d01 8524ac34163ce7a4f68ea2cea6ea552f48b23140 fc70becd82934a258ba4cf139a5e54751ad9ed071a37b6225b891ca46973a3ef Loading...

	1win-cdn.com/js/57652.297e4ecc2.js	647 B	2023-12-01	2024-05-20
Pretty URL 1win-cdn.com/js/57652.297e4ecc2.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 05:14:32 Last Seen2024-05-20 07:56:50 Times Seen448 Hash 216ec24dc6b69039aa6f2ffe247e3d23 a699b435adab6e2d4e00853d5bb26ecc4e3599dc b3448f22c1183376e60f5959e8eeb55db3157f8ce74e60e72cb8b3b0db97ea50 Loading...

	1win-cdn.com/js/41543.9ecf6875c.js	695 B	2023-12-01	2024-05-20
Pretty URL 1win-cdn.com/js/41543.9ecf6875c.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 05:14:32 Last Seen2024-05-20 07:56:50 Times Seen349 Hash 48813f2325a439cb966c5096fc8a810a fb44ed9fb85edbd34701708c1fa10cfaa3f07bcd de64ce06fbb042ecead3cf7684326db4f0c50ac26ba91a99d3399f7de24f6ded Loading...

	unknown	320 B	2024-04-18	2024-05-16
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-18 07:36:05 Last Seen2024-05-16 16:24:11 Times Seen116 Hash 604b6a04bbd64c0897092ed7e30023bd 135732431cb91633a7fd90695a1ed085247b9564 02ddf8ff988206010b70dd08d64c44f99fbb459d3ae4cf60e41ded1cf1a995a0 Loading...

	1win-cdn.com/js/57460.093f52cba.js	438 B	2023-12-01	2024-05-20
Pretty URL 1win-cdn.com/js/57460.093f52cba.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 05:14:32 Last Seen2024-05-20 07:56:49 Times Seen438 Hash 3940ad901c872d13b3f221d5d1753c90 d9543432f353b875d90ba22a0fe5d7edf3870d12 ffea5f4a3b9b89527a8eaa3be89086ffcb058b987b84dd614f314ec461a7b601 Loading...

	1wwyv.top/	4.9 kB	2024-01-25	2024-05-20
Pretty URL 1wwyv.top/ IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2024-01-25 13:18:38 Last Seen2024-05-20 07:56:50 Times Seen240 Hash e39e4e132bab588b54ac8c01ee1cb792 507d529821627dea59889e1d2557482357d13902 26314cf2ae26676e29acce35b798159216131c0d472c11651870d02526f9d210 Loading...

	1wwyv.top/	482 B	2024-03-30	2024-05-20
Pretty URL 1wwyv.top/ IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2024-03-30 16:44:18 Last Seen2024-05-20 07:56:50 Times Seen135 Hash bc24bbddaf09063aa5f8250aaa64f3d8 293f3dc4dff618fa2ce2cffd58b484ff36b79d63 464c0d2eb75f1905f967d1fc1a4809f063a3085f56f76d231234d78bb28d698f Loading...

	1win-cdn.com/js/chunk-common.1cc012ae5.js	192 kB	2024-05-09	2024-05-12
Pretty URL 1win-cdn.com/js/chunk-common.1cc012ae5.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-09 05:16:25 Last Seen2024-05-12 12:19:03 Times Seen22 Hash b86572bd8c7a82bf388addaa1f5ee949 1d76ebb0bf015da6a366db97177e45c17dde3d8b 6d72e797e9fdad870d7831640a9b1847d2686a398eb07502afc3b2090b7ffef3 Loading...

	unknown	409 B	2023-03-10	2024-05-20
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 00:21:10 Last Seen2024-05-20 10:09:38 Times Seen1493 Hash efc54365d1ba6c4fb4bdf7ea1996bdbd 9f89f3485cd56eac910d9c0d6f9bd3b201074e24 da89215c040a91b80faf28d6030c58dab9d599794ef9bd1feba0fb01c621cf40 Loading...

	1win-cdn.com/js/icons-pack-casino.fd47961dc.js	91 kB	2023-12-01	2024-05-20
Pretty URL 1win-cdn.com/js/icons-pack-casino.fd47961dc.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 05:14:32 Last Seen2024-05-20 07:56:51 Times Seen756 Hash caf103b3719cd36e18dd18439deac2fe b2e498d23c374abbc8ccd46f2ca03cb2bb2f41a3 4b280d2612a827e6604aef233c91cfd79b359a47065c728a350d0646c5c8a68c Loading...

	unknown	351 B	2024-05-07	2024-05-16
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-07 21:14:53 Last Seen2024-05-16 16:24:10 Times Seen50 Hash 854bbeef4da4e7f355ea80cd06cbb31d 45545b24df55eea5636382d66a348963a537d0d4 c66f458f84b04a73b2c8df2238388d0241f720405d8347bb7c0286a9c6ad22e9 Loading...

	1win-cdn.com/js/18860.cc0fd1e0e.js	28 kB	2024-04-18	2024-05-20
Pretty URL 1win-cdn.com/js/18860.cc0fd1e0e.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-18 07:36:04 Last Seen2024-05-20 07:56:51 Times Seen211 Hash 4b143001b05330bb316fe6b48531dbb6 ffa1e8fc89a58cf47350481057028603fe7fff91 d2384a77cb70880903f3d1b81d47cdaf69af5bfb006fd23fb938c512ee2f486e Loading...

	1win-cdn.com/js/44101.cd5168bbb.js	33 kB	2024-04-24	2024-05-20
Pretty URL 1win-cdn.com/js/44101.cd5168bbb.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 21:28:59 Last Seen2024-05-20 07:56:51 Times Seen146 Hash 64fb718df447a3a994dcc6f6030b0488 6d312ce281fb912b3ff51e28e46239d55a7b7e8c fa3e3d09282ece932ecf45ea31c7f6bf3fea37d414070c6bcd8c01f466f4c932 Loading...

	1win-cdn.com/js/39061.47d3b467c.js	92 kB	2024-04-18	2024-05-14
Pretty URL 1win-cdn.com/js/39061.47d3b467c.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-18 07:36:05 Last Seen2024-05-14 08:17:26 Times Seen103 Hash 83d4506e6f678aff3759f690c86c3f13 8419680dd653fa9af4ac1c81de16cd11e312ad66 9f7b5ebb4189e668f5f375ff48dc4821fffacf9b3881159702486e689c87cd72 Loading...

	1win-cdn.com/js/91217.fc8dbcaea.js	828 B	2023-12-01	2024-05-20
Pretty URL 1win-cdn.com/js/91217.fc8dbcaea.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 05:14:32 Last Seen2024-05-20 07:56:50 Times Seen450 Hash ba2b6cee07a00d456f358cd9e2bf7ffc 77c0332cc2baee5b4783b7c60294284222603a97 d071f74f942a98bf42fb73282a6a91ffaf9eeb116dd49dd0900ffc396d537704 Loading...

	1win-cdn.com/js/38209.ce0dbb534.js	1.3 kB	2024-02-20	2024-05-20
Pretty URL 1win-cdn.com/js/38209.ce0dbb534.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-02-20 22:52:49 Last Seen2024-05-20 07:56:50 Times Seen174 Hash 72f73ddb269d565042120562c1ec0c63 36b9b7c3b8838355aae56c42478bdfa61f5250dd b333e8bd20e8f594718ef1c195192747680b0842c347179cf6ca55c81178a006 Loading...

	1win-cdn.com/js/33700.8f8589382.js	992 B	2023-12-01	2024-05-20
Pretty URL 1win-cdn.com/js/33700.8f8589382.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 05:14:32 Last Seen2024-05-20 07:56:49 Times Seen438 Hash cca468f1fe1bebf60fb88dadcdb78142 a7c820f160c6a07b014972f8aa63e9b38f6b7ec3 0093434135f55115e84e92ac20ecc0af0ff6f9e200cc6cedbbb9d52c3504d678 Loading...

	1win-cdn.com/js/31310.c605a9b9f.js	528 B	2023-12-01	2024-05-20
Pretty URL 1win-cdn.com/js/31310.c605a9b9f.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 05:14:32 Last Seen2024-05-20 07:56:49 Times Seen455 Hash a81a1029c765d56df809940586f5ebf2 0af374464f6a4ad7af03cbe18ade0125c6b9fbc7 441aab7f91c07adfafb38da23b57e3787bf49c465f11afbf282a0825edec500f Loading...

	1win-cdn.com/js/57552.ee60d28a1.js	75 kB	2024-04-24	2024-05-20
Pretty URL 1win-cdn.com/js/57552.ee60d28a1.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 21:28:58 Last Seen2024-05-20 07:56:51 Times Seen128 Hash 3640868f35b73089eee8ce1f80955ad1 80e813108a8b082c210e8139451264d1e45bf4be a1f29c8068358d69428bf58353a89d61180a115876810909ca98e9268fac09ff Loading...

	1win-cdn.com/js/icons-pack-home.d21abec30.js	19 kB	2023-12-01	2024-05-20
Pretty URL 1win-cdn.com/js/icons-pack-home.d21abec30.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 05:14:32 Last Seen2024-05-20 07:56:51 Times Seen528 Hash 325c4a59d9bc91d434baa4a7563c38b4 070a43d12a678b20daf2851076340bf4b595d5ff da9eec33115c64c998ab64b58d507a763696e716f0573c9dab499e978e599edf Loading...

	unknown	347 B	2023-06-26	2024-05-16
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-06-26 22:52:58 Last Seen2024-05-16 16:24:11 Times Seen904 Hash 150b71f7dde92027aee8fc8db2fcd0b3 faf9f0f6c34b25828fd97f37fa6b88152e55580d e9f6609639ac5f436c82395dfd4f3b3050e9140ad66b83ab152c5c829234406b Loading...

	unknown	351 B	2024-04-18	2024-05-16
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-18 07:36:06 Last Seen2024-05-16 16:24:10 Times Seen117 Hash 003a98f80ebb1ce49eec0dc541b1f6cc b2e5d2f6337980e0706fd4f3b5934312ebb1126d 49340d31db7e883167a7e4feb1636ee431aca49bd18316d9842b82b43776a454 Loading...

	1wwyv.top/firebase/8.1.1/firebase-messaging.js	41 kB	2023-03-07	2024-05-20
Pretty URL 1wwyv.top/firebase/8.1.1/firebase-messaging.js IP 190.115.24.78 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:45:05 Last Seen2024-05-20 07:56:50 Times Seen2216 Hash 450e8b32262706d42cfdd438c49208f5 31c7e4aac1d1303c1e83a0b591abc3501e278668 58a372bb9d424111a2e73c427edb10db91c0f05e8f323f046d20f5cf8fd6f30f Loading...

	1wwyv.top/	270 B	2024-03-30	2024-05-20
Pretty URL 1wwyv.top/ IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2024-03-30 16:44:19 Last Seen2024-05-20 07:56:50 Times Seen132 Hash 289bc12eac8d1333c742852d93dd0e77 931edfd193daa1e31e14e475d0dd467e66a33e19 87cc625c5c98e7a5971dace6ce6fc444053dd92da11a36c62ee5ed3c6f56fcb6 Loading...

	1win-cdn.com/js/chunk-vendors.84f8d8042.js	244 kB	2024-04-26	2024-05-20
Pretty URL 1win-cdn.com/js/chunk-vendors.84f8d8042.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 04:23:34 Last Seen2024-05-20 07:56:51 Times Seen147 Hash bf6401b0dfe9edb44c1316084aec2571 f8be08eb40e34c5fc52836f090309c15946a5246 d40dcf0986210c131bef533a944dc9ca304425090c57c650b590409aa1162c47 Loading...

	1win-cdn.com/js/index.65b27e7dc.js	201 kB	2024-05-09	2024-05-10
Pretty URL 1win-cdn.com/js/index.65b27e7dc.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-09 05:16:26 Last Seen2024-05-10 09:38:17 Times Seen13 Hash 2c4bc49f117c3c0c36cda488a7e8ae59 63fd50e4f5f60c5695a7ef70496370b0d5283b7f c1037e0c7f805131db5a2057c9bb85749722f1f5143bd23d9061387ad3f67e90 Loading...

	1win-cdn.com/js/48357.2f661a8c9.js	9.6 kB	2024-04-26	2024-05-20
Pretty URL 1win-cdn.com/js/48357.2f661a8c9.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 17:36:09 Last Seen2024-05-20 07:56:49 Times Seen70 Hash 6427c264e7bcd06afdffbb01534234c3 fc59a1bdce2fb3714732cdaa9ade074fc83e6136 2ce78d8f281221794ac114e49290c0b3e24a5d9cfb18b96f0f47c105747147bd Loading...

	1win-cdn.com/js/54591.6225c61c0.js	8.4 kB	2024-04-24	2024-05-14
Pretty URL 1win-cdn.com/js/54591.6225c61c0.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 21:28:58 Last Seen2024-05-14 20:25:15 Times Seen63 Hash cd9b599cb5d9c7f7fa861c205c7659f5 ed2725067adaac8ab0ddffd9693e58e62f4155dd 935727da6ceae568c8cb49e0512bc748bb872607fded637adc8b5f78f66df35e Loading...

	1win-cdn.com/js/91635.a2db5f817.js	748 B	2023-12-01	2024-05-20
Pretty URL 1win-cdn.com/js/91635.a2db5f817.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 05:14:32 Last Seen2024-05-20 07:56:50 Times Seen447 Hash e51646e9aa8ede0120c324fc7f1b980c d15bed4653a73a03424bc09e7746ad922a01579c 902ca682d52d4ae2808e187bbae9b7128712d732d7d5eda4cf1bad017d4f9521 Loading...

	1win-cdn.com/js/90511.4bc374431.js	637 B	2023-12-01	2024-05-20
Pretty URL 1win-cdn.com/js/90511.4bc374431.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 05:14:32 Last Seen2024-05-20 07:56:49 Times Seen451 Hash 453f1fb8f8c37b6c5c54c40e87dd038b d91d34e4b68e63be767a3ce9cd34eaa3dd41172d 52fd79478fc6b3e236a696d22135ed0c09100b9e25ff9bf93fca315d9d4ba1de Loading...

	unknown	562 B	2023-10-13	2024-05-20
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-13 04:25:37 Last Seen2024-05-20 07:56:49 Times Seen651 Hash e35abe00e44b33a732fe04616d6d661a 9031f203ada1d67c9757e77d999b4b7f14fa708b e4c05446119bc3a162949df6dbac62fb9dd051be503964869331860255ae16f0 Loading...

	1win-cdn.com/js/icons-pack-social.4455053b1.js	26 kB	2024-04-24	2024-05-20
Pretty URL 1win-cdn.com/js/icons-pack-social.4455053b1.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 21:28:58 Last Seen2024-05-20 07:56:51 Times Seen122 Hash 1b14185591d9bcf20bd451f8e80432b5 b234f9245842f8270f24b137798dab716dca4f96 8fe516d4373eef98060bd7bd9a38c40915c5628bd90429ee567feeb3ff5e3bcb Loading...

		Size	First Seen	Last Seen
	#1 Eval - 0bf001dcdb310567c52654a935c4f92a	80 B	2023-03-26	2024-05-20
Pretty Observations First Seen2023-03-26 10:50:54 Last Seen2024-05-20 10:09:38 Times Seen826 Hash 0bf001dcdb310567c52654a935c4f92a fddc3d16a5af259bcfa6b87a02bde4e3bcdc7109 a3b73a3b1e36d2bfad6fe9530c9c943f28a99cbe84d0674b555d14c3ae26c780 Loading...

HTTP Transactions (130)

URL IP Response Size

1win-cdn.com/font/SFNSDisplay-latin.50a4eaff3.woff2

154.197.121.128

33 kB

URL
1win-cdn.com/font/SFNSDisplay-latin.50a4eaff3.woff2
IP
154.197.121.128:0
ASN
#328608 Africa-on-Cloud-AS

File type
Web Open Font Format (Version 2), TrueType, length 33064, version 1.0
Size
33 kB (33064 bytes)
Hash
de175cbf569bb3ccf1f761c845cbd896
8d93663b858bae157ba5fc40e1400177104d71bd
df3772666587111462634070c47969ad9687bbf80d0694bb2e6c33be39434d68

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /font/SFNSDisplay-latin.50a4eaff3.woff2 HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1wwyv.top/
Origin: https://1wwyv.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 05:44:43 GMT
content-type: application/octet-stream
content-length: 33064
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: "663bfc40-8128"
expires: Mon, 08 May 2034 05:44:43 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: MISS
accept-ranges: bytes
set-cookie: __cf_bm=IhPcts_UsoW9s4PROM5LsOYYty5SgCDz75hHqaaojlw-1715319883-1.0.1.1-_XPtbAB9yYMx3PQ8ZtcoasOXSVVjNcy2r8e3uuSt_FLSEYLdh23hWfA3s667LWihff_CRw9wGNLZxrNlvK0qmg; path=/; expires=Fri, 10-May-24 06:14:43 GMT; domain=.1win-cdn.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 88179e76ec515699-OSL
X-Firefox-Spdy: h2

1win-cdn.com/font/SFNSText-latin.f09aa5229.woff2

154.197.121.128

44 kB

URL
1win-cdn.com/font/SFNSText-latin.f09aa5229.woff2
IP
154.197.121.128:0
ASN
#328608 Africa-on-Cloud-AS

File type
Web Open Font Format (Version 2), TrueType, length 43512, version 1.0
Size
44 kB (43512 bytes)
Hash
426f20bb65ea80d35f3f2a999d5d7d1e
85f211a450f26d7f0822d718fc61085a506fa455
06e02d3d2d01bb2c88786b0a2dd2d692f6659c0159ec4754f7db49c12e03b0d6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /font/SFNSText-latin.f09aa5229.woff2 HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1wwyv.top/
Origin: https://1wwyv.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 05:44:43 GMT
content-type: application/octet-stream
content-length: 43512
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: "663bfc40-a9f8"
expires: Mon, 08 May 2034 05:44:43 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: MISS
accept-ranges: bytes
set-cookie: __cf_bm=_JoOVz2sRKJU70gkDygbD3nT7Lwn84bsqpunNuh8p7I-1715319883-1.0.1.1-0bZkYHWaPTriG1APIDn5LjHE.Jp_EdfxLSn5XL1joU2144odowF5H8BAoT5yg7mA2RkQ1QvbagMM5Zhci0cpzA; path=/; expires=Fri, 10-May-24 06:14:43 GMT; domain=.1win-cdn.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 88179e76ec555699-OSL
X-Firefox-Spdy: h2

1wwyv.top/img/icons/favicon-16x16-darkmode.png

190.115.24.78

344 B

URL
1wwyv.top/img/icons/favicon-16x16-darkmode.png
IP
190.115.24.78:0
ASN
#59692 IQWeb FZ-LLC

File type
PNG image data, 16 x 16, 8-bit colormap, non-interlaced
Size
344 B (344 bytes)
Hash
55101f46ace081073c98f0d75229ae94
384e813b0f35437de99eb269c7d5c76479e20886
e380e9db272a2b59fabadab58a1d0a0ba51fbba121eec2920d4ab7b239b85a5f

HTTP Headers

GET /img/icons/favicon-16x16-darkmode.png HTTP/1.1
Host: 1wwyv.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwyv.top/
Cookie: __ddg1_=yXm4ovddBN4MVdPIeqnC; visit_domain=1wwyv.top; core-sticky=http://10.233.84.234:80
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: ddos-guard
date: Fri, 10 May 2024 05:44:43 GMT
content-type: image/png
content-length: 344
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: "663bfc40-158"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: ALLOW-FROM   ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan, ALLOW-FROM 1win-partner.com  ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan
accept-ranges: bytes
age: 0
ddg-cache-status: MISS
X-Firefox-Spdy: h2

1win-cdn.com/js/desktop.b9c515d35.js

154.197.121.128

37 kB

URL
1win-cdn.com/js/desktop.b9c515d35.js
IP
154.197.121.128:0
ASN
#328608 Africa-on-Cloud-AS

File type
gzip compressed data, from Unix
Size
37 kB (37235 bytes)
Hash
7dec7ccde7ec417ca7df4b6254d0727c
2d8660062885716973d858ec65586b9a13d90767
0392b202c88884722c9cfce2eaabfa8743800abe3891305623a5b631b75591c3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/desktop.b9c515d35.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwyv.top/
Cookie: __cf_bm=sfIgyTNK6XK13R9GaPku5c1lBrStF98mV.fjDIhZpnQ-1715319883-1.0.1.1-ZRrs3QADkAtezbRR3AAizfS_W0jLLB4V_L9pY4O9fMJ2ZIT4p5rzB20vB0M.awEy8o7O0UEqqb5nKzr1fp_HwQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 05:44:43 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-214d1"
expires: Mon, 08 May 2034 05:44:43 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 149216
vary: Accept-Encoding
server: cloudflare
cf-ray: 88179e78eea5b523-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win.direct/v4/socket.io/?Language=en&xorigin=1wwyv.top&EIO=4&transport=websocket

134.122.54.186

0 B

URL
1win.direct/v4/socket.io/?Language=en&xorigin=1wwyv.top&EIO=4&transport=websocket
IP
134.122.54.186:0
ASN
#14061 DIGITALOCEAN-ASN

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /v4/socket.io/?Language=en&xorigin=1wwyv.top&EIO=4&transport=websocket HTTP/1.1
Host: 1win.direct
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://1wwyv.top
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: lTCv/yM69iwDuVHqfY8cUw==
DNT: 1
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Sec-Websocket-Accept: cXci+et8hA7unXDu6z+CD3fOaLc=
Sec-Websocket-Extensions: permessage-deflate
Set-Cookie: core-sticky=af7f364825571c03; Path=/; HttpOnly
Upgrade: websocket

1win-cdn.com/img/present-with-light.bd57fb068-151.png

154.197.121.128

200 OK

5.6 kB

URL GET HTTP/2
1win-cdn.com/img/present-with-light.bd57fb068-151.png
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wwyv.top/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
PNG image data, 151 x 161, 8-bit colormap, non-interlaced
Size
5.6 kB (5600 bytes)
Hash
a804ad67f4add53f8c251c2ebc80469d
4108aeab2f7a7c3720885edeb445e6131a383a49
06cee660e5b0dfa3ec59c1a1e03e4ab3da6cb22d1e49c9c51f9cf84ed925e304

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/present-with-light.bd57fb068-151.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwyv.top/
Cookie: __cf_bm=sfIgyTNK6XK13R9GaPku5c1lBrStF98mV.fjDIhZpnQ-1715319883-1.0.1.1-ZRrs3QADkAtezbRR3AAizfS_W0jLLB4V_L9pY4O9fMJ2ZIT4p5rzB20vB0M.awEy8o7O0UEqqb5nKzr1fp_HwQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 05:44:44 GMT
content-type: image/png
content-length: 5600
cf-bgj: imgq:100,h2pri
cf-polished: origSize=6732
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "663bfc40-1a4c"
last-modified: Wed, 08 May 2024 22:27:12 GMT
cf-cache-status: HIT
age: 1971
expires: Fri, 10 May 2024 09:44:44 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 88179e7d5af4b523-OSL
X-Firefox-Spdy: h2

1win-cdn.com/css/desktop.916d40f3f.css

154.197.121.128

133 kB

URL
1win-cdn.com/css/desktop.916d40f3f.css
IP
154.197.121.128:0
ASN
#328608 Africa-on-Cloud-AS

File type
gzip compressed data, from Unix
Size
133 kB (132963 bytes)
Hash
f05125b78abfb6c55e565631c1083f73
657b6673eebba5b220eace8e1c695a06300b9e99
e186c3c4ac0a3d59ba6f35cc359f39b097a8a74f1210f8a8b487b454e59a2c9a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/desktop.916d40f3f.css HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwyv.top/
Cookie: __cf_bm=sfIgyTNK6XK13R9GaPku5c1lBrStF98mV.fjDIhZpnQ-1715319883-1.0.1.1-ZRrs3QADkAtezbRR3AAizfS_W0jLLB4V_L9pY4O9fMJ2ZIT4p5rzB20vB0M.awEy8o7O0UEqqb5nKzr1fp_HwQ
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 05:44:43 GMT
content-type: text/css
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-121d6"
expires: Mon, 08 May 2034 05:44:43 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 149216
vary: Accept-Encoding
server: cloudflare
cf-ray: 88179e786e23b523-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1wwyv.top/firebase/8.1.1/firebase-messaging.js

190.115.24.78

200 OK

11 kB

URL GET HTTP/2
1wwyv.top/firebase/8.1.1/firebase-messaging.js
IP
190.115.24.78:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://1wwyv.top/
Certificate
IssuerLet's Encrypt
Subject1wwyv.top
Fingerprint69:C8:83:01:8B:FC:39:A6:47:D3:B6:C7:19:13:BE:A9:45:0F:A7:27
ValiditySun, 24 Mar 2024 12:44:52 GMT - Sat, 22 Jun 2024 12:44:51 GMT

File type
JavaScript source, ASCII text, with very long lines (40719)
Size
11 kB (11386 bytes)
Hash
450e8b32262706d42cfdd438c49208f5
31c7e4aac1d1303c1e83a0b591abc3501e278668
58a372bb9d424111a2e73c427edb10db91c0f05e8f323f046d20f5cf8fd6f30f

HTTP Headers

GET /firebase/8.1.1/firebase-messaging.js HTTP/1.1
Host: 1wwyv.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwyv.top/
Cookie: __ddg1_=yXm4ovddBN4MVdPIeqnC; visit_domain=1wwyv.top; core-sticky=http://10.233.84.234:80; 1w_lang=en; 1w_locale=1; AMP_494cccfe21=JTdCJTIyZGV2aWNlSWQlMjIlM0ElMjI5YmM3ZTU3Mi1mMzk2LTQ1ZmMtYWFlOC02Y2QyMDI4NzQzZjElMjIlMkMlMjJzZXNzaW9uSWQlMjIlM0ExNzE1MzE5ODgzOTEzJTJDJTIyb3B0T3V0JTIyJTNBZmFsc2UlMkMlMjJsYXN0RXZlbnRUaW1lJTIyJTNBMTcxNTMxOTg4Mzk1MyUyQyUyMmxhc3RFdmVudElkJTIyJTNBMCU3RA==; AMP_MKTG_494cccfe21=JTdCJTdE
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: ddos-guard
date: Fri, 10 May 2024 05:44:44 GMT
content-type: application/javascript
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: W/"663bfc40-9f25"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: ALLOW-FROM   ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan, ALLOW-FROM 1win-partner.com  ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan
content-encoding: br
vary: Accept-Encoding
age: 0
ddg-cache-status: MISS
X-Firefox-Spdy: h2

1win-cdn.com/img/home-poker-banner-bg.daea5f5cb-600.png

154.197.121.128

200 OK

20 kB

URL GET HTTP/2
1win-cdn.com/img/home-poker-banner-bg.daea5f5cb-600.png
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wwyv.top/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
PNG image data, 600 x 295, 8-bit colormap, non-interlaced
Size
20 kB (19467 bytes)
Hash
b924bd42443557a1ef9d41f043ddf175
a9db601e2941557cba7e3e688390aa43e8411e2e
8103c7873a41f0c2d28c5738b5bfb26bf324123930e0f49f7cf83964211b1def

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/home-poker-banner-bg.daea5f5cb-600.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwyv.top/
Cookie: __cf_bm=sfIgyTNK6XK13R9GaPku5c1lBrStF98mV.fjDIhZpnQ-1715319883-1.0.1.1-ZRrs3QADkAtezbRR3AAizfS_W0jLLB4V_L9pY4O9fMJ2ZIT4p5rzB20vB0M.awEy8o7O0UEqqb5nKzr1fp_HwQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 05:44:44 GMT
content-type: image/png
content-length: 19467
cf-bgj: imgq:100,h2pri
cf-polished: origSize=21524
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "663bfc40-5414"
last-modified: Wed, 08 May 2024 22:27:12 GMT
cf-cache-status: HIT
age: 5964
expires: Fri, 10 May 2024 09:44:44 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 88179e7e8c25b523-OSL
X-Firefox-Spdy: h2

1win-cdn.com/img/aviator-game-logo.2fb50dc03.svg

154.197.121.128

51 kB

URL
1win-cdn.com/img/aviator-game-logo.2fb50dc03.svg
IP
154.197.121.128:0
ASN
#328608 Africa-on-Cloud-AS

File type
gzip compressed data, from Unix
Size
51 kB (51390 bytes)
Hash
3ebb01dfc0c798d850a82e177d032fb2
a36bac4281826561e912740eb779fd6c81a7b332
5a343df9a87e1a41ae77edd37f81dbcf1867a72fbaab49093c9fc5b222d72151

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/aviator-game-logo.2fb50dc03.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwyv.top/
Cookie: __cf_bm=sfIgyTNK6XK13R9GaPku5c1lBrStF98mV.fjDIhZpnQ-1715319883-1.0.1.1-ZRrs3QADkAtezbRR3AAizfS_W0jLLB4V_L9pY4O9fMJ2ZIT4p5rzB20vB0M.awEy8o7O0UEqqb5nKzr1fp_HwQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 05:44:44 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: W/"663bfc40-bfa"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1152
expires: Fri, 10 May 2024 09:44:44 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 88179e7e2bc7b523-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/css/47729.aeb93cc08.css

154.197.121.128

62 kB

URL
1win-cdn.com/css/47729.aeb93cc08.css
IP
154.197.121.128:0
ASN
#328608 Africa-on-Cloud-AS

File type
gzip compressed data, from Unix
Size
62 kB (61754 bytes)
Hash
fdc92e6fcb5fc2699af3f6a2711e667a
1303bd2e7b9b0603fdd5cc51cb38f3e79a783ce7
4dc3cb2b8bba931642dc5759c773c25511c5396462d5f642b395d3e3dd787420

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/47729.aeb93cc08.css HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwyv.top/
Cookie: __cf_bm=sfIgyTNK6XK13R9GaPku5c1lBrStF98mV.fjDIhZpnQ-1715319883-1.0.1.1-ZRrs3QADkAtezbRR3AAizfS_W0jLLB4V_L9pY4O9fMJ2ZIT4p5rzB20vB0M.awEy8o7O0UEqqb5nKzr1fp_HwQ
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 05:44:44 GMT
content-type: text/css
last-modified: Fri, 26 Apr 2024 11:07:10 GMT
etag: W/"662b8ade-2199"
expires: Mon, 08 May 2034 05:44:44 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 810970
vary: Accept-Encoding
server: cloudflare
cf-ray: 88179e7caa16b523-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/js/62825.cf3a1caf6.js

154.197.121.128

5.7 kB

URL
1win-cdn.com/js/62825.cf3a1caf6.js
IP
154.197.121.128:0
ASN
#328608 Africa-on-Cloud-AS

File type
gzip compressed data, from Unix
Size
5.7 kB (5738 bytes)
Hash
1be0cc3037025011b79f8a8e29574891
50a4a4003cbe5ab0ddea34cdf9ec159d0bec4160
ba77efe1594148600743110dd39cd9316d15eceea0f6caa766033ac4092ae0d1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/62825.cf3a1caf6.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwyv.top/
Cookie: __cf_bm=sfIgyTNK6XK13R9GaPku5c1lBrStF98mV.fjDIhZpnQ-1715319883-1.0.1.1-ZRrs3QADkAtezbRR3AAizfS_W0jLLB4V_L9pY4O9fMJ2ZIT4p5rzB20vB0M.awEy8o7O0UEqqb5nKzr1fp_HwQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 05:44:44 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-2e0"
expires: Mon, 08 May 2034 05:44:44 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 811872
vary: Accept-Encoding
server: cloudflare
cf-ray: 88179e7f3cdbb523-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/sprite-tvbet@2.888adc8ee-256.webp

154.197.121.128

354 kB

URL
1win-cdn.com/img/sprite-tvbet@2.888adc8ee-256.webp
IP
154.197.121.128:0
ASN
#328608 Africa-on-Cloud-AS

File type
RIFF (little-endian) data, Web/P image
Size
354 kB (353842 bytes)
Hash
8df817e5ef0af5dc8279d3f20cae9bc3
12c85bcc74a48053c92f3f75ce3c14e1a19e46d3
61a0f98511e6c60430ab044d1f80e1c9eff83f577064d465cc5f893ba3ce0fee

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/sprite-tvbet@2.888adc8ee-256.webp HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwyv.top/
Cookie: __cf_bm=sfIgyTNK6XK13R9GaPku5c1lBrStF98mV.fjDIhZpnQ-1715319883-1.0.1.1-ZRrs3QADkAtezbRR3AAizfS_W0jLLB4V_L9pY4O9fMJ2ZIT4p5rzB20vB0M.awEy8o7O0UEqqb5nKzr1fp_HwQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 05:44:44 GMT
content-type: image/webp
content-length: 353842
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: "663bfc40-56632"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5964
expires: Fri, 10 May 2024 09:44:44 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 88179e7ffd8bb523-OSL
X-Firefox-Spdy: h2

1win-cdn.com/js/62692.9dadb7398.js

154.197.121.128

200 OK

30 kB

URL GET HTTP/2
1win-cdn.com/js/62692.9dadb7398.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wwyv.top/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
gzip compressed data, from Unix
Size
30 kB (30468 bytes)
Hash
645d451ca185e741f0ec67a427ad6523
e8a3ae16b1f22c66310cb70a9ddab869b704adee
d65315b10f0893daf0108c1f730b40be341110f7f755fc48edef408da1739f3f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/62692.9dadb7398.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwyv.top/
Cookie: __cf_bm=sfIgyTNK6XK13R9GaPku5c1lBrStF98mV.fjDIhZpnQ-1715319883-1.0.1.1-ZRrs3QADkAtezbRR3AAizfS_W0jLLB4V_L9pY4O9fMJ2ZIT4p5rzB20vB0M.awEy8o7O0UEqqb5nKzr1fp_HwQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 05:44:44 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-34f"
expires: Mon, 08 May 2034 05:44:44 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 824718
vary: Accept-Encoding
server: cloudflare
cf-ray: 88179e7d2abdb523-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/sprite-roulette-frame@2.76ea5a241-256.png

154.197.121.128

27 kB

URL
1win-cdn.com/img/sprite-roulette-frame@2.76ea5a241-256.png
IP
154.197.121.128:0
ASN
#328608 Africa-on-Cloud-AS

File type
PNG image data, 256 x 256, 8-bit colormap, non-interlaced
Size
27 kB (27297 bytes)
Hash
9a35699413d56978ea4af6896f0aa16c
c22d50770f376a17d5539919541496a1e1e5a626
396126da9646bf2bf8d5a2a9f1e449391db7861540ad243e0ca8c3e0c40fd012

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/sprite-roulette-frame@2.76ea5a241-256.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwyv.top/
Cookie: __cf_bm=sfIgyTNK6XK13R9GaPku5c1lBrStF98mV.fjDIhZpnQ-1715319883-1.0.1.1-ZRrs3QADkAtezbRR3AAizfS_W0jLLB4V_L9pY4O9fMJ2ZIT4p5rzB20vB0M.awEy8o7O0UEqqb5nKzr1fp_HwQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 05:44:44 GMT
content-type: image/png
content-length: 27297
cf-bgj: imgq:100,h2pri
cf-polished: origSize=29770
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "663bfc40-744a"
last-modified: Wed, 08 May 2024 22:27:12 GMT
cf-cache-status: HIT
age: 5964
expires: Fri, 10 May 2024 09:44:44 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 88179e800d91b523-OSL
X-Firefox-Spdy: h2

1win-cdn.com/js/41543.9ecf6875c.js

154.197.121.128

720 kB

URL
1win-cdn.com/js/41543.9ecf6875c.js
IP
154.197.121.128:0
ASN
#328608 Africa-on-Cloud-AS

File type
gzip compressed data, from Unix
Size
720 kB (720093 bytes)
Hash
dbd81ebcc6765d657a7169127c1dfe35
489e014fae12d8f93e584496bd4fc3999b91c2a8
398eab7348e8236a611d8edfd97ba4bbc31a6e115abf9a4c0e1281b2d9faea29

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/41543.9ecf6875c.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwyv.top/
Cookie: __cf_bm=sfIgyTNK6XK13R9GaPku5c1lBrStF98mV.fjDIhZpnQ-1715319883-1.0.1.1-ZRrs3QADkAtezbRR3AAizfS_W0jLLB4V_L9pY4O9fMJ2ZIT4p5rzB20vB0M.awEy8o7O0UEqqb5nKzr1fp_HwQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 05:44:44 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-2b7"
expires: Mon, 08 May 2034 05:44:44 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 817221
vary: Accept-Encoding
server: cloudflare
cf-ray: 88179e7efca5b523-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/sprite-dice-frame@2.8e0d70675-256.png

154.197.121.128

200 OK

16 kB

URL GET HTTP/2
1win-cdn.com/img/sprite-dice-frame@2.8e0d70675-256.png
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wwyv.top/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
PNG image data, 256 x 256, 8-bit colormap, non-interlaced
Size
16 kB (15901 bytes)
Hash
2018c59c5dccfaec96873d1ce9a60276
46ad94df758fdb9f0a257d99fcf52314cf5df926
b57379b1cd70db0d460ce31140e81eb78d3347ad6f7dd2cf9fe1c624d5e65439

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/sprite-dice-frame@2.8e0d70675-256.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwyv.top/
Cookie: __cf_bm=sfIgyTNK6XK13R9GaPku5c1lBrStF98mV.fjDIhZpnQ-1715319883-1.0.1.1-ZRrs3QADkAtezbRR3AAizfS_W0jLLB4V_L9pY4O9fMJ2ZIT4p5rzB20vB0M.awEy8o7O0UEqqb5nKzr1fp_HwQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 05:44:44 GMT
content-type: image/png
content-length: 15901
cf-bgj: imgq:100,h2pri
cf-polished: origSize=17269
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "663bfc40-4375"
last-modified: Wed, 08 May 2024 22:27:12 GMT
cf-cache-status: HIT
age: 5964
expires: Fri, 10 May 2024 09:44:44 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 88179e803db3b523-OSL
X-Firefox-Spdy: h2

1win-cdn.com/js/91635.a2db5f817.js

154.197.121.128

20 kB

URL
1win-cdn.com/js/91635.a2db5f817.js
IP
154.197.121.128:0
ASN
#328608 Africa-on-Cloud-AS

File type
gzip compressed data, from Unix
Size
20 kB (20532 bytes)
Hash
f2006d14c4e9e2bc9cda8524591d0407
3716943850b1ee7c3cc412dd4634096396ae4528
351a29a2d9c4b7f0b8b44058fc6b2c1bb0df737128da7d0f9730f6e50eb9deda

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/91635.a2db5f817.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwyv.top/
Cookie: __cf_bm=sfIgyTNK6XK13R9GaPku5c1lBrStF98mV.fjDIhZpnQ-1715319883-1.0.1.1-ZRrs3QADkAtezbRR3AAizfS_W0jLLB4V_L9pY4O9fMJ2ZIT4p5rzB20vB0M.awEy8o7O0UEqqb5nKzr1fp_HwQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 05:44:44 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-2ec"
expires: Mon, 08 May 2034 05:44:44 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 816225
vary: Accept-Encoding
server: cloudflare
cf-ray: 88179e7d3ad6b523-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/js/1279.7681fe15f.js

154.197.121.128

430 kB

URL
1win-cdn.com/js/1279.7681fe15f.js
IP
154.197.121.128:0
ASN
#328608 Africa-on-Cloud-AS

File type
gzip compressed data, from Unix
Size
430 kB (430273 bytes)
Hash
ae03646f6586e0e4b3c474784803bdd0
abc8c03ce1bbae73847719d99db5cc9915292e21
fdc0d908ee85e8e4eebcc91970f606f2635d990edfd598aec1bec2018d911dbf

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/1279.7681fe15f.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwyv.top/
Cookie: __cf_bm=sfIgyTNK6XK13R9GaPku5c1lBrStF98mV.fjDIhZpnQ-1715319883-1.0.1.1-ZRrs3QADkAtezbRR3AAizfS_W0jLLB4V_L9pY4O9fMJ2ZIT4p5rzB20vB0M.awEy8o7O0UEqqb5nKzr1fp_HwQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 05:44:44 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-38f"
expires: Mon, 08 May 2034 05:44:44 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 824718
vary: Accept-Encoding
server: cloudflare
cf-ray: 88179e7f8d16b523-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/js/86359.48c462178.js

154.197.121.128

40 kB

URL
1win-cdn.com/js/86359.48c462178.js
IP
154.197.121.128:0
ASN
#328608 Africa-on-Cloud-AS

File type
gzip compressed data, from Unix
Size
40 kB (39812 bytes)
Hash
b1887aebc6df6cf6cfdc3beae37bd20b
6556527db3c6d6450eb02b1a7bc83cb2841634ef
c30e40522f629d1e4cef76cc26ed28793d287a1c33226b0a1cbcdfee620b1329

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/86359.48c462178.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwyv.top/
Cookie: __cf_bm=sfIgyTNK6XK13R9GaPku5c1lBrStF98mV.fjDIhZpnQ-1715319883-1.0.1.1-ZRrs3QADkAtezbRR3AAizfS_W0jLLB4V_L9pY4O9fMJ2ZIT4p5rzB20vB0M.awEy8o7O0UEqqb5nKzr1fp_HwQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 05:44:44 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-27a"
expires: Mon, 08 May 2034 05:44:44 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 811106
vary: Accept-Encoding
server: cloudflare
cf-ray: 88179e7d6afeb523-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/js/91217.fc8dbcaea.js

154.197.121.128

362 kB

URL
1win-cdn.com/js/91217.fc8dbcaea.js
IP
154.197.121.128:0
ASN
#328608 Africa-on-Cloud-AS

File type
gzip compressed data, from Unix
Size
362 kB (361464 bytes)
Hash
0085f49dcf25f5b24b847f3210453c26
0643ff1fbe499692a5b5dce08a5f12d21dd7dee3
22cf8c096bd460a7c70eeb32bbcdbfe66e5471404f4af64f3f32c4d2767ab526

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/91217.fc8dbcaea.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwyv.top/
Cookie: __cf_bm=sfIgyTNK6XK13R9GaPku5c1lBrStF98mV.fjDIhZpnQ-1715319883-1.0.1.1-ZRrs3QADkAtezbRR3AAizfS_W0jLLB4V_L9pY4O9fMJ2ZIT4p5rzB20vB0M.awEy8o7O0UEqqb5nKzr1fp_HwQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 05:44:44 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-33c"
expires: Mon, 08 May 2034 05:44:44 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 811106
vary: Accept-Encoding
server: cloudflare
cf-ray: 88179e7d2aa1b523-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/home-poker-banner-bg.a77f0d650-600.webp

154.197.121.128

200 OK

12 kB

URL GET HTTP/2
1win-cdn.com/img/home-poker-banner-bg.a77f0d650-600.webp
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wwyv.top/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
RIFF (little-endian) data, Web/P image
Size
12 kB (12264 bytes)
Hash
45df6c11399190f031e9db37f9f4e785
a8a641e38f707a584b72a5ad5c010e7bbcd7920c
121521ac13372efb3f1ab4c324432d8660fbea196e96df7916ce7457699705a3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/home-poker-banner-bg.a77f0d650-600.webp HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwyv.top/
Cookie: __cf_bm=sfIgyTNK6XK13R9GaPku5c1lBrStF98mV.fjDIhZpnQ-1715319883-1.0.1.1-ZRrs3QADkAtezbRR3AAizfS_W0jLLB4V_L9pY4O9fMJ2ZIT4p5rzB20vB0M.awEy8o7O0UEqqb5nKzr1fp_HwQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 05:44:44 GMT
content-type: image/webp
content-length: 12264
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: "663bfc40-2fe8"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5964
expires: Fri, 10 May 2024 09:44:44 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 88179e80de81b523-OSL
X-Firefox-Spdy: h2

1win-cdn.com/img/pwa_ios_en.f08ddb1e6-690.png

154.197.121.128

200 OK

35 kB

URL GET HTTP/2
1win-cdn.com/img/pwa_ios_en.f08ddb1e6-690.png
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wwyv.top/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
PNG image data, 690 x 450, 8-bit colormap, non-interlaced
Size
35 kB (34925 bytes)
Hash
232d05b165c6b0fc9695db490aa71f47
f04ccc74ebd190747114ceeb882d51db8e9268c6
9f1c5e7317322a12fab89e9a96b3c4dcb22381d5751128217b168e3477e5e207

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/pwa_ios_en.f08ddb1e6-690.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwyv.top/
Cookie: __cf_bm=sfIgyTNK6XK13R9GaPku5c1lBrStF98mV.fjDIhZpnQ-1715319883-1.0.1.1-ZRrs3QADkAtezbRR3AAizfS_W0jLLB4V_L9pY4O9fMJ2ZIT4p5rzB20vB0M.awEy8o7O0UEqqb5nKzr1fp_HwQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 05:44:44 GMT
content-type: image/png
content-length: 34925
cf-bgj: imgq:100,h2pri
cf-polished: origSize=39066
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "663bfc40-989a"
last-modified: Wed, 08 May 2024 22:27:12 GMT
cf-cache-status: HIT
age: 5964
expires: Fri, 10 May 2024 09:44:44 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 88179e80de88b523-OSL
X-Firefox-Spdy: h2

1win-cdn.com/img/pwa_android_en.b229a444a-690.png

154.197.121.128

33 kB

URL
1win-cdn.com/img/pwa_android_en.b229a444a-690.png
IP
154.197.121.128:0
ASN
#328608 Africa-on-Cloud-AS

File type
PNG image data, 690 x 450, 8-bit colormap, non-interlaced
Size
33 kB (33278 bytes)
Hash
43e03a24e305838eac0629c5cbf85550
85c71568d1008a17b928ac548987911daf187020
368a53c990be07280c5f3d3a726f0365f24befd9da404e98c139d88d8b5bf10b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/pwa_android_en.b229a444a-690.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwyv.top/
Cookie: __cf_bm=sfIgyTNK6XK13R9GaPku5c1lBrStF98mV.fjDIhZpnQ-1715319883-1.0.1.1-ZRrs3QADkAtezbRR3AAizfS_W0jLLB4V_L9pY4O9fMJ2ZIT4p5rzB20vB0M.awEy8o7O0UEqqb5nKzr1fp_HwQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 05:44:44 GMT
content-type: image/png
content-length: 33278
cf-bgj: imgq:100,h2pri
cf-polished: origSize=37637
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "663bfc40-9305"
last-modified: Wed, 08 May 2024 22:27:12 GMT
cf-cache-status: HIT
expires: Fri, 10 May 2024 09:44:44 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 88179e80de82b523-OSL
X-Firefox-Spdy: h2

imgproxy.1win-cdn.com/unsafe/banner_desktop_main_1x/plain/https://1win-cdn.com/img/cashback.f5a548e68-399.png@avif

188.114.96.1

6.5 kB

URL
imgproxy.1win-cdn.com/unsafe/banner_desktop_main_1x/plain/https://1win-cdn.com/img/cashback.f5a548e68-399.png@avif
IP
188.114.96.1:0
ASN
#13335 CLOUDFLARENET

File type
ISO Media, AVIF Image
Size
6.5 kB (6537 bytes)
Hash
6eb918cc26ed4d4b3f96d5b031ebdd69
aca2ee56704a569aa16df44cd5420c8bfb31c6f1
3fba98236326ef72ca6967cc5e0f6ccd4f0f8cce5d06df23e1cbd78713ada4e9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /unsafe/banner_desktop_main_1x/plain/https://1win-cdn.com/img/cashback.f5a548e68-399.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwyv.top/
Cookie: __cf_bm=sfIgyTNK6XK13R9GaPku5c1lBrStF98mV.fjDIhZpnQ-1715319883-1.0.1.1-ZRrs3QADkAtezbRR3AAizfS_W0jLLB4V_L9pY4O9fMJ2ZIT4p5rzB20vB0M.awEy8o7O0UEqqb5nKzr1fp_HwQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 05:44:45 GMT
content-type: image/avif
content-length: 6537
cache-control: public, max-age=31536000
content-disposition: inline; filename="cashback.f5a548e68-399.avif"
content-security-policy: script-src 'none'
etag: "afr-jhlkuoDx_XrwjiuFbkzj6HdVsjvDmAeQvV8BbYs/RIjY2M2EyOWUyLWNjOTki"
x-request-id: Rvzg_t1LM6_b7wss0rpv6
cf-cache-status: HIT
age: 220864
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FelXwzp3WZp0NsTuQ6WS9QEVeXh8v3F1WLEdn6APOyF0IYPG2O6k7mKKLuJZb3jHUvyjrBr1f3efyP%2FNuoeK3W4zRCDCaDvmyCyUKtlCCwHH6I%2FQXM%2B1N2w9e9hjUWXbmo6jwEgi%2FN8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88179e82aa0c0afe-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

imgproxy.1win-cdn.com/unsafe/banner_desktop_main_1x/plain/https://1win-cdn.com/img/bonus.8be9e8f98-362.png@avif

188.114.96.1

5.3 kB

URL
imgproxy.1win-cdn.com/unsafe/banner_desktop_main_1x/plain/https://1win-cdn.com/img/bonus.8be9e8f98-362.png@avif
IP
188.114.96.1:0
ASN
#13335 CLOUDFLARENET

File type
ISO Media, AVIF Image
Size
5.3 kB (5298 bytes)
Hash
2644fa31ed595bed0cb922c0c7539272
de9318bf140b0f2ea79f367170734ff434917747
8b139975393524fcf487dbb870a640733d99cfb4352c679c7449baf2ca2babcd

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /unsafe/banner_desktop_main_1x/plain/https://1win-cdn.com/img/bonus.8be9e8f98-362.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwyv.top/
Cookie: __cf_bm=sfIgyTNK6XK13R9GaPku5c1lBrStF98mV.fjDIhZpnQ-1715319883-1.0.1.1-ZRrs3QADkAtezbRR3AAizfS_W0jLLB4V_L9pY4O9fMJ2ZIT4p5rzB20vB0M.awEy8o7O0UEqqb5nKzr1fp_HwQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 05:44:45 GMT
content-type: image/avif
content-length: 5298
cache-control: public, max-age=31536000
content-disposition: inline; filename="bonus.8be9e8f98-362.avif"
content-security-policy: script-src 'none'
etag: "afr-jhlkuoDx_XrwjiuFbkzj6HdVsjvDmAeQvV8BbYs/RIjY2M2E3M2ZkLWMyMGQi"
x-request-id: v5wdVxYsdwRtTcnLkfg-j
cf-cache-status: HIT
age: 206300
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QWfGRnLQvfOOu3YJC2dWv8ZRncTaLHNbEsAtMCm3NpZKqVUqASb0OaChb%2FG2DXIcRlQOzp9jIqrU84NGt3JFk5bG1z5HmLk5Kl37sBrtm5inHllbL%2Fk76Bxs116F3gCOOOfICjHvAng%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88179e82aa0f0afe-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

1win-cdn.com/img/betraja.5cf6f15c0-75.png

154.197.121.128

200 OK

1.1 kB

URL GET HTTP/2
1win-cdn.com/img/betraja.5cf6f15c0-75.png
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wwyv.top/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
PNG image data, 75 x 75, 8-bit colormap, non-interlaced
Size
1.1 kB (1054 bytes)
Hash
2840e342f235c6d7d76db654ff6a0edd
8f81dc2954a1e234394d7b284e02742730f25f37
2ad89292fa4c717acf6c24a9fa1f4c795f1e63f7e03bd4800c73f989c595a950

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/betraja.5cf6f15c0-75.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwyv.top/
Cookie: __cf_bm=sfIgyTNK6XK13R9GaPku5c1lBrStF98mV.fjDIhZpnQ-1715319883-1.0.1.1-ZRrs3QADkAtezbRR3AAizfS_W0jLLB4V_L9pY4O9fMJ2ZIT4p5rzB20vB0M.awEy8o7O0UEqqb5nKzr1fp_HwQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 05:44:45 GMT
content-type: image/png
content-length: 1054
cf-bgj: imgq:100,h2pri
cf-polished: origSize=1174
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "663bfc40-496"
last-modified: Wed, 08 May 2024 22:27:12 GMT
cf-cache-status: HIT
age: 2383
expires: Fri, 10 May 2024 09:44:45 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 88179e830889b523-OSL
X-Firefox-Spdy: h2

1win-cdn.com/js/37061.57ea53f4c.js

154.197.121.128

12 kB

URL
1win-cdn.com/js/37061.57ea53f4c.js
IP
154.197.121.128:0
ASN
#328608 Africa-on-Cloud-AS

File type
gzip compressed data, from Unix
Size
12 kB (11778 bytes)
Hash
b1eb703b68d0ed2c6509870856bb8894
aa6da8b7d611c6c77dce460816527832bb30a93a
60db69c56e2d4ff8542c7a180056d3014896bd4a698cb85434777e82b435519b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/37061.57ea53f4c.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwyv.top/
Cookie: __cf_bm=sfIgyTNK6XK13R9GaPku5c1lBrStF98mV.fjDIhZpnQ-1715319883-1.0.1.1-ZRrs3QADkAtezbRR3AAizfS_W0jLLB4V_L9pY4O9fMJ2ZIT4p5rzB20vB0M.awEy8o7O0UEqqb5nKzr1fp_HwQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 05:44:44 GMT
content-type: application/javascript; charset=utf-8
last-modified: Fri, 26 Apr 2024 16:49:25 GMT
etag: W/"662bdb15-6074"
expires: Mon, 08 May 2034 05:44:44 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 811872
vary: Accept-Encoding
server: cloudflare
cf-ray: 88179e7c49b2b523-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1wwyv.top/firebase/8.1.1/firebase-app.js

190.115.24.78

200 OK

7.6 kB

URL GET HTTP/2
1wwyv.top/firebase/8.1.1/firebase-app.js
IP
190.115.24.78:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://1wwyv.top/
Certificate
IssuerLet's Encrypt
Subject1wwyv.top
Fingerprint69:C8:83:01:8B:FC:39:A6:47:D3:B6:C7:19:13:BE:A9:45:0F:A7:27
ValiditySun, 24 Mar 2024 12:44:52 GMT - Sat, 22 Jun 2024 12:44:51 GMT

File type
JavaScript source, ASCII text, with very long lines (19927)
Size
7.6 kB (7550 bytes)
Hash
5b9dcee25dd464bbf914b48e05e770c7
3f4e99ad6ce1fb6eb6be51dbd50ffab375eb0533
01a87f9f8138f66274cfedb855c0bfbe1529600a65ed26b0c863533e1e94abce

HTTP Headers

GET /firebase/8.1.1/firebase-app.js HTTP/1.1
Host: 1wwyv.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwyv.top/
Cookie: __ddg1_=yXm4ovddBN4MVdPIeqnC; visit_domain=1wwyv.top; core-sticky=http://10.233.84.234:80; 1w_lang=en; 1w_locale=1; AMP_494cccfe21=JTdCJTIyZGV2aWNlSWQlMjIlM0ElMjI5YmM3ZTU3Mi1mMzk2LTQ1ZmMtYWFlOC02Y2QyMDI4NzQzZjElMjIlMkMlMjJzZXNzaW9uSWQlMjIlM0ExNzE1MzE5ODgzOTEzJTJDJTIyb3B0T3V0JTIyJTNBZmFsc2UlMkMlMjJsYXN0RXZlbnRUaW1lJTIyJTNBMTcxNTMxOTg4Mzk1MyUyQyUyMmxhc3RFdmVudElkJTIyJTNBMCU3RA==; AMP_MKTG_494cccfe21=JTdCJTdE
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: ddos-guard
date: Fri, 10 May 2024 05:44:44 GMT
content-type: application/javascript
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: W/"663bfc40-4ded"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: ALLOW-FROM   ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan, ALLOW-FROM 1win-partner.com  ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan
content-encoding: br
vary: Accept-Encoding
age: 0
ddg-cache-status: MISS
X-Firefox-Spdy: h2

1win-cdn.com/img/cricket-betting-guru.cfe7d4265-500.png

154.197.121.128

8.1 kB

URL
1win-cdn.com/img/cricket-betting-guru.cfe7d4265-500.png
IP
154.197.121.128:0
ASN
#328608 Africa-on-Cloud-AS

File type
PNG image data, 500 x 500, 8-bit colormap, non-interlaced
Size
8.1 kB (8067 bytes)
Hash
953b3b7e0c94ed3c3af678f19b076c5a
993c897eadbd5f11f4fa712cda067ea633c8e68f
d996933d2daf078f08f1460583730af70894c8e2317c273661c10aa3affc5acd

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/cricket-betting-guru.cfe7d4265-500.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwyv.top/
Cookie: __cf_bm=sfIgyTNK6XK13R9GaPku5c1lBrStF98mV.fjDIhZpnQ-1715319883-1.0.1.1-ZRrs3QADkAtezbRR3AAizfS_W0jLLB4V_L9pY4O9fMJ2ZIT4p5rzB20vB0M.awEy8o7O0UEqqb5nKzr1fp_HwQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 05:44:45 GMT
content-type: image/png
content-length: 8067
cf-bgj: imgq:100,h2pri
cf-polished: origSize=9249
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "663bfc40-2421"
last-modified: Wed, 08 May 2024 22:27:12 GMT
cf-cache-status: HIT
age: 2383
expires: Fri, 10 May 2024 09:44:45 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 88179e83088fb523-OSL
X-Firefox-Spdy: h2

1win-cdn.com/img/carRaffleDesktopHeaderTicket.1a4740acc.svg

154.197.121.128

1.0 kB

URL
1win-cdn.com/img/carRaffleDesktopHeaderTicket.1a4740acc.svg
IP
154.197.121.128:0
ASN
#328608 Africa-on-Cloud-AS

File type
gzip compressed data, from Unix
Size
1.0 kB (1021 bytes)
Hash
e683313ec1c0d2afa591b82360a1bb3b
09e654509ef88a835d597e182dde50fad26de92b
a716e6bdb33cd8aa83d334ccf953e5900feaa8b64ee07916e332a7969e68cbe4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/carRaffleDesktopHeaderTicket.1a4740acc.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwyv.top/
Cookie: __cf_bm=sfIgyTNK6XK13R9GaPku5c1lBrStF98mV.fjDIhZpnQ-1715319883-1.0.1.1-ZRrs3QADkAtezbRR3AAizfS_W0jLLB4V_L9pY4O9fMJ2ZIT4p5rzB20vB0M.awEy8o7O0UEqqb5nKzr1fp_HwQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 05:44:45 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: W/"663bfc40-3ff"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Fri, 10 May 2024 09:44:45 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 88179e830892b523-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/500_i18_img.77110d4f9-1320.webp

154.197.121.128

25 kB

URL
1win-cdn.com/img/500_i18_img.77110d4f9-1320.webp
IP
154.197.121.128:0
ASN
#328608 Africa-on-Cloud-AS

File type
RIFF (little-endian) data, Web/P image
Size
25 kB (25292 bytes)
Hash
1f85b44a5305e8928fcae8922301d92a
7ecc0724a7560af7c4debc83014bab875eba685b
660ffadc474a5738fb2d93662e90e32d80dad0baa670e737854347ef8e4b904d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/500_i18_img.77110d4f9-1320.webp HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwyv.top/
Cookie: __cf_bm=sfIgyTNK6XK13R9GaPku5c1lBrStF98mV.fjDIhZpnQ-1715319883-1.0.1.1-ZRrs3QADkAtezbRR3AAizfS_W0jLLB4V_L9pY4O9fMJ2ZIT4p5rzB20vB0M.awEy8o7O0UEqqb5nKzr1fp_HwQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 05:44:45 GMT
content-type: image/webp
content-length: 25292
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: "663bfc40-62cc"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5964
expires: Fri, 10 May 2024 09:44:45 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 88179e84296db523-OSL
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=G-548949LWLW&l=dataLayer&cx=c

142.250.74.168

200 OK

92 kB

URL GET HTTP/3
www.googletagmanager.com/gtag/js?id=G-548949LWLW&l=dataLayer&cx=c
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://1wwyv.top/
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE
ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT

File type
JavaScript source, ASCII text, with very long lines (5955)
Size
92 kB (92207 bytes)
Hash
948ff24e5a85379d9d34e29e415f98b2
f29b5f738a3783fb67985584089343f1e77a1643
d0814cbd523b2ee1a109a1228e83801bb13a70d2d584b1b508117aecf64f6a49

HTTP Headers

GET /gtag/js?id=G-548949LWLW&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwyv.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 10 May 2024 05:44:45 GMT
expires: Fri, 10 May 2024 05:44:45 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 92207
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.googletagmanager.com/gtag/destination?id=DC-12688802&l=dataLayer&cx=c

142.250.74.168

74 kB

URL
www.googletagmanager.com/gtag/destination?id=DC-12688802&l=dataLayer&cx=c
IP
142.250.74.168:0
ASN
#15169 GOOGLE

Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE
ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT

File type
JavaScript source, ASCII text, with very long lines (1822)
Size
74 kB (74084 bytes)
Hash
09241348ecef7327722125c713977a10
1dbdeb3e0f3de054c3ddc8ef45092f81c3a90203
265ab0c2bb5e21407f28e83e99a27b5b56157b643cf6c3e35773c090595deb92

HTTP Headers

GET /gtag/destination?id=DC-12688802&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwyv.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 10 May 2024 05:44:45 GMT
expires: Fri, 10 May 2024 05:44:45 GMT
cache-control: private, max-age=900
last-modified: Fri, 10 May 2024 03:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 74084
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

1win-cdn.com/img/fifa.604717ea7.svg

154.197.121.128

200 OK

91 kB

URL GET HTTP/2
1win-cdn.com/img/fifa.604717ea7.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wwyv.top/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
gzip compressed data, from Unix
Size
91 kB (90819 bytes)
Hash
063036b132ca5f25a7204727070a9fc4
96a4e3f92235034197f248720ffb6fbdbc540962
a77d0c8f2d2e6078f98df5a6647b704dec0ca9ecbdec762d12b8bb247020d2c1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/fifa.604717ea7.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwyv.top/
Cookie: __cf_bm=sfIgyTNK6XK13R9GaPku5c1lBrStF98mV.fjDIhZpnQ-1715319883-1.0.1.1-ZRrs3QADkAtezbRR3AAizfS_W0jLLB4V_L9pY4O9fMJ2ZIT4p5rzB20vB0M.awEy8o7O0UEqqb5nKzr1fp_HwQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 05:44:45 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: W/"663bfc40-39c"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5964
expires: Fri, 10 May 2024 09:44:45 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 88179e830884b523-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/bookmaker-rating-en.e5dcc84dd.svg

154.197.121.128

48 kB

URL
1win-cdn.com/img/bookmaker-rating-en.e5dcc84dd.svg
IP
154.197.121.128:0
ASN
#328608 Africa-on-Cloud-AS

File type
gzip compressed data, from Unix
Size
48 kB (47764 bytes)
Hash
da4aba31ccfea3da454207430e00f0fd
bbccce0c92c6f7b11f24594508b312e187defee1
d4cf953580647889af71d84d696af60303d39da82ad057c1684a335055ba9f26

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/bookmaker-rating-en.e5dcc84dd.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwyv.top/
Cookie: __cf_bm=sfIgyTNK6XK13R9GaPku5c1lBrStF98mV.fjDIhZpnQ-1715319883-1.0.1.1-ZRrs3QADkAtezbRR3AAizfS_W0jLLB4V_L9pY4O9fMJ2ZIT4p5rzB20vB0M.awEy8o7O0UEqqb5nKzr1fp_HwQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 05:44:45 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: W/"663bfc40-4ab4"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5964
expires: Fri, 10 May 2024 09:44:45 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 88179e830887b523-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/uefa.093dd4fef.svg

154.197.121.128

5.4 kB

URL
1win-cdn.com/img/uefa.093dd4fef.svg
IP
154.197.121.128:0
ASN
#328608 Africa-on-Cloud-AS

File type
gzip compressed data, from Unix
Size
5.4 kB (5369 bytes)
Hash
f60335b8a156e43b8356f1046438b4cf
2792f046c995f5513423d7b7f522e97582a8defd
6221c6d5b1e87965bd27abb7c508605fadb9ac7d3a8c569205969b1068e377ca

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/uefa.093dd4fef.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwyv.top/
Cookie: __cf_bm=sfIgyTNK6XK13R9GaPku5c1lBrStF98mV.fjDIhZpnQ-1715319883-1.0.1.1-ZRrs3QADkAtezbRR3AAizfS_W0jLLB4V_L9pY4O9fMJ2ZIT4p5rzB20vB0M.awEy8o7O0UEqqb5nKzr1fp_HwQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 05:44:45 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: W/"663bfc40-782"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 4864
expires: Fri, 10 May 2024 09:44:45 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 88179e82f878b523-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1wwyv.top/affiliate:link_visit?visit_domain=1wwyv.top&sub_ids=undefined

190.115.24.78

32 kB

URL
1wwyv.top/affiliate:link_visit?visit_domain=1wwyv.top&sub_ids=undefined
IP
190.115.24.78:0
ASN
#59692 IQWeb FZ-LLC

File type
gzip compressed data, from Unix
Size
32 kB (31747 bytes)
Hash
09e1caf33908fbbba0a9879678cda93d
0aff42aa9f9a99e800f02145ba47abb49a4bb81e
4d12443b0148904f100c09a7ac09b962dffc5c3a0f417cc49a20f37950be0307

HTTP Headers

GET /affiliate:link_visit?visit_domain=1wwyv.top&sub_ids=undefined HTTP/1.1
Host: 1wwyv.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1wwyv.top/
DNT: 1
Connection: keep-alive
Cookie: __ddg1_=yXm4ovddBN4MVdPIeqnC; visit_domain=1wwyv.top
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: ddos-guard
date: Fri, 10 May 2024 05:44:43 GMT
content-type: application/json; charset=utf-8
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Authorization, X-Origin
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin: undefined
access-control-expose-headers: Authorization
access-control-max-age: 7200
etag: W/"25-Zj67mG54TfZ031q1ea2QwFUXWX4"
set-cookie: core-sticky=http://10.233.84.234:80; Path=/; HttpOnly
x-powered-by: Express
x-frame-options: ALLOW-FROM   ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan, ALLOW-FROM 1win-partner.com  ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2

1win-cdn.com/js/index.65b27e7dc.js

154.197.121.128

200 OK

89 kB

URL GET HTTP/2
1win-cdn.com/js/index.65b27e7dc.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wwyv.top/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
gzip compressed data, from Unix
Size
89 kB (88574 bytes)
Hash
986a0ca25ed9ebc428549f70e9c02dc0
bd44a41871388f0bfb1c9c0e99e182536992a764
99515018620bf35e1b3ce04c1ed98b03697bf5a6447bcaef99e6cd7f2eb4b57c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/index.65b27e7dc.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwyv.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 05:44:43 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: W/"663bfc40-3128e"
expires: Mon, 08 May 2034 05:44:43 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 112374
set-cookie: __cf_bm=G9DuqJ9Z1WYap2mjzMDy6jdz0hadEQWGIeeVGLik7vs-1715319883-1.0.1.1-VnIoZ76D5NcUDaDHImrzmXs78QA4MleukLIQpcqD6vYudzlx6NtyhKd.K2DtGBjEVYBuiwRmBhLQfZWsW._M_A; path=/; expires=Fri, 10-May-24 06:14:43 GMT; domain=.1win-cdn.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 88179e76ecadb523-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/1play/8cd3ae6e-3840-454e-8e42-434cd48af16c.jpg@avif

188.114.96.1

6.3 kB

URL
imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/1play/8cd3ae6e-3840-454e-8e42-434cd48af16c.jpg@avif
IP
188.114.96.1:0
ASN
#13335 CLOUDFLARENET

File type
ISO Media, AVIF Image
Size
6.3 kB (6321 bytes)
Hash
049927e2f79d1b3f7c0db06be6378930
bc6a9c76a5027d6e63381bb7cf0ff70068d06792
8488c7746bd184e9f0210a44f098d433e1f94e2bec27d1e26c2b75cf82250b17

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/1play/8cd3ae6e-3840-454e-8e42-434cd48af16c.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwyv.top/
Cookie: __cf_bm=sfIgyTNK6XK13R9GaPku5c1lBrStF98mV.fjDIhZpnQ-1715319883-1.0.1.1-ZRrs3QADkAtezbRR3AAizfS_W0jLLB4V_L9pY4O9fMJ2ZIT4p5rzB20vB0M.awEy8o7O0UEqqb5nKzr1fp_HwQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 05:44:45 GMT
content-type: image/avif
content-length: 6321
cache-control: public, max-age=31536000
content-disposition: inline; filename="8cd3ae6e-3840-454e-8e42-434cd48af16c.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY2MTY2NmI4LTJiMmQxIg"
x-request-id: uf4G2aWnOYwTdyosxHGo1
cf-cache-status: HIT
age: 206300
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=geHGTjdh0QLl%2FU%2FQ3xEPuqcXZlA3ek%2FOJ3OIWE9if1rIokuWxm21gaLqufEnopzfmlXQBzJMIWEYi3N7jnX8W55k9sqiQAVa2cwGILfQdLXh%2F2acStWNKmcgfUTmZ1t4cIDaXT%2FNNcg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88179e854ba80afe-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

1win-cdn.com/js/63502.d79807f7c.js

154.197.121.128

36 kB

URL
1win-cdn.com/js/63502.d79807f7c.js
IP
154.197.121.128:0
ASN
#328608 Africa-on-Cloud-AS

File type
gzip compressed data, from Unix
Size
36 kB (36140 bytes)
Hash
a0ff31ac484696eb537d3fb46060fa30
125069ecef12345e66052084090b77dab9b73d02
8dbc9e582be829983eaea7434e5184396414fb01f894f7a7c389d7f1bea82448

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/63502.d79807f7c.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwyv.top/
Cookie: __cf_bm=sfIgyTNK6XK13R9GaPku5c1lBrStF98mV.fjDIhZpnQ-1715319883-1.0.1.1-ZRrs3QADkAtezbRR3AAizfS_W0jLLB4V_L9pY4O9fMJ2ZIT4p5rzB20vB0M.awEy8o7O0UEqqb5nKzr1fp_HwQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 05:44:43 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 06 May 2024 08:52:05 GMT
etag: W/"66389a35-2103b"
expires: Mon, 08 May 2034 05:44:43 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 334016
vary: Accept-Encoding
server: cloudflare
cf-ray: 88179e78ce8db523-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/spinomenal/61ea6817-a009-4c14-94a8-2d97fb8082c3.png@avif

188.114.96.1

200 OK

6.1 kB

URL GET HTTP/2
imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/spinomenal/61ea6817-a009-4c14-94a8-2d97fb8082c3.png@avif
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1wwyv.top/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
ISO Media, AVIF Image
Size
6.1 kB (6121 bytes)
Hash
172757f78e8e2026f280f94f4d032035
17cea3940511dbbbb5077e78e28ddadef3090931
f0480a63411ce5b83d0c87ea580863a1a6908dc635db4309719cf9119d3df28f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/spinomenal/61ea6817-a009-4c14-94a8-2d97fb8082c3.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwyv.top/
Cookie: __cf_bm=sfIgyTNK6XK13R9GaPku5c1lBrStF98mV.fjDIhZpnQ-1715319883-1.0.1.1-ZRrs3QADkAtezbRR3AAizfS_W0jLLB4V_L9pY4O9fMJ2ZIT4p5rzB20vB0M.awEy8o7O0UEqqb5nKzr1fp_HwQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 05:44:45 GMT
content-type: image/avif
content-length: 6121
cache-control: public, max-age=31536000
content-disposition: inline; filename="61ea6817-a009-4c14-94a8-2d97fb8082c3.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1ODk1MmJlLTZhY2Q4Ig"
x-request-id: mDzQ5h6tWKlbyUv2bDsmx
cf-cache-status: HIT
age: 216652
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mFmY7CEUTJzTDXIbquqpK9cJn%2F6%2BoYaBSei6gyA8%2BpPztQErw9Jhc%2BAM%2Bc0W1XawOf8vrtLDRGZ2tn3DXXtQ65K9p9%2Bj00dM%2BnEw0EIc%2BtS4whyfHo7%2FNlKy6Xz3XpX2JNT8%2FN86u0E%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88179e856bb00afe-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

1win-cdn.com/img/1win%20games.9b8574150.svg

154.197.121.128

6.4 kB

URL
1win-cdn.com/img/1win%20games.9b8574150.svg
IP
154.197.121.128:0
ASN
#328608 Africa-on-Cloud-AS

File type
gzip compressed data, from Unix
Size
6.4 kB (6449 bytes)
Hash
eccf588d057b8acca83e3670ba769966
969fe45b5d048ea1f182965e7feb42bb909fe7ae
ec24d98a3e63b1865e8259bb8be65303cbc5bafc872c67de2c23e8adbfcf6a4a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/1win%20games.9b8574150.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwyv.top/
Cookie: __cf_bm=sfIgyTNK6XK13R9GaPku5c1lBrStF98mV.fjDIhZpnQ-1715319883-1.0.1.1-ZRrs3QADkAtezbRR3AAizfS_W0jLLB4V_L9pY4O9fMJ2ZIT4p5rzB20vB0M.awEy8o7O0UEqqb5nKzr1fp_HwQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 05:44:45 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: W/"663bfc40-643"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 4559
expires: Fri, 10 May 2024 09:44:45 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 88179e851a1bb523-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/common/banners/all-v2?lang=en&type=desktop&bannersType=main&localeId=1

154.197.121.128

7.0 kB

URL
1win-cdn.com/common/banners/all-v2?lang=en&type=desktop&bannersType=main&localeId=1
IP
154.197.121.128:0
ASN
#328608 Africa-on-Cloud-AS

File type
gzip compressed data, from Unix
Size
7.0 kB (6994 bytes)
Hash
65cd748a6b8a089a8ceb0e3fdb597781
2f00f3f545f47f83e8cd75509f20ed95c172cdab
548d84cfd9cb632dbb2adf9cb3c039eecfa3e45198e741cab702ca703e8d3263

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /common/banners/all-v2?lang=en&type=desktop&bannersType=main&localeId=1 HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1wwyv.top
DNT: 1
Connection: keep-alive
Referer: https://1wwyv.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 05:44:45 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: *
etag: W/"21ce-G+w/bJ5mwJlUDylGk/bOXwQAuRE"
vary: Origin
expires: Fri, 10 May 2024 05:44:45 GMT
cache-control: max-age=0
x-frame-options: DENY
cf-cache-status: DYNAMIC
set-cookie: __cf_bm=yxVW3z_arhy7WtFXoNNxItSGu2JwYTg8HhtagwsEVYA-1715319885-1.0.1.1-4kdIJZ.S.sVDqpd5MwxoycN9V2fVrZJQIrbZSkmZeaByfHtmBNAcmzqwIf539.6FNkIxuVz9p8wTHPxPcLcU5Q; path=/; expires=Fri, 10-May-24 06:14:45 GMT; domain=.1win-cdn.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 88179e81be5a5699-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/css/58988.a289e8e93.css

154.197.121.128

16 kB

URL
1win-cdn.com/css/58988.a289e8e93.css
IP
154.197.121.128:0
ASN
#328608 Africa-on-Cloud-AS

File type
gzip compressed data, from Unix
Size
16 kB (16264 bytes)
Hash
0c3a0e045e68cab8931b5a8528e96b57
fce0264f2dac81da11d1bba0d4e97fa1b7bb77dd
8c52fc3cb16ad0b43802a363d4a00eff2be3cbf40384cf1ee5fa696bb69028a4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/58988.a289e8e93.css HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwyv.top/
Cookie: __cf_bm=sfIgyTNK6XK13R9GaPku5c1lBrStF98mV.fjDIhZpnQ-1715319883-1.0.1.1-ZRrs3QADkAtezbRR3AAizfS_W0jLLB4V_L9pY4O9fMJ2ZIT4p5rzB20vB0M.awEy8o7O0UEqqb5nKzr1fp_HwQ
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 05:44:44 GMT
content-type: text/css
last-modified: Tue, 07 May 2024 13:17:22 GMT
etag: W/"663a29e2-af48"
expires: Mon, 08 May 2034 05:44:44 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 227351
vary: Accept-Encoding
server: cloudflare
cf-ray: 88179e7c89fcb523-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/js/icons-pack-casino.fd47961dc.js

154.197.121.128

200 OK

26 kB

URL GET HTTP/2
1win-cdn.com/js/icons-pack-casino.fd47961dc.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wwyv.top/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
gzip compressed data, from Unix
Size
26 kB (25581 bytes)
Hash
051abd00fbc0b2ec10dd60f68803a4b4
cb53f74f857837009289e07b98262092731160d8
953070e7af073084a8a4a427e10b3da6569cfca3583446ccbe094a77ef245220

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/icons-pack-casino.fd47961dc.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwyv.top/
Cookie: __cf_bm=sfIgyTNK6XK13R9GaPku5c1lBrStF98mV.fjDIhZpnQ-1715319883-1.0.1.1-ZRrs3QADkAtezbRR3AAizfS_W0jLLB4V_L9pY4O9fMJ2ZIT4p5rzB20vB0M.awEy8o7O0UEqqb5nKzr1fp_HwQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 05:44:45 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-164f9"
expires: Mon, 08 May 2034 05:44:45 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 821810
vary: Accept-Encoding
server: cloudflare
cf-ray: 88179e85aa97b523-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/fazi.19d7f4b72.svg

154.197.121.128

10 kB

URL
1win-cdn.com/img/fazi.19d7f4b72.svg
IP
154.197.121.128:0
ASN
#328608 Africa-on-Cloud-AS

File type
gzip compressed data, from Unix
Size
10 kB (10109 bytes)
Hash
09907e2b779e40d6cedbfff2779f9da5
055f9e05c7417754fcfaa5fe5352596d60547cd7
bd9e022e386323438f39957dd5b19a11ad7cc5c84e10edcd9cc532aa759bf689

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/fazi.19d7f4b72.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwyv.top/
Cookie: __cf_bm=sfIgyTNK6XK13R9GaPku5c1lBrStF98mV.fjDIhZpnQ-1715319883-1.0.1.1-ZRrs3QADkAtezbRR3AAizfS_W0jLLB4V_L9pY4O9fMJ2ZIT4p5rzB20vB0M.awEy8o7O0UEqqb5nKzr1fp_HwQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 05:44:46 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: W/"663bfc40-285"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1931
expires: Fri, 10 May 2024 09:44:46 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 88179e880cb9b523-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/agt.893343a61.svg

154.197.121.128

200 OK

10 kB

URL GET HTTP/2
1win-cdn.com/img/agt.893343a61.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wwyv.top/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
gzip compressed data, from Unix
Size
10 kB (10353 bytes)
Hash
def330e37796415c7363f2e9a1904c65
a50c983cad0247817afad60a9384adca09702d69
3e060abb24b0a9380ed72a6a2846b636ca63d1c14891954765b59b9ec036e43e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/agt.893343a61.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwyv.top/
Cookie: __cf_bm=sfIgyTNK6XK13R9GaPku5c1lBrStF98mV.fjDIhZpnQ-1715319883-1.0.1.1-ZRrs3QADkAtezbRR3AAizfS_W0jLLB4V_L9pY4O9fMJ2ZIT4p5rzB20vB0M.awEy8o7O0UEqqb5nKzr1fp_HwQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 05:44:45 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: W/"663bfc40-4be"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 3597
expires: Fri, 10 May 2024 09:44:45 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 88179e867b48b523-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/evoplay.cfa676ca9.svg

154.197.121.128

9.4 kB

URL
1win-cdn.com/img/evoplay.cfa676ca9.svg
IP
154.197.121.128:0
ASN
#328608 Africa-on-Cloud-AS

File type
gzip compressed data, from Unix
Size
9.4 kB (9441 bytes)
Hash
600cc097ca8d75b3451a4f52e0cae911
4e0a138a08e62cb06c8926c2b1532baca33c115f
11b7175dec64fd2c958396baea511ca240386b2ffa4377e6fd76611613e1a2b0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/evoplay.cfa676ca9.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwyv.top/
Cookie: __cf_bm=sfIgyTNK6XK13R9GaPku5c1lBrStF98mV.fjDIhZpnQ-1715319883-1.0.1.1-ZRrs3QADkAtezbRR3AAizfS_W0jLLB4V_L9pY4O9fMJ2ZIT4p5rzB20vB0M.awEy8o7O0UEqqb5nKzr1fp_HwQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 05:44:46 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: W/"663bfc40-a24"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 4560
expires: Fri, 10 May 2024 09:44:46 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 88179e87ecacb523-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/7mojos%20live.cb6749a25.svg

154.197.121.128

200 OK

16 kB

URL GET HTTP/2
1win-cdn.com/img/7mojos%20live.cb6749a25.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wwyv.top/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
gzip compressed data, from Unix
Size
16 kB (16112 bytes)
Hash
a8f320f1982ae24175014ead332877b7
c5a1a81d520342646d3b5afe294edf8f231ae2df
0140460598f2eae6f796af8ba6bba3460a41b9b92cf938e9da050e9a927da83e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/7mojos%20live.cb6749a25.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwyv.top/
Cookie: __cf_bm=sfIgyTNK6XK13R9GaPku5c1lBrStF98mV.fjDIhZpnQ-1715319883-1.0.1.1-ZRrs3QADkAtezbRR3AAizfS_W0jLLB4V_L9pY4O9fMJ2ZIT4p5rzB20vB0M.awEy8o7O0UEqqb5nKzr1fp_HwQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 05:44:45 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: W/"663bfc40-19ef"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1933
expires: Fri, 10 May 2024 09:44:45 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 88179e865b32b523-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/betsoft.cc500155f.svg

154.197.121.128

32 kB

URL
1win-cdn.com/img/betsoft.cc500155f.svg
IP
154.197.121.128:0
ASN
#328608 Africa-on-Cloud-AS

File type
gzip compressed data, from Unix
Size
32 kB (31672 bytes)
Hash
9fa531ced4d2b4d2e528f7fafc52932e
9c87ec45859ffb600fac01500f84cfcc5b612186
dccc716e9bef20354cd81f9918b71691e1b7bc3dab348e4732896370f9494239

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/betsoft.cc500155f.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwyv.top/
Cookie: __cf_bm=sfIgyTNK6XK13R9GaPku5c1lBrStF98mV.fjDIhZpnQ-1715319883-1.0.1.1-ZRrs3QADkAtezbRR3AAizfS_W0jLLB4V_L9pY4O9fMJ2ZIT4p5rzB20vB0M.awEy8o7O0UEqqb5nKzr1fp_HwQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 05:44:45 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: W/"663bfc40-1286"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1931
expires: Fri, 10 May 2024 09:44:45 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 88179e871bddb523-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/gamomat.593230062.svg

154.197.121.128

10 kB

URL
1win-cdn.com/img/gamomat.593230062.svg
IP
154.197.121.128:0
ASN
#328608 Africa-on-Cloud-AS

File type
gzip compressed data, from Unix
Size
10 kB (10228 bytes)
Hash
872a4aa7ca14e1f0c2937879649f058e
096e5a01063d60a9de2c3fcdbfdfdfca4f1bd91a
460fe7d8abc8b04ab2308b17e747f6d6e4fbc0c5a6b88cde21a03a33a7fe50f7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/gamomat.593230062.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwyv.top/
Cookie: __cf_bm=sfIgyTNK6XK13R9GaPku5c1lBrStF98mV.fjDIhZpnQ-1715319883-1.0.1.1-ZRrs3QADkAtezbRR3AAizfS_W0jLLB4V_L9pY4O9fMJ2ZIT4p5rzB20vB0M.awEy8o7O0UEqqb5nKzr1fp_HwQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 05:44:46 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: W/"663bfc40-283"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Fri, 10 May 2024 09:44:46 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 88179e883cf4b523-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/genii.367222bbe.svg

154.197.121.128

15 kB

URL
1win-cdn.com/img/genii.367222bbe.svg
IP
154.197.121.128:0
ASN
#328608 Africa-on-Cloud-AS

File type
gzip compressed data, from Unix
Size
15 kB (15297 bytes)
Hash
a72c100e26916a6103ecbf6a060a7dd8
f40ac656833751f8dc62d5c1bd5e97d278c55a68
8a1c8756cda1301f54dee94fdd3c0f2802f5ceda53c09ba8dfd1c975eee22786

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/genii.367222bbe.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwyv.top/
Cookie: __cf_bm=sfIgyTNK6XK13R9GaPku5c1lBrStF98mV.fjDIhZpnQ-1715319883-1.0.1.1-ZRrs3QADkAtezbRR3AAizfS_W0jLLB4V_L9pY4O9fMJ2ZIT4p5rzB20vB0M.awEy8o7O0UEqqb5nKzr1fp_HwQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 05:44:46 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: W/"663bfc40-ecd"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Fri, 10 May 2024 09:44:46 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 88179e883cf9b523-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/belatra.1e7508387.svg

154.197.121.128

12 kB

URL
1win-cdn.com/img/belatra.1e7508387.svg
IP
154.197.121.128:0
ASN
#328608 Africa-on-Cloud-AS

File type
gzip compressed data, from Unix
Size
12 kB (11831 bytes)
Hash
efede68b44c7dd465049bf328f50cdfd
c925a90755d4892c3fad78b21a78edb6d040aa87
dade3addad24ee68893375f79608eedc28a4159d1f3474048e1945982354623f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/belatra.1e7508387.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwyv.top/
Cookie: __cf_bm=sfIgyTNK6XK13R9GaPku5c1lBrStF98mV.fjDIhZpnQ-1715319883-1.0.1.1-ZRrs3QADkAtezbRR3AAizfS_W0jLLB4V_L9pY4O9fMJ2ZIT4p5rzB20vB0M.awEy8o7O0UEqqb5nKzr1fp_HwQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 05:44:45 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: W/"663bfc40-13fa"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1932
expires: Fri, 10 May 2024 09:44:45 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 88179e86fbbeb523-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/itf.9b1402c42.svg

154.197.121.128

8.7 kB

URL
1win-cdn.com/img/itf.9b1402c42.svg
IP
154.197.121.128:0
ASN
#328608 Africa-on-Cloud-AS

File type
gzip compressed data, from Unix
Size
8.7 kB (8702 bytes)
Hash
987b42e28b538e1406eeeaa0ea84f9ae
8fd023bad75b321cef1f723b32d50d45d7f5aa11
d662b0fab4fff5a97ecf865de9d9df20ad721fa40e7c3a631da0806418ff9d98

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/itf.9b1402c42.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwyv.top/
Cookie: __cf_bm=sfIgyTNK6XK13R9GaPku5c1lBrStF98mV.fjDIhZpnQ-1715319883-1.0.1.1-ZRrs3QADkAtezbRR3AAizfS_W0jLLB4V_L9pY4O9fMJ2ZIT4p5rzB20vB0M.awEy8o7O0UEqqb5nKzr1fp_HwQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 05:44:45 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: W/"663bfc40-af0"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5964
expires: Fri, 10 May 2024 09:44:45 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 88179e82f883b523-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/barbara%20bang.790acb7dc.svg

154.197.121.128

21 kB

URL
1win-cdn.com/img/barbara%20bang.790acb7dc.svg
IP
154.197.121.128:0
ASN
#328608 Africa-on-Cloud-AS

File type
gzip compressed data, from Unix
Size
21 kB (21309 bytes)
Hash
99c51887e4e8cd662d73c74b1a5ace4e
4c21cfe66e27c9cf05e2987ba1e8fa7ed9a178e8
2819bc001e65ba3ea8c01688604def0064e474e19f0264b2002b7c59f3acebff

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/barbara%20bang.790acb7dc.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwyv.top/
Cookie: __cf_bm=sfIgyTNK6XK13R9GaPku5c1lBrStF98mV.fjDIhZpnQ-1715319883-1.0.1.1-ZRrs3QADkAtezbRR3AAizfS_W0jLLB4V_L9pY4O9fMJ2ZIT4p5rzB20vB0M.awEy8o7O0UEqqb5nKzr1fp_HwQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 05:44:45 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: W/"663bfc40-68da"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5964
expires: Fri, 10 May 2024 09:44:45 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 88179e86fbb6b523-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/goldenrace.4bb50c89d.svg

154.197.121.128

11 kB

URL
1win-cdn.com/img/goldenrace.4bb50c89d.svg
IP
154.197.121.128:0
ASN
#328608 Africa-on-Cloud-AS

File type
gzip compressed data, from Unix
Size
11 kB (11299 bytes)
Hash
19c25ac40d445a4f548bf1d0b04aa7e2
ce38ea9fa81658e9c15b57ce8fe01f2cce030497
b5051d4717cae271bc27739f7ba0a6d885511088a1ff54eb37014f91a5b91252

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/goldenrace.4bb50c89d.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwyv.top/
Cookie: __cf_bm=sfIgyTNK6XK13R9GaPku5c1lBrStF98mV.fjDIhZpnQ-1715319883-1.0.1.1-ZRrs3QADkAtezbRR3AAizfS_W0jLLB4V_L9pY4O9fMJ2ZIT4p5rzB20vB0M.awEy8o7O0UEqqb5nKzr1fp_HwQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 05:44:46 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: W/"663bfc40-88a"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5965
expires: Fri, 10 May 2024 09:44:46 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 88179e884cfab523-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/elbet.701d0b0cd.svg

154.197.121.128

17 kB

URL
1win-cdn.com/img/elbet.701d0b0cd.svg
IP
154.197.121.128:0
ASN
#328608 Africa-on-Cloud-AS

File type
gzip compressed data, from Unix
Size
17 kB (17354 bytes)
Hash
593fa13eac24f267fa58656053c72c41
ef55a51a0bf30605c258116daed339a51cc3ee1e
c6da0bdb40e2746ad8d697e4d38b107a09955ea110693ff0547b65e2e41ccb0c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/elbet.701d0b0cd.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwyv.top/
Cookie: __cf_bm=sfIgyTNK6XK13R9GaPku5c1lBrStF98mV.fjDIhZpnQ-1715319883-1.0.1.1-ZRrs3QADkAtezbRR3AAizfS_W0jLLB4V_L9pY4O9fMJ2ZIT4p5rzB20vB0M.awEy8o7O0UEqqb5nKzr1fp_HwQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 05:44:46 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: W/"663bfc40-2a4d"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Fri, 10 May 2024 09:44:46 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 88179e87dc85b523-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/bd529428-aaab-4991-a790-150cd6317398.jpg@avif

188.114.96.1

5.0 kB

URL
imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/bd529428-aaab-4991-a790-150cd6317398.jpg@avif
IP
188.114.96.1:0
ASN
#13335 CLOUDFLARENET

File type
ISO Media, AVIF Image
Size
5.0 kB (5004 bytes)
Hash
3c7a3851260b12a9627faa9016f3ce1f
9df4442c906d9741c13ef21ed9eefb5f99d044c5
8b330aef0c0829a3f623aacd997fcae862db1c1b712f56cfdde0c267417d4942

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/bd529428-aaab-4991-a790-150cd6317398.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwyv.top/
Cookie: __cf_bm=sfIgyTNK6XK13R9GaPku5c1lBrStF98mV.fjDIhZpnQ-1715319883-1.0.1.1-ZRrs3QADkAtezbRR3AAizfS_W0jLLB4V_L9pY4O9fMJ2ZIT4p5rzB20vB0M.awEy8o7O0UEqqb5nKzr1fp_HwQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 05:44:46 GMT
content-type: image/avif
content-length: 5004
cache-control: public, max-age=31536000
content-disposition: inline; filename="bd529428-aaab-4991-a790-150cd6317398.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY2MDQwNTUwLTEzNTFiIg"
x-request-id: POGVM5U7XburYgl2LOHs0
cf-cache-status: HIT
age: 220896
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JqXOxzcy24Cd7iGrxe9V5JwlXNmNi0hXqM6Ccz%2FmyaIV3ROq0ms%2Fu2RblVrdn0T25wf%2FvJRkkzq7WLMPB3dR7SoQmWehl7d1TCJAxjgRrBPUQ23vEYk%2F%2F8SC2UsZAHETgVc1%2FcLjXgM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88179e8cd8ef0afe-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/aaf2d443-c77f-48d2-b319-c986f21359b9.png@avif

188.114.96.1

200 OK

11 kB

URL GET HTTP/2
imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/aaf2d443-c77f-48d2-b319-c986f21359b9.png@avif
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1wwyv.top/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
ISO Media, AVIF Image
Size
11 kB (10793 bytes)
Hash
69589818044ff973aa67c696e7e394fd
0f03ad92c7eb38789b111436be2e733faad871a4
11b7536dae29bf130716d915551940bb971627b613ef1ea7e1e351a0411bc534

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/aaf2d443-c77f-48d2-b319-c986f21359b9.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwyv.top/
Cookie: __cf_bm=sfIgyTNK6XK13R9GaPku5c1lBrStF98mV.fjDIhZpnQ-1715319883-1.0.1.1-ZRrs3QADkAtezbRR3AAizfS_W0jLLB4V_L9pY4O9fMJ2ZIT4p5rzB20vB0M.awEy8o7O0UEqqb5nKzr1fp_HwQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 05:44:46 GMT
content-type: image/avif
content-length: 10793
cache-control: public, max-age=31536000
content-disposition: inline; filename="aaf2d443-c77f-48d2-b319-c986f21359b9.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY0MDljNTQ5LTRmZWNiIg"
x-request-id: BsBdAEl7D51TnYMcZ71aV
cf-cache-status: HIT
age: 206301
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wKLrHVEFUqMZapCAnpCl88zh1DvX5MeKUonrquEo%2BFAoNOUgQbKpzMwRXlFRhnDhFi3plVkjkQy8MFosuKMh7w51GoZW%2FP1cZ4HwVE5KipvLYyImwgX4EjNlC7iE%2Fc1ElwTzh%2FTDp8E%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88179e8cd8ee0afe-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

1win-cdn.com/img/bombay%20live.ab678ab94.svg

154.197.121.128

200 OK

7.8 kB

URL GET HTTP/2
1win-cdn.com/img/bombay%20live.ab678ab94.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wwyv.top/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
gzip compressed data, from Unix
Size
7.8 kB (7763 bytes)
Hash
ac35b5ef1eb619e4ff99beea8062bf5a
b6e7d6cac66b6b00a10fbabb0b557252e680611e
d68982754153b1be5c3527df34982520cd8ceedb57ad3b53de06096308e90716

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/bombay%20live.ab678ab94.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwyv.top/
Cookie: __cf_bm=sfIgyTNK6XK13R9GaPku5c1lBrStF98mV.fjDIhZpnQ-1715319883-1.0.1.1-ZRrs3QADkAtezbRR3AAizfS_W0jLLB4V_L9pY4O9fMJ2ZIT4p5rzB20vB0M.awEy8o7O0UEqqb5nKzr1fp_HwQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 05:44:45 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: W/"663bfc40-5b4"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1931
expires: Fri, 10 May 2024 09:44:45 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 88179e875c1ab523-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/pragmatic/096d2c09-0aad-4662-8a89-4d8777978e05.png@avif

188.114.96.1

5.0 kB

URL
imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/pragmatic/096d2c09-0aad-4662-8a89-4d8777978e05.png@avif
IP
188.114.96.1:0
ASN
#13335 CLOUDFLARENET

File type
ISO Media, AVIF Image
Size
5.0 kB (4967 bytes)
Hash
4ed163b7295ee97d380351dd868d4216
6987db5ad9f1b684e98e657aacb7dd38706e6a34
f612299c5c7d80db2a40298d6efbcce5aa740cbf02b0bfad807a91a60a11f606

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/pragmatic/096d2c09-0aad-4662-8a89-4d8777978e05.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwyv.top/
Cookie: __cf_bm=sfIgyTNK6XK13R9GaPku5c1lBrStF98mV.fjDIhZpnQ-1715319883-1.0.1.1-ZRrs3QADkAtezbRR3AAizfS_W0jLLB4V_L9pY4O9fMJ2ZIT4p5rzB20vB0M.awEy8o7O0UEqqb5nKzr1fp_HwQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 05:44:46 GMT
content-type: image/avif
content-length: 4967
cache-control: public, max-age=31536000
content-disposition: inline; filename="096d2c09-0aad-4662-8a89-4d8777978e05.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1ZGRmMGJkLTRkZmFlIg"
x-request-id: tIWim6rSgFENbirgZB3aQ
cf-cache-status: HIT
age: 217063
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aL%2BcfYnXm00DDzASivPv6Bjeywa50umMc0L8Ij7IgHUt3xDTO7AImlkSx0BltflWljGxXLxtdcwQEfZtp%2FYUoc161JKO4UtDafo8YyGU1pcB9AlnPMhcoaZPvyZH3940z6ZRo6AcQG8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88179e8cd8f50afe-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/6f680e79-feec-4211-9534-21a166c91202.jpg@avif

188.114.96.1

4.7 kB

URL
imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/6f680e79-feec-4211-9534-21a166c91202.jpg@avif
IP
188.114.96.1:0
ASN
#13335 CLOUDFLARENET

File type
ISO Media, AVIF Image
Size
4.7 kB (4683 bytes)
Hash
4e85a0bde3faf39a0eb79d1afbf94a3c
bfda6edfa14599e73e5a8096ae707b7355fb9d2f
fea08e33454d5f3e26915f9862ba5acc30108166648fa38500e19f7cb1324473

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/6f680e79-feec-4211-9534-21a166c91202.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwyv.top/
Cookie: __cf_bm=sfIgyTNK6XK13R9GaPku5c1lBrStF98mV.fjDIhZpnQ-1715319883-1.0.1.1-ZRrs3QADkAtezbRR3AAizfS_W0jLLB4V_L9pY4O9fMJ2ZIT4p5rzB20vB0M.awEy8o7O0UEqqb5nKzr1fp_HwQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 05:44:46 GMT
content-type: image/avif
content-length: 4683
cache-control: public, max-age=31536000
content-disposition: inline; filename="6f680e79-feec-4211-9534-21a166c91202.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1YzM2MzcyLTFhNTFhIg"
x-request-id: SDhj3o6iI09jSaV1xC7zB
cf-cache-status: HIT
age: 212197
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2B0gQPSY5Jh88GiE%2FKBdSZ9%2FY7jPtGYqbNZjp720lYDEs5XIoPc0Zm9IN3s4gcs%2BKBi5fkxE2NlhHku9zlyCRP6ImBBra6OXA5mIZ6PHbeZDQEC5sJyWo5Y%2B7P5B3jVugUvHLMXeJGDM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88179e8cd8f60afe-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/tvbet/a6a15f20-ce33-4ddc-9763-e38986fcdb2c.jpg@avif

188.114.96.1

6.6 kB

URL
imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/tvbet/a6a15f20-ce33-4ddc-9763-e38986fcdb2c.jpg@avif
IP
188.114.96.1:0
ASN
#13335 CLOUDFLARENET

File type
ISO Media, AVIF Image
Size
6.6 kB (6634 bytes)
Hash
e96a71a5fe56033b87ca3809fb4fab55
22b9068fece941bf32a6e67885ea41fd70233ac6
e7d80eb4af58fe47ec89fadcf5b2e5969f43527c11668ae3f4af541fe61a5853

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/tvbet/a6a15f20-ce33-4ddc-9763-e38986fcdb2c.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwyv.top/
Cookie: __cf_bm=sfIgyTNK6XK13R9GaPku5c1lBrStF98mV.fjDIhZpnQ-1715319883-1.0.1.1-ZRrs3QADkAtezbRR3AAizfS_W0jLLB4V_L9pY4O9fMJ2ZIT4p5rzB20vB0M.awEy8o7O0UEqqb5nKzr1fp_HwQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 05:44:46 GMT
content-type: image/avif
content-length: 6634
cache-control: public, max-age=31536000
content-disposition: inline; filename="a6a15f20-ce33-4ddc-9763-e38986fcdb2c.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY2MGMxZWU2LTNlZDNkIg"
x-request-id: qDJlJ2R-SOJh4usDIwbZn
cf-cache-status: HIT
age: 220896
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=klkqGldxrvt02KtEknqlao%2B5UnZTWdOMQ4xJat2lo8JvMmuifrGsyoYW0KsjYj1UNetAVofe4Y7j1357r%2BmvI1Ie0slCP%2BYZHUn5HGSLEAbnYk6%2FOh7mOXmb9d7f%2BRjq2k%2FeXEBq6T0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88179e8cd8f90afe-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/728d6758-6f50-4b1b-8132-2430ff7e0aa6.jpeg@avif

188.114.96.1

7.5 kB

URL
imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/728d6758-6f50-4b1b-8132-2430ff7e0aa6.jpeg@avif
IP
188.114.96.1:0
ASN
#13335 CLOUDFLARENET

File type
ISO Media, AVIF Image
Size
7.5 kB (7460 bytes)
Hash
91cb93c7b3bcfdaf5be22dd889c68647
20c0af4b44bfe11283e15f237fa8c762a10d4711
c8a4e944374127623a31b75cec94c6b6d3509cb961f03169774cd8d725b0cb4a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/728d6758-6f50-4b1b-8132-2430ff7e0aa6.jpeg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwyv.top/
Cookie: __cf_bm=sfIgyTNK6XK13R9GaPku5c1lBrStF98mV.fjDIhZpnQ-1715319883-1.0.1.1-ZRrs3QADkAtezbRR3AAizfS_W0jLLB4V_L9pY4O9fMJ2ZIT4p5rzB20vB0M.awEy8o7O0UEqqb5nKzr1fp_HwQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 05:44:46 GMT
content-type: image/avif
content-length: 7460
cache-control: public, max-age=31536000
content-disposition: inline; filename="728d6758-6f50-4b1b-8132-2430ff7e0aa6.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY0NzQ2ZGJmLWRhZDki"
x-request-id: nlnrqp76oKsPxZfPgQlZm
cf-cache-status: HIT
age: 206301
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cTxMN23%2FhdQHheXxFiH2dx%2BzilqHEBvCKUnEui2dg3yNfeD6EJEH2Yo4ZSUlS7SLbSN9mV4KiTRBRNzXCHH9wFLwSuct7RPVpur3iC4fc%2BMq5ZC4X%2FF1S%2FOeeiz4eiY4o2CX2HeQfjk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88179e8ce8fc0afe-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

1win-cdn.com/img/atp.e87cf2801.svg

154.197.121.128

200 OK

14 kB

URL GET HTTP/2
1win-cdn.com/img/atp.e87cf2801.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wwyv.top/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
gzip compressed data, from Unix
Size
14 kB (14447 bytes)
Hash
e781224d6ccc3fd2567177707e4e743a
62f9cfe20ed91d4159ff9d15e7e0822abb7721b1
18a395dab32391f329d5c429345f3cc4d3e9991f28db24dc7bbcae38a8a1340d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/atp.e87cf2801.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwyv.top/
Cookie: __cf_bm=sfIgyTNK6XK13R9GaPku5c1lBrStF98mV.fjDIhZpnQ-1715319883-1.0.1.1-ZRrs3QADkAtezbRR3AAizfS_W0jLLB4V_L9pY4O9fMJ2ZIT4p5rzB20vB0M.awEy8o7O0UEqqb5nKzr1fp_HwQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 05:44:45 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: W/"663bfc40-2f1a"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 144
expires: Fri, 10 May 2024 09:44:45 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 88179e82f881b523-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/pragmatic/3223fafb-6b1b-46ba-bb4e-d667854eb8e8.png@avif

188.114.96.1

8.2 kB

URL
imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/pragmatic/3223fafb-6b1b-46ba-bb4e-d667854eb8e8.png@avif
IP
188.114.96.1:0
ASN
#13335 CLOUDFLARENET

File type
ISO Media, AVIF Image
Size
8.2 kB (8197 bytes)
Hash
2bb5dde390003652a0eb9ebe2ec82506
a380f9976a7e050fb4d5d16645fb739f1c012635
8a7bde50fbfc69782f930b7983c89539fa483d076ec7bfd327cbf615987bed3b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/pragmatic/3223fafb-6b1b-46ba-bb4e-d667854eb8e8.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwyv.top/
Cookie: __cf_bm=sfIgyTNK6XK13R9GaPku5c1lBrStF98mV.fjDIhZpnQ-1715319883-1.0.1.1-ZRrs3QADkAtezbRR3AAizfS_W0jLLB4V_L9pY4O9fMJ2ZIT4p5rzB20vB0M.awEy8o7O0UEqqb5nKzr1fp_HwQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 05:44:46 GMT
content-type: image/avif
content-length: 8197
cache-control: public, max-age=31536000
content-disposition: inline; filename="3223fafb-6b1b-46ba-bb4e-d667854eb8e8.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1NGIzZjM1LTMwNzIxIg"
x-request-id: ejgpplgS_jgdEjE0wtm06
cf-cache-status: HIT
age: 206301
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SpLwV0SZ4qfA00P1uBDxeqa6e6NDIrKHGYy6bNFj5hPUFzjIps7dVBXYXkUysQoSCe9ZGehhz7IDqQPYDb%2BNmbxuXVmED8uMtjwiv20WrU7VeuC6kOWsb2kDBUxa68vxy04Ohyw72Q8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88179e8cf90b0afe-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

1win-cdn.com/img/spinomenal.e0cf93b3a.svg

154.197.121.128

11 kB

URL
1win-cdn.com/img/spinomenal.e0cf93b3a.svg
IP
154.197.121.128:0
ASN
#328608 Africa-on-Cloud-AS

File type
gzip compressed data, from Unix
Size
11 kB (10891 bytes)
Hash
3652a6b1cca87e1e19d37deac0e1747e
e8b91cce391333d4b07bed6d9b1d7d532672facd
5a922579fb5c1ab5628e07bb4631cfc7eeec128ce4388001669bdcf8bf48233b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/spinomenal.e0cf93b3a.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwyv.top/
Cookie: __cf_bm=sfIgyTNK6XK13R9GaPku5c1lBrStF98mV.fjDIhZpnQ-1715319883-1.0.1.1-ZRrs3QADkAtezbRR3AAizfS_W0jLLB4V_L9pY4O9fMJ2ZIT4p5rzB20vB0M.awEy8o7O0UEqqb5nKzr1fp_HwQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 05:44:45 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: W/"663bfc40-8d0"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 4559
expires: Fri, 10 May 2024 09:44:45 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 88179e852a2db523-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/pragmatic/c_d25464ae840baf966d3d1019c718c0fc.png@avif

188.114.96.1

200 OK

6.4 kB

URL GET HTTP/2
imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/pragmatic/c_d25464ae840baf966d3d1019c718c0fc.png@avif
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1wwyv.top/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
ISO Media, AVIF Image
Size
6.4 kB (6364 bytes)
Hash
4e7067f0087797bc8a2752288c82d468
7a97f30b9cf7b7c0167847006aefcd3411e4c414
626952781c5dcc08fb5dc238ced257f7bcc86ed4e656e61c829199ab4f023e62

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/pragmatic/c_d25464ae840baf966d3d1019c718c0fc.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwyv.top/
Cookie: __cf_bm=sfIgyTNK6XK13R9GaPku5c1lBrStF98mV.fjDIhZpnQ-1715319883-1.0.1.1-ZRrs3QADkAtezbRR3AAizfS_W0jLLB4V_L9pY4O9fMJ2ZIT4p5rzB20vB0M.awEy8o7O0UEqqb5nKzr1fp_HwQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 05:44:46 GMT
content-type: image/avif
content-length: 6364
cache-control: public, max-age=31536000
content-disposition: inline; filename="c_d25464ae840baf966d3d1019c718c0fc.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjYyOGUyMTVlLTRiYWM1Ig"
x-request-id: TlNWZ38pE9uIHD6irnmEj
cf-cache-status: HIT
age: 212197
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=a8d2u0QA3rwc5ba8Ogob5sD0k4fLD0YhR0RAnMy3pys8GC8w8rseWaEsnKoCpRCpjCtCR9%2FshWkQkPyAJ%2BUjCR5cQefv3yylamo39sJvvFfzcQD6wZDTUOpxFomXrzset9KLJdjm4tE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88179e8d09120afe-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

1win-cdn.com/img/boldplay.70a46bd71.svg

154.197.121.128

200 OK

11 kB

URL GET HTTP/2
1win-cdn.com/img/boldplay.70a46bd71.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wwyv.top/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
gzip compressed data, from Unix
Size
11 kB (11282 bytes)
Hash
bf529fb5e3fdab082ee417643df07b1b
37f20b418b603b000baffe811256d460d4175fa5
5e8ebf29e57059eae4e4066c693e07290c0330cc6a5c22dc4ca7e30eb4a8b222

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/boldplay.70a46bd71.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwyv.top/
Cookie: __cf_bm=sfIgyTNK6XK13R9GaPku5c1lBrStF98mV.fjDIhZpnQ-1715319883-1.0.1.1-ZRrs3QADkAtezbRR3AAizfS_W0jLLB4V_L9pY4O9fMJ2ZIT4p5rzB20vB0M.awEy8o7O0UEqqb5nKzr1fp_HwQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 05:44:45 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: W/"663bfc40-123c"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1931
expires: Fri, 10 May 2024 09:44:45 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 88179e875c16b523-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-548949LWLW&cid=1012396113.1715319887&gtm=45je4580v894728184z8894400803za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3lPl2l1&npa=1&frm=0&z=1419643700

142.250.74.163

42 B

URL
www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-548949LWLW&cid=1012396113.1715319887&gtm=45je4580v894728184z8894400803za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3lPl2l1&npa=1&frm=0&z=1419643700
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-548949LWLW&cid=1012396113.1715319887&gtm=45je4580v894728184z8894400803za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3lPl2l1&npa=1&frm=0&z=1419643700 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwyv.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 10 May 2024 05:44:47 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

region1.analytics.google.com/g/collect?v=2&tid=G-548949LWLW&gtm=45je4580v894728184z8894400803za200&_p=1715319884193&_gaz=1&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=1012396113.1715319887&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&_s=1&dp=%2F&sid=1715319886&sct=1&seg=0&dl=https%3A%2F%2F1wwyv.top%2F&dt=1win&en=page_view&_fv=1&_nsi=1&_ss=1&ep.page_url=https%3A%2F%2F1wwyv.top%2F&up.UserID=&up.platform_language=en&up.device_type=desktop&up.platform=web&up.os=other&tfd=4100

216.239.34.36

204 No Content

0 B

URL POST HTTP/2
region1.analytics.google.com/g/collect?v=2&tid=G-548949LWLW&gtm=45je4580v894728184z8894400803za200&_p=1715319884193&_gaz=1&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=1012396113.1715319887&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&_s=1&dp=%2F&sid=1715319886&sct=1&seg=0&dl=https%3A%2F%2F1wwyv.top%2F&dt=1win&en=page_view&_fv=1&_nsi=1&_ss=1&ep.page_url=https%3A%2F%2F1wwyv.top%2F&up.UserID=&up.platform_language=en&up.device_type=desktop&up.platform=web&up.os=other&tfd=4100
IP
216.239.34.36:443
ASN
#15169 GOOGLE

Requested by
https://1wwyv.top/
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE
ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /g/collect?v=2&tid=G-548949LWLW&gtm=45je4580v894728184z8894400803za200&_p=1715319884193&_gaz=1&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=1012396113.1715319887&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&_s=1&dp=%2F&sid=1715319886&sct=1&seg=0&dl=https%3A%2F%2F1wwyv.top%2F&dt=1win&en=page_view&_fv=1&_nsi=1&_ss=1&ep.page_url=https%3A%2F%2F1wwyv.top%2F&up.UserID=&up.platform_language=en&up.device_type=desktop&up.platform=web&up.os=other&tfd=4100 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1wwyv.top
DNT: 1
Connection: keep-alive
Referer: https://1wwyv.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

HTTP/2 204 No Content
access-control-allow-origin: https://1wwyv.top
date: Fri, 10 May 2024 05:44:47 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

region1.analytics.google.com/g/collect?v=2&tid=G-548949LWLW&gtm=45je4580v894728184z8894400803za200&_p=1715319884193&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=1012396113.1715319887&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&_s=2&dp=%2F&sid=1715319886&sct=1&seg=0&dl=https%3A%2F%2F1wwyv.top%2F&dt=1win&en=slider_banner_view&ep.page_url=https%3A%2F%2F1wwyv.top%2F&ep.device_type=desktop&ep.platform=web&ep.os=other&ep.domain=1wwyv.top&tfd=10316

216.239.34.36

0 B

URL
region1.analytics.google.com/g/collect?v=2&tid=G-548949LWLW&gtm=45je4580v894728184z8894400803za200&_p=1715319884193&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=1012396113.1715319887&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&_s=2&dp=%2F&sid=1715319886&sct=1&seg=0&dl=https%3A%2F%2F1wwyv.top%2F&dt=1win&en=slider_banner_view&ep.page_url=https%3A%2F%2F1wwyv.top%2F&ep.device_type=desktop&ep.platform=web&ep.os=other&ep.domain=1wwyv.top&tfd=10316
IP
216.239.34.36:0
ASN
#15169 GOOGLE

Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE
ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /g/collect?v=2&tid=G-548949LWLW&gtm=45je4580v894728184z8894400803za200&_p=1715319884193&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=1012396113.1715319887&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&_s=2&dp=%2F&sid=1715319886&sct=1&seg=0&dl=https%3A%2F%2F1wwyv.top%2F&dt=1win&en=slider_banner_view&ep.page_url=https%3A%2F%2F1wwyv.top%2F&ep.device_type=desktop&ep.platform=web&ep.os=other&ep.domain=1wwyv.top&tfd=10316 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1wwyv.top
DNT: 1
Connection: keep-alive
Referer: https://1wwyv.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers

HTTP/3 204 No Content
access-control-allow-origin: https://1wwyv.top
date: Fri, 10 May 2024 05:44:53 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

1win-cdn.com/img/bonus_hover_1.eb9b2d69a-1320.webp

154.197.121.128

48 kB

URL
1win-cdn.com/img/bonus_hover_1.eb9b2d69a-1320.webp
IP
154.197.121.128:0
ASN
#328608 Africa-on-Cloud-AS

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 1320x427, Scaling: [none]x[none], YUV color, decoders should clamp
Size
48 kB (47816 bytes)
Hash
5495ba7e07dc7a05a6008b8585bca92b
f8dadc060dcf17862805f72d7815c9b9b119375e
570d0b7b7b49c540125d6b4636dcd2284e0c18a2c015ea56035b21ae91e400c7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/bonus_hover_1.eb9b2d69a-1320.webp HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwyv.top/
Cookie: __cf_bm=sfIgyTNK6XK13R9GaPku5c1lBrStF98mV.fjDIhZpnQ-1715319883-1.0.1.1-ZRrs3QADkAtezbRR3AAizfS_W0jLLB4V_L9pY4O9fMJ2ZIT4p5rzB20vB0M.awEy8o7O0UEqqb5nKzr1fp_HwQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 05:45:04 GMT
content-type: image/webp
content-length: 47816
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: "663bfc40-bac8"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5965
expires: Fri, 10 May 2024 09:45:04 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 88179ef83ecdb523-OSL
X-Firefox-Spdy: h2

1win-cdn.com/img/bonus.75b0226c8-1320.webp

154.197.121.128

48 kB

URL
1win-cdn.com/img/bonus.75b0226c8-1320.webp
IP
154.197.121.128:0
ASN
#328608 Africa-on-Cloud-AS

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 1320x427, Scaling: [none]x[none], YUV color, decoders should clamp
Size
48 kB (47824 bytes)
Hash
8c760c7064f0128ae142377fd17b2a06
edfcaffb6cd42075bfecedd2153fd44764d69df7
32161eece0cfdf13f56657eae013b7c465da15413d352eb0eca7ad536808750c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/bonus.75b0226c8-1320.webp HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwyv.top/
Cookie: __cf_bm=sfIgyTNK6XK13R9GaPku5c1lBrStF98mV.fjDIhZpnQ-1715319883-1.0.1.1-ZRrs3QADkAtezbRR3AAizfS_W0jLLB4V_L9pY4O9fMJ2ZIT4p5rzB20vB0M.awEy8o7O0UEqqb5nKzr1fp_HwQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 05:45:04 GMT
content-type: image/webp
content-length: 47824
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: "663bfc40-bad0"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5965
expires: Fri, 10 May 2024 09:45:04 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 88179ef83ed0b523-OSL
X-Firefox-Spdy: h2

region1.analytics.google.com/g/collect?v=2&tid=G-548949LWLW&gtm=45je4580v894728184z8894400803za200&_p=1715319884193&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=1012396113.1715319887&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&_s=3&dp=%2F&sid=1715319886&sct=1&seg=0&dl=https%3A%2F%2F1wwyv.top%2F&dt=1win&en=slider_banner_view&ep.page_url=https%3A%2F%2F1wwyv.top%2F&ep.device_type=desktop&ep.platform=web&ep.os=other&ep.domain=1wwyv.top&tfd=26261

216.239.34.36

0 B

URL
region1.analytics.google.com/g/collect?v=2&tid=G-548949LWLW&gtm=45je4580v894728184z8894400803za200&_p=1715319884193&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=1012396113.1715319887&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&_s=3&dp=%2F&sid=1715319886&sct=1&seg=0&dl=https%3A%2F%2F1wwyv.top%2F&dt=1win&en=slider_banner_view&ep.page_url=https%3A%2F%2F1wwyv.top%2F&ep.device_type=desktop&ep.platform=web&ep.os=other&ep.domain=1wwyv.top&tfd=26261
IP
216.239.34.36:0
ASN
#15169 GOOGLE

Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE
ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /g/collect?v=2&tid=G-548949LWLW&gtm=45je4580v894728184z8894400803za200&_p=1715319884193&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=1012396113.1715319887&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&_s=3&dp=%2F&sid=1715319886&sct=1&seg=0&dl=https%3A%2F%2F1wwyv.top%2F&dt=1win&en=slider_banner_view&ep.page_url=https%3A%2F%2F1wwyv.top%2F&ep.device_type=desktop&ep.platform=web&ep.os=other&ep.domain=1wwyv.top&tfd=26261 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1wwyv.top
DNT: 1
Connection: keep-alive
Referer: https://1wwyv.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers

HTTP/3 204 No Content
access-control-allow-origin: https://1wwyv.top
date: Fri, 10 May 2024 05:45:09 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

1win-cdn.com/js/31310.c605a9b9f.js

154.197.121.128

200 OK

528 B

URL GET HTTP/2
1win-cdn.com/js/31310.c605a9b9f.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wwyv.top/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (546), with no line terminators
Size
528 B (528 bytes)
Hash
819ea0d23f76434d7cf7bdad5c0dc71f
06f5a3c6cd80db3f5850633d2f868f55e7e92447
3fc29ff364ab40aadf6f25a1d6423b9d333cfecf786e3cfcc04175850357eedb

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/31310.c605a9b9f.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwyv.top/
Cookie: __cf_bm=sfIgyTNK6XK13R9GaPku5c1lBrStF98mV.fjDIhZpnQ-1715319883-1.0.1.1-ZRrs3QADkAtezbRR3AAizfS_W0jLLB4V_L9pY4O9fMJ2ZIT4p5rzB20vB0M.awEy8o7O0UEqqb5nKzr1fp_HwQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 05:44:44 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-210"
expires: Mon, 08 May 2034 05:44:44 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 824718
vary: Accept-Encoding
server: cloudflare
cf-ray: 88179e7dab49b523-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/elk.c0f58697d.svg

154.197.121.128

200 OK

983 B

URL GET HTTP/2
1win-cdn.com/img/elk.c0f58697d.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wwyv.top/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
983 B (983 bytes)
Hash
58995520e7430cd69b54d08c244aacc1
3db7918420563842879038fd5b4ba2050458ddeb
5110cb34328fe32430f0ef1a8a85709a1245aa2df8d876656a6dd74c8ed5accb

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/elk.c0f58697d.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwyv.top/
Cookie: __cf_bm=sfIgyTNK6XK13R9GaPku5c1lBrStF98mV.fjDIhZpnQ-1715319883-1.0.1.1-ZRrs3QADkAtezbRR3AAizfS_W0jLLB4V_L9pY4O9fMJ2ZIT4p5rzB20vB0M.awEy8o7O0UEqqb5nKzr1fp_HwQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 05:44:46 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: W/"663bfc40-3d7"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1932
expires: Fri, 10 May 2024 09:44:46 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 88179e87dc8ab523-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/worldmatch.9f3d40aa7.svg

154.197.121.128

200 OK

522 B

URL GET HTTP/2
1win-cdn.com/img/worldmatch.9f3d40aa7.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wwyv.top/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
522 B (522 bytes)
Hash
c3aab966ecda4dadceb7b556b4205478
e8e501768b244593d7e5a59b6a7cf77e3b0d4581
ba1ec219d7a5dafe4c7ce5aa35171278f90b26d55c3ce4b1fd2474ce69487bf1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/worldmatch.9f3d40aa7.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwyv.top/
Cookie: __cf_bm=sfIgyTNK6XK13R9GaPku5c1lBrStF98mV.fjDIhZpnQ-1715319883-1.0.1.1-ZRrs3QADkAtezbRR3AAizfS_W0jLLB4V_L9pY4O9fMJ2ZIT4p5rzB20vB0M.awEy8o7O0UEqqb5nKzr1fp_HwQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 05:44:46 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: W/"663bfc40-20a"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5965
expires: Fri, 10 May 2024 09:44:46 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 88179e8a7edeb523-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/a2d833f8-b8d6-4fb7-8063-08501557df20.png@avif

188.114.96.1

200 OK

7.7 kB

URL GET HTTP/2
imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/a2d833f8-b8d6-4fb7-8063-08501557df20.png@avif
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1wwyv.top/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
ISO Media, AVIF Image
Size
7.7 kB (7665 bytes)
Hash
a301711d2f250aac2cf9a7b842d5639e
f64334b263231df3e7505d31d155e4277e8337db
c44c30f8bb76dda1f98ed40d6aa5eb9e0b906618ba0ef88033c315b926d51668

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/a2d833f8-b8d6-4fb7-8063-08501557df20.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwyv.top/
Cookie: __cf_bm=sfIgyTNK6XK13R9GaPku5c1lBrStF98mV.fjDIhZpnQ-1715319883-1.0.1.1-ZRrs3QADkAtezbRR3AAizfS_W0jLLB4V_L9pY4O9fMJ2ZIT4p5rzB20vB0M.awEy8o7O0UEqqb5nKzr1fp_HwQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 05:44:46 GMT
content-type: image/avif
content-length: 7665
cache-control: public, max-age=31536000
content-disposition: inline; filename="a2d833f8-b8d6-4fb7-8063-08501557df20.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1ZmQ1ZTBlLTRmM2ViIg"
x-request-id: BJABdYmHfcvdKcjvabDcx
cf-cache-status: HIT
age: 217063
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bM%2BejWngKau8Iyq79kgiwlaYSSEHMIihyVsWV2Taf3Ey1rqttMPx2aGFxjH%2BVuEm0jg9ZCSsPNWilKgLxIicAXXJ2GNuvfl%2FViSggON5a6D67vJOvea%2Fm38mBotgUdX7EpVmbmH3CQU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88179e8b3fd90afe-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

1win-cdn.com/js/8726.6a357273b.js

154.197.121.128

200 OK

664 B

URL GET HTTP/2
1win-cdn.com/js/8726.6a357273b.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wwyv.top/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (682), with no line terminators
Size
664 B (664 bytes)
Hash
2e216c1b879ec285c8c32567174c9af4
e1e1af06fe2299d4a230eb5467395ef6bf3354cc
2e286b2372f85cadaa903f3189b912a18def9e9c561f6b4121af91682164cca2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/8726.6a357273b.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwyv.top/
Cookie: __cf_bm=sfIgyTNK6XK13R9GaPku5c1lBrStF98mV.fjDIhZpnQ-1715319883-1.0.1.1-ZRrs3QADkAtezbRR3AAizfS_W0jLLB4V_L9pY4O9fMJ2ZIT4p5rzB20vB0M.awEy8o7O0UEqqb5nKzr1fp_HwQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 05:44:44 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-298"
expires: Mon, 08 May 2034 05:44:44 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 817528
vary: Accept-Encoding
server: cloudflare
cf-ray: 88179e7eac4fb523-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/ezugi.a9c66babd.svg

154.197.121.128

200 OK

1.4 kB

URL GET HTTP/2
1win-cdn.com/img/ezugi.a9c66babd.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wwyv.top/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
1.4 kB (1439 bytes)
Hash
329b99ccd51d8cd3e1a5c8a1b83a84eb
ad907259ddfcffb089829ad24a4411ff1cd4b1c0
96e851dca3bca1d7d99061ec91cab28bd2c037ce8732e80a4ed601e86c0e67c4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/ezugi.a9c66babd.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwyv.top/
Cookie: __cf_bm=sfIgyTNK6XK13R9GaPku5c1lBrStF98mV.fjDIhZpnQ-1715319883-1.0.1.1-ZRrs3QADkAtezbRR3AAizfS_W0jLLB4V_L9pY4O9fMJ2ZIT4p5rzB20vB0M.awEy8o7O0UEqqb5nKzr1fp_HwQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 05:44:46 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: W/"663bfc40-59f"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Fri, 10 May 2024 09:44:46 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 88179e87ecb0b523-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/nolimit%20city.5b7440267.svg

154.197.121.128

200 OK

1.7 kB

URL GET HTTP/2
1win-cdn.com/img/nolimit%20city.5b7440267.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wwyv.top/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
1.7 kB (1683 bytes)
Hash
b922d7644363785eac0ec67b0a31e5b5
aeb685310c81a6bbde2c3dc8c6e4bfcf59c77336
f5949bda30ca6a410fa6db0e60789cad60c32183d2f52b4888ab292910bd45bc

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/nolimit%20city.5b7440267.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwyv.top/
Cookie: __cf_bm=sfIgyTNK6XK13R9GaPku5c1lBrStF98mV.fjDIhZpnQ-1715319883-1.0.1.1-ZRrs3QADkAtezbRR3AAizfS_W0jLLB4V_L9pY4O9fMJ2ZIT4p5rzB20vB0M.awEy8o7O0UEqqb5nKzr1fp_HwQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 05:44:46 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: W/"663bfc40-693"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5965
expires: Fri, 10 May 2024 09:44:46 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 88179e88cd71b523-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/js/46719.c1d2eb9c5.js

154.197.121.128

200 OK

527 B

URL GET HTTP/2
1win-cdn.com/js/46719.c1d2eb9c5.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wwyv.top/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (545), with no line terminators
Size
527 B (527 bytes)
Hash
8375a4110ec42498df870269f31e79db
d974e51c02dbdc175ffa8d4384b385ecce38e581
b63b4ea04779e05a75b5e69f026faa71ee3601834dc416ce230a65ef9171d861

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/46719.c1d2eb9c5.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwyv.top/
Cookie: __cf_bm=sfIgyTNK6XK13R9GaPku5c1lBrStF98mV.fjDIhZpnQ-1715319883-1.0.1.1-ZRrs3QADkAtezbRR3AAizfS_W0jLLB4V_L9pY4O9fMJ2ZIT4p5rzB20vB0M.awEy8o7O0UEqqb5nKzr1fp_HwQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 05:44:45 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-20f"
expires: Mon, 08 May 2034 05:44:45 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 824718
vary: Accept-Encoding
server: cloudflare
cf-ray: 88179e85aa94b523-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/amusnet%20interactive.428b45c71.svg

154.197.121.128

200 OK

672 B

URL GET HTTP/2
1win-cdn.com/img/amusnet%20interactive.428b45c71.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wwyv.top/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
672 B (672 bytes)
Hash
dd800d25fd1fc6956949e43d9997d38d
d2e3ced7d4ad91488dc8dde871b6651a01153f4a
8a010ef18c9d5777be9dbf363882bb9eadb3ded464fa63f0dd133e10a1bfef1b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/amusnet%20interactive.428b45c71.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwyv.top/
Cookie: __cf_bm=sfIgyTNK6XK13R9GaPku5c1lBrStF98mV.fjDIhZpnQ-1715319883-1.0.1.1-ZRrs3QADkAtezbRR3AAizfS_W0jLLB4V_L9pY4O9fMJ2ZIT4p5rzB20vB0M.awEy8o7O0UEqqb5nKzr1fp_HwQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 05:44:45 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: W/"663bfc40-2a0"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5964
expires: Fri, 10 May 2024 09:44:45 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 88179e86db98b523-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/js/8653.ed7806659.js

154.197.121.128

200 OK

952 B

URL GET HTTP/2
1win-cdn.com/js/8653.ed7806659.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wwyv.top/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (994), with no line terminators
Size
952 B (952 bytes)
Hash
1a63c0338e50d3b4dfe4a7cea9098d20
3915a35a401582840fc4139f2a94260a8cc21c12
5876ed8be9f28ec2128149035402d973d5b243d80e470048018ec6df9c3d6439

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/8653.ed7806659.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwyv.top/
Cookie: __cf_bm=sfIgyTNK6XK13R9GaPku5c1lBrStF98mV.fjDIhZpnQ-1715319883-1.0.1.1-ZRrs3QADkAtezbRR3AAizfS_W0jLLB4V_L9pY4O9fMJ2ZIT4p5rzB20vB0M.awEy8o7O0UEqqb5nKzr1fp_HwQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 05:44:44 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-3b8"
expires: Mon, 08 May 2034 05:44:44 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 816225
vary: Accept-Encoding
server: cloudflare
cf-ray: 88179e7efca2b523-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/bgaming.ae3573ff9.svg

154.197.121.128

200 OK

4.0 kB

URL GET HTTP/2
1win-cdn.com/img/bgaming.ae3573ff9.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wwyv.top/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
4.0 kB (3997 bytes)
Hash
f2081caf12b5dad178e766a8bd906e19
5ffdd19030dd7868b979fa8c19243e62b70eabb8
ac0b648f44a2ab64ba3f4e7517ebbe6ba9ff28082268f67b9afebc0d8d38e884

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/bgaming.ae3573ff9.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwyv.top/
Cookie: __cf_bm=sfIgyTNK6XK13R9GaPku5c1lBrStF98mV.fjDIhZpnQ-1715319883-1.0.1.1-ZRrs3QADkAtezbRR3AAizfS_W0jLLB4V_L9pY4O9fMJ2ZIT4p5rzB20vB0M.awEy8o7O0UEqqb5nKzr1fp_HwQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 05:44:45 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: W/"663bfc40-f9d"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 4559
expires: Fri, 10 May 2024 09:44:45 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 88179e872bf1b523-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/endorphina.20b721ba6.svg

154.197.121.128

200 OK

7.1 kB

URL GET HTTP/2
1win-cdn.com/img/endorphina.20b721ba6.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wwyv.top/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
7.1 kB (7113 bytes)
Hash
a89aae2f962bcb01ecb8e3ddd113b797
706e09d5fa8312ec4cd3c7ca606ad19edca158d9
3a3f4f70b1c092a12634c8a8fbf3409fa001ee6d9a1eed7f0a3a5cfe5866dd6a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/endorphina.20b721ba6.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwyv.top/
Cookie: __cf_bm=sfIgyTNK6XK13R9GaPku5c1lBrStF98mV.fjDIhZpnQ-1715319883-1.0.1.1-ZRrs3QADkAtezbRR3AAizfS_W0jLLB4V_L9pY4O9fMJ2ZIT4p5rzB20vB0M.awEy8o7O0UEqqb5nKzr1fp_HwQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 05:44:46 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: W/"663bfc40-1bc9"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1959
expires: Fri, 10 May 2024 09:44:46 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 88179e87eca5b523-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/playbro.9ed310f23.svg

154.197.121.128

200 OK

4.8 kB

URL GET HTTP/2
1win-cdn.com/img/playbro.9ed310f23.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wwyv.top/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
4.8 kB (4839 bytes)
Hash
221b773f0eb73aa28f7617e628f7fc2f
67e3b29f4a951351da5183dd7d6e083fbc991322
4ad7ef6a7e11897fa2b2830921fe86a3d878866c81c87d159f90732be0d30e9d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/playbro.9ed310f23.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwyv.top/
Cookie: __cf_bm=sfIgyTNK6XK13R9GaPku5c1lBrStF98mV.fjDIhZpnQ-1715319883-1.0.1.1-ZRrs3QADkAtezbRR3AAizfS_W0jLLB4V_L9pY4O9fMJ2ZIT4p5rzB20vB0M.awEy8o7O0UEqqb5nKzr1fp_HwQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 05:44:46 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: W/"663bfc40-12e7"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Fri, 10 May 2024 09:44:46 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 88179e893dc8b523-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/wazdan.1cf2cebcc.svg

154.197.121.128

200 OK

2.0 kB

URL GET HTTP/2
1win-cdn.com/img/wazdan.1cf2cebcc.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wwyv.top/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
2.0 kB (1981 bytes)
Hash
f19410782a9e906c5987a9ec3dec0a8e
9df4dc8c8b7defde41a5caea964099dd1c882245
728bdcd00db7137c2e314ddf1f2dbe368b5a66d31ff5ccf0ca8e8ba83e3da5c9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/wazdan.1cf2cebcc.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwyv.top/
Cookie: __cf_bm=sfIgyTNK6XK13R9GaPku5c1lBrStF98mV.fjDIhZpnQ-1715319883-1.0.1.1-ZRrs3QADkAtezbRR3AAizfS_W0jLLB4V_L9pY4O9fMJ2ZIT4p5rzB20vB0M.awEy8o7O0UEqqb5nKzr1fp_HwQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 05:44:46 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: W/"663bfc40-7bd"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Fri, 10 May 2024 09:44:46 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 88179e8a6ed6b523-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/onetouch.b026a50c5.svg

154.197.121.128

200 OK

2.4 kB

URL GET HTTP/2
1win-cdn.com/img/onetouch.b026a50c5.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wwyv.top/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
2.4 kB (2394 bytes)
Hash
f04cb7d15621db8eda5af2216a4f824f
a0aa7231bfbe4ddc48be81716c3b31ba5c1702ec
de4ec671f76aa1afb93d074c5ea3b64d3d759cf404a142b359be0d9fccedb84e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/onetouch.b026a50c5.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwyv.top/
Cookie: __cf_bm=sfIgyTNK6XK13R9GaPku5c1lBrStF98mV.fjDIhZpnQ-1715319883-1.0.1.1-ZRrs3QADkAtezbRR3AAizfS_W0jLLB4V_L9pY4O9fMJ2ZIT4p5rzB20vB0M.awEy8o7O0UEqqb5nKzr1fp_HwQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 05:44:46 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: W/"663bfc40-95a"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Fri, 10 May 2024 09:44:46 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 88179e88dd7bb523-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/rubyplay.b4553f39e.svg

154.197.121.128

200 OK

7.6 kB

URL GET HTTP/2
1win-cdn.com/img/rubyplay.b4553f39e.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wwyv.top/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
7.6 kB (7557 bytes)
Hash
3858ea5c6be5319073b0453eac475c1b
72be49666df66401b531cfe9658ae2b64f897b0b
fb96a6365440b705da9c72c59a869499f4872ed922243f9d248536974a860980

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/rubyplay.b4553f39e.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwyv.top/
Cookie: __cf_bm=sfIgyTNK6XK13R9GaPku5c1lBrStF98mV.fjDIhZpnQ-1715319883-1.0.1.1-ZRrs3QADkAtezbRR3AAizfS_W0jLLB4V_L9pY4O9fMJ2ZIT4p5rzB20vB0M.awEy8o7O0UEqqb5nKzr1fp_HwQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 05:44:46 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: W/"663bfc40-1d85"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1153
expires: Fri, 10 May 2024 09:44:46 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 88179e899e19b523-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/thunderspin.2d11ae63d.svg

154.197.121.128

200 OK

2.5 kB

URL GET HTTP/2
1win-cdn.com/img/thunderspin.2d11ae63d.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wwyv.top/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
2.5 kB (2520 bytes)
Hash
604f41c295f537f07943cfe15d6f15f2
ab1b0075af6b7a8c6aa80eaa1ffbec9931a09369
9a89dee21e4f99f3d08e324ca4d4c6b1c08f3acc53bbc9027d57757359734198

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/thunderspin.2d11ae63d.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwyv.top/
Cookie: __cf_bm=sfIgyTNK6XK13R9GaPku5c1lBrStF98mV.fjDIhZpnQ-1715319883-1.0.1.1-ZRrs3QADkAtezbRR3AAizfS_W0jLLB4V_L9pY4O9fMJ2ZIT4p5rzB20vB0M.awEy8o7O0UEqqb5nKzr1fp_HwQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 05:44:46 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: W/"663bfc40-9d8"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Fri, 10 May 2024 09:44:46 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 88179e8a0e8db523-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/e6dd9f4c-282a-4040-8fcc-256b4d959834.jpg@avif

188.114.96.1

200 OK

9.3 kB

URL GET HTTP/2
imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/e6dd9f4c-282a-4040-8fcc-256b4d959834.jpg@avif
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1wwyv.top/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
ISO Media, AVIF Image
Size
9.3 kB (9286 bytes)
Hash
0f8864e9375258e414b04c6732d13b3b
e5577d640e162a5d812d94c60bf9d8aa2ef0dd46
2f41e33d30919a1521364450bb1e867a1f7851f25f7ec18b0325fc51f123793e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/e6dd9f4c-282a-4040-8fcc-256b4d959834.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwyv.top/
Cookie: __cf_bm=sfIgyTNK6XK13R9GaPku5c1lBrStF98mV.fjDIhZpnQ-1715319883-1.0.1.1-ZRrs3QADkAtezbRR3AAizfS_W0jLLB4V_L9pY4O9fMJ2ZIT4p5rzB20vB0M.awEy8o7O0UEqqb5nKzr1fp_HwQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 05:44:46 GMT
content-type: image/avif
content-length: 9286
cache-control: public, max-age=31536000
content-disposition: inline; filename="e6dd9f4c-282a-4040-8fcc-256b4d959834.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1NWY0Y2IzLTIzZDY3Ig"
x-request-id: ocH5-jbdxAxetP0OmPcPA
cf-cache-status: HIT
age: 206301
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=X2eRO5ZLDzVlyhw3aHKzAW9qurIQ%2BMEjkBqiWAYw1DAuDUOlBrSm%2BLqATOMA2X5a5bk5iOT%2Bez7F0JdynPcQrcXMPs6hKjWdkQCJ3Zk0vi7ME21Y2mm%2BQziOHXw6i6ODqUAMuCrNSf8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88179e8ce9090afe-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

1win-cdn.com/js/28852.501b5fba6.js

154.197.121.128

200 OK

906 B

URL GET HTTP/2
1win-cdn.com/js/28852.501b5fba6.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wwyv.top/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (924), with no line terminators
Size
906 B (906 bytes)
Hash
f97751384d582a6e650b35ebe9d32479
e545afff49a2a354c28392833508fd88ebaa4875
1df0101a9f183c7133c49e126c64e4820760e5ab7d99895d0ee7e6d514810b9b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/28852.501b5fba6.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwyv.top/
Cookie: __cf_bm=sfIgyTNK6XK13R9GaPku5c1lBrStF98mV.fjDIhZpnQ-1715319883-1.0.1.1-ZRrs3QADkAtezbRR3AAizfS_W0jLLB4V_L9pY4O9fMJ2ZIT4p5rzB20vB0M.awEy8o7O0UEqqb5nKzr1fp_HwQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 05:44:44 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-38a"
expires: Mon, 08 May 2034 05:44:44 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 817528
vary: Accept-Encoding
server: cloudflare
cf-ray: 88179e7d9b2eb523-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/1win-normal.34748aac6.svg

154.197.121.128

200 OK

4.6 kB

URL GET HTTP/2
1win-cdn.com/img/1win-normal.34748aac6.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wwyv.top/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
4.6 kB (4641 bytes)
Hash
6a657a7851fa92f791304f1cdb123e9a
ae2def67a366ffe67578bf82e3c47b4f1966e784
8443e4838f78a5ad2efa628846e3337e1cec32b94cfce323eb25f2e97989a02f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/1win-normal.34748aac6.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwyv.top/
Cookie: __cf_bm=sfIgyTNK6XK13R9GaPku5c1lBrStF98mV.fjDIhZpnQ-1715319883-1.0.1.1-ZRrs3QADkAtezbRR3AAizfS_W0jLLB4V_L9pY4O9fMJ2ZIT4p5rzB20vB0M.awEy8o7O0UEqqb5nKzr1fp_HwQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 05:44:44 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: W/"663bfc40-1221"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 143
expires: Fri, 10 May 2024 09:44:44 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 88179e7dfb9cb523-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/spinomenal/61ea6817-a009-4c14-94a8-2d97fb8082c3.png@png

0.0.0.0

0 B

URL GET
imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/spinomenal/61ea6817-a009-4c14-94a8-2d97fb8082c3.png@png
IP
0.0.0.0:0
ASN
#0

Requested by
https://1wwyv.top/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/spinomenal/61ea6817-a009-4c14-94a8-2d97fb8082c3.png@png HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwyv.top/
Cookie: __cf_bm=sfIgyTNK6XK13R9GaPku5c1lBrStF98mV.fjDIhZpnQ-1715319883-1.0.1.1-ZRrs3QADkAtezbRR3AAizfS_W0jLLB4V_L9pY4O9fMJ2ZIT4p5rzB20vB0M.awEy8o7O0UEqqb5nKzr1fp_HwQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

1win-cdn.com/img/fantasma.8f4e2392c.svg

154.197.121.128

200 OK

3.4 kB

URL GET HTTP/2
1win-cdn.com/img/fantasma.8f4e2392c.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wwyv.top/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
3.4 kB (3380 bytes)
Hash
2b6e488681e5af743e430cce2f0c2187
5a3102291017d617e6346a59664b1ec7eece4423
f34079a7f0c56e9ef5af475418998e11aa38c64bf4900827c830263eb9e8ac11

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/fantasma.8f4e2392c.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwyv.top/
Cookie: __cf_bm=sfIgyTNK6XK13R9GaPku5c1lBrStF98mV.fjDIhZpnQ-1715319883-1.0.1.1-ZRrs3QADkAtezbRR3AAizfS_W0jLLB4V_L9pY4O9fMJ2ZIT4p5rzB20vB0M.awEy8o7O0UEqqb5nKzr1fp_HwQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 05:44:46 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: W/"663bfc40-d34"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1931
expires: Fri, 10 May 2024 09:44:46 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 88179e87fcb7b523-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/onlyplay.1c7a3c455.svg

154.197.121.128

200 OK

1.7 kB

URL GET HTTP/2
1win-cdn.com/img/onlyplay.1c7a3c455.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wwyv.top/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
1.7 kB (1709 bytes)
Hash
c3e69f9fed9cc0cf56f269a871ebf7b8
24c64655556df116228009b2d0e64950404e45a2
c983a2f37ed5b2c73940d48dc81e885d6fa8136a5e0f3399e426e427dd7ff5ff

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/onlyplay.1c7a3c455.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwyv.top/
Cookie: __cf_bm=sfIgyTNK6XK13R9GaPku5c1lBrStF98mV.fjDIhZpnQ-1715319883-1.0.1.1-ZRrs3QADkAtezbRR3AAizfS_W0jLLB4V_L9pY4O9fMJ2ZIT4p5rzB20vB0M.awEy8o7O0UEqqb5nKzr1fp_HwQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 05:44:46 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: W/"663bfc40-6ad"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 4560
expires: Fri, 10 May 2024 09:44:46 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 88179e88ed7db523-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/skywind.9cd4f870b.svg

154.197.121.128

200 OK

1.5 kB

URL GET HTTP/2
1win-cdn.com/img/skywind.9cd4f870b.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wwyv.top/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
1.5 kB (1507 bytes)
Hash
6133bd0ec680372c4b1478cca75bd999
852e07d884235f5b480657590f2cba1ce4d53d7f
6e09ca60ae8119229bdebf17f96b69ea481296cf4da7dbd9c2d27ee8111d30f0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/skywind.9cd4f870b.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwyv.top/
Cookie: __cf_bm=sfIgyTNK6XK13R9GaPku5c1lBrStF98mV.fjDIhZpnQ-1715319883-1.0.1.1-ZRrs3QADkAtezbRR3AAizfS_W0jLLB4V_L9pY4O9fMJ2ZIT4p5rzB20vB0M.awEy8o7O0UEqqb5nKzr1fp_HwQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 05:44:46 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: W/"663bfc40-5e3"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 4560
expires: Fri, 10 May 2024 09:44:46 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 88179e89ae31b523-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/js/18860.cc0fd1e0e.js

154.197.121.128

200 OK

28 kB

URL GET HTTP/2
1win-cdn.com/js/18860.cc0fd1e0e.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wwyv.top/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
JavaScript source, ASCII text, with very long lines (27990), with no line terminators
Size
28 kB (27990 bytes)
Hash
4b143001b05330bb316fe6b48531dbb6
ffa1e8fc89a58cf47350481057028603fe7fff91
d2384a77cb70880903f3d1b81d47cdaf69af5bfb006fd23fb938c512ee2f486e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/18860.cc0fd1e0e.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwyv.top/
Cookie: __cf_bm=sfIgyTNK6XK13R9GaPku5c1lBrStF98mV.fjDIhZpnQ-1715319883-1.0.1.1-ZRrs3QADkAtezbRR3AAizfS_W0jLLB4V_L9pY4O9fMJ2ZIT4p5rzB20vB0M.awEy8o7O0UEqqb5nKzr1fp_HwQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 05:44:43 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 06 May 2024 12:32:27 GMT
etag: W/"6638cddb-6d56"
expires: Mon, 08 May 2034 05:44:43 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 320285
vary: Accept-Encoding
server: cloudflare
cf-ray: 88179e78ce89b523-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/1play/0c8b561e-d1d5-4e08-903f-f0b53d280c7c.jpg@png

0.0.0.0

0 B

URL GET
imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/1play/0c8b561e-d1d5-4e08-903f-f0b53d280c7c.jpg@png
IP
0.0.0.0:0
ASN
#0

Requested by
https://1wwyv.top/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/1play/0c8b561e-d1d5-4e08-903f-f0b53d280c7c.jpg@png HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwyv.top/
Cookie: __cf_bm=sfIgyTNK6XK13R9GaPku5c1lBrStF98mV.fjDIhZpnQ-1715319883-1.0.1.1-ZRrs3QADkAtezbRR3AAizfS_W0jLLB4V_L9pY4O9fMJ2ZIT4p5rzB20vB0M.awEy8o7O0UEqqb5nKzr1fp_HwQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

1win-cdn.com/img/yggdrasil.a6bc350dc.svg

154.197.121.128

200 OK

5.8 kB

URL GET HTTP/2
1win-cdn.com/img/yggdrasil.a6bc350dc.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wwyv.top/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
5.8 kB (5783 bytes)
Hash
1156d7b0c16ee989276ab38995b5e316
2efca22c943534eec487d1441efc9c1280c0ce62
05a95300234033b2ad7ffbf88873540ae90bfb3b849dc207666d8deed966d24d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/yggdrasil.a6bc350dc.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwyv.top/
Cookie: __cf_bm=sfIgyTNK6XK13R9GaPku5c1lBrStF98mV.fjDIhZpnQ-1715319883-1.0.1.1-ZRrs3QADkAtezbRR3AAizfS_W0jLLB4V_L9pY4O9fMJ2ZIT4p5rzB20vB0M.awEy8o7O0UEqqb5nKzr1fp_HwQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 05:44:46 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: W/"663bfc40-1697"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Fri, 10 May 2024 09:44:46 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 88179e8a7ee0b523-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/js/48357.2f661a8c9.js

154.197.121.128

200 OK

9.6 kB

URL GET HTTP/2
1win-cdn.com/js/48357.2f661a8c9.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wwyv.top/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (9833), with no line terminators
Size
9.6 kB (9582 bytes)
Hash
ac10e417d3205818d44f428fb5946e98
1e2586b11318351ff352b3155225e2e90617151f
56e1ca7bc3d7559714a27119b6076e3b06a69bc9848518bfac6fac0d55dae24a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/48357.2f661a8c9.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwyv.top/
Cookie: __cf_bm=sfIgyTNK6XK13R9GaPku5c1lBrStF98mV.fjDIhZpnQ-1715319883-1.0.1.1-ZRrs3QADkAtezbRR3AAizfS_W0jLLB4V_L9pY4O9fMJ2ZIT4p5rzB20vB0M.awEy8o7O0UEqqb5nKzr1fp_HwQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 05:44:44 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 06 May 2024 08:52:05 GMT
etag: W/"66389a35-256e"
expires: Mon, 08 May 2034 05:44:44 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 334015
vary: Accept-Encoding
server: cloudflare
cf-ray: 88179e7c79ecb523-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

imgproxy.1win-cdn.com/unsafe/banner_desktop_main_1x/plain/https://1win-cdn.com/img/bonus.8be9e8f98-362.png@png

188.114.96.1

200 OK

50 kB

URL GET HTTP/2
imgproxy.1win-cdn.com/unsafe/banner_desktop_main_1x/plain/https://1win-cdn.com/img/bonus.8be9e8f98-362.png@png
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1wwyv.top/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
PNG image data, 362 x 429, 8-bit colormap, non-interlaced
Size
50 kB (49865 bytes)
Hash
b0b99e0a3f5f6fc44052e30eae903c63
822d3283ea4b2e2dba9b7454a3cce37dd7b67d7a
e8a9883494dafb98df5bc26bae6e699673f4dcc1ee90aa8b5296f3ff88f66954

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /unsafe/banner_desktop_main_1x/plain/https://1win-cdn.com/img/bonus.8be9e8f98-362.png@png HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwyv.top/
Cookie: __cf_bm=sfIgyTNK6XK13R9GaPku5c1lBrStF98mV.fjDIhZpnQ-1715319883-1.0.1.1-ZRrs3QADkAtezbRR3AAizfS_W0jLLB4V_L9pY4O9fMJ2ZIT4p5rzB20vB0M.awEy8o7O0UEqqb5nKzr1fp_HwQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 05:44:44 GMT
content-type: image/png
content-length: 49865
cache-control: public, max-age=31536000
content-disposition: inline; filename="bonus.8be9e8f98-362.png"
content-security-policy: script-src 'none'
etag: "bYO6A3TkrGzIprX68BfyOBGJEQnSmCYqqMK6NzP2zdM/RIjY2M2E3M2ZkLWMyMGQi"
x-request-id: 5homX3QX3km0rPlH6mr1e
cf-cache-status: HIT
age: 162086
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=k44RdVJ0ebBpLB3m8ltefcb6Lki2SPcK8kfyL7PGNB7FkgGS9AhqwIbpF7lTkdv0wN3TeOdWt4lo6xcP02QcXJghXC%2BETJIvmTN%2F3WK%2BUpvQRqLPlTfkta5Z2%2BeDZ8Ho60%2Bly3uCUHw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88179e7ebf360afe-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

1win-cdn.com/img/zillion.c0e3dd6f0.svg

154.197.121.128

200 OK

684 B

URL GET HTTP/2
1win-cdn.com/img/zillion.c0e3dd6f0.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wwyv.top/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
684 B (684 bytes)
Hash
d9e09ca4e933fc8dabb60c1335cb7cd6
37b3bb2ea200f88ae0f7c681547dfba6fcce1449
fb15bc779be9be33fbb41082ce8c6defe5cbeb6273b2a3cf620e40ef4416c177

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/zillion.c0e3dd6f0.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwyv.top/
Cookie: __cf_bm=sfIgyTNK6XK13R9GaPku5c1lBrStF98mV.fjDIhZpnQ-1715319883-1.0.1.1-ZRrs3QADkAtezbRR3AAizfS_W0jLLB4V_L9pY4O9fMJ2ZIT4p5rzB20vB0M.awEy8o7O0UEqqb5nKzr1fp_HwQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 05:44:46 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: W/"663bfc40-2ac"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Fri, 10 May 2024 09:44:46 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 88179e8a8f04b523-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/1play/e47f89a4-3663-4c9d-bc45-fe1845d34e1b.png@avif

188.114.96.1

200 OK

5.1 kB

URL GET HTTP/2
imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/1play/e47f89a4-3663-4c9d-bc45-fe1845d34e1b.png@avif
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1wwyv.top/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
ISO Media, AVIF Image
Size
5.1 kB (5097 bytes)
Hash
78c35d95a329313abe507e5fd846f7b7
31fb39c006cc6629f8e0c3041eb47bd3e07c4eec
0dd9631740338687b4b97e20f6f7df31f2b2a649af5da408f1283db108a8929e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/1play/e47f89a4-3663-4c9d-bc45-fe1845d34e1b.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwyv.top/
Cookie: __cf_bm=sfIgyTNK6XK13R9GaPku5c1lBrStF98mV.fjDIhZpnQ-1715319883-1.0.1.1-ZRrs3QADkAtezbRR3AAizfS_W0jLLB4V_L9pY4O9fMJ2ZIT4p5rzB20vB0M.awEy8o7O0UEqqb5nKzr1fp_HwQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 05:44:45 GMT
content-type: image/avif
content-length: 5097
cache-control: public, max-age=31536000
content-disposition: inline; filename="e47f89a4-3663-4c9d-bc45-fe1845d34e1b.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1YjM4MTA2LTRjMTU0Ig"
x-request-id: AgTsFYATSt543oOCtJFQF
cf-cache-status: HIT
age: 211407
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=K4jC%2F4stjT%2BS%2Bu76CwfwCLiTOYcmBFIzRnNdeqv2O75CBns6N1EMMJxZokM9%2BddKECtISLTnzGzGq3t6VbQd8a%2BmsUcPDurmnPyGCzK3E4GSvwUx6IU8lvJXaVaTqdpWAKzdmo%2FGon8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88179e858bc50afe-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

1win-cdn.com/img/playson.2ff1c7d85.svg

154.197.121.128

200 OK

2.8 kB

URL GET HTTP/2
1win-cdn.com/img/playson.2ff1c7d85.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wwyv.top/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
2.8 kB (2789 bytes)
Hash
241ae7d1512148f38162202a1838bcf7
7937917d26b57052c052b0cce94f5d1697c8caa7
a6bbee3377db6138a13bd0bd2bc21f778d1f5744a38653efe4acb48d8078367e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/playson.2ff1c7d85.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwyv.top/
Cookie: __cf_bm=sfIgyTNK6XK13R9GaPku5c1lBrStF98mV.fjDIhZpnQ-1715319883-1.0.1.1-ZRrs3QADkAtezbRR3AAizfS_W0jLLB4V_L9pY4O9fMJ2ZIT4p5rzB20vB0M.awEy8o7O0UEqqb5nKzr1fp_HwQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 05:44:46 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: W/"663bfc40-ae5"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Fri, 10 May 2024 09:44:46 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 88179e894dc9b523-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/quickspin.d9067a98a.svg

154.197.121.128

200 OK

2.4 kB

URL GET HTTP/2
1win-cdn.com/img/quickspin.d9067a98a.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wwyv.top/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
2.4 kB (2388 bytes)
Hash
2981087d9047df84f1f173886d7f2353
27ee3db1546e61fb1042fe15065f39266f85bcc8
5dcab82097da033050612cbf50989d6cc9d2fe6823af9c8ea82affdc504e5a3d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/quickspin.d9067a98a.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwyv.top/
Cookie: __cf_bm=sfIgyTNK6XK13R9GaPku5c1lBrStF98mV.fjDIhZpnQ-1715319883-1.0.1.1-ZRrs3QADkAtezbRR3AAizfS_W0jLLB4V_L9pY4O9fMJ2ZIT4p5rzB20vB0M.awEy8o7O0UEqqb5nKzr1fp_HwQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 05:44:46 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: W/"663bfc40-954"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Fri, 10 May 2024 09:44:46 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 88179e896de9b523-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/red%20tiger.157f419e2.svg

154.197.121.128

200 OK

15 kB

URL GET HTTP/2
1win-cdn.com/img/red%20tiger.157f419e2.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wwyv.top/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
15 kB (14736 bytes)
Hash
f0a8d4ae6c95b6d6b2b0bbbaa62aad9d
9ea188283d324f5c87a802c14ec3386167e7e2a8
4572ee67d26acf1ccb35decf47651e67464a7dc0a438d79c721b9ba739f14d2e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/red%20tiger.157f419e2.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwyv.top/
Cookie: __cf_bm=sfIgyTNK6XK13R9GaPku5c1lBrStF98mV.fjDIhZpnQ-1715319883-1.0.1.1-ZRrs3QADkAtezbRR3AAizfS_W0jLLB4V_L9pY4O9fMJ2ZIT4p5rzB20vB0M.awEy8o7O0UEqqb5nKzr1fp_HwQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 05:44:46 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: W/"663bfc40-3990"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Fri, 10 May 2024 09:44:46 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 88179e896deab523-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/retrogames.bb592a878.svg

154.197.121.128

200 OK

7.3 kB

URL GET HTTP/2
1win-cdn.com/img/retrogames.bb592a878.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wwyv.top/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
7.3 kB (7348 bytes)
Hash
58c68473b3dd3ae2f45e31560e366dbf
577748dead61e9aff6756db3bade90442cde170f
e4305fe1e258b0357e17b29825d8fcf96aa9e60f453118e4a69066eb2c955207

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/retrogames.bb592a878.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwyv.top/
Cookie: __cf_bm=sfIgyTNK6XK13R9GaPku5c1lBrStF98mV.fjDIhZpnQ-1715319883-1.0.1.1-ZRrs3QADkAtezbRR3AAizfS_W0jLLB4V_L9pY4O9fMJ2ZIT4p5rzB20vB0M.awEy8o7O0UEqqb5nKzr1fp_HwQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 05:44:46 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: W/"663bfc40-1cb4"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5965
expires: Fri, 10 May 2024 09:44:46 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 88179e898e0cb523-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/spinmatic.f74cf69af.svg

154.197.121.128

200 OK

2.2 kB

URL GET HTTP/2
1win-cdn.com/img/spinmatic.f74cf69af.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wwyv.top/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
2.2 kB (2157 bytes)
Hash
12c6733c47b71d93b36447dcb999d080
f6440015ef35215d9009b4f08340145df1f7d9e1
fb365d3e4d36a26db4aae3e00690d0b35f5289b5e80c371ed687b7239be22f07

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/spinmatic.f74cf69af.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwyv.top/
Cookie: __cf_bm=sfIgyTNK6XK13R9GaPku5c1lBrStF98mV.fjDIhZpnQ-1715319883-1.0.1.1-ZRrs3QADkAtezbRR3AAizfS_W0jLLB4V_L9pY4O9fMJ2ZIT4p5rzB20vB0M.awEy8o7O0UEqqb5nKzr1fp_HwQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 05:44:46 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: W/"663bfc40-86d"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Fri, 10 May 2024 09:44:46 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 88179e89ee69b523-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/js/48430.9af74daeb.js

154.197.121.128

200 OK

1.2 kB

URL GET HTTP/2
1win-cdn.com/js/48430.9af74daeb.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wwyv.top/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (1192), with no line terminators
Size
1.2 kB (1174 bytes)
Hash
13ee598a8e47be5a3df2543dc3171f75
630992d944c63ecf139694eb2e3e5ac0047bd23d
602ae541f8651417c75bee8a5666440303481bf090e791bad62894339350c339

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/48430.9af74daeb.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwyv.top/
Cookie: __cf_bm=sfIgyTNK6XK13R9GaPku5c1lBrStF98mV.fjDIhZpnQ-1715319883-1.0.1.1-ZRrs3QADkAtezbRR3AAizfS_W0jLLB4V_L9pY4O9fMJ2ZIT4p5rzB20vB0M.awEy8o7O0UEqqb5nKzr1fp_HwQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 05:44:44 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-496"
expires: Mon, 08 May 2034 05:44:44 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 816225
vary: Accept-Encoding
server: cloudflare
cf-ray: 88179e7d6b09b523-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/jetx.64787fc5c.svg

154.197.121.128

200 OK

13 kB

URL GET HTTP/2
1win-cdn.com/img/jetx.64787fc5c.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wwyv.top/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
13 kB (13301 bytes)
Hash
0046061bb77d38094cc0f71b7371d406
1fd7894d0117251f1eeec1a343b85532d7864a05
bac9b1ac206602f5369235b21d6373b9b6f7980ff55c4e851d8a40f00db4d0fa

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/jetx.64787fc5c.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwyv.top/
Cookie: __cf_bm=sfIgyTNK6XK13R9GaPku5c1lBrStF98mV.fjDIhZpnQ-1715319883-1.0.1.1-ZRrs3QADkAtezbRR3AAizfS_W0jLLB4V_L9pY4O9fMJ2ZIT4p5rzB20vB0M.awEy8o7O0UEqqb5nKzr1fp_HwQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 05:44:44 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: W/"663bfc40-33f5"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1152
expires: Fri, 10 May 2024 09:44:44 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 88179e7e2bc9b523-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/js/icons-pack-payment-full.c748a9e6d.js

154.197.121.128

200 OK

121 kB

URL GET HTTP/2
1win-cdn.com/js/icons-pack-payment-full.c748a9e6d.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wwyv.top/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
121 kB (121043 bytes)
Hash
3db61399d0d4c57b17b5a337d59e3f0e
9312e9b832f7c0cc755c7c8b867986babdac8628
876516cc68bca8bef6cc55a91e8f13c040dfd4d63be038326fcc515eb22ad026

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/icons-pack-payment-full.c748a9e6d.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwyv.top/
Cookie: __cf_bm=sfIgyTNK6XK13R9GaPku5c1lBrStF98mV.fjDIhZpnQ-1715319883-1.0.1.1-ZRrs3QADkAtezbRR3AAizfS_W0jLLB4V_L9pY4O9fMJ2ZIT4p5rzB20vB0M.awEy8o7O0UEqqb5nKzr1fp_HwQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 05:44:44 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-1d8d3"
expires: Mon, 08 May 2034 05:44:44 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 821854
vary: Accept-Encoding
server: cloudflare
cf-ray: 88179e7f4ce7b523-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/upgaming.242b9e921.svg

154.197.121.128

200 OK

4.8 kB

URL GET HTTP/2
1win-cdn.com/img/upgaming.242b9e921.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wwyv.top/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
4.8 kB (4764 bytes)
Hash
aeb4cc1caa82c4f55b3598ea0c7003fd
8c1eec585578ba1c3803b2d6b724d67cb8e3de25
236f3b8b8aad7f6ad5e23aa1eaf555fb7420d9dd6eb1df70e7957b1707554982

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/upgaming.242b9e921.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwyv.top/
Cookie: __cf_bm=sfIgyTNK6XK13R9GaPku5c1lBrStF98mV.fjDIhZpnQ-1715319883-1.0.1.1-ZRrs3QADkAtezbRR3AAizfS_W0jLLB4V_L9pY4O9fMJ2ZIT4p5rzB20vB0M.awEy8o7O0UEqqb5nKzr1fp_HwQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 05:44:46 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: W/"663bfc40-129c"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1956
expires: Fri, 10 May 2024 09:44:46 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 88179e8a5ecab523-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/js/chunk-common.1cc012ae5.js

154.197.121.128

200 OK

192 kB

URL GET HTTP/2
1win-cdn.com/js/chunk-common.1cc012ae5.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wwyv.top/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type

Size
192 kB (191566 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/chunk-common.1cc012ae5.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwyv.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 05:44:43 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: W/"663bfc40-2ec4e"
expires: Mon, 08 May 2034 05:44:43 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 112374
set-cookie: __cf_bm=sfIgyTNK6XK13R9GaPku5c1lBrStF98mV.fjDIhZpnQ-1715319883-1.0.1.1-ZRrs3QADkAtezbRR3AAizfS_W0jLLB4V_L9pY4O9fMJ2ZIT4p5rzB20vB0M.awEy8o7O0UEqqb5nKzr1fp_HwQ; path=/; expires=Fri, 10-May-24 06:14:43 GMT; domain=.1win-cdn.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 88179e76fcb5b523-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/atmosfera.32402e33f.svg

154.197.121.128

200 OK

9.0 kB

URL GET HTTP/2
1win-cdn.com/img/atmosfera.32402e33f.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wwyv.top/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
9.0 kB (8973 bytes)
Hash
3ba4610ae40c2d70390afaa7cba36721
01eeff20113a096675d71c018a7f109c8e53da28
815ee6469c0e9ab67b094e7e529109be7cd887973cfa0d784ac1638e9e5b5637

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/atmosfera.32402e33f.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwyv.top/
Cookie: __cf_bm=sfIgyTNK6XK13R9GaPku5c1lBrStF98mV.fjDIhZpnQ-1715319883-1.0.1.1-ZRrs3QADkAtezbRR3AAizfS_W0jLLB4V_L9pY4O9fMJ2ZIT4p5rzB20vB0M.awEy8o7O0UEqqb5nKzr1fp_HwQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 05:44:45 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: W/"663bfc40-230d"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5964
expires: Fri, 10 May 2024 09:44:45 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 88179e86eba2b523-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/tvbet.fea6d0222.svg

154.197.121.128

200 OK

9.4 kB

URL GET HTTP/2
1win-cdn.com/img/tvbet.fea6d0222.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wwyv.top/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
9.4 kB (9418 bytes)
Hash
daf98e0c0d45cb1db158d09bd07e4959
2c28a0c557fb1cf89267d49d2d5ff2a958f896c9
e3f1319aa5c6feb25f6b42156eda20d784b7a7fa6ed97488292a7f5e23b44ab4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/tvbet.fea6d0222.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwyv.top/
Cookie: __cf_bm=sfIgyTNK6XK13R9GaPku5c1lBrStF98mV.fjDIhZpnQ-1715319883-1.0.1.1-ZRrs3QADkAtezbRR3AAizfS_W0jLLB4V_L9pY4O9fMJ2ZIT4p5rzB20vB0M.awEy8o7O0UEqqb5nKzr1fp_HwQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 05:44:46 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: W/"663bfc40-24ca"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 4560
expires: Fri, 10 May 2024 09:44:46 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 88179e8a4ec6b523-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/hacksaw.5f0e80ecd.svg

154.197.121.128

200 OK

841 B

URL GET HTTP/2
1win-cdn.com/img/hacksaw.5f0e80ecd.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wwyv.top/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
841 B (841 bytes)
Hash
3371207f99abc98b9fb8ae8e13877c7c
82efe0611bab5262b245fbc98522a20bb2fc6529
ca3477693ffb8842144691591c6344d96dd368cb41b51aaf5e9e40ece7338831

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/hacksaw.5f0e80ecd.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwyv.top/
Cookie: __cf_bm=sfIgyTNK6XK13R9GaPku5c1lBrStF98mV.fjDIhZpnQ-1715319883-1.0.1.1-ZRrs3QADkAtezbRR3AAizfS_W0jLLB4V_L9pY4O9fMJ2ZIT4p5rzB20vB0M.awEy8o7O0UEqqb5nKzr1fp_HwQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 05:44:46 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: W/"663bfc40-349"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5965
expires: Fri, 10 May 2024 09:44:46 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 88179e885d0fb523-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/500_i18_bg.d251a9b83-1508.png

0.0.0.0

0 B

URL GET
1win-cdn.com/img/500_i18_bg.d251a9b83-1508.png
IP
0.0.0.0:0
ASN
#0

Requested by
https://1wwyv.top/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/500_i18_bg.d251a9b83-1508.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwyv.top/
Cookie: __cf_bm=sfIgyTNK6XK13R9GaPku5c1lBrStF98mV.fjDIhZpnQ-1715319883-1.0.1.1-ZRrs3QADkAtezbRR3AAizfS_W0jLLB4V_L9pY4O9fMJ2ZIT4p5rzB20vB0M.awEy8o7O0UEqqb5nKzr1fp_HwQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

1win-cdn.com/img/leap.f4cfad944.svg

154.197.121.128

200 OK

2.5 kB

URL GET HTTP/2
1win-cdn.com/img/leap.f4cfad944.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wwyv.top/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
2.5 kB (2461 bytes)
Hash
9129fc106fce1317a16bb3acbd708de8
64dead6ad9646ce68218ae82cf9d369811d3b88d
993824f1fe4aa4c5c4132998d9b0a11fb719a92494f86e32d015a980473a59af

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/leap.f4cfad944.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwyv.top/
Cookie: __cf_bm=sfIgyTNK6XK13R9GaPku5c1lBrStF98mV.fjDIhZpnQ-1715319883-1.0.1.1-ZRrs3QADkAtezbRR3AAizfS_W0jLLB4V_L9pY4O9fMJ2ZIT4p5rzB20vB0M.awEy8o7O0UEqqb5nKzr1fp_HwQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 05:44:46 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: W/"663bfc40-99d"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Fri, 10 May 2024 09:44:46 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 88179e889d42b523-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/fiba.4b405b699.svg

154.197.121.128

200 OK

1.2 kB

URL GET HTTP/2
1win-cdn.com/img/fiba.4b405b699.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wwyv.top/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
1.2 kB (1230 bytes)
Hash
4aa9ad25fbbca388328ba8098758f0c7
82dc10c520383464da8039c4175e315c182ccf2e
c9a23ae008a3f9ef8714a6dfd1ddb0ee0c70c17fe3bb81bf54794c649ebebf29

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/fiba.4b405b699.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwyv.top/
Cookie: __cf_bm=sfIgyTNK6XK13R9GaPku5c1lBrStF98mV.fjDIhZpnQ-1715319883-1.0.1.1-ZRrs3QADkAtezbRR3AAizfS_W0jLLB4V_L9pY4O9fMJ2ZIT4p5rzB20vB0M.awEy8o7O0UEqqb5nKzr1fp_HwQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 05:44:45 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: W/"663bfc40-4ce"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 144
expires: Fri, 10 May 2024 09:44:45 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 88179e82f87eb523-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/pg%20soft.fdb9d6567.svg

154.197.121.128

200 OK

1.4 kB

URL GET HTTP/2
1win-cdn.com/img/pg%20soft.fdb9d6567.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wwyv.top/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
1.4 kB (1440 bytes)
Hash
71eb5806fcdd473839d2654d03c3fd5e
76a63507f2c2a26ffc343182aaa5d3278197ab88
dcf4ddaaf54ac6541b02df2c9198fe4743b219ec65ec8caa67b999e6a07335dd

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/pg%20soft.fdb9d6567.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwyv.top/
Cookie: __cf_bm=sfIgyTNK6XK13R9GaPku5c1lBrStF98mV.fjDIhZpnQ-1715319883-1.0.1.1-ZRrs3QADkAtezbRR3AAizfS_W0jLLB4V_L9pY4O9fMJ2ZIT4p5rzB20vB0M.awEy8o7O0UEqqb5nKzr1fp_HwQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 05:44:46 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: W/"663bfc40-5a0"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1353
expires: Fri, 10 May 2024 09:44:46 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 88179e890d98b523-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/smartsoft.d4a2c90f3.svg

154.197.121.128

200 OK

4.4 kB

URL GET HTTP/2
1win-cdn.com/img/smartsoft.d4a2c90f3.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wwyv.top/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
4.4 kB (4399 bytes)
Hash
e363d734db0fb177f2d082d5ec933b2e
21840bbc0a0843627d204818be4abba494436a12
ba8913cfda5417b5d2d8015dd340def1fc7cec97a5c875ba14590a044a5daa53

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/smartsoft.d4a2c90f3.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwyv.top/
Cookie: __cf_bm=sfIgyTNK6XK13R9GaPku5c1lBrStF98mV.fjDIhZpnQ-1715319883-1.0.1.1-ZRrs3QADkAtezbRR3AAizfS_W0jLLB4V_L9pY4O9fMJ2ZIT4p5rzB20vB0M.awEy8o7O0UEqqb5nKzr1fp_HwQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 05:44:46 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: W/"663bfc40-112f"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1153
expires: Fri, 10 May 2024 09:44:46 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 88179e89be33b523-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/0ba3209c-cc88-4939-8825-8169ef474010.jpg@avif

188.114.96.1

200 OK

8.4 kB

URL GET HTTP/2
imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/0ba3209c-cc88-4939-8825-8169ef474010.jpg@avif
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1wwyv.top/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
ISO Media, AVIF Image
Size
8.4 kB (8415 bytes)
Hash
19f229b84c704888d3b7a617d4ea0d5f
ead41a6984c57debbde1fdbe6820dcdd07634f99
2ded6d38b4a260c8c2b217d42f160b0ad2e5f2ffba86bc3f4b98c660c29ff870

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/0ba3209c-cc88-4939-8825-8169ef474010.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwyv.top/
Cookie: __cf_bm=sfIgyTNK6XK13R9GaPku5c1lBrStF98mV.fjDIhZpnQ-1715319883-1.0.1.1-ZRrs3QADkAtezbRR3AAizfS_W0jLLB4V_L9pY4O9fMJ2ZIT4p5rzB20vB0M.awEy8o7O0UEqqb5nKzr1fp_HwQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 05:44:46 GMT
content-type: image/avif
content-length: 8415
cache-control: public, max-age=31536000
content-disposition: inline; filename="0ba3209c-cc88-4939-8825-8169ef474010.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY2MjhiZjVkLTIwNzNlIg"
x-request-id: qm6oGx3zgZoAvqzoU-0Oq
cf-cache-status: HIT
age: 212757
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7ChI1pC%2BTQVjivqYLiivOHaenjeLoc96YmWIYRPRfb%2FM0BTfNq%2Fp38Ou2R88kOGgKs%2FEy9kuUYLTUCKmUSDY5h6w86RqOZUJnA62es5kD7mrrdk23p3eFZVe0F1bNUOq9b1X5cn8f3s%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88179e8b6fea0afe-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

1win-cdn.com/js/33700.8f8589382.js

154.197.121.128

200 OK

992 B

URL GET HTTP/2
1win-cdn.com/js/33700.8f8589382.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wwyv.top/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (1010), with no line terminators
Size
992 B (992 bytes)
Hash
7a56ca20c70147de869fb6f869c24757
8ba632a6c326ca6152d0c51a202527013eeb42f4
543572cbc25b63dbaf723d527cdb47a50c56655698f3eae1708b30e881429640

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/33700.8f8589382.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwyv.top/
Cookie: __cf_bm=sfIgyTNK6XK13R9GaPku5c1lBrStF98mV.fjDIhZpnQ-1715319883-1.0.1.1-ZRrs3QADkAtezbRR3AAizfS_W0jLLB4V_L9pY4O9fMJ2ZIT4p5rzB20vB0M.awEy8o7O0UEqqb5nKzr1fp_HwQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 05:44:44 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-3e0"
expires: Mon, 08 May 2034 05:44:44 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 821414
vary: Accept-Encoding
server: cloudflare
cf-ray: 88179e7dab46b523-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/flags/en.svg

154.197.121.128

200 OK

2.2 kB

URL GET HTTP/2
1win-cdn.com/img/flags/en.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wwyv.top/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
2.2 kB (2222 bytes)
Hash
79e4258317717cae7d54221d403e28d4
85a14a9c6aa03cf4c9ec9e942a06e5987cb61d0a
0b0d98ecb898886bc24f0a6859a7a76034f960374c9914370e69d3ac7467a697

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/flags/en.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwyv.top/
Cookie: __cf_bm=sfIgyTNK6XK13R9GaPku5c1lBrStF98mV.fjDIhZpnQ-1715319883-1.0.1.1-ZRrs3QADkAtezbRR3AAizfS_W0jLLB4V_L9pY4O9fMJ2ZIT4p5rzB20vB0M.awEy8o7O0UEqqb5nKzr1fp_HwQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 05:44:44 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: W/"663bfc40-8ae"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1980
expires: Fri, 10 May 2024 09:44:44 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 88179e7dab4bb523-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/relax.1a68769f8.svg

154.197.121.128

200 OK

1.4 kB

URL GET HTTP/2
1win-cdn.com/img/relax.1a68769f8.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wwyv.top/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
1.4 kB (1407 bytes)
Hash
d29d9c49a3e8be4842246e8b658651b1
71129bcf41f71edffe3fb4db0b4ff2faf37bd536
67d8edefc6b96e711c297519bc268d93c477cebc6a6cd0f912bb1567ee2a71eb

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/relax.1a68769f8.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwyv.top/
Cookie: __cf_bm=sfIgyTNK6XK13R9GaPku5c1lBrStF98mV.fjDIhZpnQ-1715319883-1.0.1.1-ZRrs3QADkAtezbRR3AAizfS_W0jLLB4V_L9pY4O9fMJ2ZIT4p5rzB20vB0M.awEy8o7O0UEqqb5nKzr1fp_HwQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 05:44:46 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: W/"663bfc40-57f"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5965
expires: Fri, 10 May 2024 09:44:46 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 88179e897df8b523-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/thunderkick.6962312e1.svg

154.197.121.128

200 OK

841 B

URL GET HTTP/2
1win-cdn.com/img/thunderkick.6962312e1.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wwyv.top/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
841 B (841 bytes)
Hash
ee06089b308c5065a8e92a32b7b38686
2e83ac75ceb109c245525a733cfb3efc97cc42bd
24c651706b7981a60f137cc5b44b8d28dd81116565ffbdaef6687c8b41e4da21

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/thunderkick.6962312e1.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wwyv.top/
Cookie: __cf_bm=sfIgyTNK6XK13R9GaPku5c1lBrStF98mV.fjDIhZpnQ-1715319883-1.0.1.1-ZRrs3QADkAtezbRR3AAizfS_W0jLLB4V_L9pY4O9fMJ2ZIT4p5rzB20vB0M.awEy8o7O0UEqqb5nKzr1fp_HwQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 05:44:46 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: W/"663bfc40-349"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Fri, 10 May 2024 09:44:46 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 88179e8a0e8cb523-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (79)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML