Report - winbr.xyz/MgagV

Report Overview

Submitted URL
winbr.xyz/MgagV
IP
54.170.157.24
ASN
#16509 AMAZON-02
Submitted
2024-05-10 22:48:02
Access
public
Website Title
1win
Final URL
1wuqas.life/free-money?trid=bai2459008
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
186

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
winbr.xyz	unknown	unknown	No data	No data	1.4 kB	43 kB	54.170.157.24
cdn.jsdelivr.net	439	2012-05-16	2012-09-30	2024-05-09	460 B	26 kB	151.101.1.229
1win-cdn.com	unknown	2022-12-12	2022-12-12	2024-05-08	49 kB	9.2 MB	154.197.121.128
www.google.com	7	1997-09-15	2015-05-10	2024-03-23	401 B	85 kB	142.250.74.132
www.gstatic.com	unknown	2008-02-11	2016-07-26	2024-05-10	472 B	205 kB	142.250.74.35
www.googletagmanager.com	75	2011-11-11	2013-05-22	2024-05-09	1.8 kB	638 kB	142.250.74.168
cdn3.wowza.com	424751	1998-01-12	2019-05-28	2024-03-07	2.4 kB	16 MB	151.101.65.33
region1.analytics.google.com	unknown	1997-09-15	2022-03-17	2024-05-09	1.9 kB	864 B	216.239.34.36
1wuqas.life	unknown	unknown	No data	No data	6.7 kB	595 kB	190.115.24.78
d16q5vvir3f28d.cloudfront.net	unknown	2008-04-25	2024-01-17	2024-04-30	2.3 kB	551 kB	143.204.42.78
www.google.no	25607	2001-02-26	2016-04-05	2024-05-09	592 B	578 B	172.217.21.163
1win.direct	unknown	2022-08-16	2022-08-16	2024-04-30	605 B	235 B	134.122.54.186

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-10	medium	1wuqas.life	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1wuqas.life	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1wuqas.life	Sinkholed
2024-05-10	medium	1wuqas.life	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1wuqas.life	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1wuqas.life	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1wuqas.life	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1wuqas.life	Sinkholed
2024-05-10	medium	1wuqas.life	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed
2024-05-10	medium	1win-cdn.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (77)

	URL	Size	First Seen	Last Seen
	1win-cdn.com/js/31310.c605a9b9f.js	528 B	2023-12-01	2024-05-23
Pretty URL 1win-cdn.com/js/31310.c605a9b9f.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 05:14:32 Last Seen2024-05-23 03:41:21 Times Seen458 Hash a81a1029c765d56df809940586f5ebf2 0af374464f6a4ad7af03cbe18ade0125c6b9fbc7 441aab7f91c07adfafb38da23b57e3787bf49c465f11afbf282a0825edec500f Loading...

	1win-cdn.com/js/6242.cf213b109.js	2.3 kB	2023-12-24	2024-05-11
Pretty URL 1win-cdn.com/js/6242.cf213b109.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-24 20:07:56 Last Seen2024-05-11 00:48:13 Times Seen4 Hash ab5af5889f54180d8ebce0d35334c861 8223584dd72d946998c9293c4cdef50a66df2a22 7a5e0b407560b64c53c35351351ba4136e2df970937ee688d64999227ce3601e Loading...

	1win-cdn.com/js/54591.6225c61c0.js	8.4 kB	2024-04-24	2024-05-14
Pretty URL 1win-cdn.com/js/54591.6225c61c0.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 21:28:58 Last Seen2024-05-14 20:25:15 Times Seen63 Hash cd9b599cb5d9c7f7fa861c205c7659f5 ed2725067adaac8ab0ddffd9693e58e62f4155dd 935727da6ceae568c8cb49e0512bc748bb872607fded637adc8b5f78f66df35e Loading...

	unknown	347 B	2023-06-26	2024-05-16
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-06-26 22:52:58 Last Seen2024-05-16 16:24:11 Times Seen904 Hash 150b71f7dde92027aee8fc8db2fcd0b3 faf9f0f6c34b25828fd97f37fa6b88152e55580d e9f6609639ac5f436c82395dfd4f3b3050e9140ad66b83ab152c5c829234406b Loading...

	1win-cdn.com/js/63502.d79807f7c.js	135 kB	2024-05-02	2024-05-14
Pretty URL 1win-cdn.com/js/63502.d79807f7c.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 14:26:19 Last Seen2024-05-14 20:25:15 Times Seen95 Hash a96e8f77207eb314deed6396463ffefa 2aa9286dba017fbcf9ff859e59b5a051cdfd73c7 227d6d7911161549ffd703d7ee317ba6994b18b40241ecfd5873768851bb5e4c Loading...

	1win-cdn.com/js/99795.722361bcb.js	341 B	2024-05-11	2024-05-11
Pretty URL 1win-cdn.com/js/99795.722361bcb.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-11 00:48:13 Last Seen2024-05-11 00:48:13 Times Seen1 Hash 6735cc51f28dac8f4b3bb2df0123b267 a4cf041fad87b3c4c6713cd319917aec1988e3b1 f572d1d106935b615d8864095e8ed62bd61e4a6e9d47b6d930fa52624212d134 Loading...

	1win-cdn.com/js/28852.501b5fba6.js	906 B	2023-12-01	2024-05-23
Pretty URL 1win-cdn.com/js/28852.501b5fba6.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 05:14:32 Last Seen2024-05-23 03:41:20 Times Seen453 Hash 8c454f4f9b542fe39f23206bc649d0ad 5c87d1e9b3f6f05694adea0524cd5c421222b368 429057a98cbc1fc117e33580ec952a3b52377602b06e702e1099b11891183cf9 Loading...

	1win-cdn.com/js/57652.297e4ecc2.js	647 B	2023-12-01	2024-05-23
Pretty URL 1win-cdn.com/js/57652.297e4ecc2.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 05:14:32 Last Seen2024-05-23 03:41:20 Times Seen451 Hash 216ec24dc6b69039aa6f2ffe247e3d23 a699b435adab6e2d4e00853d5bb26ecc4e3599dc b3448f22c1183376e60f5959e8eeb55db3157f8ce74e60e72cb8b3b0db97ea50 Loading...

	1win-cdn.com/js/8726.6a357273b.js	664 B	2023-12-01	2024-05-23
Pretty URL 1win-cdn.com/js/8726.6a357273b.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 05:14:32 Last Seen2024-05-23 03:41:20 Times Seen434 Hash d3791eaee8c4e61b0a5a83f911a88cee 1f439da3d55903466d31fb89708dac067916c057 c9810fa2298b1f0e1df7375b8259ba26174bb1a3d71cd5e33e2a584557179620 Loading...

	1win-cdn.com/js/8653.ed7806659.js	952 B	2023-12-01	2024-05-23
Pretty URL 1win-cdn.com/js/8653.ed7806659.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 05:14:32 Last Seen2024-05-23 03:41:20 Times Seen345 Hash 6cb37362c9f47f9da06554dee435ff92 e34a75d99c356fe77ecca00e4bf6ce46fbe51e6c 8c951bf88d9566dc954964f5498e4acc49f3080391c11c96500964f87ddf701d Loading...

	unknown	320 B	2024-04-18	2024-05-16
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-18 07:36:05 Last Seen2024-05-16 16:24:11 Times Seen116 Hash 604b6a04bbd64c0897092ed7e30023bd 135732431cb91633a7fd90695a1ed085247b9564 02ddf8ff988206010b70dd08d64c44f99fbb459d3ae4cf60e41ded1cf1a995a0 Loading...

	unknown	421 B	2023-03-12	2024-05-23
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 20:22:06 Last Seen2024-05-23 03:41:20 Times Seen1496 Hash dc37ec839376756d26f9c8925e173ac0 c7aff54b91a363e452e3338b3cf8441b3a82cbbb f139f19f43bcda296441234e4cb82550d94bde81758de7cf37bfe55df1c96717 Loading...

	1win-cdn.com/js/12445.07213f8fb.js	5.6 kB	2023-12-24	2024-05-11
Pretty URL 1win-cdn.com/js/12445.07213f8fb.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-24 20:07:57 Last Seen2024-05-11 00:48:13 Times Seen4 Hash 610298b1910a93f8007248a2340ca965 bc8d11d6377e6439fb7204d83871f37b7b91e9f0 5e79e5e85e846166df66b412db9223c520943c38f12cff2a9863dc3682470639 Loading...

	1wuqas.life/free-money?trid=bai2459008	398 kB	2024-05-09	2024-05-11
Pretty URL 1wuqas.life/free-money?trid=bai2459008 IP 190.115.24.78 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-09 16:06:05 Last Seen2024-05-11 00:48:13 Times Seen15 Hash 5ce135d1fb50395a428a21dbebaee49c 29c8073a776474454d41b354a4d3fec3fe53ea5d ca9e79d2214654d3ecb5cfd410b65b8f4dc242dc9b46e33e143c00372adf04f1 Loading...

	1wuqas.life/free-money?trid=bai2459008	275 B	2024-05-10	2024-05-12
Pretty URL 1wuqas.life/free-money?trid=bai2459008 IP 190.115.24.78 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-10 21:55:20 Last Seen2024-05-12 12:19:02 Times Seen8 Hash 53fe215ede32d4984a4e0600bb02ebc3 650e2fd50a809f28857d670774e8b303432f1f32 c9a7feffdafdd4abf1fe4a9ed9f4087ade0a9815e8d6a5393859bf446e7bc8fc Loading...

	1wuqas.life/free-money?trid=bai2459008	25 B	2023-07-19	2024-05-23
Pretty URL 1wuqas.life/free-money?trid=bai2459008 IP 190.115.24.78 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML true Observations First Seen2023-07-19 21:15:56 Last Seen2024-05-23 03:41:20 Times Seen809 Hash 2a9c68b4e7022ff8ab044251b6be11b0 6ca1d5c1984d89a849b7aafd0cc76b1efe8d77dc 6cfd8751a565c9e7d402eaa68a6d30afdf9967813d60cc28d655578e1bec7b9c Loading...

	1win-cdn.com/js/index.53e277048.js	201 kB	2024-05-10	2024-05-12
Pretty URL 1win-cdn.com/js/index.53e277048.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-10 21:55:21 Last Seen2024-05-12 12:19:03 Times Seen8 Hash ecd80190c22c9bed2462653e32bb7073 cd8265313bc7dca22d22d8d4e80d3c0384653c02 44354ca647dea0ee6c37df07b0dd3c7282a7c05159d6977eaae778f2b1a91b3b Loading...

	1win-cdn.com/js/1279.7681fe15f.js	911 B	2023-12-01	2024-05-23
Pretty URL 1win-cdn.com/js/1279.7681fe15f.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 05:14:32 Last Seen2024-05-23 03:41:20 Times Seen456 Hash 28141e290f6ef740409a896799581b45 68034ac9fe2c0e71bb8ccc868540963adf4ebc7f b563de728f7ad9022ef94968360931749d32898f02f524b66a73c2630126f4a3 Loading...

	1win-cdn.com/js/83307.04566d3e7.js	694 B	2024-05-11	2024-05-11
Pretty URL 1win-cdn.com/js/83307.04566d3e7.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-11 00:48:13 Last Seen2024-05-11 00:48:13 Times Seen1 Hash 4c707d5852eb934a022167941fc9aa9b 280fca7bda4271bf1804c2f19be9db239511b95b 203af6cd56cad841d4497670c4570f203fbad03d09f9d3f1d4b0cff184f3155e Loading...

	www.googletagmanager.com/gtag/destination?id=DC-12688802&l=dataLayer&cx=c	204 kB	2024-05-10	2024-05-11
Pretty URL www.googletagmanager.com/gtag/destination?id=DC-12688802&l=dataLayer&cx=c IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-10 23:13:47 Last Seen2024-05-11 00:48:15 Times Seen4 Hash 5c54b9e314ef2483c03df3f96a423e75 b825a4f63d3f81bceed045479d01c9a279fce09e 38e809a677daa0f911b51277783202b1dc828185eb55c5801c84fd2a60d1c2a7 Loading...

	1wuqas.life/free-money?trid=bai2459008	5.0 kB	2024-05-03	2024-05-22
Pretty URL 1wuqas.life/free-money?trid=bai2459008 IP 190.115.24.78 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-03 19:30:53 Last Seen2024-05-22 00:30:08 Times Seen73 Hash bfbec13abf687324d384873ac418bc73 f6058c01634ffc9a756dba5352b5044daf1df6a7 5f1f26b2b510665b395d61f61237b2a5d562554a423aa9fe4075ddb021b448ed Loading...

	1win-cdn.com/js/94489.2c0cf52a2.js	1.8 kB	2023-12-24	2024-05-11
Pretty URL 1win-cdn.com/js/94489.2c0cf52a2.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-24 20:07:56 Last Seen2024-05-11 00:48:13 Times Seen4 Hash d89300b9aeb03ef75ec9348acd9af8e5 4cc23a95452e29b57e767416428cddb72091e72c 6896e07b842a20a5af20d44568f396c6cca0ef82d060e98a8ff0bae00e7fffb9 Loading...

	unknown	351 B	2023-10-25	2024-05-16
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-25 01:40:40 Last Seen2024-05-16 16:24:10 Times Seen127 Hash 50725e8bd51942770349d377e402887e 6fc749ca36fea5616e06fad9c3d730b40501ef97 480c402fbf1153a0a745e8cd392330a938c972ee0302364e3a252fd90c58f719 Loading...

	www.googletagmanager.com/gtag/js?id=G-548949LWLW&l=dataLayer&cx=c	266 kB	2024-05-10	2024-05-11
Pretty URL www.googletagmanager.com/gtag/js?id=G-548949LWLW&l=dataLayer&cx=c IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-10 21:55:27 Last Seen2024-05-11 00:48:15 Times Seen4 Hash 009f52d8ea6dc9d109fe702b922cee70 13681066cbd5881ddfa26e6d6f9d651598d388e7 248a1d40b8c072cfa9cae94cd2451ace3ef8d6f9850f64617091bc814627216b Loading...

	1wuqas.life/core-js/3.33.3/minified.js	244 kB	2023-11-30	2024-05-23
Pretty URL 1wuqas.life/core-js/3.33.3/minified.js IP 190.115.24.78 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-30 12:06:40 Last Seen2024-05-23 03:41:20 Times Seen417 Hash 97ef15810bfd714fbb6955466693fa81 c33a9988b77ff3a02fd14874f2308ccf1739f8c4 e150f69a7ae98980592fe81f0f664c242834976066cb0fc326331d8983b63515 Loading...

	1wuqas.life/free-money?trid=bai2459008	87 B	2023-07-19	2024-05-23
Pretty URL 1wuqas.life/free-money?trid=bai2459008 IP 190.115.24.78 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML true Observations First Seen2023-07-19 21:15:56 Last Seen2024-05-23 03:41:20 Times Seen813 Hash 3795446a4317a989b0632a668bb1a334 56d14bb87a67b3ceb620bb61633db5e43099bd33 d28b1d0dcd44e2fdbb9ed061c9c7f5e0e0595e93b092464d38d76e335de3aed5 Loading...

	www.googletagmanager.com/gtag/js?id=AW-16482547739&l=dataLayer&cx=c	260 kB	2024-05-10	2024-05-11
Pretty URL www.googletagmanager.com/gtag/js?id=AW-16482547739&l=dataLayer&cx=c IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-10 21:55:23 Last Seen2024-05-11 00:48:15 Times Seen8 Hash 4addf7cac1dccf7a96644794f5642266 4c12819683dab2b8bc472ec5250ddddba35e9a7b 51f0b5fd3090cfed8c481a65d6619b4b2e7b9867818f33230f5a6522b94cb94f Loading...

	1wuqas.life/free-money?trid=bai2459008	524 B	2023-10-13	2024-05-23
Pretty URL 1wuqas.life/free-money?trid=bai2459008 IP 190.115.24.78 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML true Observations First Seen2023-10-13 04:25:36 Last Seen2024-05-23 03:41:20 Times Seen657 Hash 1cba076a7bc43f6c027239039206c8e3 b51a0930ec4aa4c5317c4771ade558fadec24239 c716ec7c8a8774ae64a4dc26521542f54ab78b436008474e797b7136299c9407 Loading...

	1win-cdn.com/js/chunk-common.1cc012ae5.js	192 kB	2024-05-09	2024-05-12
Pretty URL 1win-cdn.com/js/chunk-common.1cc012ae5.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-09 05:16:25 Last Seen2024-05-12 12:19:03 Times Seen22 Hash b86572bd8c7a82bf388addaa1f5ee949 1d76ebb0bf015da6a366db97177e45c17dde3d8b 6d72e797e9fdad870d7831640a9b1847d2686a398eb07502afc3b2090b7ffef3 Loading...

	1win-cdn.com/js/21758.bc752219e.js	415 kB	2024-05-10	2024-05-12
Pretty URL 1win-cdn.com/js/21758.bc752219e.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-10 21:55:21 Last Seen2024-05-12 12:19:03 Times Seen8 Hash a984631029ba7a5c039e74c668d56895 8f85bbc5c80ead6afb067a48b5ff2f2c5918308a f88bed68afd128c4b3f08dddd76a4cceffb5cd4d1292f8a648c7592783eb19b3 Loading...

	www.google.com/recaptcha/api.js	850 B	2024-05-08	2024-05-16
Pretty URL www.google.com/recaptcha/api.js IP 142.250.74.132 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 09:18:54 Last Seen2024-05-16 15:55:12 Times Seen1760 Hash cc9da74bc51547f7da14aea584e7bd4e cb70339c904703d3a88777889e63b867a04ab2d1 9d640e16608a79d4f95372f1dd9c1edf1322993b6f0d6ec224ff0f01d2053d64 Loading...

	1win-cdn.com/js/93041.4c457236f.js	363 kB	2023-12-24	2024-05-11
Pretty URL 1win-cdn.com/js/93041.4c457236f.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-24 20:07:56 Last Seen2024-05-11 00:48:13 Times Seen3 Hash 367fdb086a71dd103cf3561a36cf6cb8 687c3a8e2fe170de71a6efae41cd478903f70315 3aaaa3f4519d36ddf5f5653b4a2007cbbe2c395a0828971aee4ad3a9f876ca6a Loading...

	1win-cdn.com/js/chunk-vendors.84f8d8042.js	244 kB	2024-04-26	2024-05-20
Pretty URL 1win-cdn.com/js/chunk-vendors.84f8d8042.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 04:23:34 Last Seen2024-05-20 07:56:51 Times Seen147 Hash bf6401b0dfe9edb44c1316084aec2571 f8be08eb40e34c5fc52836f090309c15946a5246 d40dcf0986210c131bef533a944dc9ca304425090c57c650b590409aa1162c47 Loading...

	1win-cdn.com/js/41543.9ecf6875c.js	695 B	2023-12-01	2024-05-23
Pretty URL 1win-cdn.com/js/41543.9ecf6875c.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 05:14:32 Last Seen2024-05-23 03:41:20 Times Seen351 Hash 48813f2325a439cb966c5096fc8a810a fb44ed9fb85edbd34701708c1fa10cfaa3f07bcd de64ce06fbb042ecead3cf7684326db4f0c50ac26ba91a99d3399f7de24f6ded Loading...

	1win-cdn.com/js/icons-pack-payment-full.c748a9e6d.js	121 kB	2024-04-13	2024-05-16
Pretty URL 1win-cdn.com/js/icons-pack-payment-full.c748a9e6d.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-13 04:19:49 Last Seen2024-05-16 16:24:12 Times Seen183 Hash 3db61399d0d4c57b17b5a337d59e3f0e 9312e9b832f7c0cc755c7c8b867986babdac8628 876516cc68bca8bef6cc55a91e8f13c040dfd4d63be038326fcc515eb22ad026 Loading...

	1win-cdn.com/js/26026.7b6ae97fd.js	615 B	2023-12-02	2024-05-11
Pretty URL 1win-cdn.com/js/26026.7b6ae97fd.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-02 16:40:27 Last Seen2024-05-11 00:48:13 Times Seen4 Hash 0fa28e2d9498a360b85d5bef072cc7e1 da58f7c7994beb041142e490456e2614fcf3aec5 b70ac638c031d65b95fd18632b6514eb57c8fca0e542f88e6c5ae0a3dbde0861 Loading...

	1wuqas.life/free-money?trid=bai2459008	113 B	2024-05-10	2024-05-12
Pretty URL 1wuqas.life/free-money?trid=bai2459008 IP 190.115.24.78 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-10 21:55:20 Last Seen2024-05-12 12:19:03 Times Seen8 Hash 78fbe7beedcd6b753805a3a7427e7f9c 34b199c3d7fd0ab65da1654273dd46cb556ab1db 7537c4f7f2701ddb0d6f0ecd706514c2b7769d18da4a254b13deb55cb40ca96c Loading...

	1win-cdn.com/js/745.e45080fd0.js	24 kB	2024-05-08	2024-05-16
Pretty URL 1win-cdn.com/js/745.e45080fd0.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 16:32:30 Last Seen2024-05-16 16:24:09 Times Seen36 Hash 35ecce18a88d19d86d2476cc0cb2cbc2 a150377fa230410a3ea30a4e45fb8cdc419ff807 2acdfd21589d8e628e58753c311dccbaab4380b8fcbf903b67b2f8f7ffdc6369 Loading...

	1wuqas.life/firebase/8.1.1/firebase-messaging.js	41 kB	2023-03-07	2024-05-23
Pretty URL 1wuqas.life/firebase/8.1.1/firebase-messaging.js IP 190.115.24.78 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:45:05 Last Seen2024-05-23 03:41:21 Times Seen2222 Hash 450e8b32262706d42cfdd438c49208f5 31c7e4aac1d1303c1e83a0b591abc3501e278668 58a372bb9d424111a2e73c427edb10db91c0f05e8f323f046d20f5cf8fd6f30f Loading...

	unknown	351 B	2024-05-07	2024-05-16
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-07 21:14:53 Last Seen2024-05-16 16:24:10 Times Seen50 Hash 854bbeef4da4e7f355ea80cd06cbb31d 45545b24df55eea5636382d66a348963a537d0d4 c66f458f84b04a73b2c8df2238388d0241f720405d8347bb7c0286a9c6ad22e9 Loading...

	1win-cdn.com/js/43277.a3a50c6f3.js	1.5 kB	2023-12-24	2024-05-11
Pretty URL 1win-cdn.com/js/43277.a3a50c6f3.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-24 20:07:56 Last Seen2024-05-11 00:48:13 Times Seen3 Hash 589199ff02107252ebb3c58483d5947e 8f311381b08ad0a502e1c420bb22f17a0c7ddc8e 51bb2d1d8988148bbae2a40663fc947ff703cfc76b2b3381ee05052452e32fcd Loading...

	1win-cdn.com/js/18860.cc0fd1e0e.js	28 kB	2024-04-18	2024-05-23
Pretty URL 1win-cdn.com/js/18860.cc0fd1e0e.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-18 07:36:04 Last Seen2024-05-23 03:41:21 Times Seen216 Hash 4b143001b05330bb316fe6b48531dbb6 ffa1e8fc89a58cf47350481057028603fe7fff91 d2384a77cb70880903f3d1b81d47cdaf69af5bfb006fd23fb938c512ee2f486e Loading...

	1win-cdn.com/js/57091.88e10d1f5.js	7.1 kB	2024-05-11	2024-05-11
Pretty URL 1win-cdn.com/js/57091.88e10d1f5.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-11 00:48:13 Last Seen2024-05-11 00:48:13 Times Seen1 Hash 98461c116873f3908be98f967e2be8f1 7650318a26f726ae643d93695ce25083a85ff454 991ba3486c4b68f6a1c768afbc7379bf4e30dce9510ed8491d96e9f76504a622 Loading...

	1win-cdn.com/js/16633.019e17a29.js	1.1 kB	2023-12-24	2024-05-11
Pretty URL 1win-cdn.com/js/16633.019e17a29.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-24 20:07:56 Last Seen2024-05-11 00:48:13 Times Seen3 Hash 510ecda17f3f5a37c54b83dc9b6902b9 b7f1d25c433e0fb349c66f11b5fa62249f96951b 7c59cf7c57c5f7d26539547b8672e809bcc552be71bbaa055fc3872cfe851b5d Loading...

	unknown	320 B	2024-04-18	2024-05-16
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-18 07:36:05 Last Seen2024-05-16 16:24:10 Times Seen117 Hash b2cb4c2391077a9866f15278e2f22e28 b3c7c896176736a5c7964d09571b1d3db0a26a11 52ba3ec64c619c6ff3388e641a53b7e58ca9e9d92fab48f4da1128a3dba9de15 Loading...

	unknown	199 B	2024-05-08	2024-05-16
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 16:32:30 Last Seen2024-05-16 16:24:10 Times Seen54 Hash d91a91e2c91fb9b3214b286dde6c2689 9cd4256b11ab7cb5ed893a7be05447a6711c6ceb 3499d3874e9e3c424d57e6cc448c7d42a37a6b3cb28699a6ef2c70a9caf27e0f Loading...

	1wuqas.life/free-money?trid=bai2459008	168 B	2023-12-28	2024-05-23
Pretty URL 1wuqas.life/free-money?trid=bai2459008 IP 190.115.24.78 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML true Observations First Seen2023-12-28 18:15:05 Last Seen2024-05-23 03:41:20 Times Seen323 Hash 457845cec6d736fd4ef36c7ef4b151f2 07936d0ba74365a8800c77fef3fb1407ec380ce5 bdb9495702f089c6d0a6d88e2e925a54c5ed3bb903835340562ce54d54dbd7e1 Loading...

	1wuqas.life/firebase/8.1.1/firebase-app.js	20 kB	2023-03-07	2024-05-23
Pretty URL 1wuqas.life/firebase/8.1.1/firebase-app.js IP 190.115.24.78 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:45:05 Last Seen2024-05-23 03:41:21 Times Seen2215 Hash 5b9dcee25dd464bbf914b48e05e770c7 3f4e99ad6ce1fb6eb6be51dbd50ffab375eb0533 01a87f9f8138f66274cfedb855c0bfbe1529600a65ed26b0c863533e1e94abce Loading...

	unknown	187 B	2024-05-08	2024-05-20
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 16:32:30 Last Seen2024-05-20 10:09:38 Times Seen65 Hash c62663da65566d7648acad86d0716e74 04d1b6a0920e85c0ccb506bc2041716e881bff25 0c8c5787dccbe2d8b1b5a935a773c631ec8785dbdde7e3c24fa3e130c234bfe9 Loading...

	1win-cdn.com/js/64581.55445f689.js	847 B	2023-12-24	2024-05-11
Pretty URL 1win-cdn.com/js/64581.55445f689.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-24 20:07:56 Last Seen2024-05-11 00:48:13 Times Seen3 Hash 1993579e5130b9d48a90f2a91454565c 1a5d67071650acfa13f7796c114b3b63732fa40e 71e8625fa355ab8512862395c4a183858bf1f418a877543369f9a196866cb703 Loading...

	1wuqas.life/free-money?trid=bai2459008	4.2 kB	2024-03-30	2024-05-22
Pretty URL 1wuqas.life/free-money?trid=bai2459008 IP 190.115.24.78 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML true Observations First Seen2024-03-30 16:44:18 Last Seen2024-05-22 00:30:09 Times Seen137 Hash f03d5c5d4651c5185cf95e29770acbf4 d228cd1a34da6c7d7a6fc2c3b3691d3578bd92f4 5ba081585bdcc91f38ed16b0cbdbf9dbfb3aef0886a4afa935f0a08ddf467088 Loading...

	1wuqas.life/free-money?trid=bai2459008	4.9 kB	2024-01-25	2024-05-23
Pretty URL 1wuqas.life/free-money?trid=bai2459008 IP 190.115.24.78 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML true Observations First Seen2024-01-25 13:18:38 Last Seen2024-05-23 03:41:20 Times Seen243 Hash e39e4e132bab588b54ac8c01ee1cb792 507d529821627dea59889e1d2557482357d13902 26314cf2ae26676e29acce35b798159216131c0d472c11651870d02526f9d210 Loading...

	1win-cdn.com/js/86359.48c462178.js	634 B	2023-12-01	2024-05-23
Pretty URL 1win-cdn.com/js/86359.48c462178.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 05:14:33 Last Seen2024-05-23 03:41:21 Times Seen443 Hash a9c94358d9375f9d5d2475ee6c117033 ab71f0dfde4e0ea9e5a78c68934867a868f36a8a f4a61473edf04efa0863e90c136ec67d5fcb0f78eae6a2cecdb477669c06033c Loading...

	1win-cdn.com/js/87327.3876b66fd.js	991 B	2023-12-24	2024-05-11
Pretty URL 1win-cdn.com/js/87327.3876b66fd.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-24 20:07:56 Last Seen2024-05-11 00:48:13 Times Seen3 Hash 220cfc879420d79274e4ff6bca992baa 7520f94ca9e5732de75a7e50f7fab69a7341ac50 29b90eba7837e6a470a3e4f32fe1c0cc3d15d5034d72fa3a575ff8ee83e08f12 Loading...

	1win-cdn.com/js/desktop.b9c515d35.js	136 kB	2024-05-08	2024-05-12
Pretty URL 1win-cdn.com/js/desktop.b9c515d35.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 16:32:30 Last Seen2024-05-12 12:19:03 Times Seen45 Hash d7a9ad8bd4dcb4009607dc52a7e3f3d9 3b3035ec2737cd847dc6b3805a0b192f387ffb7a 67526207ef6c971e8c9df978a52cd85959aecc4a66f3e6400fb1b0afc669f9f3 Loading...

	1win-cdn.com/js/48430.9af74daeb.js	1.2 kB	2023-12-01	2024-05-23
Pretty URL 1win-cdn.com/js/48430.9af74daeb.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 05:14:32 Last Seen2024-05-23 03:41:20 Times Seen456 Hash 1ff7975a9909675793b03da1294f9681 04198fea02ca2f61451191a0916f7a3b87967bfa 06b058e9e4542070b7052f3cdb79599a4353b89529357a5a4df7258c3b1656bc Loading...

	1win-cdn.com/js/90511.4bc374431.js	637 B	2023-12-01	2024-05-23
Pretty URL 1win-cdn.com/js/90511.4bc374431.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 05:14:32 Last Seen2024-05-23 03:41:20 Times Seen454 Hash 453f1fb8f8c37b6c5c54c40e87dd038b d91d34e4b68e63be767a3ce9cd34eaa3dd41172d 52fd79478fc6b3e236a696d22135ed0c09100b9e25ff9bf93fca315d9d4ba1de Loading...

	1win-cdn.com/js/35967.a72ac7974.js	958 B	2023-12-01	2024-05-23
Pretty URL 1win-cdn.com/js/35967.a72ac7974.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 05:14:33 Last Seen2024-05-23 03:41:20 Times Seen339 Hash 9806bcc449ce96d93fe65bcffdc05c40 1a041edc174e43e94299ee18ebdb25b7b49b3036 56aec7b45747b8a8d71302ffa3af8d1f05dda5ae85e3dcc26905549c63c251a6 Loading...

	1win-cdn.com/js/58258.98332d90c.js	2.7 kB	2023-12-01	2024-05-23
Pretty URL 1win-cdn.com/js/58258.98332d90c.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 05:14:32 Last Seen2024-05-23 03:41:21 Times Seen333 Hash 429e788491131cf7a26b1e1b4b80ee2e f03316b5749e994f600acf4730886b5be0d136f8 30993561b31b29a22b8b7e999f66952c341241534c5494303bcb8bc07b5ad3e3 Loading...

	1wuqas.life/free-money?trid=bai2459008	482 B	2024-03-30	2024-05-23
Pretty URL 1wuqas.life/free-money?trid=bai2459008 IP 190.115.24.78 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML true Observations First Seen2024-03-30 16:44:18 Last Seen2024-05-23 03:41:20 Times Seen138 Hash bc24bbddaf09063aa5f8250aaa64f3d8 293f3dc4dff618fa2ce2cffd58b484ff36b79d63 464c0d2eb75f1905f967d1fc1a4809f063a3085f56f76d231234d78bb28d698f Loading...

	1win-cdn.com/js/91635.a2db5f817.js	748 B	2023-12-01	2024-05-23
Pretty URL 1win-cdn.com/js/91635.a2db5f817.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 05:14:32 Last Seen2024-05-23 03:41:20 Times Seen450 Hash e51646e9aa8ede0120c324fc7f1b980c d15bed4653a73a03424bc09e7746ad922a01579c 902ca682d52d4ae2808e187bbae9b7128712d732d7d5eda4cf1bad017d4f9521 Loading...

	1win-cdn.com/js/38209.ce0dbb534.js	1.3 kB	2024-02-20	2024-05-23
Pretty URL 1win-cdn.com/js/38209.ce0dbb534.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2024-02-20 22:52:49 Last Seen2024-05-23 03:41:20 Times Seen177 Hash 72f73ddb269d565042120562c1ec0c63 36b9b7c3b8838355aae56c42478bdfa61f5250dd b333e8bd20e8f594718ef1c195192747680b0842c347179cf6ca55c81178a006 Loading...

	1win-cdn.com/js/62825.cf3a1caf6.js	736 B	2023-12-01	2024-05-23
Pretty URL 1win-cdn.com/js/62825.cf3a1caf6.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 05:14:32 Last Seen2024-05-23 03:41:21 Times Seen354 Hash 28e8d81ce74785fd3e402ba70f30570e ac5e4809cee47c9ac0f08221da5ab8358986d564 a7928d556c13082bd24d471ea1824a8771b146b4010e05159c35dddc32927c18 Loading...

	www.googletagmanager.com/gtm.js?id=GTM-KGKQDC7	379 kB	2024-05-11	2024-05-11
Pretty URL www.googletagmanager.com/gtm.js?id=GTM-KGKQDC7 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-11 00:48:14 Last Seen2024-05-11 00:48:14 Times Seen1 Hash 3a1fd8dafe6428785b500e12b8c32002 9a4ccd9a7c539b444fc4571917c20028c4de9140 48f9b8ce29154415e4384d04f3bcdbf19c94d687e00c332b440a7d21a69bf241 Loading...

	unknown	320 B	2024-05-07	2024-05-16
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-07 21:14:53 Last Seen2024-05-16 16:24:10 Times Seen51 Hash 4a3cee776b59bbcab837381d996ca47b 7117afc5c4f794658c2749d78bc3ec121b9cca02 ab0398c10ed50c9ddc450035ddbb1a62aef3bce3816ee9fdfec26ae40d949a14 Loading...

	www.gstatic.com/recaptcha/releases/vjbW55W42X033PfTdVf6Ft4q/recaptcha__en.js	514 kB	2024-05-08	2024-05-21
Pretty URL www.gstatic.com/recaptcha/releases/vjbW55W42X033PfTdVf6Ft4q/recaptcha__en.js IP 142.250.74.35 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 00:24:03 Last Seen2024-05-21 18:55:57 Times Seen7138 Hash add520996e437bff5d081315da187fbf 2e489fe16f3712bf36df00b03a8a5af8fa8d4b42 922b951591d52d44aa7015ebc95cab08192aa435b64f9016673ac5da1124a8b4 Loading...

	unknown	562 B	2023-10-13	2024-05-23
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-13 04:25:37 Last Seen2024-05-23 03:41:20 Times Seen654 Hash e35abe00e44b33a732fe04616d6d661a 9031f203ada1d67c9757e77d999b4b7f14fa708b e4c05446119bc3a162949df6dbac62fb9dd051be503964869331860255ae16f0 Loading...

	1win-cdn.com/js/86478.a0eb9f6d2.js	127 kB	2024-05-11	2024-05-11
Pretty URL 1win-cdn.com/js/86478.a0eb9f6d2.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-11 00:48:14 Last Seen2024-05-11 00:48:14 Times Seen1 Hash 341de4b0d1969abf04b9ad58a7a4aafb c9d54ae9ba768c3d0e66ff827cba1bf4b1ca960e 89a23ba51f237fa4446d3c7c33cfd0852689fbefe67475142e07ffb39a09904b Loading...

	1win-cdn.com/js/91217.fc8dbcaea.js	828 B	2023-12-01	2024-05-23
Pretty URL 1win-cdn.com/js/91217.fc8dbcaea.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 05:14:32 Last Seen2024-05-23 03:41:20 Times Seen453 Hash ba2b6cee07a00d456f358cd9e2bf7ffc 77c0332cc2baee5b4783b7c60294284222603a97 d071f74f942a98bf42fb73282a6a91ffaf9eeb116dd49dd0900ffc396d537704 Loading...

	1win-cdn.com/js/62692.9dadb7398.js	847 B	2023-12-01	2024-05-23
Pretty URL 1win-cdn.com/js/62692.9dadb7398.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 05:14:33 Last Seen2024-05-23 03:41:20 Times Seen457 Hash 9afe6681b5ea10a8c7663a970eeafd54 1e3dafa83d751066892246ba0fbc85966e83fcb2 a31e32a08b75b8ee000531454e3e63f3814ab6cb885e9f0434fe426bbcbc87e7 Loading...

	1wuqas.life/free-money?trid=bai2459008	270 B	2024-03-30	2024-05-23
Pretty URL 1wuqas.life/free-money?trid=bai2459008 IP 190.115.24.78 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML true Observations First Seen2024-03-30 16:44:19 Last Seen2024-05-23 03:41:20 Times Seen135 Hash 289bc12eac8d1333c742852d93dd0e77 931edfd193daa1e31e14e475d0dd467e66a33e19 87cc625c5c98e7a5971dace6ce6fc444053dd92da11a36c62ee5ed3c6f56fcb6 Loading...

	1win-cdn.com/js/92592.83aecf04f.js	25 kB	2024-05-11	2024-05-11
Pretty URL 1win-cdn.com/js/92592.83aecf04f.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-11 00:48:14 Last Seen2024-05-11 00:48:16 Times Seen2 Hash b3673cf530ac125607635c8ecdb4cc4e 33e3f1abfc43ae593645f12805758bbb4e937815 8ae56e575e7be7b4d38538dc287c5005fd8897d56ab3a2ae504a74bbd9652bd6 Loading...

	unknown	316 B	2024-04-18	2024-05-16
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-18 07:36:04 Last Seen2024-05-16 16:24:10 Times Seen117 Hash 51e2b24c7620b63ffea046457fbc4af5 d9bcd9eb3b1a690e47f50fa5ba6383b3bc53b1a6 147b62c7a4294c2c35bc4030c5fd6ad0601b851f35879596b29e4215a3d63cc6 Loading...

	unknown	351 B	2024-04-18	2024-05-16
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-18 07:36:06 Last Seen2024-05-16 16:24:10 Times Seen117 Hash 003a98f80ebb1ce49eec0dc541b1f6cc b2e5d2f6337980e0706fd4f3b5934312ebb1126d 49340d31db7e883167a7e4feb1636ee431aca49bd18316d9842b82b43776a454 Loading...

	unknown	409 B	2023-03-10	2024-05-23
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 00:21:10 Last Seen2024-05-23 03:41:20 Times Seen1496 Hash efc54365d1ba6c4fb4bdf7ea1996bdbd 9f89f3485cd56eac910d9c0d6f9bd3b201074e24 da89215c040a91b80faf28d6030c58dab9d599794ef9bd1feba0fb01c621cf40 Loading...

	unknown	456 B	2024-04-18	2024-05-23
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-18 07:36:05 Last Seen2024-05-23 03:41:20 Times Seen124 Hash e52b0f59624f8e74a8b3057ff5435c61 2751ea57dea85000a4310b8ce1ed42f128e15669 59024c214314c5b5bf32ca19d50e94e1bdd916c1876a2c3b982dc22bffa98340 Loading...

		Size	First Seen	Last Seen
	#1 Eval - 0bf001dcdb310567c52654a935c4f92a	80 B	2023-03-26	2024-05-20
Pretty Observations First Seen2023-03-26 10:50:54 Last Seen2024-05-20 10:09:38 Times Seen826 Hash 0bf001dcdb310567c52654a935c4f92a fddc3d16a5af259bcfa6b87a02bde4e3bcdc7109 a3b73a3b1e36d2bfad6fe9530c9c943f28a99cbe84d0674b555d14c3ae26c780 Loading...

HTTP Transactions (117)

URL IP Response Size

winbr.xyz/css/styles.css

54.170.157.24

168 B

URL
winbr.xyz/css/styles.css
IP
54.170.157.24:0
ASN
#16509 AMAZON-02

File type
ASCII text
Size
168 B (168 bytes)
Hash
01813511ade112ed254985c362354a02
bf25a00c1f0078fe8e375a04adbde1c6842ddad7
19086bf5fd95c5c570d4aa133091bf4facd00d1deab49e7ba90f3aad922754f3

HTTP Headers

GET /css/styles.css HTTP/1.1
Host: winbr.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://winbr.xyz/MgagV
Cookie: dhash=MgagV
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.18.0 (Ubuntu)
date: Fri, 10 May 2024 22:47:28 GMT
content-type: text/css
content-length: 168
last-modified: Wed, 21 Feb 2024 06:24:41 GMT
etag: "65d59729-a8"
accept-ranges: bytes
X-Firefox-Spdy: h2

winbr.xyz/MgagV

54.170.157.24

200 OK

31 kB

URL User Request GET HTTP/2
winbr.xyz/MgagV
IP
54.170.157.24:443
ASN
#16509 AMAZON-02

Certificate
IssuerLet's Encrypt
Subjectwinbr.xyz
Fingerprint29:D3:D7:00:4A:1F:C1:B3:81:63:83:45:C3:67:D6:99:15:D1:EB:AE
ValidityWed, 21 Feb 2024 05:30:28 GMT - Tue, 21 May 2024 05:30:27 GMT

File type
gzip compressed data, max speed, from Unix
Size
31 kB (31343 bytes)
Hash
3d55389dad4441f5e3623f4e7d218f88
82751a899722a2b08d3ec287c10a905e86eea646
6519d14e160c396de03787666e5348115ca16a7bf5379ad2ba973ac80faa6be9

HTTP Headers

GET /MgagV HTTP/1.1
Host: winbr.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.18.0 (Ubuntu)
date: Fri, 10 May 2024 22:47:28 GMT
content-type: text/html; charset=UTF-8
set-cookie: dhash=MgagV; expires=Sat, 11-May-2024 22:47:28 GMT; Max-Age=86400; path=/
content-encoding: gzip
X-Firefox-Spdy: h2

cdn.jsdelivr.net/npm/bootstrap@5.2.2/dist/js/bootstrap.bundle.min.js

151.101.1.229

25 kB

URL
cdn.jsdelivr.net/npm/bootstrap@5.2.2/dist/js/bootstrap.bundle.min.js
IP
151.101.1.229:0
ASN
#54113 FASTLY

File type
JavaScript source, ASCII text, with very long lines (65299)
Size
25 kB (24684 bytes)
Hash
d2b0d31f74e62440ea1a557f126d0c64
5c8f6cb983397deb65673b961a8657cfd6113ad9
c4b2394a30fa0e4a23c6b308541353e20872a6fd765ed8fb70e6b402029deb00

HTTP Headers

GET /npm/bootstrap@5.2.2/dist/js/bootstrap.bundle.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://winbr.xyz
DNT: 1
Connection: keep-alive
Referer: https://winbr.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 5.2.2
x-jsd-version-type: version
etag: W/"13a70-XI9suYM5fetlZzuWGoZXz9YROtk"
content-encoding: br
accept-ranges: bytes
date: Fri, 10 May 2024 22:47:28 GMT
age: 22710484
x-served-by: cache-fra-eddf8230122-FRA, cache-hel1410020-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 24684
X-Firefox-Spdy: h2

winbr.xyz/favicon.ico

54.170.157.24

10 kB

URL
winbr.xyz/favicon.ico
IP
54.170.157.24:0
ASN
#16509 AMAZON-02

File type
gzip compressed data, max speed, from Unix
Size
10 kB (10535 bytes)
Hash
4867113ecb0d8543748f88dc30e5ac83
8b1b5f38fba888c646f91d8d12535d38db55493d
76951107b5b705f8f1cad939126dd0a03d1514cd33e3adf61e89fbbae58c8b1d

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: winbr.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://winbr.xyz/MgagV
Cookie: dhash=MgagV
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.18.0 (Ubuntu)
date: Fri, 10 May 2024 22:47:29 GMT
content-type: text/html; charset=UTF-8
set-cookie: dhash=favicon.ico; expires=Sat, 11-May-2024 22:47:29 GMT; Max-Age=86400; path=/
content-encoding: gzip
X-Firefox-Spdy: h2

1wuqas.life/img/logo/main/1win-normal.svg

190.115.24.78

200 OK

1.5 kB

URL GET HTTP/2
1wuqas.life/img/logo/main/1win-normal.svg
IP
190.115.24.78:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://1wuqas.life/free-money?trid=bai2459008
Certificate
IssuerLet's Encrypt
Subject1wuqas.life
Fingerprint01:05:C3:32:4E:7E:9E:72:BC:3B:0B:3A:CA:D2:57:3D:BC:6D:B5:4B
ValidityTue, 23 Apr 2024 13:01:25 GMT - Mon, 22 Jul 2024 13:01:24 GMT

File type
SVG Scalable Vector Graphics image
Size
1.5 kB (1474 bytes)
Hash
0a5e2aff3499f587617337c0add83e72
c713ec3dbfd744114ba3b9cbf7b9ce3d40fbd8a4
a5cb3d03f299b837679eaa793491a03acc5fc1afdbc7f207b7566646f3bd2ecb

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/logo/main/1win-normal.svg HTTP/1.1
Host: 1wuqas.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/free-money?trid=bai2459008
Cookie: __ddg1_=wyTIZ1V7LISDvKhmubWl
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: ddos-guard
date: Fri, 10 May 2024 21:40:36 GMT
content-type: image/svg+xml
last-modified: Fri, 10 May 2024 17:29:21 GMT
etag: W/"663e5971-1221"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
content-encoding: br
vary: Accept-Encoding
age: 4014
content-length: 1474
ddg-cache-status: HIT
X-Firefox-Spdy: h2

1win-cdn.com/font/SFNSDisplay-latin.50a4eaff3.woff2

154.197.121.128

200 OK

33 kB

URL GET HTTP/2
1win-cdn.com/font/SFNSDisplay-latin.50a4eaff3.woff2
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wuqas.life/free-money?trid=bai2459008
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
Web Open Font Format (Version 2), TrueType, length 33064, version 1.0
Size
33 kB (33064 bytes)
Hash
de175cbf569bb3ccf1f761c845cbd896
8d93663b858bae157ba5fc40e1400177104d71bd
df3772666587111462634070c47969ad9687bbf80d0694bb2e6c33be39434d68

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /font/SFNSDisplay-latin.50a4eaff3.woff2 HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1wuqas.life/
Origin: https://1wuqas.life
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:30 GMT
content-type: application/octet-stream
content-length: 33064
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: "663bfc40-8128"
expires: Mon, 08 May 2034 22:47:30 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
accept-ranges: bytes
set-cookie: __cf_bm=QEd_E6swS8vScJ_9O3jG3B.zBqOK07AmmKBXlJvcOBA-1715381250-1.0.1.1-uT3sYjZtSK4NA2qWaBY9nnQk_4ps53hFso1VmJtrwBqe_JRF5GfuZB1hiu5fj.UY.uGIwBYhvyU99sYcbQ3HHg; path=/; expires=Fri, 10-May-24 23:17:30 GMT; domain=.1win-cdn.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78af6fee0b41-OSL
X-Firefox-Spdy: h2

1win-cdn.com/font/SFNSText-latin.f09aa5229.woff2

154.197.121.128

200 OK

44 kB

URL GET HTTP/2
1win-cdn.com/font/SFNSText-latin.f09aa5229.woff2
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wuqas.life/free-money?trid=bai2459008
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
Web Open Font Format (Version 2), TrueType, length 43512, version 1.0
Size
44 kB (43512 bytes)
Hash
426f20bb65ea80d35f3f2a999d5d7d1e
85f211a450f26d7f0822d718fc61085a506fa455
06e02d3d2d01bb2c88786b0a2dd2d692f6659c0159ec4754f7db49c12e03b0d6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /font/SFNSText-latin.f09aa5229.woff2 HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1wuqas.life/
Origin: https://1wuqas.life
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:30 GMT
content-type: application/octet-stream
content-length: 43512
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: "660d5374-a9f8"
expires: Mon, 08 May 2034 22:47:30 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
accept-ranges: bytes
set-cookie: __cf_bm=YaeJHKUJGM.TO.medVWuUvcmtL.EHM5M00cN9anB0ZM-1715381250-1.0.1.1-rgt22wh6DAmDETIiUEI_5T5xNp61R6J66eOYJNN0V_VBN1gr_vRbpR7UG93Y6mne3ZAO5PzTNpBH15P5ZWGrog; path=/; expires=Fri, 10-May-24 23:17:30 GMT; domain=.1win-cdn.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78af6ff20b41-OSL
X-Firefox-Spdy: h2

1wuqas.life/affiliate:link_visit?visit_domain=1wuqas.life&sub_ids=undefined

190.115.24.78

200 OK

394 B

URL GET HTTP/2
1wuqas.life/affiliate:link_visit?visit_domain=1wuqas.life&sub_ids=undefined
IP
190.115.24.78:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://1wuqas.life/free-money?trid=bai2459008
Certificate
IssuerLet's Encrypt
Subject1wuqas.life
Fingerprint01:05:C3:32:4E:7E:9E:72:BC:3B:0B:3A:CA:D2:57:3D:BC:6D:B5:4B
ValidityTue, 23 Apr 2024 13:01:25 GMT - Mon, 22 Jul 2024 13:01:24 GMT

File type
gzip compressed data, from Unix
Size
394 B (394 bytes)
Hash
6343828acd97e18ffee68f5a7a85074e
b19a97a91fc4c6446ad1ac88c1da25c22db0f673
071bd2ea8f654dfbe84ec1e08076493cddf7f9e059c188c6915a87be6cc71a1a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /affiliate:link_visit?visit_domain=1wuqas.life&sub_ids=undefined HTTP/1.1
Host: 1wuqas.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1wuqas.life/free-money?trid=bai2459008
DNT: 1
Connection: keep-alive
Cookie: __ddg1_=wyTIZ1V7LISDvKhmubWl; visit_domain=1wuqas.life
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: ddos-guard
date: Fri, 10 May 2024 22:47:30 GMT
content-type: application/json; charset=utf-8
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Authorization, X-Origin
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin: undefined
access-control-expose-headers: Authorization
access-control-max-age: 7200
etag: W/"25-Zj67mG54TfZ031q1ea2QwFUXWX4"
set-cookie: core-sticky=http://10.233.84.5:80; Path=/; HttpOnly
x-powered-by: Express
x-frame-options: ALLOW-FROM   ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan, ALLOW-FROM 1win-partner.com  ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2

1win-cdn.com/css/index.fd224ee8e.css

154.197.121.128

200 OK

38 kB

URL GET HTTP/2
1win-cdn.com/css/index.fd224ee8e.css
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wuqas.life/free-money?trid=bai2459008
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
gzip compressed data, from Unix
Size
38 kB (38476 bytes)
Hash
8bdf9e0cdabfe2b5ac03cce0d3baa330
c918edc96c4d12d011ca7bbccd64363ff0ca04cf
dc7d046153c3bd7d9345422834d8f9948f70dfefff98a9fdd062a5a4855735a4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/index.fd224ee8e.css HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:30 GMT
content-type: text/css
last-modified: Thu, 04 Apr 2024 11:31:45 GMT
etag: W/"660e8fa1-1823"
expires: Mon, 08 May 2034 22:47:30 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 886485
set-cookie: __cf_bm=A7DIJUanNyZ4.EnI1My95nmMe3QIYemMUSiuPqG0da4-1715381250-1.0.1.1-D7BMwqXlxchvMC9.xRh4gr.rnG.N.A9oCcEGaW4nD1Tu_2mXe9C.GsBLEKMwJG9LE_T8ZucL1oHLeNGfEe2GbA; path=/; expires=Fri, 10-May-24 23:17:30 GMT; domain=.1win-cdn.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78af6b3b568b-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/js/index.53e277048.js

154.197.121.128

200 OK

120 kB

URL GET HTTP/2
1win-cdn.com/js/index.53e277048.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wuqas.life/free-money?trid=bai2459008
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (65460), with no line terminators
Size
120 kB (119536 bytes)
Hash
c22922852176092110ee6f09cf9b8a85
1d163d45cd812519d55cf00636d26485613bfa9e
e6f7fa9c9c211b8bbb57e2dcba8c60509ac669080b357cf8ff4fcdba249ae02e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/index.53e277048.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:30 GMT
content-type: application/javascript; charset=utf-8
last-modified: Fri, 10 May 2024 17:29:21 GMT
etag: W/"663e5971-312a0"
expires: Mon, 08 May 2034 22:47:30 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 18787
set-cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A; path=/; expires=Fri, 10-May-24 23:17:30 GMT; domain=.1win-cdn.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78af6b38568b-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1wuqas.life/free-money?trid=bai2459008

190.115.24.78

200 OK

169 kB

URL User Request GET HTTP/2
1wuqas.life/free-money?trid=bai2459008
IP
190.115.24.78:443
ASN
#59692 IQWeb FZ-LLC

Certificate
IssuerLet's Encrypt
Subject1wuqas.life
Fingerprint01:05:C3:32:4E:7E:9E:72:BC:3B:0B:3A:CA:D2:57:3D:BC:6D:B5:4B
ValidityTue, 23 Apr 2024 13:01:25 GMT - Mon, 22 Jul 2024 13:01:24 GMT

File type
gzip compressed data, from Unix
Size
169 kB (169031 bytes)
Hash
810f22a71ce799ef5940d4c6a3466570
457d6957d4cad81cad960037bd5dd7dedb330f2a
e9da6f752ff858c0b6273e761c96858b17172017339e5900c780eebf2c4c3115

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /free-money?trid=bai2459008 HTTP/1.1
Host: 1wuqas.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://winbr.xyz/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg1_=wyTIZ1V7LISDvKhmubWl; Domain=.1wuqas.life; HttpOnly; Path=/; Expires=Sat, 10-May-2025 22:47:30 GMT
date: Fri, 10 May 2024 22:47:30 GMT
content-type: text/html; charset=utf-8
x-request-id: bqp8U7f7gkXJ810P
vary: Origin
access-control-allow-origin: *
x-match-domain: 1wuqas.life
x-frame-options: ALLOW-FROM   ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan, ALLOW-FROM 1win-partner.com  ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan
content-encoding: gzip
X-Firefox-Spdy: h2

1wuqas.life/firebase/8.1.1/firebase-messaging.js

190.115.24.78

200 OK

11 kB

URL GET HTTP/2
1wuqas.life/firebase/8.1.1/firebase-messaging.js
IP
190.115.24.78:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://1wuqas.life/free-money?trid=bai2459008
Certificate
IssuerLet's Encrypt
Subject1wuqas.life
Fingerprint01:05:C3:32:4E:7E:9E:72:BC:3B:0B:3A:CA:D2:57:3D:BC:6D:B5:4B
ValidityTue, 23 Apr 2024 13:01:25 GMT - Mon, 22 Jul 2024 13:01:24 GMT

File type
JavaScript source, ASCII text, with very long lines (40719)
Size
11 kB (10915 bytes)
Hash
450e8b32262706d42cfdd438c49208f5
31c7e4aac1d1303c1e83a0b591abc3501e278668
58a372bb9d424111a2e73c427edb10db91c0f05e8f323f046d20f5cf8fd6f30f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /firebase/8.1.1/firebase-messaging.js HTTP/1.1
Host: 1wuqas.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/free-money?trid=bai2459008
Cookie: __ddg1_=wyTIZ1V7LISDvKhmubWl; visit_domain=1wuqas.life; core-sticky=http://10.233.84.5:80; 1w_lang=en; 1w_locale=1; AMP_494cccfe21=JTdCJTIyZGV2aWNlSWQlMjIlM0ElMjI1NjQyYTIzYy02NTlmLTRiZjQtYjdiNC04MTI2OWM1NGZkNGYlMjIlMkMlMjJzZXNzaW9uSWQlMjIlM0ExNzE1MzgxMjUwOTU4JTJDJTIyb3B0T3V0JTIyJTNBZmFsc2UlMkMlMjJsYXN0RXZlbnRUaW1lJTIyJTNBMTcxNTM4MTI1MDk5NiUyQyUyMmxhc3RFdmVudElkJTIyJTNBMCU3RA==; AMP_MKTG_494cccfe21=JTdCJTIycmVmZXJyZXIlMjIlM0ElMjJodHRwcyUzQSUyRiUyRndpbmJyLnh5eiUyRiUyMiUyQyUyMnJlZmVycmluZ19kb21haW4lMjIlM0ElMjJ3aW5ici54eXolMjIlN0Q=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: ddos-guard
date: Thu, 09 May 2024 20:05:49 GMT
content-type: application/javascript
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: W/"663bfc40-9f25"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: ALLOW-FROM   ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan, ALLOW-FROM 1win-partner.com  ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan
content-encoding: br
vary: Accept-Encoding
age: 96102
content-length: 10915
ddg-cache-status: HIT
X-Firefox-Spdy: h2

1win-cdn.com/img/present-with-light.bd57fb068-151.png

154.197.121.128

200 OK

5.6 kB

URL GET HTTP/2
1win-cdn.com/img/present-with-light.bd57fb068-151.png
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wuqas.life/free-money?trid=bai2459008
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
PNG image data, 151 x 161, 8-bit colormap, non-interlaced
Size
5.6 kB (5600 bytes)
Hash
a804ad67f4add53f8c251c2ebc80469d
4108aeab2f7a7c3720885edeb445e6131a383a49
06cee660e5b0dfa3ec59c1a1e03e4ab3da6cb22d1e49c9c51f9cf84ed925e304

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/present-with-light.bd57fb068-151.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:31 GMT
content-type: image/png
content-length: 5600
cf-bgj: imgq:100,h2pri
cf-polished: origSize=6732
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "663e5971-1a4c"
last-modified: Fri, 10 May 2024 17:29:21 GMT
cf-cache-status: HIT
age: 4521
expires: Sat, 11 May 2024 02:47:31 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78b50f14568b-OSL
X-Firefox-Spdy: h2

1win-cdn.com/js/99795.722361bcb.js

154.197.121.128

200 OK

725 B

URL GET HTTP/2
1win-cdn.com/js/99795.722361bcb.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wuqas.life/free-money?trid=bai2459008
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
gzip compressed data, from Unix
Size
725 B (725 bytes)
Hash
24afd49ec31cc2b7ad5c15927655cbe6
0d7962a6b5a798b1d7ea744add17c65b7a60c5f1
2f15a39e4ecbfefd570a38e8c44ea846940f8fe2e55bfb3ea2db0271e468d814

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/99795.722361bcb.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:31 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-155"
expires: Mon, 08 May 2034 22:47:31 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 210524
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78b46e9a568b-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/css/86478.fa9af76aa.css

154.197.121.128

200 OK

124 kB

URL GET HTTP/2
1win-cdn.com/css/86478.fa9af76aa.css
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wuqas.life/free-money?trid=bai2459008
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
gzip compressed data, from Unix
Size
124 kB (123902 bytes)
Hash
0b000f49873721d4d113b98f0f7fe971
73922715eb044febdc772f1431d1f11f33203c07
1b87bc1ab65026035ab9633f41209c6551c4f74980a3e36c563d42dbc1a93add

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/86478.fa9af76aa.css HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:31 GMT
content-type: text/css
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-f979"
expires: Mon, 08 May 2034 22:47:31 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 210620
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78b45e8d568b-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/js/48430.9af74daeb.js

154.197.121.128

200 OK

12 kB

URL GET HTTP/2
1win-cdn.com/js/48430.9af74daeb.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wuqas.life/free-money?trid=bai2459008
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
gzip compressed data, from Unix
Size
12 kB (11617 bytes)
Hash
b2437aa0130703be68d42f826611d16b
3133ee878b5bf5c92df4275aef29e45915147b25
128811728d1e3a7de5489fe7905036053fb49a2f4552b188596c3329f59ccbf1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/48430.9af74daeb.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:31 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-496"
expires: Mon, 08 May 2034 22:47:31 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 877592
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78b52f4e568b-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/js/57652.297e4ecc2.js

154.197.121.128

200 OK

866 B

URL GET HTTP/2
1win-cdn.com/js/57652.297e4ecc2.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wuqas.life/free-money?trid=bai2459008
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
gzip compressed data, from Unix
Size
866 B (866 bytes)
Hash
d0bc1af4bfcbe1df25bcfdcc8924594c
bc6352ec5a2cb6b9b5e33dd13b6c9309fe918d1e
e9aee5751834b8ae2aaa1df4862acdc2145b39f11ea5cbb8ec62645f992160a6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/57652.297e4ecc2.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:31 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-287"
expires: Mon, 08 May 2034 22:47:31 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 886085
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78b58fb5568b-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/js/8653.ed7806659.js

154.197.121.128

200 OK

5.9 kB

URL GET HTTP/2
1win-cdn.com/js/8653.ed7806659.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wuqas.life/free-money?trid=bai2459008
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
gzip compressed data, from Unix
Size
5.9 kB (5885 bytes)
Hash
8bf081ba9c15bb0497b5beea1bf6405c
4ba0339b686247546bb1f8a7fbafcd86964d9c50
a588f88684050f34579eae06a00a7ea00912db9c07414d5a6fb004f988b819b2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/8653.ed7806659.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:31 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-3b8"
expires: Mon, 08 May 2034 22:47:31 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 877592
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78b6783d568b-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/js/38209.ce0dbb534.js

154.197.121.128

200 OK

111 kB

URL GET HTTP/2
1win-cdn.com/js/38209.ce0dbb534.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wuqas.life/free-money?trid=bai2459008
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
gzip compressed data, from Unix
Size
111 kB (111318 bytes)
Hash
036a16165d789387a51bf694e4ba51a3
661464a72f036a0c41c6d16d4624f9a625166b81
5d02d4b5e12c380081d06464293758928524801847c6f9bc24655f0cdb25f64b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/38209.ce0dbb534.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:31 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-51f"
expires: Mon, 08 May 2034 22:47:31 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 873239
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78b50f0c568b-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

www.google.com/recaptcha/api.js

142.250.74.132

200 OK

84 kB

URL GET HTTP/2
www.google.com/recaptcha/api.js
IP
142.250.74.132:443
ASN
#15169 GOOGLE

Requested by
https://1wuqas.life/free-money?trid=bai2459008
Certificate
IssuerGoogle Trust Services LLC
Subjectwww.google.com
FingerprintC6:A2:DC:31:5A:53:FA:DD:55:71:A3:F4:DD:43:3D:16:71:B8:B3:99
ValidityTue, 16 Apr 2024 04:20:32 GMT - Tue, 09 Jul 2024 04:20:31 GMT

File type
gzip compressed data
Size
84 kB (84224 bytes)
Hash
1546b02381e0da7f4e83ebd55157cd6a
30ecc2183045e9365110e2dc49c08132e5f5db12
6d8817a2c9acab71bdd1b6844306ed6c26c5e5b3c382ca2a1165f65f2f239569

HTTP Headers

GET /recaptcha/api.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
expires: Fri, 10 May 2024 22:47:31 GMT
date: Fri, 10 May 2024 22:47:31 GMT
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

1win-cdn.com/js/35967.a72ac7974.js

154.197.121.128

200 OK

47 kB

URL GET HTTP/2
1win-cdn.com/js/35967.a72ac7974.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wuqas.life/free-money?trid=bai2459008
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
gzip compressed data, from Unix
Size
47 kB (47031 bytes)
Hash
4fabc773bd5b43574921ed5e29191d4d
1ed636feed98283d2780da44d746551f8f845cd4
fd4842208eabe33d796d77d64e7d763ecebeb2feab459aae2b5b034c87b9b744

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/35967.a72ac7974.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:31 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-3be"
expires: Mon, 08 May 2034 22:47:31 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 873238
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78b66832568b-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/banknote.a4518ead2-730.png

154.197.121.128

200 OK

27 kB

URL GET HTTP/2
1win-cdn.com/img/banknote.a4518ead2-730.png
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wuqas.life/free-money?trid=bai2459008
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
PNG image data, 730 x 563, 8-bit colormap, non-interlaced
Size
27 kB (26935 bytes)
Hash
76fbdcec4c09109e1d69d3c62536309c
04d11b1a36d712226ea7a0b86e3648fb7f8358b9
6cb5eeab37036b741e61b1c0bcc239f31edd1b1ddff239b509303a7b657eec99

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/banknote.a4518ead2-730.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1win-cdn.com/css/86478.fa9af76aa.css
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:31 GMT
content-type: image/png
content-length: 26935
cf-bgj: imgq:100,h2pri
cf-polished: origSize=29718
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "663e5971-7416"
last-modified: Fri, 10 May 2024 17:29:21 GMT
cf-cache-status: HIT
age: 3096
expires: Sat, 11 May 2024 02:47:31 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78b768e7568b-OSL
X-Firefox-Spdy: h2

1win-cdn.com/js/90511.4bc374431.js

154.197.121.128

200 OK

31 kB

URL GET HTTP/2
1win-cdn.com/js/90511.4bc374431.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wuqas.life/free-money?trid=bai2459008
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
gzip compressed data, from Unix
Size
31 kB (30934 bytes)
Hash
e4c3a3b05b531229b74356b2d54ce43a
e90802b44dd33106a02d3a9799c064c087cccaf7
d1bd12b94844f2c2717dc8e8f5eb28ef43c83af6453efd4ece2abc82e9e39a0f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/90511.4bc374431.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:31 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-27d"
expires: Mon, 08 May 2034 22:47:31 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 872816
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78b5dfdc568b-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/dollars.854b6fa48-510.png

154.197.121.128

200 OK

43 kB

URL GET HTTP/2
1win-cdn.com/img/dollars.854b6fa48-510.png
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wuqas.life/free-money?trid=bai2459008
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
PNG image data, 510 x 728, 8-bit colormap, non-interlaced
Size
43 kB (42554 bytes)
Hash
ef35f99b2bda674b3f0a8ade51c9a4c0
5b92846272826c6127aa4864aed31ed98feb367c
b0cc2c4da10cee3d5eaf5e0f12e1fd8a02856ece5734f0c84ba4189da3b83da2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/dollars.854b6fa48-510.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1win-cdn.com/css/86478.fa9af76aa.css
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:31 GMT
content-type: image/png
content-length: 42554
cf-bgj: imgq:100,h2pri
cf-polished: origSize=45854
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "663e5971-b31e"
last-modified: Fri, 10 May 2024 17:29:21 GMT
cf-cache-status: HIT
age: 3096
expires: Sat, 11 May 2024 02:47:31 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78b768ef568b-OSL
X-Firefox-Spdy: h2

1win-cdn.com/img/backgroundPattern.00c37eb74-632.png

154.197.121.128

200 OK

18 kB

URL GET HTTP/2
1win-cdn.com/img/backgroundPattern.00c37eb74-632.png
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wuqas.life/free-money?trid=bai2459008
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
PNG image data, 632 x 708, 8-bit colormap, non-interlaced
Size
18 kB (17612 bytes)
Hash
76f040f4c090a0e0ecf8aa765228b56a
59a2adec9b3f9d572401953dfd69670ec3a97051
9c3f135e3548080272715b330bbeaf0576da3e70b8b8e364b2e864b642ba2387

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/backgroundPattern.00c37eb74-632.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1win-cdn.com/css/86478.fa9af76aa.css
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:31 GMT
content-type: image/png
content-length: 17612
cf-bgj: imgq:100,h2pri
cf-polished: origSize=20623
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "663e5971-508f"
last-modified: Fri, 10 May 2024 17:29:21 GMT
cf-cache-status: HIT
age: 3096
expires: Sat, 11 May 2024 02:47:31 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78b78904568b-OSL
X-Firefox-Spdy: h2

1win-cdn.com/img/lucky-jet.f927485da.svg

154.197.121.128

200 OK

18 kB

URL GET HTTP/2
1win-cdn.com/img/lucky-jet.f927485da.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wuqas.life/free-money?trid=bai2459008
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
gzip compressed data, from Unix
Size
18 kB (17549 bytes)
Hash
9121f362b63748e87bc7870b882d1c34
c55d70ca8c0b1ae7aed01bb440b0eed91b83e6d2
df114001f77fc459ff35b5cd5773b21a86f137fa9903e940135b1c1ef7762ecb

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/lucky-jet.f927485da.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:31 GMT
content-type: image/svg+xml
last-modified: Fri, 10 May 2024 17:29:21 GMT
etag: W/"663e5971-f8d"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 3946
expires: Sat, 11 May 2024 02:47:31 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78b56f99568b-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/js/54591.6225c61c0.js

154.197.121.128

200 OK

16 kB

URL GET HTTP/2
1win-cdn.com/js/54591.6225c61c0.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wuqas.life/free-money?trid=bai2459008
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
gzip compressed data, from Unix
Size
16 kB (16076 bytes)
Hash
9ae32834666bcda7e010fe0fa52d57e8
4a57d88ff431a9374edad93a81bbe310f7099ec5
17769f97c01ef6edca39f481ba71e342555900934f51c396e70d426b00da0a2d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/54591.6225c61c0.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:31 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 06 May 2024 12:32:27 GMT
etag: W/"6638cddb-2100"
expires: Mon, 08 May 2034 22:47:31 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 381646
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78b44e83568b-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/coinCorner.3e76df0b9-132.png

154.197.121.128

200 OK

4.7 kB

URL GET HTTP/2
1win-cdn.com/img/coinCorner.3e76df0b9-132.png
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wuqas.life/free-money?trid=bai2459008
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
PNG image data, 132 x 166, 8-bit colormap, non-interlaced
Size
4.7 kB (4691 bytes)
Hash
83a227e0680c180b0372725344d0c422
c659edf7cfcb3d4a94387e874b60d04e4b4f6506
55b77f5da74aba29ad38bf655e25fff3e87e0cd76e59ace7d7c88642e6000e22

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/coinCorner.3e76df0b9-132.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1win-cdn.com/css/86478.fa9af76aa.css
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:31 GMT
content-type: image/png
content-length: 4691
cf-bgj: imgq:100,h2pri
cf-polished: origSize=5084
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "663e5971-13dc"
last-modified: Fri, 10 May 2024 17:29:21 GMT
cf-cache-status: HIT
age: 3096
expires: Sat, 11 May 2024 02:47:31 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78b7a922568b-OSL
X-Firefox-Spdy: h2

1wuqas.life/cdp/api-gateway/v1/unauthorized/track/visit

190.115.24.78

201 Created

138 kB

URL POST HTTP/2
1wuqas.life/cdp/api-gateway/v1/unauthorized/track/visit
IP
190.115.24.78:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://1wuqas.life/free-money?trid=bai2459008
Certificate
IssuerLet's Encrypt
Subject1wuqas.life
Fingerprint01:05:C3:32:4E:7E:9E:72:BC:3B:0B:3A:CA:D2:57:3D:BC:6D:B5:4B
ValidityTue, 23 Apr 2024 13:01:25 GMT - Mon, 22 Jul 2024 13:01:24 GMT

File type
gzip compressed data, from Unix
Size
138 kB (137695 bytes)
Hash
aa6ce22674e4b9de9845de22cdb6f559
6f04f35b3a292d90530ab45a41f6ca0388993950
b6bab5a2bb613c30e08914d300026beb65dc0704dcbdfcf7be50b3c394fcfd3c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /cdp/api-gateway/v1/unauthorized/track/visit HTTP/1.1
Host: 1wuqas.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1wuqas.life/free-money?trid=bai2459008
Content-Type: application/json
Content-Length: 56
Origin: https://1wuqas.life
DNT: 1
Connection: keep-alive
Cookie: __ddg1_=wyTIZ1V7LISDvKhmubWl; visit_domain=1wuqas.life; core-sticky=http://10.233.84.5:80; 1w_lang=en; 1w_locale=1; AMP_494cccfe21=JTdCJTIyZGV2aWNlSWQlMjIlM0ElMjI1NjQyYTIzYy02NTlmLTRiZjQtYjdiNC04MTI2OWM1NGZkNGYlMjIlMkMlMjJzZXNzaW9uSWQlMjIlM0ExNzE1MzgxMjUwOTU4JTJDJTIyb3B0T3V0JTIyJTNBZmFsc2UlMkMlMjJsYXN0RXZlbnRUaW1lJTIyJTNBMTcxNTM4MTI1MDk5NiUyQyUyMmxhc3RFdmVudElkJTIyJTNBMCU3RA==; AMP_MKTG_494cccfe21=JTdCJTIycmVmZXJyZXIlMjIlM0ElMjJodHRwcyUzQSUyRiUyRndpbmJyLnh5eiUyRiUyMiUyQyUyMnJlZmVycmluZ19kb21haW4lMjIlM0ElMjJ3aW5ici54eXolMjIlN0Q=
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 201 Created
server: ddos-guard
date: Fri, 10 May 2024 22:47:31 GMT
content-type: application/json; charset=utf-8
content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
origin-agent-cluster: ?1
referrer-policy: no-referrer
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-permitted-cross-domain-policies: none
x-xss-protection: 0
access-control-allow-origin: https://1wuqas.life
access-control-allow-credentials: true
x-ratelimit-limit-trackip: 9999999999
x-ratelimit-remaining-trackip: 9999999992
x-ratelimit-reset-trackip: 42
etag: W/"2-vyGp6PvFo4RvsFtPoIWeCReyIC8"
x-envoy-upstream-service-time: 16
access-control-expose-headers: Access-Control-Allow-Origin,Access-Control-Allow-Credentials,Access-Control-Allow-Headers,Access-Control-Allow-Methods
x-frame-options: SAMEORIGIN, ALLOW-FROM   ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan, ALLOW-FROM 1win-partner.com  ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2

1win-cdn.com/img/pwa_android_en.b229a444a-690.png

154.197.121.128

200 OK

33 kB

URL GET HTTP/2
1win-cdn.com/img/pwa_android_en.b229a444a-690.png
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wuqas.life/free-money?trid=bai2459008
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
PNG image data, 690 x 450, 8-bit colormap, non-interlaced
Size
33 kB (33278 bytes)
Hash
43e03a24e305838eac0629c5cbf85550
85c71568d1008a17b928ac548987911daf187020
368a53c990be07280c5f3d3a726f0365f24befd9da404e98c139d88d8b5bf10b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/pwa_android_en.b229a444a-690.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:31 GMT
content-type: image/png
content-length: 33278
cf-bgj: imgq:100,h2pri
cf-polished: origSize=37637
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "663e5971-9305"
last-modified: Fri, 10 May 2024 17:29:21 GMT
cf-cache-status: HIT
age: 5660
expires: Sat, 11 May 2024 02:47:31 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78b7b92e568b-OSL
X-Firefox-Spdy: h2

1win-cdn.com/js/18860.cc0fd1e0e.js

154.197.121.128

200 OK

103 kB

URL GET HTTP/2
1win-cdn.com/js/18860.cc0fd1e0e.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wuqas.life/free-money?trid=bai2459008
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
gzip compressed data, from Unix
Size
103 kB (103310 bytes)
Hash
dabcf9957bbcfb03048f9a7752c03d81
473c88c1ee372b0ae69aa0f0340bf63a26e31da6
327028142f1bb90c2314e0531e744e29d5d73d9c4297d83b68d549d91f1b9641

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/18860.cc0fd1e0e.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:30 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 06 May 2024 12:32:27 GMT
etag: W/"6638cddb-6d56"
expires: Mon, 08 May 2034 22:47:30 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 381652
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78b13ca4568b-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/css/desktop.916d40f3f.css

154.197.121.128

200 OK

158 kB

URL GET HTTP/2
1win-cdn.com/css/desktop.916d40f3f.css
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wuqas.life/free-money?trid=bai2459008
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
gzip compressed data, from Unix
Size
158 kB (158399 bytes)
Hash
96884d06bfab2506e930de102ccc4aed
e303e0ea6b1cff6d6c5cf2fe9f251b7f3597087b
c084622f2b85b6806b598e7f8a55697eef10586a6175d3d3f090c23ce1e0c90e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/desktop.916d40f3f.css HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:30 GMT
content-type: text/css
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-121d6"
expires: Mon, 08 May 2034 22:47:30 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 210583
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78b09bf6568b-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/voucher-desktop.c83e749d0-918.png

154.197.121.128

200 OK

42 kB

URL GET HTTP/2
1win-cdn.com/img/voucher-desktop.c83e749d0-918.png
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wuqas.life/free-money?trid=bai2459008
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
PNG image data, 918 x 735, 8-bit colormap, non-interlaced
Size
42 kB (42439 bytes)
Hash
08033a87668d4e7a135a39f99442b520
695f9fab27040e350992aa60989f6c5c2bf938b0
03ac9c5c63fc0c9471b47fb43216de53633b6c21a52c3216c34191af137aa02a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/voucher-desktop.c83e749d0-918.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1win-cdn.com/css/86478.fa9af76aa.css
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:31 GMT
content-type: image/png
content-length: 42439
cf-bgj: imgq:100,h2pri
cf-polished: origSize=47491
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "663e5971-b983"
last-modified: Fri, 10 May 2024 17:29:21 GMT
cf-cache-status: HIT
age: 3096
expires: Sat, 11 May 2024 02:47:31 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78b7c93e568b-OSL
X-Firefox-Spdy: h2

1win-cdn.com/img/coin.05d04a569-479.png

154.197.121.128

200 OK

13 kB

URL GET HTTP/2
1win-cdn.com/img/coin.05d04a569-479.png
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wuqas.life/free-money?trid=bai2459008
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
PNG image data, 479 x 479, 8-bit colormap, non-interlaced
Size
13 kB (13091 bytes)
Hash
533ebb18e2dbd41952bf57e39e78269d
dee5953003b158cd384cd773fbdc947a4b0a982f
043cbb9599223dc9f7358ea10bcc11a1af85c1015f6586314cb9aab75fbb484d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/coin.05d04a569-479.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1win-cdn.com/css/86478.fa9af76aa.css
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:31 GMT
content-type: image/png
content-length: 13091
cf-bgj: imgq:100,h2pri
cf-polished: origSize=14532
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "663e5971-38c4"
last-modified: Fri, 10 May 2024 17:29:21 GMT
cf-cache-status: HIT
age: 3096
expires: Sat, 11 May 2024 02:47:31 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78b7c93d568b-OSL
X-Firefox-Spdy: h2

1win-cdn.com/js/62825.cf3a1caf6.js

154.197.121.128

200 OK

36 kB

URL GET HTTP/2
1win-cdn.com/js/62825.cf3a1caf6.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wuqas.life/free-money?trid=bai2459008
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
gzip compressed data, from Unix
Size
36 kB (36034 bytes)
Hash
a0b34388f66a7c22cfef1255c0bd3997
c4b19e7a87c7a4f8fed467ae97675e0f439a4ff3
f9fa39088ee64025b9ea66bd2e49ad57922f562f39d487dc91fee8dca3308c57

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/62825.cf3a1caf6.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:31 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-2e0"
expires: Mon, 08 May 2034 22:47:31 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 873239
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78b6a862568b-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

www.gstatic.com/recaptcha/releases/vjbW55W42X033PfTdVf6Ft4q/recaptcha__en.js

142.250.74.35

200 OK

204 kB

URL GET HTTP/2
www.gstatic.com/recaptcha/releases/vjbW55W42X033PfTdVf6Ft4q/recaptcha__en.js
IP
142.250.74.35:443
ASN
#15169 GOOGLE

Requested by
https://1wuqas.life/free-money?trid=bai2459008
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
JavaScript source, ASCII text, with very long lines (632)
Size
204 kB (204445 bytes)
Hash
add520996e437bff5d081315da187fbf
2e489fe16f3712bf36df00b03a8a5af8fa8d4b42
922b951591d52d44aa7015ebc95cab08192aa435b64f9016673ac5da1124a8b4

HTTP Headers

GET /recaptcha/releases/vjbW55W42X033PfTdVf6Ft4q/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1wuqas.life
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 204445
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 06 May 2024 16:12:34 GMT
expires: Tue, 06 May 2025 16:12:34 GMT
cache-control: public, max-age=31536000
last-modified: Sun, 05 May 2024 20:00:16 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 369298
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

1win-cdn.com/js/43277.a3a50c6f3.js

154.197.121.128

200 OK

4.8 kB

URL GET HTTP/2
1win-cdn.com/js/43277.a3a50c6f3.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wuqas.life/free-money?trid=bai2459008
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
gzip compressed data, from Unix
Size
4.8 kB (4765 bytes)
Hash
db5b519fb240baf048b98ac501cab954
810902a9154ffd7b79a862f5cfc907f1e5f42f1f
27690b99886e817353fa7f5ccb65a7547f6f8d7ee2a2c54d834d104872d4df0e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/43277.a3a50c6f3.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:32 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-5c5"
expires: Mon, 08 May 2034 22:47:32 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 872710
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78b9da7f568b-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

d16q5vvir3f28d.cloudfront.net/raffle-20240411/desktop-active-backgroundImage.png

143.204.42.78

200 OK

156 kB

URL GET HTTP/2
d16q5vvir3f28d.cloudfront.net/raffle-20240411/desktop-active-backgroundImage.png
IP
143.204.42.78:443
ASN
#16509 AMAZON-02

Requested by
https://1wuqas.life/free-money?trid=bai2459008
Certificate
IssuerAmazon
Subject*.cloudfront.net
FingerprintFA:21:45:DC:4D:94:03:A3:09:77:51:78:4A:21:F2:C5:6D:94:BE:52
ValidityTue, 10 Oct 2023 00:00:00 GMT - Thu, 19 Sep 2024 23:59:59 GMT

File type
PNG image data, 1440 x 1196, 8-bit colormap, non-interlaced
Size
156 kB (156408 bytes)
Hash
ddfe74759c34bbd380f022175682668f
551b6d63d3bb0b10d2e1f018966b4546ab0cb856
7c8af2ec3a838bcab6e8ba841a37932d308757e624392a439c8b8d16c7cd86d4

HTTP Headers

GET /raffle-20240411/desktop-active-backgroundImage.png HTTP/1.1
Host: d16q5vvir3f28d.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: image/png
content-length: 156408
date: Fri, 10 May 2024 08:57:55 GMT
last-modified: Thu, 11 Apr 2024 12:20:45 GMT
etag: "ddfe74759c34bbd380f022175682668f"
x-amz-server-side-encryption: AES256
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 dbfaae0db03f11cf713bbcbdb25be4a2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: hpclyY7HANQEzPcw1jbfOmIyPjeZezdMMFJNqtvhOGuys1NMTFhUsQ==
age: 49778
X-Firefox-Spdy: h2

d16q5vvir3f28d.cloudfront.net/raffle-20240411/desktop-active-mainImage.png

143.204.42.78

200 OK

328 kB

URL GET HTTP/2
d16q5vvir3f28d.cloudfront.net/raffle-20240411/desktop-active-mainImage.png
IP
143.204.42.78:443
ASN
#16509 AMAZON-02

Requested by
https://1wuqas.life/free-money?trid=bai2459008
Certificate
IssuerAmazon
Subject*.cloudfront.net
FingerprintFA:21:45:DC:4D:94:03:A3:09:77:51:78:4A:21:F2:C5:6D:94:BE:52
ValidityTue, 10 Oct 2023 00:00:00 GMT - Thu, 19 Sep 2024 23:59:59 GMT

File type
PNG image data, 1504 x 868, 8-bit colormap, non-interlaced
Size
328 kB (327707 bytes)
Hash
230e799496795a2d8c0f64d58cce5b7a
b1e8f9e61b141dcc0c43cd42e1e9285f4322ef7b
3c628cfdc5dd0b872fb139635840a812c9452cd2e68a33cba1af5b6ac71d52dc

HTTP Headers

GET /raffle-20240411/desktop-active-mainImage.png HTTP/1.1
Host: d16q5vvir3f28d.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: image/png
content-length: 327707
date: Fri, 10 May 2024 08:57:55 GMT
last-modified: Thu, 11 Apr 2024 12:20:45 GMT
etag: "230e799496795a2d8c0f64d58cce5b7a"
x-amz-server-side-encryption: AES256
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 dbfaae0db03f11cf713bbcbdb25be4a2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: dEPpVVBA9moa-gVOyY0w5p5PAoOe32e4JSOP06_GXkLFWOpOs11AJQ==
age: 49778
X-Firefox-Spdy: h2

d16q5vvir3f28d.cloudfront.net/raffle-20240510/timerTexts/desktop/en.png

143.204.42.78

200 OK

42 kB

URL GET HTTP/2
d16q5vvir3f28d.cloudfront.net/raffle-20240510/timerTexts/desktop/en.png
IP
143.204.42.78:443
ASN
#16509 AMAZON-02

Requested by
https://1wuqas.life/free-money?trid=bai2459008
Certificate
IssuerAmazon
Subject*.cloudfront.net
FingerprintFA:21:45:DC:4D:94:03:A3:09:77:51:78:4A:21:F2:C5:6D:94:BE:52
ValidityTue, 10 Oct 2023 00:00:00 GMT - Thu, 19 Sep 2024 23:59:59 GMT

File type
PNG image data, 1440 x 194, 8-bit colormap, non-interlaced
Size
42 kB (42417 bytes)
Hash
72a3d5e9d49b4a0967fe6d036db26a4e
f4af2d244cddd22b4b918def0dc15f4c5130f167
f6fd142c8825894d1719885805c7e59553ed241031c261bbcc7252676abfa314

HTTP Headers

GET /raffle-20240510/timerTexts/desktop/en.png HTTP/1.1
Host: d16q5vvir3f28d.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: image/png
content-length: 42417
date: Fri, 10 May 2024 22:47:33 GMT
last-modified: Fri, 10 May 2024 12:56:11 GMT
etag: "72a3d5e9d49b4a0967fe6d036db26a4e"
x-amz-server-side-encryption: AES256
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
x-cache: Miss from cloudfront
via: 1.1 dbfaae0db03f11cf713bbcbdb25be4a2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: WrU9snC-6yIpR7SmAxSUyb_WGWuXjw8tmeT39UHeGWoXYUVHrGlgQA==
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=G-548949LWLW&l=dataLayer&cx=c

142.250.74.168

200 OK

92 kB

URL GET HTTP/3
www.googletagmanager.com/gtag/js?id=G-548949LWLW&l=dataLayer&cx=c
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://1wuqas.life/free-money?trid=bai2459008
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE
ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT

File type
JavaScript source, ASCII text, with very long lines (5955)
Size
92 kB (92212 bytes)
Hash
009f52d8ea6dc9d109fe702b922cee70
13681066cbd5881ddfa26e6d6f9d651598d388e7
248a1d40b8c072cfa9cae94cd2451ace3ef8d6f9850f64617091bc814627216b

HTTP Headers

GET /gtag/js?id=G-548949LWLW&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 10 May 2024 22:47:32 GMT
expires: Fri, 10 May 2024 22:47:32 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 92212
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.googletagmanager.com/gtag/destination?id=DC-12688802&l=dataLayer&cx=c

142.250.74.168

200 OK

74 kB

URL GET HTTP/3
www.googletagmanager.com/gtag/destination?id=DC-12688802&l=dataLayer&cx=c
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://1wuqas.life/free-money?trid=bai2459008
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE
ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT

File type
JavaScript source, ASCII text, with very long lines (1822)
Size
74 kB (74062 bytes)
Hash
5c54b9e314ef2483c03df3f96a423e75
b825a4f63d3f81bceed045479d01c9a279fce09e
38e809a677daa0f911b51277783202b1dc828185eb55c5801c84fd2a60d1c2a7

HTTP Headers

GET /gtag/destination?id=DC-12688802&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 10 May 2024 22:47:32 GMT
expires: Fri, 10 May 2024 22:47:32 GMT
cache-control: private, max-age=900
last-modified: Fri, 10 May 2024 21:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 74062
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.googletagmanager.com/gtag/js?id=AW-16482547739&l=dataLayer&cx=c

142.250.74.168

200 OK

90 kB

URL GET HTTP/3
www.googletagmanager.com/gtag/js?id=AW-16482547739&l=dataLayer&cx=c
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://1wuqas.life/free-money?trid=bai2459008
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE
ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT

File type
JavaScript source, ASCII text, with very long lines (4179)
Size
90 kB (90352 bytes)
Hash
4addf7cac1dccf7a96644794f5642266
4c12819683dab2b8bc472ec5250ddddba35e9a7b
51f0b5fd3090cfed8c481a65d6619b4b2e7b9867818f33230f5a6522b94cb94f

HTTP Headers

GET /gtag/js?id=AW-16482547739&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 10 May 2024 22:47:32 GMT
expires: Fri, 10 May 2024 22:47:32 GMT
cache-control: private, max-age=900
last-modified: Fri, 10 May 2024 21:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 90352
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

1win-cdn.com/img/coin.e3b6b94c0-237.png

154.197.121.128

200 OK

9.1 kB

URL GET HTTP/2
1win-cdn.com/img/coin.e3b6b94c0-237.png
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wuqas.life/free-money?trid=bai2459008
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
PNG image data, 237 x 210, 8-bit colormap, non-interlaced
Size
9.1 kB (9116 bytes)
Hash
9200a5a4c43a62e03cd3808f82c01322
519fad294ebd207bfabc45cb4ed04aeb94466535
c39270ae61e3d5847b0e86c2087440acffa70dca8d5f9e4dcd1796944e45eb78

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/coin.e3b6b94c0-237.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:32 GMT
content-type: image/png
content-length: 9116
cf-bgj: imgq:100,h2pri
cf-polished: origSize=10466
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "663e5971-28e2"
last-modified: Fri, 10 May 2024 17:29:21 GMT
cf-cache-status: HIT
age: 853
expires: Sat, 11 May 2024 02:47:32 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78bc4c19568b-OSL
X-Firefox-Spdy: h2

1win-cdn.com/img/red-border.4f5195c5e-432.png

154.197.121.128

200 OK

5.1 kB

URL GET HTTP/2
1win-cdn.com/img/red-border.4f5195c5e-432.png
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wuqas.life/free-money?trid=bai2459008
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
PNG image data, 432 x 256, 8-bit colormap, non-interlaced
Size
5.1 kB (5086 bytes)
Hash
b6a7ff52628b712fcd4a4f7b1bf3a10e
ce149b100937670ef415bc66d2eff837ee12f297
9542b2421a8e61d7edb340d497941564754a17c4dc575f3118947a71f2eae97e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/red-border.4f5195c5e-432.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:32 GMT
content-type: image/png
content-length: 5086
cf-bgj: imgq:100,h2pri
cf-polished: origSize=5930
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "663e5971-172a"
last-modified: Fri, 10 May 2024 17:29:21 GMT
cf-cache-status: HIT
age: 853
expires: Sat, 11 May 2024 02:47:32 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78bc4c1b568b-OSL
X-Firefox-Spdy: h2

1win-cdn.com/font/Rocketfont-latin.6b82a4379.woff2

154.197.121.128

200 OK

6.6 kB

URL GET HTTP/2
1win-cdn.com/font/Rocketfont-latin.6b82a4379.woff2
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wuqas.life/free-money?trid=bai2459008
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
Web Open Font Format (Version 2), TrueType, length 6556, version 1.0
Size
6.6 kB (6556 bytes)
Hash
cedd4030414323747e61b4fef382fb93
b1d6b4b9f47c7f2afac940dff4ae5c216ff2092b
84d94f5c4174d7f60d77dd1c8400f3c80d850d006fd75a2f8d152dfe5d373a83

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /font/Rocketfont-latin.6b82a4379.woff2 HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1wuqas.life
DNT: 1
Connection: keep-alive
Referer: https://1win-cdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:32 GMT
content-type: application/octet-stream
content-length: 6556
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: "663bfc40-199c"
expires: Mon, 08 May 2034 22:47:32 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
accept-ranges: bytes
set-cookie: __cf_bm=MPSXuPjuRk41pGFX.eV5ehi4vKlkkwQWEL6KgpVBR7g-1715381252-1.0.1.1-GSLWDonymksTZQJRPNYzJzkCk3U8qiUc_Mk_vCSKtMjoMA537lYdRFmRDMzSc2Kb5VC24YQr1E0ndvbpF4lDTQ; path=/; expires=Fri, 10-May-24 23:17:32 GMT; domain=.1win-cdn.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78bc4f360b41-OSL
X-Firefox-Spdy: h2

cdn3.wowza.com/1/Qlh2bVl4UWxkRXph/SHhjRFlz/hls/live/playlist.m3u8

151.101.65.33

200 OK

144 B

URL GET HTTP/2
cdn3.wowza.com/1/Qlh2bVl4UWxkRXph/SHhjRFlz/hls/live/playlist.m3u8
IP
151.101.65.33:443
ASN
#54113 FASTLY

Requested by
https://1wuqas.life/free-money?trid=bai2459008
Certificate
IssuerGlobalSign nv-sa
Subjectcdn3.wowza.com
Fingerprint88:52:5C:71:34:B1:19:86:CF:69:44:58:A6:05:7B:2F:93:54:6A:16
ValidityWed, 06 Mar 2024 19:50:09 GMT - Mon, 07 Apr 2025 19:50:08 GMT

File type
M3U playlist, ASCII text
Size
144 B (144 bytes)
Hash
5bf5ca44a76580c2c36e059f0d668b03
166322c1bfd96328fc05993b0a10f69499acb329
ed236359045d86ab8eb15935041b896f8617a90a65dd7f90102329d5e0a2a22a

HTTP Headers

GET /1/Qlh2bVl4UWxkRXph/SHhjRFlz/hls/live/playlist.m3u8 HTTP/1.1
Host: cdn3.wowza.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1wuqas.life
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-md5: W/XKRKdlgMLDbgWfDWaLAw==
content-type: application/x-mpegURL
opc-request-id: fra-1:kGnk6Nnaq6EFqt-DrVLg3OOa6WGaNEom6mGY4QY2MbY5J5g-ucB-DL1HF6-on61_
x-api-id: s3-compatible
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-methods: POST,PUT,GET,HEAD,DELETE,OPTIONS
access-control-allow-credentials: true
access-control-expose-headers: accept-ranges,access-control-allow-credentials,access-control-allow-methods,access-control-allow-origin,cache-control,content-length,content-md5,content-type,date,etag,last-modified,opc-client-info,opc-request-id,strict-transport-security,x-amz-meta-cache-control,x-amz-meta-surrogate-key,x-amz-request-id,x-amz-version-id,x-api-id,x-content-type-options
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=5
accept-ranges: bytes
date: Fri, 10 May 2024 22:47:32 GMT
age: 5
x-served-by: cache-fra-eddf8230136-FRA, cache-hel1410026-HEL
x-cache: HIT, MISS
x-cache-hits: 18, 0
x-timer: S1715381253.754647,VS0,VE36
vary: Accept-Encoding, Accept-Encoding
access-control-allow-headers: Range
access-control-allow-origin: *
content-length: 144
X-Firefox-Spdy: h2

1win-cdn.com/js/12445.07213f8fb.js

154.197.121.128

200 OK

2.2 kB

URL GET HTTP/2
1win-cdn.com/js/12445.07213f8fb.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wuqas.life/free-money?trid=bai2459008
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
gzip compressed data, from Unix
Size
2.2 kB (2234 bytes)
Hash
899bd7c93e74bd4c435e63fcdf0410b3
9bf264be87f239d3a21174d33f7f6f875f4c2ae1
020fd14e37bcb1fc641d5f350957a9c385c9b5277869ef233f47c1b0a8391fb3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/12445.07213f8fb.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:32 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-15dd"
expires: Mon, 08 May 2034 22:47:32 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 878249
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78bc4c1e568b-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-548949LWLW&cid=1286244795.1715381253&gtm=45je4580v894728184z8894400803za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3lPl2l1&npa=1&frm=0&z=559616704

172.217.21.163

200 OK

42 B

URL GET HTTP/2
www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-548949LWLW&cid=1286244795.1715381253&gtm=45je4580v894728184z8894400803za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3lPl2l1&npa=1&frm=0&z=559616704
IP
172.217.21.163:443
ASN
#15169 GOOGLE

Requested by
https://1wuqas.life/free-money?trid=bai2459008
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.no
Fingerprint7D:68:6D:B1:32:34:52:51:20:C9:53:FF:B9:B7:8F:7E:05:F9:F5:97
ValidityTue, 16 Apr 2024 04:31:00 GMT - Tue, 09 Jul 2024 04:30:59 GMT

File type
GIF image data, version 89a, 1 x 1
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-548949LWLW&cid=1286244795.1715381253&gtm=45je4580v894728184z8894400803za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3lPl2l1&npa=1&frm=0&z=559616704 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 10 May 2024 22:47:32 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

cdn3.wowza.com/1/Qlh2bVl4UWxkRXph/SHhjRFlz/hls/8njgqvzv/1080/0045fzvi/media_19107.ts

151.101.65.33

200 OK

5.5 MB

URL GET HTTP/2
cdn3.wowza.com/1/Qlh2bVl4UWxkRXph/SHhjRFlz/hls/8njgqvzv/1080/0045fzvi/media_19107.ts
IP
151.101.65.33:443
ASN
#54113 FASTLY

Requested by
https://1wuqas.life/free-money?trid=bai2459008
Certificate
IssuerGlobalSign nv-sa
Subjectcdn3.wowza.com
Fingerprint88:52:5C:71:34:B1:19:86:CF:69:44:58:A6:05:7B:2F:93:54:6A:16
ValidityWed, 06 Mar 2024 19:50:09 GMT - Mon, 07 Apr 2025 19:50:08 GMT

File type
MPEG transport stream data
Size
5.5 MB (5492044 bytes)
Hash
3717baacddd6b52906e6c0440dbae9ac
084a1954462ad6cd6e32413902526fe5985386ce
026b091cb472c20d9a8e22aa0650217f1033591ee9172adc23527f9b44aff785

HTTP Headers

GET /1/Qlh2bVl4UWxkRXph/SHhjRFlz/hls/8njgqvzv/1080/0045fzvi/media_19107.ts HTTP/1.1
Host: cdn3.wowza.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1wuqas.life
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-md5: Nxe6rN3WtSkG5sBEDbrprA==
content-type: video/MP2T
opc-request-id: fra-1:UaT7KgmjH8GLBBquPQmiGDuAYHyqc4rdMxgXzKyjMGjqJEkIucULuPTK08ta0EN4
x-api-id: s3-compatible
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-methods: POST,PUT,GET,HEAD,DELETE,OPTIONS
access-control-allow-credentials: true
access-control-expose-headers: accept-ranges,access-control-allow-credentials,access-control-allow-methods,access-control-allow-origin,cache-control,content-length,content-md5,content-type,date,etag,last-modified,opc-client-info,opc-request-id,strict-transport-security,x-amz-meta-cache-control,x-amz-meta-surrogate-key,x-amz-request-id,x-amz-version-id,x-api-id,x-content-type-options
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=86400
accept-ranges: bytes
date: Fri, 10 May 2024 22:47:32 GMT
age: 29
x-served-by: cache-fra-eddf8230092-FRA, cache-hel1410026-HEL
x-cache: HIT, HIT
x-cache-hits: 15, 2
x-timer: S1715381253.918402,VS0,VE2
vary: Accept-Encoding, Accept-Encoding
access-control-allow-headers: Range
access-control-allow-origin: *
content-length: 5492044
X-Firefox-Spdy: h2

region1.analytics.google.com/g/collect?v=2&tid=G-548949LWLW&gtm=45je4580v894728184z8894400803za200&_p=1715381251210&_gaz=1&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=1286244795.1715381253&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&_s=1&dp=%2Ffree-money&sid=1715381252&sct=1&seg=0&dl=https%3A%2F%2F1wuqas.life%2Ffree-money%3Ftrid%3Dbai2459008&dr=https%3A%2F%2Fwinbr.xyz%2F&dt=1win&en=page_view&_fv=1&_nsi=1&_ss=1&ep.page_url=https%3A%2F%2F1wuqas.life%2Ffree-money%3Ftrid%3Dbai2459008&up.UserID=&up.platform_language=en&up.device_type=desktop&up.platform=web&up.os=other&tfd=2748

216.239.34.36

204 No Content

0 B

URL POST HTTP/2
region1.analytics.google.com/g/collect?v=2&tid=G-548949LWLW&gtm=45je4580v894728184z8894400803za200&_p=1715381251210&_gaz=1&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=1286244795.1715381253&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&_s=1&dp=%2Ffree-money&sid=1715381252&sct=1&seg=0&dl=https%3A%2F%2F1wuqas.life%2Ffree-money%3Ftrid%3Dbai2459008&dr=https%3A%2F%2Fwinbr.xyz%2F&dt=1win&en=page_view&_fv=1&_nsi=1&_ss=1&ep.page_url=https%3A%2F%2F1wuqas.life%2Ffree-money%3Ftrid%3Dbai2459008&up.UserID=&up.platform_language=en&up.device_type=desktop&up.platform=web&up.os=other&tfd=2748
IP
216.239.34.36:443
ASN
#15169 GOOGLE

Requested by
https://1wuqas.life/free-money?trid=bai2459008
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE
ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /g/collect?v=2&tid=G-548949LWLW&gtm=45je4580v894728184z8894400803za200&_p=1715381251210&_gaz=1&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=1286244795.1715381253&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&_s=1&dp=%2Ffree-money&sid=1715381252&sct=1&seg=0&dl=https%3A%2F%2F1wuqas.life%2Ffree-money%3Ftrid%3Dbai2459008&dr=https%3A%2F%2Fwinbr.xyz%2F&dt=1win&en=page_view&_fv=1&_nsi=1&_ss=1&ep.page_url=https%3A%2F%2F1wuqas.life%2Ffree-money%3Ftrid%3Dbai2459008&up.UserID=&up.platform_language=en&up.device_type=desktop&up.platform=web&up.os=other&tfd=2748 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1wuqas.life
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

HTTP/2 204 No Content
access-control-allow-origin: https://1wuqas.life
date: Fri, 10 May 2024 22:47:33 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

1win-cdn.com/img/play-bold-rounded.afd7a5344.svg

154.197.121.128

200 OK

5.3 MB

URL GET HTTP/2
1win-cdn.com/img/play-bold-rounded.afd7a5344.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wuqas.life/free-money?trid=bai2459008
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
gzip compressed data, from Unix
Size
5.3 MB (5297555 bytes)
Hash
ddf1b6b5ea9ebad7f6d7c2a2a013e9d0
b0116e8f9861a27a8a4ee2ed7dbdb51399f5a3a6
e66e45d800daa17ec0d3236bec7b98229cf10b6b8d45e8e797be4f10c7b46b9a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/play-bold-rounded.afd7a5344.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1win-cdn.com/css/86478.fa9af76aa.css
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:33 GMT
content-type: image/svg+xml
last-modified: Fri, 10 May 2024 17:29:21 GMT
etag: W/"663e5971-1a2"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6882
expires: Sat, 11 May 2024 02:47:33 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78c19fb2568b-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

cdn3.wowza.com/1/Qlh2bVl4UWxkRXph/SHhjRFlz/hls/8njgqvzv/1080/0045fzvi/media_19109.ts

151.101.65.33

200 OK

5.3 MB

URL GET HTTP/2
cdn3.wowza.com/1/Qlh2bVl4UWxkRXph/SHhjRFlz/hls/8njgqvzv/1080/0045fzvi/media_19109.ts
IP
151.101.65.33:443
ASN
#54113 FASTLY

Requested by
https://1wuqas.life/free-money?trid=bai2459008
Certificate
IssuerGlobalSign nv-sa
Subjectcdn3.wowza.com
Fingerprint88:52:5C:71:34:B1:19:86:CF:69:44:58:A6:05:7B:2F:93:54:6A:16
ValidityWed, 06 Mar 2024 19:50:09 GMT - Mon, 07 Apr 2025 19:50:08 GMT

File type
MPEG transport stream data
Size
5.3 MB (5305548 bytes)
Hash
95082e084e52f57037e3c989c2461f7d
5fa5896b3bca9f10cd76962f2896508b70e8a100
cb88876ddbaae90a693196e8ba15b5b872acf8bd8ab2301e77402d655f022380

HTTP Headers

GET /1/Qlh2bVl4UWxkRXph/SHhjRFlz/hls/8njgqvzv/1080/0045fzvi/media_19109.ts HTTP/1.1
Host: cdn3.wowza.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1wuqas.life
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-md5: lQguCE5S9XA348mJwkYffQ==
content-type: video/MP2T
opc-request-id: fra-1:vsBoJBGDhGNBwQ8CISODnCahKxyP4SDLK0mgi3A9IHd8--5SSp37v3Pjm0QPKyIM
x-api-id: s3-compatible
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-methods: POST,PUT,GET,HEAD,DELETE,OPTIONS
access-control-allow-credentials: true
access-control-expose-headers: accept-ranges,access-control-allow-credentials,access-control-allow-methods,access-control-allow-origin,cache-control,content-length,content-md5,content-type,date,etag,last-modified,opc-client-info,opc-request-id,strict-transport-security,x-amz-meta-cache-control,x-amz-meta-surrogate-key,x-amz-request-id,x-amz-version-id,x-api-id,x-content-type-options
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=86400
accept-ranges: bytes
age: 10
date: Fri, 10 May 2024 22:47:34 GMT
x-served-by: cache-fra-etou8220147-FRA, cache-hel1410026-HEL
x-cache: HIT, MISS
x-cache-hits: 33, 0
x-timer: S1715381254.173326,VS0,VE163
vary: Accept-Encoding, Accept-Encoding
access-control-allow-headers: Range
access-control-allow-origin: *
content-length: 5305548
X-Firefox-Spdy: h2

region1.analytics.google.com/g/collect?v=2&tid=G-548949LWLW&gtm=45je4580v894728184z8894400803za200&_p=1715381251210&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=1286244795.1715381253&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&_s=2&dp=%2Ffree-money&sid=1715381252&sct=1&seg=0&dl=https%3A%2F%2F1wuqas.life%2Ffree-money%3Ftrid%3Dbai2459008&dr=https%3A%2F%2Fwinbr.xyz%2F&dt=1win&en=bets_page_banner_view&ep.page_url=https%3A%2F%2F1wuqas.life%2Ffree-money%3Ftrid%3Dbai2459008&ep.device_type=desktop&ep.platform=web&ep.os=other&ep.domain=1wuqas.life&tfd=7761

216.239.34.36

204 No Content

0 B

URL POST HTTP/3
region1.analytics.google.com/g/collect?v=2&tid=G-548949LWLW&gtm=45je4580v894728184z8894400803za200&_p=1715381251210&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=1286244795.1715381253&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&_s=2&dp=%2Ffree-money&sid=1715381252&sct=1&seg=0&dl=https%3A%2F%2F1wuqas.life%2Ffree-money%3Ftrid%3Dbai2459008&dr=https%3A%2F%2Fwinbr.xyz%2F&dt=1win&en=bets_page_banner_view&ep.page_url=https%3A%2F%2F1wuqas.life%2Ffree-money%3Ftrid%3Dbai2459008&ep.device_type=desktop&ep.platform=web&ep.os=other&ep.domain=1wuqas.life&tfd=7761
IP
216.239.34.36:443
ASN
#15169 GOOGLE

Requested by
https://1wuqas.life/free-money?trid=bai2459008
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE
ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /g/collect?v=2&tid=G-548949LWLW&gtm=45je4580v894728184z8894400803za200&_p=1715381251210&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=1286244795.1715381253&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&_s=2&dp=%2Ffree-money&sid=1715381252&sct=1&seg=0&dl=https%3A%2F%2F1wuqas.life%2Ffree-money%3Ftrid%3Dbai2459008&dr=https%3A%2F%2Fwinbr.xyz%2F&dt=1win&en=bets_page_banner_view&ep.page_url=https%3A%2F%2F1wuqas.life%2Ffree-money%3Ftrid%3Dbai2459008&ep.device_type=desktop&ep.platform=web&ep.os=other&ep.domain=1wuqas.life&tfd=7761 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1wuqas.life
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers

HTTP/3 204 No Content
access-control-allow-origin: https://1wuqas.life
date: Fri, 10 May 2024 22:47:38 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

1win-cdn.com/img/speed-and-cash.dffacd6c5.svg

154.197.121.128

200 OK

24 kB

URL GET HTTP/2
1win-cdn.com/img/speed-and-cash.dffacd6c5.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wuqas.life/free-money?trid=bai2459008
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
24 kB (23479 bytes)
Hash
3c62bcde419e822cfa55d45a05fa112d
77631a7cbc25e1d4567b72cc5b8c4acb43c7eb38
feb59050cb394075bb3efee348121151a8a214d673e69b1a3b8021e85a46c5f0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/speed-and-cash.dffacd6c5.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:31 GMT
content-type: image/svg+xml
last-modified: Fri, 10 May 2024 17:29:21 GMT
etag: W/"663e5971-5bb7"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 3946
expires: Sat, 11 May 2024 02:47:31 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78b57f9f568b-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/gift.e00021fcd-733.png

154.197.121.128

200 OK

57 kB

URL GET HTTP/2
1win-cdn.com/img/gift.e00021fcd-733.png
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wuqas.life/free-money?trid=bai2459008
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
PNG image data, 733 x 733, 8-bit colormap, non-interlaced
Size
57 kB (57353 bytes)
Hash
a3f93aac7449fb377796205057ada73c
2db1db06007c50f36efb8401ba9d3817df53ce36
03ff1463ed73dbf21608b14aa7fe498ddfb4284a71fd5aa36eb2d6641fa8a700

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/gift.e00021fcd-733.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1win-cdn.com/css/86478.fa9af76aa.css
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:31 GMT
content-type: image/png
content-length: 57353
cf-bgj: imgq:100,h2pri
cf-polished: origSize=61878
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "663e5971-f1b6"
last-modified: Fri, 10 May 2024 17:29:21 GMT
cf-cache-status: HIT
age: 3096
expires: Sat, 11 May 2024 02:47:31 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78b758cf568b-OSL
X-Firefox-Spdy: h2

1win-cdn.com/js/64581.55445f689.js

154.197.121.128

200 OK

847 B

URL GET HTTP/2
1win-cdn.com/js/64581.55445f689.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wuqas.life/free-money?trid=bai2459008
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (899), with no line terminators
Size
847 B (847 bytes)
Hash
8136c6ec98a787f93fc59e7f48620c1c
df9b86cab968429c1a2b9115fa0f173a03e2b6e4
d0d44d5d3b404eaedbd8f17209371d2adc0eb5d4c3919318a80b12b28608e1c5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/64581.55445f689.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:32 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-34f"
expires: Mon, 08 May 2034 22:47:32 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 872710
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78bc4c1d568b-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/js/8726.6a357273b.js

154.197.121.128

200 OK

664 B

URL GET HTTP/2
1win-cdn.com/js/8726.6a357273b.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wuqas.life/free-money?trid=bai2459008
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (682), with no line terminators
Size
664 B (664 bytes)
Hash
2e216c1b879ec285c8c32567174c9af4
e1e1af06fe2299d4a230eb5467395ef6bf3354cc
2e286b2372f85cadaa903f3189b912a18def9e9c561f6b4121af91682164cca2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/8726.6a357273b.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:31 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-298"
expires: Mon, 08 May 2034 22:47:31 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 878895
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78b6682d568b-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/backgroundIcon1.38edc7251-282.png

154.197.121.128

200 OK

16 kB

URL GET HTTP/2
1win-cdn.com/img/backgroundIcon1.38edc7251-282.png
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wuqas.life/free-money?trid=bai2459008
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
PNG image data, 282 x 375, 8-bit colormap, non-interlaced
Size
16 kB (15829 bytes)
Hash
5c970955cb4c618075557732ded02142
64db803ade273b29fad7824aa265f915a50daa09
9104baa30e74ab2ad6f9917e6acb8235e4e1bad87f34dad87ed1210474734e27

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/backgroundIcon1.38edc7251-282.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1win-cdn.com/css/86478.fa9af76aa.css
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:31 GMT
content-type: image/png
content-length: 15829
cf-bgj: imgq:100,h2pri
cf-polished: origSize=19089
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "663e5971-4a91"
last-modified: Fri, 10 May 2024 17:29:21 GMT
cf-cache-status: HIT
age: 3096
expires: Sat, 11 May 2024 02:47:31 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78b78907568b-OSL
X-Firefox-Spdy: h2

1win-cdn.com/img/android.9ab2f3011.svg

154.197.121.128

200 OK

1.1 kB

URL GET HTTP/2
1win-cdn.com/img/android.9ab2f3011.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wuqas.life/free-money?trid=bai2459008
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
1.1 kB (1063 bytes)
Hash
6c8e2b3d88518ea8679d2009cffc3f2c
82e074a0c448d7b0adbc8b03e950120b3cc92c64
037c23137aaf34b6b8f208da8e20932e6bad327209ef219f5043edadaf489227

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/android.9ab2f3011.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:31 GMT
content-type: image/svg+xml
last-modified: Fri, 10 May 2024 17:29:21 GMT
etag: W/"663e5971-427"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Sat, 11 May 2024 02:47:31 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78b70898568b-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/phones.2d1888519-1286.png

154.197.121.128

200 OK

137 kB

URL GET HTTP/2
1win-cdn.com/img/phones.2d1888519-1286.png
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wuqas.life/free-money?trid=bai2459008
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
PNG image data, 1286 x 1046, 8-bit colormap, non-interlaced
Size
137 kB (136702 bytes)
Hash
7992ccb22f1542fb25f6737f77be9317
424086b1ee829a12a53d1daf021eba9519317537
6c5bc91d7e82c8684a308d6518c4f329849e39a499f5f0ef49f9d5cee546090d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/phones.2d1888519-1286.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1win-cdn.com/css/86478.fa9af76aa.css
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:31 GMT
content-type: image/png
content-length: 136702
cf-bgj: imgq:100,h2pri
cf-polished: origSize=152419
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "663e5971-25363"
last-modified: Fri, 10 May 2024 17:29:21 GMT
cf-cache-status: HIT
age: 3096
expires: Sat, 11 May 2024 02:47:31 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78b7a921568b-OSL
X-Firefox-Spdy: h2

1wuqas.life/firebase/8.1.1/firebase-app.js

190.115.24.78

200 OK

20 kB

URL GET HTTP/2
1wuqas.life/firebase/8.1.1/firebase-app.js
IP
190.115.24.78:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://1wuqas.life/free-money?trid=bai2459008
Certificate
IssuerLet's Encrypt
Subject1wuqas.life
Fingerprint01:05:C3:32:4E:7E:9E:72:BC:3B:0B:3A:CA:D2:57:3D:BC:6D:B5:4B
ValidityTue, 23 Apr 2024 13:01:25 GMT - Mon, 22 Jul 2024 13:01:24 GMT

File type
JavaScript source, ASCII text, with very long lines (19927)
Size
20 kB (19949 bytes)
Hash
5b9dcee25dd464bbf914b48e05e770c7
3f4e99ad6ce1fb6eb6be51dbd50ffab375eb0533
01a87f9f8138f66274cfedb855c0bfbe1529600a65ed26b0c863533e1e94abce

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /firebase/8.1.1/firebase-app.js HTTP/1.1
Host: 1wuqas.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/free-money?trid=bai2459008
Cookie: __ddg1_=wyTIZ1V7LISDvKhmubWl; visit_domain=1wuqas.life; core-sticky=http://10.233.84.5:80; 1w_lang=en; 1w_locale=1; AMP_494cccfe21=JTdCJTIyZGV2aWNlSWQlMjIlM0ElMjI1NjQyYTIzYy02NTlmLTRiZjQtYjdiNC04MTI2OWM1NGZkNGYlMjIlMkMlMjJzZXNzaW9uSWQlMjIlM0ExNzE1MzgxMjUwOTU4JTJDJTIyb3B0T3V0JTIyJTNBZmFsc2UlMkMlMjJsYXN0RXZlbnRUaW1lJTIyJTNBMTcxNTM4MTI1MDk5NiUyQyUyMmxhc3RFdmVudElkJTIyJTNBMCU3RA==; AMP_MKTG_494cccfe21=JTdCJTIycmVmZXJyZXIlMjIlM0ElMjJodHRwcyUzQSUyRiUyRndpbmJyLnh5eiUyRiUyMiUyQyUyMnJlZmVycmluZ19kb21haW4lMjIlM0ElMjJ3aW5ici54eXolMjIlN0Q=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
date: Thu, 09 May 2024 20:05:49 GMT
content-type: application/javascript
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: W/"663bfc40-4ded"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: ALLOW-FROM   ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan, ALLOW-FROM 1win-partner.com  ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan
content-encoding: br
vary: Accept-Encoding
age: 96102
content-length: 6578
ddg-cache-status: HIT
X-Firefox-Spdy: h2

1win-cdn.com/js/16633.019e17a29.js

154.197.121.128

200 OK

1.1 kB

URL GET HTTP/2
1win-cdn.com/js/16633.019e17a29.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wuqas.life/free-money?trid=bai2459008
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (1136), with no line terminators
Size
1.1 kB (1100 bytes)
Hash
670d33b699884be77ea10656635a89bb
1f0831c983ebaf1f715650aaca4ff3e5464bff1e
c9578dfefa7c7a2a6abf8db0b0fb163c7fdc78cc2e8da969f310002847f29804

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/16633.019e17a29.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:31 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-44c"
expires: Mon, 08 May 2034 22:47:31 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 188972
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78b6280a568b-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/bear.a11bc64c8-968.png

154.197.121.128

200 OK

110 kB

URL GET HTTP/2
1win-cdn.com/img/bear.a11bc64c8-968.png
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wuqas.life/free-money?trid=bai2459008
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
PNG image data, 968 x 1143, 8-bit colormap, non-interlaced
Size
110 kB (110022 bytes)
Hash
6af44a2e860e05535e4c378661a0cdb8
33df0b4f2e813dc6dd50709d09e6d2f496b36581
e7b703632b781af71f23c74340367111db0452cd666189bb843858c1325ad941

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/bear.a11bc64c8-968.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1win-cdn.com/css/86478.fa9af76aa.css
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:31 GMT
content-type: image/png
content-length: 110022
cf-bgj: imgq:100,h2pri
cf-polished: origSize=127126
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "663e5971-1f096"
last-modified: Fri, 10 May 2024 17:29:21 GMT
cf-cache-status: HIT
age: 3096
expires: Sat, 11 May 2024 02:47:31 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78b758d3568b-OSL
X-Firefox-Spdy: h2

1win-cdn.com/js/chunk-common.1cc012ae5.js

154.197.121.128

200 OK

192 kB

URL GET HTTP/2
1win-cdn.com/js/chunk-common.1cc012ae5.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wuqas.life/free-money?trid=bai2459008
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type

Size
192 kB (191566 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/chunk-common.1cc012ae5.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:30 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: W/"663bfc40-2ec4e"
expires: Mon, 08 May 2034 22:47:30 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 173741
set-cookie: __cf_bm=p2Uuq2y2UgR5xEKvxMRXoFGgqLpB7lmiwujDbtHx0Wg-1715381250-1.0.1.1-XBOmbkWuIuYBM4oro7GssEO6ce1BWq40ZfAiT0uXDvVzjSyGAHHRifcFnkjL9glBbwmvjN.uWKho0FRDy0_UwQ; path=/; expires=Fri, 10-May-24 23:17:30 GMT; domain=.1win-cdn.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78af6b37568b-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

www.googletagmanager.com/gtm.js?id=GTM-KGKQDC7

142.250.74.168

200 OK

379 kB

URL GET HTTP/2
www.googletagmanager.com/gtm.js?id=GTM-KGKQDC7
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://1wuqas.life/free-money?trid=bai2459008
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE
ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT

File type

Size
379 kB (378751 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /gtm.js?id=GTM-KGKQDC7 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 10 May 2024 22:47:31 GMT
expires: Fri, 10 May 2024 22:47:31 GMT
cache-control: private, max-age=900
last-modified: Fri, 10 May 2024 21:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 110442
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

1win-cdn.com/js/92592.83aecf04f.js

154.197.121.128

200 OK

25 kB

URL GET HTTP/2
1win-cdn.com/js/92592.83aecf04f.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wuqas.life/free-money?trid=bai2459008
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
JavaScript source, ASCII text, with very long lines (25102), with no line terminators
Size
25 kB (25102 bytes)
Hash
b3673cf530ac125607635c8ecdb4cc4e
33e3f1abfc43ae593645f12805758bbb4e937815
8ae56e575e7be7b4d38538dc287c5005fd8897d56ab3a2ae504a74bbd9652bd6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/92592.83aecf04f.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:31 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-620e"
expires: Mon, 08 May 2034 22:47:31 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 217903
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78b6280e568b-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/ios.9fc5ab9b1.svg

154.197.121.128

200 OK

1.2 kB

URL GET HTTP/2
1win-cdn.com/img/ios.9fc5ab9b1.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wuqas.life/free-money?trid=bai2459008
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
1.2 kB (1200 bytes)
Hash
6c099d7368ce3f0652dee56d15d6425f
6cc181a44b4b4e3a7b76ed652929c30f227826dd
5baffbd3e4ff499bd80919a54319527ba1655a9ab5de31ff37b4335be6bd858b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/ios.9fc5ab9b1.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:31 GMT
content-type: image/svg+xml
last-modified: Fri, 10 May 2024 17:29:21 GMT
etag: W/"663e5971-4b0"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 3438
expires: Sat, 11 May 2024 02:47:31 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78b70897568b-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

d16q5vvir3f28d.cloudfront.net/raffle-20240411/headerLink.png

143.204.42.78

200 OK

3.9 kB

URL GET HTTP/2
d16q5vvir3f28d.cloudfront.net/raffle-20240411/headerLink.png
IP
143.204.42.78:443
ASN
#16509 AMAZON-02

Requested by
https://1wuqas.life/free-money?trid=bai2459008
Certificate
IssuerAmazon
Subject*.cloudfront.net
FingerprintFA:21:45:DC:4D:94:03:A3:09:77:51:78:4A:21:F2:C5:6D:94:BE:52
ValidityTue, 10 Oct 2023 00:00:00 GMT - Thu, 19 Sep 2024 23:59:59 GMT

File type
PNG image data, 124 x 48, 8-bit colormap, non-interlaced
Size
3.9 kB (3884 bytes)
Hash
3219393f1efd01cf2db20820dff57cf2
ebdbcf916084a0d5a70680021d269680e9f41d41
8bb1195fc7bb92abd77f1a9bb21ce32e20e509d25d3aef4c412b50c8fae6ec06

HTTP Headers

GET /raffle-20240411/headerLink.png HTTP/1.1
Host: d16q5vvir3f28d.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: image/png
content-length: 3884
date: Fri, 10 May 2024 03:33:37 GMT
last-modified: Thu, 11 Apr 2024 12:20:45 GMT
etag: "3219393f1efd01cf2db20820dff57cf2"
x-amz-server-side-encryption: AES256
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 dbfaae0db03f11cf713bbcbdb25be4a2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: 6aWHjYKU8c0oFznARpULogosOkFJ3Hcxm8c65ghLK9FlXKBtKo__WQ==
age: 69236
X-Firefox-Spdy: h2

1win-cdn.com/js/91217.fc8dbcaea.js

154.197.121.128

200 OK

828 B

URL GET HTTP/2
1win-cdn.com/js/91217.fc8dbcaea.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wuqas.life/free-money?trid=bai2459008
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (846), with no line terminators
Size
828 B (828 bytes)
Hash
873b0a1f00b7e367ac6843a8b9e80deb
b9333e21da514f326abf81822702b8897c39fb48
647917f9f3afebc3e96f7512bdfa2faf4e3b02948b908fedc205a18a5aa4c76c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/91217.fc8dbcaea.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:31 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-33c"
expires: Mon, 08 May 2034 22:47:31 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 872473
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78b4ef01568b-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/js/86359.48c462178.js

154.197.121.128

200 OK

634 B

URL GET HTTP/2
1win-cdn.com/js/86359.48c462178.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wuqas.life/free-money?trid=bai2459008
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (654), with no line terminators
Size
634 B (634 bytes)
Hash
33a83c5ac34b557d3037a52c8dead1fe
6bd3202d3720d8c86a84a63f1975b5d53d044ef9
7eb34e53490cdfe14b7d40ae44b2bf4e92d10e204114c1bf5352f6a66c587b8b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/86359.48c462178.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:31 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-27a"
expires: Mon, 08 May 2034 22:47:31 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 872473
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78b50f1a568b-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/js/31310.c605a9b9f.js

154.197.121.128

200 OK

528 B

URL GET HTTP/2
1win-cdn.com/js/31310.c605a9b9f.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wuqas.life/free-money?trid=bai2459008
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (546), with no line terminators
Size
528 B (528 bytes)
Hash
819ea0d23f76434d7cf7bdad5c0dc71f
06f5a3c6cd80db3f5850633d2f868f55e7e92447
3fc29ff364ab40aadf6f25a1d6423b9d333cfecf786e3cfcc04175850357eedb

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/31310.c605a9b9f.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:31 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-210"
expires: Mon, 08 May 2034 22:47:31 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 886085
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78b55f81568b-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win.direct/v4/socket.io/?Language=en&xorigin=1wuqas.life&EIO=4&transport=websocket

134.122.54.186

101 Switching Protocols

0 B

URL GET HTTP/1.1
1win.direct/v4/socket.io/?Language=en&xorigin=1wuqas.life&EIO=4&transport=websocket
IP
134.122.54.186:443
ASN
#14061 DIGITALOCEAN-ASN

Requested by
https://1wuqas.life/free-money?trid=bai2459008
Certificate
IssuerLet's Encrypt
Subject*.1win.direct
Fingerprint52:A8:ED:F5:F8:3D:CF:F0:55:C1:2A:96:EA:32:49:27:6C:D8:26:27
ValiditySun, 17 Mar 2024 06:46:18 GMT - Sat, 15 Jun 2024 06:46:17 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /v4/socket.io/?Language=en&xorigin=1wuqas.life&EIO=4&transport=websocket HTTP/1.1
Host: 1win.direct
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://1wuqas.life
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: Abcpq4qxqkO0uG97zMfUOQ==
DNT: 1
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Sec-Websocket-Accept: y40bwq7JJt41Gk66aKiHTf+6HbU=
Sec-Websocket-Extensions: permessage-deflate
Set-Cookie: core-sticky=a89ed6e2ee589f2b; Path=/; HttpOnly
Upgrade: websocket

1win-cdn.com/img/aviator-game-logo.2fb50dc03.svg

154.197.121.128

200 OK

3.1 kB

URL GET HTTP/2
1win-cdn.com/img/aviator-game-logo.2fb50dc03.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wuqas.life/free-money?trid=bai2459008
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
3.1 kB (3066 bytes)
Hash
ced188fd368f5c8439ebd4398c9c9315
3b04cd5dfecda2e4b27b203dba4a6cef1b7890ea
82811dea95287317cc83610df97a7bc61db4783bd43ef75c8131c497f7868ef6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/aviator-game-logo.2fb50dc03.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:31 GMT
content-type: image/svg+xml
last-modified: Fri, 10 May 2024 17:29:21 GMT
etag: W/"663e5971-bfa"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 3946
expires: Sat, 11 May 2024 02:47:31 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78b57fa2568b-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/js/chunk-vendors.84f8d8042.js

154.197.121.128

200 OK

244 kB

URL GET HTTP/2
1win-cdn.com/js/chunk-vendors.84f8d8042.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wuqas.life/free-money?trid=bai2459008
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
JavaScript source, ASCII text, with very long lines (36138)
Size
244 kB (244530 bytes)
Hash
bf6401b0dfe9edb44c1316084aec2571
f8be08eb40e34c5fc52836f090309c15946a5246
d40dcf0986210c131bef533a944dc9ca304425090c57c650b590409aa1162c47

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/chunk-vendors.84f8d8042.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:30 GMT
content-type: application/javascript; charset=utf-8
last-modified: Thu, 25 Apr 2024 11:30:31 GMT
etag: W/"662a3ed7-3bb32"
expires: Mon, 08 May 2034 22:47:30 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 873303
set-cookie: __cf_bm=_mDhubdc_tG4EEUxFEoalLeghBj.lkxMX6LvBehdVsE-1715381250-1.0.1.1-8hTsZziMi1wBOr18ONO.ch24zEDSAk7YmM7zlb8_mT6gyD6L_ALTDjhcXz3je6oQKHV_OyN3sS1ht1b__STSGg; path=/; expires=Fri, 10-May-24 23:17:30 GMT; domain=.1win-cdn.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78af6b3e568b-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/js/28852.501b5fba6.js

154.197.121.128

200 OK

906 B

URL GET HTTP/2
1win-cdn.com/js/28852.501b5fba6.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wuqas.life/free-money?trid=bai2459008
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (924), with no line terminators
Size
906 B (906 bytes)
Hash
f97751384d582a6e650b35ebe9d32479
e545afff49a2a354c28392833508fd88ebaa4875
1df0101a9f183c7133c49e126c64e4820760e5ab7d99895d0ee7e6d514810b9b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/28852.501b5fba6.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:31 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-38a"
expires: Mon, 08 May 2034 22:47:31 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 878895
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78b53f5e568b-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/js/94489.2c0cf52a2.js

154.197.121.128

200 OK

1.8 kB

URL GET HTTP/2
1win-cdn.com/js/94489.2c0cf52a2.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wuqas.life/free-money?trid=bai2459008
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (1795), with no line terminators
Size
1.8 kB (1751 bytes)
Hash
f2f8f684268ff94e448fc5a55e9eafd9
b991ecdde85ec3ed2c2397c4a1abbe9d4c9b1f84
45431897a45767410663bbe633f762af9ff1e7d720af5ef8b65cfb30f4e5b983

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/94489.2c0cf52a2.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:31 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-6d7"
expires: Mon, 08 May 2034 22:47:31 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 872709
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78b6280d568b-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/js/icons-pack-payment-full.c748a9e6d.js

154.197.121.128

200 OK

121 kB

URL GET HTTP/2
1win-cdn.com/js/icons-pack-payment-full.c748a9e6d.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wuqas.life/free-money?trid=bai2459008
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
121 kB (121043 bytes)
Hash
3db61399d0d4c57b17b5a337d59e3f0e
9312e9b832f7c0cc755c7c8b867986babdac8628
876516cc68bca8bef6cc55a91e8f13c040dfd4d63be038326fcc515eb22ad026

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/icons-pack-payment-full.c748a9e6d.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:31 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-1d8d3"
expires: Mon, 08 May 2034 22:47:31 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 883221
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78b6b869568b-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/backgroundIcon2.30061cfe8-230.png

154.197.121.128

200 OK

12 kB

URL GET HTTP/2
1win-cdn.com/img/backgroundIcon2.30061cfe8-230.png
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wuqas.life/free-money?trid=bai2459008
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
PNG image data, 230 x 222, 8-bit colormap, non-interlaced
Size
12 kB (12408 bytes)
Hash
b8b7fa5d9ec4f40728fbeb90c8ac65f6
fb027610c5a60b8d548e9940335f26fd2940140a
4f5fe3198d660cb56094ad843685761391bf0f089c376791d83a0468359d4e7c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/backgroundIcon2.30061cfe8-230.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1win-cdn.com/css/86478.fa9af76aa.css
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:31 GMT
content-type: image/png
content-length: 12408
cf-bgj: imgq:100,h2pri
cf-polished: origSize=15396
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "663e5971-3c24"
last-modified: Fri, 10 May 2024 17:29:21 GMT
cf-cache-status: HIT
age: 3096
expires: Sat, 11 May 2024 02:47:31 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78b78908568b-OSL
X-Firefox-Spdy: h2

1win-cdn.com/css/21758.dae54c10d.css

154.197.121.128

200 OK

31 kB

URL GET HTTP/2
1win-cdn.com/css/21758.dae54c10d.css
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wuqas.life/free-money?trid=bai2459008
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
ASCII text, with very long lines (31262)
Size
31 kB (31263 bytes)
Hash
042184ca7fa3adf2a29c3de64253e215
321e3142ce096f24515bf9c5699fda45dcc5e76c
672247ee69b11db439dc0db48c1b8115542d13a4c9c2f23af0a0433b453adc7a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/21758.dae54c10d.css HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:30 GMT
content-type: text/css
last-modified: Mon, 06 May 2024 12:32:27 GMT
etag: W/"6638cddb-7a1f"
expires: Mon, 08 May 2034 22:47:30 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 381652
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78b14cb4568b-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/js/21758.bc752219e.js

154.197.121.128

200 OK

415 kB

URL GET HTTP/2
1win-cdn.com/js/21758.bc752219e.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wuqas.life/free-money?trid=bai2459008
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type

Size
415 kB (415134 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/21758.bc752219e.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:30 GMT
content-type: application/javascript; charset=utf-8
last-modified: Fri, 10 May 2024 17:29:21 GMT
etag: W/"663e5971-6559e"
expires: Mon, 08 May 2034 22:47:30 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 18787
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78b14cb5568b-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

d16q5vvir3f28d.cloudfront.net/raffle-20240411/texts/desktopActive/en.svg

143.204.42.78

200 OK

18 kB

URL GET HTTP/2
d16q5vvir3f28d.cloudfront.net/raffle-20240411/texts/desktopActive/en.svg
IP
143.204.42.78:443
ASN
#16509 AMAZON-02

Requested by
https://1wuqas.life/free-money?trid=bai2459008
Certificate
IssuerAmazon
Subject*.cloudfront.net
FingerprintFA:21:45:DC:4D:94:03:A3:09:77:51:78:4A:21:F2:C5:6D:94:BE:52
ValidityTue, 10 Oct 2023 00:00:00 GMT - Thu, 19 Sep 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image
Size
18 kB (17537 bytes)
Hash
1be4fa214e66db9f8cea123bbfc71115
ea8177bc2d395d1010b215e349f307d09879bf23
43c8fb3a6ead3a6d3690a706329b111816714bd76b0506d34e372357d63fb475

HTTP Headers

GET /raffle-20240411/texts/desktopActive/en.svg HTTP/1.1
Host: d16q5vvir3f28d.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: image/svg+xml
date: Fri, 10 May 2024 22:47:33 GMT
last-modified: Thu, 11 Apr 2024 12:20:47 GMT
etag: W/"1be4fa214e66db9f8cea123bbfc71115"
x-amz-server-side-encryption: AES256
x-amz-version-id: null
server: AmazonS3
content-encoding: br
vary: Accept-Encoding
x-cache: Miss from cloudfront
via: 1.1 dbfaae0db03f11cf713bbcbdb25be4a2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: fhXllP3uWB8DJQSliyZ7vzqMCGQMdyt-KCj1L12bhzCh75hzGDQiRg==
X-Firefox-Spdy: h2

1wuqas.life/core-js/3.33.3/minified.js

190.115.24.78

200 OK

244 kB

URL GET HTTP/2
1wuqas.life/core-js/3.33.3/minified.js
IP
190.115.24.78:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://1wuqas.life/free-money?trid=bai2459008
Certificate
IssuerLet's Encrypt
Subject1wuqas.life
Fingerprint01:05:C3:32:4E:7E:9E:72:BC:3B:0B:3A:CA:D2:57:3D:BC:6D:B5:4B
ValidityTue, 23 Apr 2024 13:01:25 GMT - Mon, 22 Jul 2024 13:01:24 GMT

File type

Size
244 kB (244105 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /core-js/3.33.3/minified.js HTTP/1.1
Host: 1wuqas.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/free-money?trid=bai2459008
Cookie: __ddg1_=wyTIZ1V7LISDvKhmubWl
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
date: Thu, 09 May 2024 23:12:49 GMT
content-type: application/javascript
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: W/"663bfc40-3b989"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: ALLOW-FROM   ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan, ALLOW-FROM 1win-partner.com  ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan
accept-ranges: bytes
age: 84881
ddg-cache-status: HIT
content-encoding: br
vary: Accept-Encoding
X-Firefox-Spdy: h2

1win-cdn.com/js/57091.88e10d1f5.js

154.197.121.128

200 OK

7.1 kB

URL GET HTTP/2
1win-cdn.com/js/57091.88e10d1f5.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wuqas.life/free-money?trid=bai2459008
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (7359), with no line terminators
Size
7.1 kB (7149 bytes)
Hash
ec7e9734bc84612116dbe2441eb8584d
f9e5e91dae53241bbbf847cd892f5a072cb0c4e0
87f294e48245adabe57a93fe9f5914fcf9773511f63738a70347a4139e72b8c0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/57091.88e10d1f5.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:31 GMT
content-type: application/javascript; charset=utf-8
last-modified: Tue, 23 Apr 2024 12:08:15 GMT
etag: W/"6627a4af-1bed"
expires: Mon, 08 May 2034 22:47:31 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 872684
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78b44e8b568b-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/js/91635.a2db5f817.js

154.197.121.128

200 OK

748 B

URL GET HTTP/2
1win-cdn.com/js/91635.a2db5f817.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wuqas.life/free-money?trid=bai2459008
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (766), with no line terminators
Size
748 B (748 bytes)
Hash
74c5864ef446bbb00f9e7e1b39eff8f9
04696352def160b6c3536b2b11c4351f02f49780
348cacf24053c417315aaf1dd971cf88c758964beeb37725c7f683b90bb5e7d2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/91635.a2db5f817.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:31 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-2ec"
expires: Mon, 08 May 2034 22:47:31 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 877592
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78b4ff07568b-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/js/6242.cf213b109.js

154.197.121.128

200 OK

2.3 kB

URL GET HTTP/2
1win-cdn.com/js/6242.cf213b109.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wuqas.life/free-money?trid=bai2459008
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (2323), with no line terminators
Size
2.3 kB (2277 bytes)
Hash
3962bf34e5389a021694d0ff2d2e3141
8d15939c6126c792ce62ddae81e5b87c83d89438
ce5ed1c2a2826fd5fa51e6d0cc8b7cc5b3154c04364896d1cb55b9c78a2b0a8d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/6242.cf213b109.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:31 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-8e5"
expires: Mon, 08 May 2034 22:47:31 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 872709
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78b6280f568b-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/logoIcon.567f29019.svg

154.197.121.128

200 OK

1.1 kB

URL GET HTTP/2
1win-cdn.com/img/logoIcon.567f29019.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wuqas.life/free-money?trid=bai2459008
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
1.1 kB (1125 bytes)
Hash
85cddac6ca8cb55db6c29003c57761ed
a6ad84c5207bf62294f78964cef28ce09c19451c
d6ad98465a3adf55fade5b9c38b7a1e22b9ad1d8c5f2f358862cf0f4bf19fb25

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/logoIcon.567f29019.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:31 GMT
content-type: image/svg+xml
last-modified: Fri, 10 May 2024 17:29:21 GMT
etag: W/"663e5971-465"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 3096
expires: Sat, 11 May 2024 02:47:31 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78b62809568b-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/js/icons-pack-social.4455053b1.js

154.197.121.128

200 OK

26 kB

URL GET HTTP/2
1win-cdn.com/js/icons-pack-social.4455053b1.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wuqas.life/free-money?trid=bai2459008
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
JavaScript source, ASCII text, with very long lines (25529), with no line terminators
Size
26 kB (25529 bytes)
Hash
1b14185591d9bcf20bd451f8e80432b5
b234f9245842f8270f24b137798dab716dca4f96
8fe516d4373eef98060bd7bd9a38c40915c5628bd90429ee567feeb3ff5e3bcb

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/icons-pack-social.4455053b1.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:31 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 24 Apr 2024 14:53:09 GMT
etag: W/"66291cd5-63b9"
expires: Mon, 08 May 2034 22:47:31 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 878895
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78b63816568b-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/js/58258.98332d90c.js

154.197.121.128

200 OK

2.7 kB

URL GET HTTP/2
1win-cdn.com/js/58258.98332d90c.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wuqas.life/free-money?trid=bai2459008
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (2724), with no line terminators
Size
2.7 kB (2700 bytes)
Hash
8692e36ae40202509fcf29c9029676f1
7709e6929dc63ac467d0bd948268795fbec2181b
b1ec5aac00e643db59f10336f15e83163d7840bcb12bf70938dea4ab61993b26

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/58258.98332d90c.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:31 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-a8c"
expires: Mon, 08 May 2034 22:47:31 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 878895
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78b67835568b-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/js/83307.04566d3e7.js

154.197.121.128

200 OK

694 B

URL GET HTTP/2
1win-cdn.com/js/83307.04566d3e7.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wuqas.life/free-money?trid=bai2459008
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (712), with no line terminators
Size
694 B (694 bytes)
Hash
dee02df5ad0f50d02de47be1c1ae7c4f
6a2c39edf87ca5e417091eed429564b4d1e2f01d
b88bf977ab822e552615f1fc21f70e43950cf7051cbbb58aa5024791d69ff2ed

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/83307.04566d3e7.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:32 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-2b6"
expires: Mon, 08 May 2034 22:47:32 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 882592
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78b9da7a568b-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

cdn3.wowza.com/1/Qlh2bVl4UWxkRXph/SHhjRFlz/hls/8njgqvzv/1080/0045fzvi/media_19108.ts

151.101.65.33

200 OK

5.3 MB

URL GET HTTP/2
cdn3.wowza.com/1/Qlh2bVl4UWxkRXph/SHhjRFlz/hls/8njgqvzv/1080/0045fzvi/media_19108.ts
IP
151.101.65.33:443
ASN
#54113 FASTLY

Requested by
https://1wuqas.life/free-money?trid=bai2459008
Certificate
IssuerGlobalSign nv-sa
Subjectcdn3.wowza.com
Fingerprint88:52:5C:71:34:B1:19:86:CF:69:44:58:A6:05:7B:2F:93:54:6A:16
ValidityWed, 06 Mar 2024 19:50:09 GMT - Mon, 07 Apr 2025 19:50:08 GMT

File type

Size
5.3 MB (5297276 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /1/Qlh2bVl4UWxkRXph/SHhjRFlz/hls/8njgqvzv/1080/0045fzvi/media_19108.ts HTTP/1.1
Host: cdn3.wowza.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1wuqas.life
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-md5: nZIS85cYoQkDEVmIeyE8HA==
content-type: video/MP2T
opc-request-id: fra-1:zXQIsTvUkhwhS5ATAMVn-jZunvqlBGcRZLkqCOaxR0eisUlUernVPKO8WaaKppTs
x-api-id: s3-compatible
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-methods: POST,PUT,GET,HEAD,DELETE,OPTIONS
access-control-allow-credentials: true
access-control-expose-headers: accept-ranges,access-control-allow-credentials,access-control-allow-methods,access-control-allow-origin,cache-control,content-length,content-md5,content-type,date,etag,last-modified,opc-client-info,opc-request-id,strict-transport-security,x-amz-meta-cache-control,x-amz-meta-surrogate-key,x-amz-request-id,x-amz-version-id,x-api-id,x-content-type-options
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=86400
accept-ranges: bytes
age: 19
date: Fri, 10 May 2024 22:47:33 GMT
x-served-by: cache-fra-etou8220066-FRA, cache-hel1410026-HEL
x-cache: HIT, HIT
x-cache-hits: 26, 0
x-timer: S1715381253.449888,VS0,VE1
vary: Accept-Encoding, Accept-Encoding
access-control-allow-headers: Range
access-control-allow-origin: *
content-length: 5297276
X-Firefox-Spdy: h2

1win-cdn.com/js/desktop.b9c515d35.js

154.197.121.128

200 OK

136 kB

URL GET HTTP/2
1win-cdn.com/js/desktop.b9c515d35.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wuqas.life/free-money?trid=bai2459008
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
136 kB (136401 bytes)
Hash
d7a9ad8bd4dcb4009607dc52a7e3f3d9
3b3035ec2737cd847dc6b3805a0b192f387ffb7a
67526207ef6c971e8c9df978a52cd85959aecc4a66f3e6400fb1b0afc669f9f3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/desktop.b9c515d35.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:30 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-214d1"
expires: Mon, 08 May 2034 22:47:30 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 210583
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78b14cb8568b-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/js/87327.3876b66fd.js

154.197.121.128

200 OK

991 B

URL GET HTTP/2
1win-cdn.com/js/87327.3876b66fd.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wuqas.life/free-money?trid=bai2459008
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (1025), with no line terminators
Size
991 B (991 bytes)
Hash
cbdd9a90edbce74290674a3cfdbd83ca
66745bda07d1b18360ca282be23b810e5d4573da
1a7db3ba235ed62d577b91b9b07731a4b9b7fb0cd83dfa4769096d315b1bdd82

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/87327.3876b66fd.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:31 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-3df"
expires: Mon, 08 May 2034 22:47:31 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 881945
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78b62806568b-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/banknotes.2ad4fe9c6-718.png

154.197.121.128

200 OK

46 kB

URL GET HTTP/2
1win-cdn.com/img/banknotes.2ad4fe9c6-718.png
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wuqas.life/free-money?trid=bai2459008
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
PNG image data, 718 x 1149, 8-bit colormap, non-interlaced
Size
46 kB (46430 bytes)
Hash
8200d1ede3402aebdb5e1ce51421f02f
859ccb2e8fd70371019168456d64d6a3c482d5d0
8a82e5277b33156beb8fa2bef6eed00751b71da949f6f460c8592c9a7e4246ee

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/banknotes.2ad4fe9c6-718.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1win-cdn.com/css/86478.fa9af76aa.css
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:31 GMT
content-type: image/png
content-length: 46430
cf-bgj: imgq:100,h2pri
cf-polished: origSize=53660
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "663e5971-d19c"
last-modified: Fri, 10 May 2024 17:29:21 GMT
cf-cache-status: HIT
age: 3096
expires: Sat, 11 May 2024 02:47:31 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78b758db568b-OSL
X-Firefox-Spdy: h2

1win-cdn.com/img/bg.51f8fae5b-1019.png

154.197.121.128

200 OK

93 kB

URL GET HTTP/2
1win-cdn.com/img/bg.51f8fae5b-1019.png
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wuqas.life/free-money?trid=bai2459008
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
PNG image data, 1019 x 902, 8-bit colormap, non-interlaced
Size
93 kB (92976 bytes)
Hash
2c4bca355b672279cf42728554c692c3
98c59eae0531eadee281941b689c81e72a2ba465
9ad7b9fe9483f05c9670e1d2359ebe3582a603d002dd7b78a445a66d2014ce44

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/bg.51f8fae5b-1019.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1win-cdn.com/css/86478.fa9af76aa.css
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:31 GMT
content-type: image/png
content-length: 92976
cf-bgj: imgq:100,h2pri
cf-polished: origSize=104691
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "663e5971-198f3"
last-modified: Fri, 10 May 2024 17:29:21 GMT
cf-cache-status: HIT
age: 3096
expires: Sat, 11 May 2024 02:47:31 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78b7c936568b-OSL
X-Firefox-Spdy: h2

1win-cdn.com/js/desktop.b9c515d35.js

154.197.121.128

200 OK

136 kB

URL GET HTTP/2
1win-cdn.com/js/desktop.b9c515d35.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wuqas.life/free-money?trid=bai2459008
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
136 kB (136401 bytes)
Hash
d7a9ad8bd4dcb4009607dc52a7e3f3d9
3b3035ec2737cd847dc6b3805a0b192f387ffb7a
67526207ef6c971e8c9df978a52cd85959aecc4a66f3e6400fb1b0afc669f9f3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/desktop.b9c515d35.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:30 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-214d1"
expires: Mon, 08 May 2034 22:47:30 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 210583
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78b09bf4568b-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/jetx.64787fc5c.svg

154.197.121.128

200 OK

13 kB

URL GET HTTP/2
1win-cdn.com/img/jetx.64787fc5c.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wuqas.life/free-money?trid=bai2459008
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
13 kB (13301 bytes)
Hash
0046061bb77d38094cc0f71b7371d406
1fd7894d0117251f1eeec1a343b85532d7864a05
bac9b1ac206602f5369235b21d6373b9b6f7980ff55c4e851d8a40f00db4d0fa

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/jetx.64787fc5c.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:31 GMT
content-type: image/svg+xml
last-modified: Fri, 10 May 2024 17:29:21 GMT
etag: W/"663e5971-33f5"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 3946
expires: Sat, 11 May 2024 02:47:31 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78b57fa4568b-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/spades.e5ee6f5c9-434.png

154.197.121.128

200 OK

28 kB

URL GET HTTP/2
1win-cdn.com/img/spades.e5ee6f5c9-434.png
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wuqas.life/free-money?trid=bai2459008
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
PNG image data, 434 x 479, 8-bit colormap, non-interlaced
Size
28 kB (27598 bytes)
Hash
a6c83afbeb1dc48a1ccb822d478d67c9
3db96954b55d710fab07919fe34081edc24b340f
01e390e53141cdc64eb5b38f6025c87b51c0f0c9e6cf2d7114db44aadcf9cee6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/spades.e5ee6f5c9-434.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1win-cdn.com/css/86478.fa9af76aa.css
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:31 GMT
content-type: image/png
content-length: 27598
cf-bgj: imgq:100,h2pri
cf-polished: origSize=30728
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "663e5971-7808"
last-modified: Fri, 10 May 2024 17:29:21 GMT
cf-cache-status: HIT
age: 3096
expires: Sat, 11 May 2024 02:47:31 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78b768e9568b-OSL
X-Firefox-Spdy: h2

1win-cdn.com/js/745.e45080fd0.js

154.197.121.128

200 OK

24 kB

URL GET HTTP/2
1win-cdn.com/js/745.e45080fd0.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wuqas.life/free-money?trid=bai2459008
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type

Size
24 kB (24248 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/745.e45080fd0.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:31 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-5eb8"
expires: Mon, 08 May 2034 22:47:31 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 210583
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78b44e84568b-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/js/26026.7b6ae97fd.js

154.197.121.128

200 OK

615 B

URL GET HTTP/2
1win-cdn.com/js/26026.7b6ae97fd.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wuqas.life/free-money?trid=bai2459008
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (659), with no line terminators
Size
615 B (615 bytes)
Hash
eb732444fb9bb481cece734606b49f84
60fde2c53954544b76b2ff7190b7ce39f6461da2
6657877966787cf7b283bb1b33a4c89e5f89a2c615d0e2893838c883fecd9d0d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/26026.7b6ae97fd.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:32 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-267"
expires: Mon, 08 May 2034 22:47:32 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 886413
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78bc4c1a568b-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/js/86478.a0eb9f6d2.js

154.197.121.128

200 OK

127 kB

URL GET HTTP/2
1win-cdn.com/js/86478.a0eb9f6d2.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wuqas.life/free-money?trid=bai2459008
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type

Size
127 kB (126996 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/86478.a0eb9f6d2.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:31 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-1f014"
expires: Mon, 08 May 2034 22:47:31 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 210620
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78b45e92568b-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/1win-normal.34748aac6.svg

154.197.121.128

200 OK

4.6 kB

URL GET HTTP/2
1win-cdn.com/img/1win-normal.34748aac6.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wuqas.life/free-money?trid=bai2459008
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
4.6 kB (4641 bytes)
Hash
6a657a7851fa92f791304f1cdb123e9a
ae2def67a366ffe67578bf82e3c47b4f1966e784
8443e4838f78a5ad2efa628846e3337e1cec32b94cfce323eb25f2e97989a02f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/1win-normal.34748aac6.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:31 GMT
content-type: image/svg+xml
last-modified: Fri, 10 May 2024 17:29:21 GMT
etag: W/"663e5971-1221"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 3088
expires: Sat, 11 May 2024 02:47:31 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78b55f8c568b-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/carRaffleDesktopHeaderTicket.1a4740acc.svg

154.197.121.128

200 OK

1.0 kB

URL GET HTTP/2
1win-cdn.com/img/carRaffleDesktopHeaderTicket.1a4740acc.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wuqas.life/free-money?trid=bai2459008
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
1.0 kB (1023 bytes)
Hash
923ec09a017c369d475682b8b60fe652
f2a4cf5f06644b65bb3df522652a41a2b09c2aa9
7dd1302808a915df5f6af1480cd4fc562a8ad77550aa3ec0a32d5663d8d6afc6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/carRaffleDesktopHeaderTicket.1a4740acc.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:32 GMT
content-type: image/svg+xml
last-modified: Fri, 10 May 2024 17:29:21 GMT
etag: W/"663e5971-3ff"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 3933
expires: Sat, 11 May 2024 02:47:32 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78b9da74568b-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

cdn3.wowza.com/1/Qlh2bVl4UWxkRXph/SHhjRFlz/hls/8njgqvzv/1080/chunklist.m3u8

151.101.65.33

200 OK

540 B

URL GET HTTP/2
cdn3.wowza.com/1/Qlh2bVl4UWxkRXph/SHhjRFlz/hls/8njgqvzv/1080/chunklist.m3u8
IP
151.101.65.33:443
ASN
#54113 FASTLY

Requested by
https://1wuqas.life/free-money?trid=bai2459008
Certificate
IssuerGlobalSign nv-sa
Subjectcdn3.wowza.com
Fingerprint88:52:5C:71:34:B1:19:86:CF:69:44:58:A6:05:7B:2F:93:54:6A:16
ValidityWed, 06 Mar 2024 19:50:09 GMT - Mon, 07 Apr 2025 19:50:08 GMT

File type
M3U playlist, ASCII text, with very long lines (566), with no line terminators
Size
540 B (540 bytes)
Hash
314700d8f204aa38bd602deab86572d6
eed325a4dbd86aed75fac8f11b34539a5a9dcaa0
97a535f848ad89b65a2e379341ce711615e9b4c949dd98105879f89497813fa7

HTTP Headers

GET /1/Qlh2bVl4UWxkRXph/SHhjRFlz/hls/8njgqvzv/1080/chunklist.m3u8 HTTP/1.1
Host: cdn3.wowza.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1wuqas.life
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-md5: KNsAN0TpPwFahSTvIlmX2Q==
cache-control: public, max-age=5
content-type: application/x-mpegURL
opc-request-id: fra-1:YxqcFNYgYi6tm2YS7kckdyfFoZ2QdeNoUd0CnhFk-F2YRqc1sfOzF4ipw7qebFBW
x-api-id: s3-compatible
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-methods: POST,PUT,GET,HEAD,DELETE,OPTIONS
access-control-allow-credentials: true
access-control-expose-headers: accept-ranges,access-control-allow-credentials,access-control-allow-methods,access-control-allow-origin,cache-control,content-length,content-md5,content-type,date,etag,last-modified,opc-client-info,opc-request-id,strict-transport-security,x-amz-meta-cache-control,x-amz-meta-playlist-duration,x-amz-meta-segment-duration,x-amz-meta-stale-chunklist-duration,x-amz-meta-surrogate-key,x-amz-request-id,x-amz-version-id,x-api-id,x-content-type-options
via: 1.1 varnish, 1.1 varnish
segment-duration: 10.0
accept-ranges: bytes
date: Fri, 10 May 2024 22:47:32 GMT
age: 4
x-served-by: cache-fra-etou8220118-FRA, cache-hel1410026-HEL
x-cache: HIT, HIT
x-cache-hits: 8, 3
x-timer: S1715381253.888040,VS0,VE0
vary: Accept-Encoding, Accept-Encoding
access-control-allow-headers: Range
access-control-allow-origin: *
x-wowza-chunklist-expires: Fri, 10 May 2024 22:49:00 GMT
content-length: 540
X-Firefox-Spdy: h2

1win-cdn.com/css/99795.ab3c19c88.css

154.197.121.128

200 OK

7.4 kB

URL GET HTTP/2
1win-cdn.com/css/99795.ab3c19c88.css
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wuqas.life/free-money?trid=bai2459008
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
ASCII text, with very long lines (7367), with no line terminators
Size
7.4 kB (7364 bytes)
Hash
e30750b112c448b9fa78122f24daf8c6
b95178e31a33779d2cf34d95be0e290d621c1456
cdec8f3eafe7473e04e97288d7e260d77a4b58c1186ce50cc84f3a9a0522afc1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/99795.ab3c19c88.css HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:31 GMT
content-type: text/css
last-modified: Fri, 26 Apr 2024 11:07:10 GMT
etag: W/"662b8ade-1cc4"
expires: Mon, 08 May 2034 22:47:31 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 49779
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78b46e98568b-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/free-money-link-image.1ada0c9e1-120.png

154.197.121.128

200 OK

5.3 kB

URL GET HTTP/2
1win-cdn.com/img/free-money-link-image.1ada0c9e1-120.png
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wuqas.life/free-money?trid=bai2459008
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
PNG image data, 120 x 97, 8-bit colormap, non-interlaced
Size
5.3 kB (5274 bytes)
Hash
911fa68d94dd3f2bc8ceff2671e87bdd
9bca43449cf32e95c62291a802cad6e6c4493025
9d652f09af7a4abeaa6cd6a77f32598dd33e3b7b8a55c032409cd2ecacd11db7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/free-money-link-image.1ada0c9e1-120.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:31 GMT
content-type: image/png
content-length: 5274
cf-bgj: imgq:100,h2pri
cf-polished: origSize=6354
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "663e5971-18d2"
last-modified: Fri, 10 May 2024 17:29:21 GMT
cf-cache-status: HIT
age: 856
expires: Sat, 11 May 2024 02:47:31 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78b70892568b-OSL
X-Firefox-Spdy: h2

1win-cdn.com/js/63502.d79807f7c.js

154.197.121.128

200 OK

135 kB

URL GET HTTP/2
1win-cdn.com/js/63502.d79807f7c.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wuqas.life/free-money?trid=bai2459008
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
135 kB (135227 bytes)
Hash
a96e8f77207eb314deed6396463ffefa
2aa9286dba017fbcf9ff859e59b5a051cdfd73c7
227d6d7911161549ffd703d7ee317ba6994b18b40241ecfd5873768851bb5e4c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/63502.d79807f7c.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:30 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 06 May 2024 08:52:05 GMT
etag: W/"66389a35-2103b"
expires: Mon, 08 May 2034 22:47:30 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 395383
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78b14cb0568b-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1wuqas.life/img/icons/favicon-16x16-darkmode.png

190.115.24.78

200 OK

344 B

URL GET HTTP/2
1wuqas.life/img/icons/favicon-16x16-darkmode.png
IP
190.115.24.78:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://1wuqas.life/free-money?trid=bai2459008
Certificate
IssuerLet's Encrypt
Subject1wuqas.life
Fingerprint01:05:C3:32:4E:7E:9E:72:BC:3B:0B:3A:CA:D2:57:3D:BC:6D:B5:4B
ValidityTue, 23 Apr 2024 13:01:25 GMT - Mon, 22 Jul 2024 13:01:24 GMT

File type
PNG image data, 16 x 16, 8-bit colormap, non-interlaced
Size
344 B (344 bytes)
Hash
55101f46ace081073c98f0d75229ae94
384e813b0f35437de99eb269c7d5c76479e20886
e380e9db272a2b59fabadab58a1d0a0ba51fbba121eec2920d4ab7b239b85a5f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/icons/favicon-16x16-darkmode.png HTTP/1.1
Host: 1wuqas.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/free-money?trid=bai2459008
Cookie: __ddg1_=wyTIZ1V7LISDvKhmubWl; visit_domain=1wuqas.life; core-sticky=http://10.233.84.5:80
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
date: Fri, 10 May 2024 09:30:48 GMT
content-type: image/png
content-length: 344
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: "663bfc40-158"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: ALLOW-FROM   ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan, ALLOW-FROM 1win-partner.com  ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan
accept-ranges: bytes
age: 47802
ddg-cache-status: HIT
X-Firefox-Spdy: h2

1wuqas.life/common/title?path=free-money&lang=en

190.115.24.78

200 OK

29 B

URL GET HTTP/2
1wuqas.life/common/title?path=free-money&lang=en
IP
190.115.24.78:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://1wuqas.life/free-money?trid=bai2459008
Certificate
IssuerLet's Encrypt
Subject1wuqas.life
Fingerprint01:05:C3:32:4E:7E:9E:72:BC:3B:0B:3A:CA:D2:57:3D:BC:6D:B5:4B
ValidityTue, 23 Apr 2024 13:01:25 GMT - Mon, 22 Jul 2024 13:01:24 GMT

File type
troff or preprocessor input, ASCII text, with no line terminators
Size
29 B (29 bytes)
Hash
55d138477f5d21b2864ed51b2aa3b446
f493c01dcf90c45f2334b9ca47839ce0a014222b
456ce42d8f0a396a6549e0fc1e00649162a0391884d40a887f013a53f681f37b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /common/title?path=free-money&lang=en HTTP/1.1
Host: 1wuqas.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/free-money?trid=bai2459008
Cookie: __ddg1_=wyTIZ1V7LISDvKhmubWl; visit_domain=1wuqas.life; core-sticky=http://10.233.84.5:80; 1w_lang=en; 1w_locale=1; AMP_494cccfe21=JTdCJTIyZGV2aWNlSWQlMjIlM0ElMjI1NjQyYTIzYy02NTlmLTRiZjQtYjdiNC04MTI2OWM1NGZkNGYlMjIlMkMlMjJzZXNzaW9uSWQlMjIlM0ExNzE1MzgxMjUwOTU4JTJDJTIyb3B0T3V0JTIyJTNBZmFsc2UlMkMlMjJsYXN0RXZlbnRUaW1lJTIyJTNBMTcxNTM4MTI1MDk5NiUyQyUyMmxhc3RFdmVudElkJTIyJTNBMCU3RA==; AMP_MKTG_494cccfe21=JTdCJTIycmVmZXJyZXIlMjIlM0ElMjJodHRwcyUzQSUyRiUyRndpbmJyLnh5eiUyRiUyMiUyQyUyMnJlZmVycmluZ19kb21haW4lMjIlM0ElMjJ3aW5ici54eXolMjIlN0Q=
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
date: Fri, 10 May 2024 22:47:31 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=3600, stale-while-revalidate=300
etag: W/"25-bM/5z02X/xOkKbh8eZCiJpcKcd0"
vary: Origin, Accept-Encoding
x-frame-options: ALLOW-FROM   ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan, ALLOW-FROM 1win-partner.com  ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/js/41543.9ecf6875c.js

154.197.121.128

200 OK

695 B

URL GET HTTP/2
1win-cdn.com/js/41543.9ecf6875c.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wuqas.life/free-money?trid=bai2459008
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (713), with no line terminators
Size
695 B (695 bytes)
Hash
3a416c7a8b544cab2961aa391df25f73
1760b78a71e89b19890fc1e1d457f20fc7931b8f
63858586d9c72226c0522e2b0dbd181ef99b481aebef11049ac603b942c6876b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/41543.9ecf6875c.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:31 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-2b7"
expires: Mon, 08 May 2034 22:47:31 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 878588
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78b68841568b-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/js/62692.9dadb7398.js

154.197.121.128

200 OK

847 B

URL GET HTTP/2
1win-cdn.com/js/62692.9dadb7398.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wuqas.life/free-money?trid=bai2459008
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (881), with no line terminators
Size
847 B (847 bytes)
Hash
2396c8bca3aec16d12512850881beeaa
f5e1ff1163ce9250fb0aae5e5ae0f7b53fa92bf1
dec438624d1ac734c43c52b607f839c13cef99ab7bd4f172d32c97e81630ff18

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/62692.9dadb7398.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:31 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-34f"
expires: Mon, 08 May 2034 22:47:31 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 886085
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78b4ff04568b-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/js/1279.7681fe15f.js

154.197.121.128

200 OK

911 B

URL GET HTTP/2
1win-cdn.com/js/1279.7681fe15f.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wuqas.life/free-money?trid=bai2459008
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (929), with no line terminators
Size
911 B (911 bytes)
Hash
3a0fd7772f5d3cd77c17b49876743f78
3eb84478f6c0ac3009e81576caf8fa6ddf4e2c5a
5d5a4e691e8df7115cff0e7b2b76131b7b633ce30509dc61fdf36c9ab36989a6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/1279.7681fe15f.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:31 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-38f"
expires: Mon, 08 May 2034 22:47:31 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 886085
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78b6e885568b-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/pwa_ios_en.f08ddb1e6-690.png

154.197.121.128

200 OK

35 kB

URL GET HTTP/2
1win-cdn.com/img/pwa_ios_en.f08ddb1e6-690.png
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wuqas.life/free-money?trid=bai2459008
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
PNG image data, 690 x 450, 8-bit colormap, non-interlaced
Size
35 kB (34925 bytes)
Hash
232d05b165c6b0fc9695db490aa71f47
f04ccc74ebd190747114ceeb882d51db8e9268c6
9f1c5e7317322a12fab89e9a96b3c4dcb22381d5751128217b168e3477e5e207

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/pwa_ios_en.f08ddb1e6-690.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:31 GMT
content-type: image/png
content-length: 34925
cf-bgj: imgq:100,h2pri
cf-polished: origSize=39066
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "663e5971-989a"
last-modified: Fri, 10 May 2024 17:29:21 GMT
cf-cache-status: HIT
expires: Sat, 11 May 2024 02:47:31 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78b7b92f568b-OSL
X-Firefox-Spdy: h2

1win-cdn.com/img/machine.5215290ed-998.png

154.197.121.128

200 OK

135 kB

URL GET HTTP/2
1win-cdn.com/img/machine.5215290ed-998.png
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wuqas.life/free-money?trid=bai2459008
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
PNG image data, 998 x 798, 8-bit colormap, non-interlaced
Size
135 kB (134793 bytes)
Hash
366fd670c0d36b8c4ab6ec9b3e83f904
90d9a9c2e1b52f23bc26e5ec5eb479fb73307802
3c12f8783971edd4f7b48763e95d469c38b98c0fbf113e973f3baee3035e04b6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/machine.5215290ed-998.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1win-cdn.com/css/86478.fa9af76aa.css
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:31 GMT
content-type: image/png
content-length: 134793
cf-bgj: imgq:100,h2pri
cf-polished: origSize=150340
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "663e5971-24b44"
last-modified: Fri, 10 May 2024 17:29:21 GMT
cf-cache-status: HIT
age: 3096
expires: Sat, 11 May 2024 02:47:31 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78b7c937568b-OSL
X-Firefox-Spdy: h2

1win-cdn.com/js/93041.4c457236f.js

154.197.121.128

200 OK

363 kB

URL GET HTTP/2
1win-cdn.com/js/93041.4c457236f.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wuqas.life/free-money?trid=bai2459008
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type

Size
363 kB (362719 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/93041.4c457236f.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:32 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-588df"
expires: Mon, 08 May 2034 22:47:32 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 872710
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78ba1a98568b-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/ticketFuture.fd0f9be56.svg

154.197.121.128

200 OK

4.6 kB

URL GET HTTP/2
1win-cdn.com/img/ticketFuture.fd0f9be56.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wuqas.life/free-money?trid=bai2459008
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
4.6 kB (4634 bytes)
Hash
ef8a0da0218d0c61af32b227d4d0ad2f
49dc927f49ea243939d11a18d33cdcc0534f0314
b8ce901726961a6f447ae3563656a281356472b569faac5fa86fc7bfa20c9925

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/ticketFuture.fd0f9be56.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:32 GMT
content-type: image/svg+xml
last-modified: Fri, 10 May 2024 17:29:21 GMT
etag: W/"663e5971-121a"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Sat, 11 May 2024 02:47:32 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78ba0a92568b-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/flags/en.svg

154.197.121.128

200 OK

2.2 kB

URL GET HTTP/2
1win-cdn.com/img/flags/en.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wuqas.life/free-money?trid=bai2459008
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
2.2 kB (2222 bytes)
Hash
79e4258317717cae7d54221d403e28d4
85a14a9c6aa03cf4c9ec9e942a06e5987cb61d0a
0b0d98ecb898886bc24f0a6859a7a76034f960374c9914370e69d3ac7467a697

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/flags/en.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:31 GMT
content-type: image/svg+xml
last-modified: Fri, 10 May 2024 17:29:21 GMT
etag: W/"663e5971-8ae"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 4520
expires: Sat, 11 May 2024 02:47:31 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78b55f83568b-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (77)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL