| winbr.xyz/css/styles.css | 54.170.157.24 | | 168 B |
IP54.170.157.24:0
Hash01813511ade112ed254985c362354a02 bf25a00c1f0078fe8e375a04adbde1c6842ddad7 19086bf5fd95c5c570d4aa133091bf4facd00d1deab49e7ba90f3aad922754f3
GET /css/styles.css HTTP/1.1
Host: winbr.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://winbr.xyz/MgagV
Cookie: dhash=MgagV
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0 (Ubuntu)
date: Fri, 10 May 2024 22:47:28 GMT
content-type: text/css
content-length: 168
last-modified: Wed, 21 Feb 2024 06:24:41 GMT
etag: "65d59729-a8"
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| | 54.170.157.24 | 200 OK | 31 kB |
URL User Request GET HTTP/2IP54.170.157.24:443
CertificateIssuerLet's Encrypt Subjectwinbr.xyz Fingerprint29:D3:D7:00:4A:1F:C1:B3:81:63:83:45:C3:67:D6:99:15:D1:EB:AE ValidityWed, 21 Feb 2024 05:30:28 GMT - Tue, 21 May 2024 05:30:27 GMT
File typegzip compressed data, max speed, from Unix Hash3d55389dad4441f5e3623f4e7d218f88 82751a899722a2b08d3ec287c10a905e86eea646 6519d14e160c396de03787666e5348115ca16a7bf5379ad2ba973ac80faa6be9
GET /MgagV HTTP/1.1
Host: winbr.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx/1.18.0 (Ubuntu)
date: Fri, 10 May 2024 22:47:28 GMT
content-type: text/html; charset=UTF-8
set-cookie: dhash=MgagV; expires=Sat, 11-May-2024 22:47:28 GMT; Max-Age=86400; path=/
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| cdn.jsdelivr.net/npm/bootstrap@5.2.2/dist/js/bootstrap.bundle.min.js | 151.101.1.229 | | 25 kB |
URL cdn.jsdelivr.net/npm/bootstrap@5.2.2/dist/js/bootstrap.bundle.min.js IP151.101.1.229:0
File typeJavaScript source, ASCII text, with very long lines (65299) Hashd2b0d31f74e62440ea1a557f126d0c64 5c8f6cb983397deb65673b961a8657cfd6113ad9 c4b2394a30fa0e4a23c6b308541353e20872a6fd765ed8fb70e6b402029deb00
GET /npm/bootstrap@5.2.2/dist/js/bootstrap.bundle.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://winbr.xyz
DNT: 1
Connection: keep-alive
Referer: https://winbr.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 5.2.2
x-jsd-version-type: version
etag: W/"13a70-XI9suYM5fetlZzuWGoZXz9YROtk"
content-encoding: br
accept-ranges: bytes
date: Fri, 10 May 2024 22:47:28 GMT
age: 22710484
x-served-by: cache-fra-eddf8230122-FRA, cache-hel1410020-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 24684
X-Firefox-Spdy: h2
|
|
| winbr.xyz/favicon.ico | 54.170.157.24 | | 10 kB |
IP54.170.157.24:0
File typegzip compressed data, max speed, from Unix Hash4867113ecb0d8543748f88dc30e5ac83 8b1b5f38fba888c646f91d8d12535d38db55493d 76951107b5b705f8f1cad939126dd0a03d1514cd33e3adf61e89fbbae58c8b1d
GET /favicon.ico HTTP/1.1
Host: winbr.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://winbr.xyz/MgagV
Cookie: dhash=MgagV
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0 (Ubuntu)
date: Fri, 10 May 2024 22:47:29 GMT
content-type: text/html; charset=UTF-8
set-cookie: dhash=favicon.ico; expires=Sat, 11-May-2024 22:47:29 GMT; Max-Age=86400; path=/
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1wuqas.life/img/logo/main/1win-normal.svg | 190.115.24.78 | 200 OK | 1.5 kB |
URL GET HTTP/21wuqas.life/img/logo/main/1win-normal.svg IP190.115.24.78:443
Requested byhttps://1wuqas.life/free-money?trid=bai2459008 CertificateIssuerLet's Encrypt Subject1wuqas.life Fingerprint01:05:C3:32:4E:7E:9E:72:BC:3B:0B:3A:CA:D2:57:3D:BC:6D:B5:4B ValidityTue, 23 Apr 2024 13:01:25 GMT - Mon, 22 Jul 2024 13:01:24 GMT
File typeSVG Scalable Vector Graphics image Hash0a5e2aff3499f587617337c0add83e72 c713ec3dbfd744114ba3b9cbf7b9ce3d40fbd8a4 a5cb3d03f299b837679eaa793491a03acc5fc1afdbc7f207b7566646f3bd2ecb
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/logo/main/1win-normal.svg HTTP/1.1
Host: 1wuqas.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/free-money?trid=bai2459008
Cookie: __ddg1_=wyTIZ1V7LISDvKhmubWl
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: ddos-guard
date: Fri, 10 May 2024 21:40:36 GMT
content-type: image/svg+xml
last-modified: Fri, 10 May 2024 17:29:21 GMT
etag: W/"663e5971-1221"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
content-encoding: br
vary: Accept-Encoding
age: 4014
content-length: 1474
ddg-cache-status: HIT
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/font/SFNSDisplay-latin.50a4eaff3.woff2 | 154.197.121.128 | 200 OK | 33 kB |
URL GET HTTP/21win-cdn.com/font/SFNSDisplay-latin.50a4eaff3.woff2 IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wuqas.life/free-money?trid=bai2459008 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 33064, version 1.0 Hashde175cbf569bb3ccf1f761c845cbd896 8d93663b858bae157ba5fc40e1400177104d71bd df3772666587111462634070c47969ad9687bbf80d0694bb2e6c33be39434d68
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /font/SFNSDisplay-latin.50a4eaff3.woff2 HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1wuqas.life/
Origin: https://1wuqas.life
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:30 GMT
content-type: application/octet-stream
content-length: 33064
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: "663bfc40-8128"
expires: Mon, 08 May 2034 22:47:30 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
accept-ranges: bytes
set-cookie: __cf_bm=QEd_E6swS8vScJ_9O3jG3B.zBqOK07AmmKBXlJvcOBA-1715381250-1.0.1.1-uT3sYjZtSK4NA2qWaBY9nnQk_4ps53hFso1VmJtrwBqe_JRF5GfuZB1hiu5fj.UY.uGIwBYhvyU99sYcbQ3HHg; path=/; expires=Fri, 10-May-24 23:17:30 GMT; domain=.1win-cdn.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78af6fee0b41-OSL
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/font/SFNSText-latin.f09aa5229.woff2 | 154.197.121.128 | 200 OK | 44 kB |
URL GET HTTP/21win-cdn.com/font/SFNSText-latin.f09aa5229.woff2 IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wuqas.life/free-money?trid=bai2459008 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 43512, version 1.0 Hash426f20bb65ea80d35f3f2a999d5d7d1e 85f211a450f26d7f0822d718fc61085a506fa455 06e02d3d2d01bb2c88786b0a2dd2d692f6659c0159ec4754f7db49c12e03b0d6
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /font/SFNSText-latin.f09aa5229.woff2 HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1wuqas.life/
Origin: https://1wuqas.life
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:30 GMT
content-type: application/octet-stream
content-length: 43512
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: "660d5374-a9f8"
expires: Mon, 08 May 2034 22:47:30 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
accept-ranges: bytes
set-cookie: __cf_bm=YaeJHKUJGM.TO.medVWuUvcmtL.EHM5M00cN9anB0ZM-1715381250-1.0.1.1-rgt22wh6DAmDETIiUEI_5T5xNp61R6J66eOYJNN0V_VBN1gr_vRbpR7UG93Y6mne3ZAO5PzTNpBH15P5ZWGrog; path=/; expires=Fri, 10-May-24 23:17:30 GMT; domain=.1win-cdn.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78af6ff20b41-OSL
X-Firefox-Spdy: h2
|
|
| 1wuqas.life/affiliate:link_visit?visit_domain=1wuqas.life&sub_ids=undefined | 190.115.24.78 | 200 OK | 394 B |
URL GET HTTP/21wuqas.life/affiliate:link_visit?visit_domain=1wuqas.life&sub_ids=undefined IP190.115.24.78:443
Requested byhttps://1wuqas.life/free-money?trid=bai2459008 CertificateIssuerLet's Encrypt Subject1wuqas.life Fingerprint01:05:C3:32:4E:7E:9E:72:BC:3B:0B:3A:CA:D2:57:3D:BC:6D:B5:4B ValidityTue, 23 Apr 2024 13:01:25 GMT - Mon, 22 Jul 2024 13:01:24 GMT
File typegzip compressed data, from Unix Hash6343828acd97e18ffee68f5a7a85074e b19a97a91fc4c6446ad1ac88c1da25c22db0f673 071bd2ea8f654dfbe84ec1e08076493cddf7f9e059c188c6915a87be6cc71a1a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /affiliate:link_visit?visit_domain=1wuqas.life&sub_ids=undefined HTTP/1.1
Host: 1wuqas.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1wuqas.life/free-money?trid=bai2459008
DNT: 1
Connection: keep-alive
Cookie: __ddg1_=wyTIZ1V7LISDvKhmubWl; visit_domain=1wuqas.life
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: ddos-guard
date: Fri, 10 May 2024 22:47:30 GMT
content-type: application/json; charset=utf-8
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Authorization, X-Origin
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin: undefined
access-control-expose-headers: Authorization
access-control-max-age: 7200
etag: W/"25-Zj67mG54TfZ031q1ea2QwFUXWX4"
set-cookie: core-sticky=http://10.233.84.5:80; Path=/; HttpOnly
x-powered-by: Express
x-frame-options: ALLOW-FROM ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan, ALLOW-FROM 1win-partner.com ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/css/index.fd224ee8e.css | 154.197.121.128 | 200 OK | 38 kB |
URL GET HTTP/21win-cdn.com/css/index.fd224ee8e.css IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wuqas.life/free-money?trid=bai2459008 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hash8bdf9e0cdabfe2b5ac03cce0d3baa330 c918edc96c4d12d011ca7bbccd64363ff0ca04cf dc7d046153c3bd7d9345422834d8f9948f70dfefff98a9fdd062a5a4855735a4
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /css/index.fd224ee8e.css HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:30 GMT
content-type: text/css
last-modified: Thu, 04 Apr 2024 11:31:45 GMT
etag: W/"660e8fa1-1823"
expires: Mon, 08 May 2034 22:47:30 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 886485
set-cookie: __cf_bm=A7DIJUanNyZ4.EnI1My95nmMe3QIYemMUSiuPqG0da4-1715381250-1.0.1.1-D7BMwqXlxchvMC9.xRh4gr.rnG.N.A9oCcEGaW4nD1Tu_2mXe9C.GsBLEKMwJG9LE_T8ZucL1oHLeNGfEe2GbA; path=/; expires=Fri, 10-May-24 23:17:30 GMT; domain=.1win-cdn.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78af6b3b568b-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/index.53e277048.js | 154.197.121.128 | 200 OK | 120 kB |
URL GET HTTP/21win-cdn.com/js/index.53e277048.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wuqas.life/free-money?trid=bai2459008 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (65460), with no line terminators Size120 kB (119536 bytes) Hashc22922852176092110ee6f09cf9b8a85 1d163d45cd812519d55cf00636d26485613bfa9e e6f7fa9c9c211b8bbb57e2dcba8c60509ac669080b357cf8ff4fcdba249ae02e
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/index.53e277048.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:30 GMT
content-type: application/javascript; charset=utf-8
last-modified: Fri, 10 May 2024 17:29:21 GMT
etag: W/"663e5971-312a0"
expires: Mon, 08 May 2034 22:47:30 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 18787
set-cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A; path=/; expires=Fri, 10-May-24 23:17:30 GMT; domain=.1win-cdn.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78af6b38568b-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1wuqas.life/free-money?trid=bai2459008 | 190.115.24.78 | 200 OK | 169 kB |
URL User Request GET HTTP/21wuqas.life/free-money?trid=bai2459008 IP190.115.24.78:443
CertificateIssuerLet's Encrypt Subject1wuqas.life Fingerprint01:05:C3:32:4E:7E:9E:72:BC:3B:0B:3A:CA:D2:57:3D:BC:6D:B5:4B ValidityTue, 23 Apr 2024 13:01:25 GMT - Mon, 22 Jul 2024 13:01:24 GMT
File typegzip compressed data, from Unix Size169 kB (169031 bytes) Hash810f22a71ce799ef5940d4c6a3466570 457d6957d4cad81cad960037bd5dd7dedb330f2a e9da6f752ff858c0b6273e761c96858b17172017339e5900c780eebf2c4c3115
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /free-money?trid=bai2459008 HTTP/1.1
Host: 1wuqas.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://winbr.xyz/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg1_=wyTIZ1V7LISDvKhmubWl; Domain=.1wuqas.life; HttpOnly; Path=/; Expires=Sat, 10-May-2025 22:47:30 GMT
date: Fri, 10 May 2024 22:47:30 GMT
content-type: text/html; charset=utf-8
x-request-id: bqp8U7f7gkXJ810P
vary: Origin
access-control-allow-origin: *
x-match-domain: 1wuqas.life
x-frame-options: ALLOW-FROM ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan, ALLOW-FROM 1win-partner.com ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1wuqas.life/firebase/8.1.1/firebase-messaging.js | 190.115.24.78 | 200 OK | 11 kB |
URL GET HTTP/21wuqas.life/firebase/8.1.1/firebase-messaging.js IP190.115.24.78:443
Requested byhttps://1wuqas.life/free-money?trid=bai2459008 CertificateIssuerLet's Encrypt Subject1wuqas.life Fingerprint01:05:C3:32:4E:7E:9E:72:BC:3B:0B:3A:CA:D2:57:3D:BC:6D:B5:4B ValidityTue, 23 Apr 2024 13:01:25 GMT - Mon, 22 Jul 2024 13:01:24 GMT
File typeJavaScript source, ASCII text, with very long lines (40719) Hash450e8b32262706d42cfdd438c49208f5 31c7e4aac1d1303c1e83a0b591abc3501e278668 58a372bb9d424111a2e73c427edb10db91c0f05e8f323f046d20f5cf8fd6f30f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /firebase/8.1.1/firebase-messaging.js HTTP/1.1
Host: 1wuqas.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/free-money?trid=bai2459008
Cookie: __ddg1_=wyTIZ1V7LISDvKhmubWl; visit_domain=1wuqas.life; core-sticky=http://10.233.84.5:80; 1w_lang=en; 1w_locale=1; AMP_494cccfe21=JTdCJTIyZGV2aWNlSWQlMjIlM0ElMjI1NjQyYTIzYy02NTlmLTRiZjQtYjdiNC04MTI2OWM1NGZkNGYlMjIlMkMlMjJzZXNzaW9uSWQlMjIlM0ExNzE1MzgxMjUwOTU4JTJDJTIyb3B0T3V0JTIyJTNBZmFsc2UlMkMlMjJsYXN0RXZlbnRUaW1lJTIyJTNBMTcxNTM4MTI1MDk5NiUyQyUyMmxhc3RFdmVudElkJTIyJTNBMCU3RA==; AMP_MKTG_494cccfe21=JTdCJTIycmVmZXJyZXIlMjIlM0ElMjJodHRwcyUzQSUyRiUyRndpbmJyLnh5eiUyRiUyMiUyQyUyMnJlZmVycmluZ19kb21haW4lMjIlM0ElMjJ3aW5ici54eXolMjIlN0Q=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: ddos-guard
date: Thu, 09 May 2024 20:05:49 GMT
content-type: application/javascript
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: W/"663bfc40-9f25"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: ALLOW-FROM ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan, ALLOW-FROM 1win-partner.com ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan
content-encoding: br
vary: Accept-Encoding
age: 96102
content-length: 10915
ddg-cache-status: HIT
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/present-with-light.bd57fb068-151.png | 154.197.121.128 | 200 OK | 5.6 kB |
URL GET HTTP/21win-cdn.com/img/present-with-light.bd57fb068-151.png IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wuqas.life/free-money?trid=bai2459008 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typePNG image data, 151 x 161, 8-bit colormap, non-interlaced Hasha804ad67f4add53f8c251c2ebc80469d 4108aeab2f7a7c3720885edeb445e6131a383a49 06cee660e5b0dfa3ec59c1a1e03e4ab3da6cb22d1e49c9c51f9cf84ed925e304
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/present-with-light.bd57fb068-151.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:31 GMT
content-type: image/png
content-length: 5600
cf-bgj: imgq:100,h2pri
cf-polished: origSize=6732
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "663e5971-1a4c"
last-modified: Fri, 10 May 2024 17:29:21 GMT
cf-cache-status: HIT
age: 4521
expires: Sat, 11 May 2024 02:47:31 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78b50f14568b-OSL
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/99795.722361bcb.js | 154.197.121.128 | 200 OK | 725 B |
URL GET HTTP/21win-cdn.com/js/99795.722361bcb.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wuqas.life/free-money?trid=bai2459008 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hash24afd49ec31cc2b7ad5c15927655cbe6 0d7962a6b5a798b1d7ea744add17c65b7a60c5f1 2f15a39e4ecbfefd570a38e8c44ea846940f8fe2e55bfb3ea2db0271e468d814
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/99795.722361bcb.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:31 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-155"
expires: Mon, 08 May 2034 22:47:31 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 210524
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78b46e9a568b-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/css/86478.fa9af76aa.css | 154.197.121.128 | 200 OK | 124 kB |
URL GET HTTP/21win-cdn.com/css/86478.fa9af76aa.css IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wuqas.life/free-money?trid=bai2459008 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Size124 kB (123902 bytes) Hash0b000f49873721d4d113b98f0f7fe971 73922715eb044febdc772f1431d1f11f33203c07 1b87bc1ab65026035ab9633f41209c6551c4f74980a3e36c563d42dbc1a93add
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /css/86478.fa9af76aa.css HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:31 GMT
content-type: text/css
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-f979"
expires: Mon, 08 May 2034 22:47:31 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 210620
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78b45e8d568b-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/48430.9af74daeb.js | 154.197.121.128 | 200 OK | 12 kB |
URL GET HTTP/21win-cdn.com/js/48430.9af74daeb.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wuqas.life/free-money?trid=bai2459008 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hashb2437aa0130703be68d42f826611d16b 3133ee878b5bf5c92df4275aef29e45915147b25 128811728d1e3a7de5489fe7905036053fb49a2f4552b188596c3329f59ccbf1
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/48430.9af74daeb.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:31 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-496"
expires: Mon, 08 May 2034 22:47:31 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 877592
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78b52f4e568b-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/57652.297e4ecc2.js | 154.197.121.128 | 200 OK | 866 B |
URL GET HTTP/21win-cdn.com/js/57652.297e4ecc2.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wuqas.life/free-money?trid=bai2459008 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hashd0bc1af4bfcbe1df25bcfdcc8924594c bc6352ec5a2cb6b9b5e33dd13b6c9309fe918d1e e9aee5751834b8ae2aaa1df4862acdc2145b39f11ea5cbb8ec62645f992160a6
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/57652.297e4ecc2.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:31 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-287"
expires: Mon, 08 May 2034 22:47:31 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 886085
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78b58fb5568b-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/8653.ed7806659.js | 154.197.121.128 | 200 OK | 5.9 kB |
URL GET HTTP/21win-cdn.com/js/8653.ed7806659.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wuqas.life/free-money?trid=bai2459008 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hash8bf081ba9c15bb0497b5beea1bf6405c 4ba0339b686247546bb1f8a7fbafcd86964d9c50 a588f88684050f34579eae06a00a7ea00912db9c07414d5a6fb004f988b819b2
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/8653.ed7806659.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:31 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-3b8"
expires: Mon, 08 May 2034 22:47:31 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 877592
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78b6783d568b-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/38209.ce0dbb534.js | 154.197.121.128 | 200 OK | 111 kB |
URL GET HTTP/21win-cdn.com/js/38209.ce0dbb534.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wuqas.life/free-money?trid=bai2459008 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Size111 kB (111318 bytes) Hash036a16165d789387a51bf694e4ba51a3 661464a72f036a0c41c6d16d4624f9a625166b81 5d02d4b5e12c380081d06464293758928524801847c6f9bc24655f0cdb25f64b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/38209.ce0dbb534.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:31 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-51f"
expires: Mon, 08 May 2034 22:47:31 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 873239
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78b50f0c568b-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| www.google.com/recaptcha/api.js | 142.250.74.132 | 200 OK | 84 kB |
URL GET HTTP/2www.google.com/recaptcha/api.js IP142.250.74.132:443
Requested byhttps://1wuqas.life/free-money?trid=bai2459008 CertificateIssuerGoogle Trust Services LLC Subjectwww.google.com FingerprintC6:A2:DC:31:5A:53:FA:DD:55:71:A3:F4:DD:43:3D:16:71:B8:B3:99 ValidityTue, 16 Apr 2024 04:20:32 GMT - Tue, 09 Jul 2024 04:20:31 GMT
Hash1546b02381e0da7f4e83ebd55157cd6a 30ecc2183045e9365110e2dc49c08132e5f5db12 6d8817a2c9acab71bdd1b6844306ed6c26c5e5b3c382ca2a1165f65f2f239569
GET /recaptcha/api.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
expires: Fri, 10 May 2024 22:47:31 GMT
date: Fri, 10 May 2024 22:47:31 GMT
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/35967.a72ac7974.js | 154.197.121.128 | 200 OK | 47 kB |
URL GET HTTP/21win-cdn.com/js/35967.a72ac7974.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wuqas.life/free-money?trid=bai2459008 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hash4fabc773bd5b43574921ed5e29191d4d 1ed636feed98283d2780da44d746551f8f845cd4 fd4842208eabe33d796d77d64e7d763ecebeb2feab459aae2b5b034c87b9b744
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/35967.a72ac7974.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:31 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-3be"
expires: Mon, 08 May 2034 22:47:31 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 873238
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78b66832568b-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/banknote.a4518ead2-730.png | 154.197.121.128 | 200 OK | 27 kB |
URL GET HTTP/21win-cdn.com/img/banknote.a4518ead2-730.png IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wuqas.life/free-money?trid=bai2459008 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typePNG image data, 730 x 563, 8-bit colormap, non-interlaced Hash76fbdcec4c09109e1d69d3c62536309c 04d11b1a36d712226ea7a0b86e3648fb7f8358b9 6cb5eeab37036b741e61b1c0bcc239f31edd1b1ddff239b509303a7b657eec99
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/banknote.a4518ead2-730.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1win-cdn.com/css/86478.fa9af76aa.css
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:31 GMT
content-type: image/png
content-length: 26935
cf-bgj: imgq:100,h2pri
cf-polished: origSize=29718
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "663e5971-7416"
last-modified: Fri, 10 May 2024 17:29:21 GMT
cf-cache-status: HIT
age: 3096
expires: Sat, 11 May 2024 02:47:31 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78b768e7568b-OSL
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/90511.4bc374431.js | 154.197.121.128 | 200 OK | 31 kB |
URL GET HTTP/21win-cdn.com/js/90511.4bc374431.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wuqas.life/free-money?trid=bai2459008 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hashe4c3a3b05b531229b74356b2d54ce43a e90802b44dd33106a02d3a9799c064c087cccaf7 d1bd12b94844f2c2717dc8e8f5eb28ef43c83af6453efd4ece2abc82e9e39a0f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/90511.4bc374431.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:31 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-27d"
expires: Mon, 08 May 2034 22:47:31 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 872816
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78b5dfdc568b-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/dollars.854b6fa48-510.png | 154.197.121.128 | 200 OK | 43 kB |
URL GET HTTP/21win-cdn.com/img/dollars.854b6fa48-510.png IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wuqas.life/free-money?trid=bai2459008 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typePNG image data, 510 x 728, 8-bit colormap, non-interlaced Hashef35f99b2bda674b3f0a8ade51c9a4c0 5b92846272826c6127aa4864aed31ed98feb367c b0cc2c4da10cee3d5eaf5e0f12e1fd8a02856ece5734f0c84ba4189da3b83da2
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/dollars.854b6fa48-510.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1win-cdn.com/css/86478.fa9af76aa.css
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:31 GMT
content-type: image/png
content-length: 42554
cf-bgj: imgq:100,h2pri
cf-polished: origSize=45854
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "663e5971-b31e"
last-modified: Fri, 10 May 2024 17:29:21 GMT
cf-cache-status: HIT
age: 3096
expires: Sat, 11 May 2024 02:47:31 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78b768ef568b-OSL
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/backgroundPattern.00c37eb74-632.png | 154.197.121.128 | 200 OK | 18 kB |
URL GET HTTP/21win-cdn.com/img/backgroundPattern.00c37eb74-632.png IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wuqas.life/free-money?trid=bai2459008 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typePNG image data, 632 x 708, 8-bit colormap, non-interlaced Hash76f040f4c090a0e0ecf8aa765228b56a 59a2adec9b3f9d572401953dfd69670ec3a97051 9c3f135e3548080272715b330bbeaf0576da3e70b8b8e364b2e864b642ba2387
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/backgroundPattern.00c37eb74-632.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1win-cdn.com/css/86478.fa9af76aa.css
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:31 GMT
content-type: image/png
content-length: 17612
cf-bgj: imgq:100,h2pri
cf-polished: origSize=20623
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "663e5971-508f"
last-modified: Fri, 10 May 2024 17:29:21 GMT
cf-cache-status: HIT
age: 3096
expires: Sat, 11 May 2024 02:47:31 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78b78904568b-OSL
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/lucky-jet.f927485da.svg | 154.197.121.128 | 200 OK | 18 kB |
URL GET HTTP/21win-cdn.com/img/lucky-jet.f927485da.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wuqas.life/free-money?trid=bai2459008 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hash9121f362b63748e87bc7870b882d1c34 c55d70ca8c0b1ae7aed01bb440b0eed91b83e6d2 df114001f77fc459ff35b5cd5773b21a86f137fa9903e940135b1c1ef7762ecb
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/lucky-jet.f927485da.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:31 GMT
content-type: image/svg+xml
last-modified: Fri, 10 May 2024 17:29:21 GMT
etag: W/"663e5971-f8d"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 3946
expires: Sat, 11 May 2024 02:47:31 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78b56f99568b-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/54591.6225c61c0.js | 154.197.121.128 | 200 OK | 16 kB |
URL GET HTTP/21win-cdn.com/js/54591.6225c61c0.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wuqas.life/free-money?trid=bai2459008 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hash9ae32834666bcda7e010fe0fa52d57e8 4a57d88ff431a9374edad93a81bbe310f7099ec5 17769f97c01ef6edca39f481ba71e342555900934f51c396e70d426b00da0a2d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/54591.6225c61c0.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:31 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 06 May 2024 12:32:27 GMT
etag: W/"6638cddb-2100"
expires: Mon, 08 May 2034 22:47:31 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 381646
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78b44e83568b-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/coinCorner.3e76df0b9-132.png | 154.197.121.128 | 200 OK | 4.7 kB |
URL GET HTTP/21win-cdn.com/img/coinCorner.3e76df0b9-132.png IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wuqas.life/free-money?trid=bai2459008 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typePNG image data, 132 x 166, 8-bit colormap, non-interlaced Hash83a227e0680c180b0372725344d0c422 c659edf7cfcb3d4a94387e874b60d04e4b4f6506 55b77f5da74aba29ad38bf655e25fff3e87e0cd76e59ace7d7c88642e6000e22
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/coinCorner.3e76df0b9-132.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1win-cdn.com/css/86478.fa9af76aa.css
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:31 GMT
content-type: image/png
content-length: 4691
cf-bgj: imgq:100,h2pri
cf-polished: origSize=5084
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "663e5971-13dc"
last-modified: Fri, 10 May 2024 17:29:21 GMT
cf-cache-status: HIT
age: 3096
expires: Sat, 11 May 2024 02:47:31 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78b7a922568b-OSL
X-Firefox-Spdy: h2
|
|
| 1wuqas.life/cdp/api-gateway/v1/unauthorized/track/visit | 190.115.24.78 | 201 Created | 138 kB |
URL POST HTTP/21wuqas.life/cdp/api-gateway/v1/unauthorized/track/visit IP190.115.24.78:443
Requested byhttps://1wuqas.life/free-money?trid=bai2459008 CertificateIssuerLet's Encrypt Subject1wuqas.life Fingerprint01:05:C3:32:4E:7E:9E:72:BC:3B:0B:3A:CA:D2:57:3D:BC:6D:B5:4B ValidityTue, 23 Apr 2024 13:01:25 GMT - Mon, 22 Jul 2024 13:01:24 GMT
File typegzip compressed data, from Unix Size138 kB (137695 bytes) Hashaa6ce22674e4b9de9845de22cdb6f559 6f04f35b3a292d90530ab45a41f6ca0388993950 b6bab5a2bb613c30e08914d300026beb65dc0704dcbdfcf7be50b3c394fcfd3c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /cdp/api-gateway/v1/unauthorized/track/visit HTTP/1.1
Host: 1wuqas.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1wuqas.life/free-money?trid=bai2459008
Content-Type: application/json
Content-Length: 56
Origin: https://1wuqas.life
DNT: 1
Connection: keep-alive
Cookie: __ddg1_=wyTIZ1V7LISDvKhmubWl; visit_domain=1wuqas.life; core-sticky=http://10.233.84.5:80; 1w_lang=en; 1w_locale=1; AMP_494cccfe21=JTdCJTIyZGV2aWNlSWQlMjIlM0ElMjI1NjQyYTIzYy02NTlmLTRiZjQtYjdiNC04MTI2OWM1NGZkNGYlMjIlMkMlMjJzZXNzaW9uSWQlMjIlM0ExNzE1MzgxMjUwOTU4JTJDJTIyb3B0T3V0JTIyJTNBZmFsc2UlMkMlMjJsYXN0RXZlbnRUaW1lJTIyJTNBMTcxNTM4MTI1MDk5NiUyQyUyMmxhc3RFdmVudElkJTIyJTNBMCU3RA==; AMP_MKTG_494cccfe21=JTdCJTIycmVmZXJyZXIlMjIlM0ElMjJodHRwcyUzQSUyRiUyRndpbmJyLnh5eiUyRiUyMiUyQyUyMnJlZmVycmluZ19kb21haW4lMjIlM0ElMjJ3aW5ici54eXolMjIlN0Q=
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 201 Created
server: ddos-guard
date: Fri, 10 May 2024 22:47:31 GMT
content-type: application/json; charset=utf-8
content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
origin-agent-cluster: ?1
referrer-policy: no-referrer
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-permitted-cross-domain-policies: none
x-xss-protection: 0
access-control-allow-origin: https://1wuqas.life
access-control-allow-credentials: true
x-ratelimit-limit-trackip: 9999999999
x-ratelimit-remaining-trackip: 9999999992
x-ratelimit-reset-trackip: 42
etag: W/"2-vyGp6PvFo4RvsFtPoIWeCReyIC8"
x-envoy-upstream-service-time: 16
access-control-expose-headers: Access-Control-Allow-Origin,Access-Control-Allow-Credentials,Access-Control-Allow-Headers,Access-Control-Allow-Methods
x-frame-options: SAMEORIGIN, ALLOW-FROM ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan, ALLOW-FROM 1win-partner.com ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/pwa_android_en.b229a444a-690.png | 154.197.121.128 | 200 OK | 33 kB |
URL GET HTTP/21win-cdn.com/img/pwa_android_en.b229a444a-690.png IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wuqas.life/free-money?trid=bai2459008 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typePNG image data, 690 x 450, 8-bit colormap, non-interlaced Hash43e03a24e305838eac0629c5cbf85550 85c71568d1008a17b928ac548987911daf187020 368a53c990be07280c5f3d3a726f0365f24befd9da404e98c139d88d8b5bf10b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/pwa_android_en.b229a444a-690.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:31 GMT
content-type: image/png
content-length: 33278
cf-bgj: imgq:100,h2pri
cf-polished: origSize=37637
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "663e5971-9305"
last-modified: Fri, 10 May 2024 17:29:21 GMT
cf-cache-status: HIT
age: 5660
expires: Sat, 11 May 2024 02:47:31 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78b7b92e568b-OSL
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/18860.cc0fd1e0e.js | 154.197.121.128 | 200 OK | 103 kB |
URL GET HTTP/21win-cdn.com/js/18860.cc0fd1e0e.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wuqas.life/free-money?trid=bai2459008 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Size103 kB (103310 bytes) Hashdabcf9957bbcfb03048f9a7752c03d81 473c88c1ee372b0ae69aa0f0340bf63a26e31da6 327028142f1bb90c2314e0531e744e29d5d73d9c4297d83b68d549d91f1b9641
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/18860.cc0fd1e0e.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:30 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 06 May 2024 12:32:27 GMT
etag: W/"6638cddb-6d56"
expires: Mon, 08 May 2034 22:47:30 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 381652
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78b13ca4568b-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/css/desktop.916d40f3f.css | 154.197.121.128 | 200 OK | 158 kB |
URL GET HTTP/21win-cdn.com/css/desktop.916d40f3f.css IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wuqas.life/free-money?trid=bai2459008 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Size158 kB (158399 bytes) Hash96884d06bfab2506e930de102ccc4aed e303e0ea6b1cff6d6c5cf2fe9f251b7f3597087b c084622f2b85b6806b598e7f8a55697eef10586a6175d3d3f090c23ce1e0c90e
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /css/desktop.916d40f3f.css HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:30 GMT
content-type: text/css
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-121d6"
expires: Mon, 08 May 2034 22:47:30 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 210583
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78b09bf6568b-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/voucher-desktop.c83e749d0-918.png | 154.197.121.128 | 200 OK | 42 kB |
URL GET HTTP/21win-cdn.com/img/voucher-desktop.c83e749d0-918.png IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wuqas.life/free-money?trid=bai2459008 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typePNG image data, 918 x 735, 8-bit colormap, non-interlaced Hash08033a87668d4e7a135a39f99442b520 695f9fab27040e350992aa60989f6c5c2bf938b0 03ac9c5c63fc0c9471b47fb43216de53633b6c21a52c3216c34191af137aa02a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/voucher-desktop.c83e749d0-918.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1win-cdn.com/css/86478.fa9af76aa.css
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:31 GMT
content-type: image/png
content-length: 42439
cf-bgj: imgq:100,h2pri
cf-polished: origSize=47491
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "663e5971-b983"
last-modified: Fri, 10 May 2024 17:29:21 GMT
cf-cache-status: HIT
age: 3096
expires: Sat, 11 May 2024 02:47:31 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78b7c93e568b-OSL
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/coin.05d04a569-479.png | 154.197.121.128 | 200 OK | 13 kB |
URL GET HTTP/21win-cdn.com/img/coin.05d04a569-479.png IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wuqas.life/free-money?trid=bai2459008 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typePNG image data, 479 x 479, 8-bit colormap, non-interlaced Hash533ebb18e2dbd41952bf57e39e78269d dee5953003b158cd384cd773fbdc947a4b0a982f 043cbb9599223dc9f7358ea10bcc11a1af85c1015f6586314cb9aab75fbb484d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/coin.05d04a569-479.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1win-cdn.com/css/86478.fa9af76aa.css
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:31 GMT
content-type: image/png
content-length: 13091
cf-bgj: imgq:100,h2pri
cf-polished: origSize=14532
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "663e5971-38c4"
last-modified: Fri, 10 May 2024 17:29:21 GMT
cf-cache-status: HIT
age: 3096
expires: Sat, 11 May 2024 02:47:31 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78b7c93d568b-OSL
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/62825.cf3a1caf6.js | 154.197.121.128 | 200 OK | 36 kB |
URL GET HTTP/21win-cdn.com/js/62825.cf3a1caf6.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wuqas.life/free-money?trid=bai2459008 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hasha0b34388f66a7c22cfef1255c0bd3997 c4b19e7a87c7a4f8fed467ae97675e0f439a4ff3 f9fa39088ee64025b9ea66bd2e49ad57922f562f39d487dc91fee8dca3308c57
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/62825.cf3a1caf6.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:31 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-2e0"
expires: Mon, 08 May 2034 22:47:31 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 873239
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78b6a862568b-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| www.gstatic.com/recaptcha/releases/vjbW55W42X033PfTdVf6Ft4q/recaptcha__en.js | 142.250.74.35 | 200 OK | 204 kB |
URL GET HTTP/2www.gstatic.com/recaptcha/releases/vjbW55W42X033PfTdVf6Ft4q/recaptcha__en.js IP142.250.74.35:443
Requested byhttps://1wuqas.life/free-money?trid=bai2459008 CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT
File typeJavaScript source, ASCII text, with very long lines (632) Size204 kB (204445 bytes) Hashadd520996e437bff5d081315da187fbf 2e489fe16f3712bf36df00b03a8a5af8fa8d4b42 922b951591d52d44aa7015ebc95cab08192aa435b64f9016673ac5da1124a8b4
GET /recaptcha/releases/vjbW55W42X033PfTdVf6Ft4q/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1wuqas.life
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 204445
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 06 May 2024 16:12:34 GMT
expires: Tue, 06 May 2025 16:12:34 GMT
cache-control: public, max-age=31536000
last-modified: Sun, 05 May 2024 20:00:16 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 369298
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/43277.a3a50c6f3.js | 154.197.121.128 | 200 OK | 4.8 kB |
URL GET HTTP/21win-cdn.com/js/43277.a3a50c6f3.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wuqas.life/free-money?trid=bai2459008 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hashdb5b519fb240baf048b98ac501cab954 810902a9154ffd7b79a862f5cfc907f1e5f42f1f 27690b99886e817353fa7f5ccb65a7547f6f8d7ee2a2c54d834d104872d4df0e
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/43277.a3a50c6f3.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:32 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-5c5"
expires: Mon, 08 May 2034 22:47:32 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 872710
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78b9da7f568b-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| d16q5vvir3f28d.cloudfront.net/raffle-20240411/desktop-active-backgroundImage.png | 143.204.42.78 | 200 OK | 156 kB |
URL GET HTTP/2d16q5vvir3f28d.cloudfront.net/raffle-20240411/desktop-active-backgroundImage.png IP143.204.42.78:443
Requested byhttps://1wuqas.life/free-money?trid=bai2459008 CertificateIssuerAmazon Subject*.cloudfront.net FingerprintFA:21:45:DC:4D:94:03:A3:09:77:51:78:4A:21:F2:C5:6D:94:BE:52 ValidityTue, 10 Oct 2023 00:00:00 GMT - Thu, 19 Sep 2024 23:59:59 GMT
File typePNG image data, 1440 x 1196, 8-bit colormap, non-interlaced Size156 kB (156408 bytes) Hashddfe74759c34bbd380f022175682668f 551b6d63d3bb0b10d2e1f018966b4546ab0cb856 7c8af2ec3a838bcab6e8ba841a37932d308757e624392a439c8b8d16c7cd86d4
GET /raffle-20240411/desktop-active-backgroundImage.png HTTP/1.1
Host: d16q5vvir3f28d.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: image/png
content-length: 156408
date: Fri, 10 May 2024 08:57:55 GMT
last-modified: Thu, 11 Apr 2024 12:20:45 GMT
etag: "ddfe74759c34bbd380f022175682668f"
x-amz-server-side-encryption: AES256
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 dbfaae0db03f11cf713bbcbdb25be4a2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: hpclyY7HANQEzPcw1jbfOmIyPjeZezdMMFJNqtvhOGuys1NMTFhUsQ==
age: 49778
X-Firefox-Spdy: h2
|
|
| d16q5vvir3f28d.cloudfront.net/raffle-20240411/desktop-active-mainImage.png | 143.204.42.78 | 200 OK | 328 kB |
URL GET HTTP/2d16q5vvir3f28d.cloudfront.net/raffle-20240411/desktop-active-mainImage.png IP143.204.42.78:443
Requested byhttps://1wuqas.life/free-money?trid=bai2459008 CertificateIssuerAmazon Subject*.cloudfront.net FingerprintFA:21:45:DC:4D:94:03:A3:09:77:51:78:4A:21:F2:C5:6D:94:BE:52 ValidityTue, 10 Oct 2023 00:00:00 GMT - Thu, 19 Sep 2024 23:59:59 GMT
File typePNG image data, 1504 x 868, 8-bit colormap, non-interlaced Size328 kB (327707 bytes) Hash230e799496795a2d8c0f64d58cce5b7a b1e8f9e61b141dcc0c43cd42e1e9285f4322ef7b 3c628cfdc5dd0b872fb139635840a812c9452cd2e68a33cba1af5b6ac71d52dc
GET /raffle-20240411/desktop-active-mainImage.png HTTP/1.1
Host: d16q5vvir3f28d.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: image/png
content-length: 327707
date: Fri, 10 May 2024 08:57:55 GMT
last-modified: Thu, 11 Apr 2024 12:20:45 GMT
etag: "230e799496795a2d8c0f64d58cce5b7a"
x-amz-server-side-encryption: AES256
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 dbfaae0db03f11cf713bbcbdb25be4a2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: dEPpVVBA9moa-gVOyY0w5p5PAoOe32e4JSOP06_GXkLFWOpOs11AJQ==
age: 49778
X-Firefox-Spdy: h2
|
|
| d16q5vvir3f28d.cloudfront.net/raffle-20240510/timerTexts/desktop/en.png | 143.204.42.78 | 200 OK | 42 kB |
URL GET HTTP/2d16q5vvir3f28d.cloudfront.net/raffle-20240510/timerTexts/desktop/en.png IP143.204.42.78:443
Requested byhttps://1wuqas.life/free-money?trid=bai2459008 CertificateIssuerAmazon Subject*.cloudfront.net FingerprintFA:21:45:DC:4D:94:03:A3:09:77:51:78:4A:21:F2:C5:6D:94:BE:52 ValidityTue, 10 Oct 2023 00:00:00 GMT - Thu, 19 Sep 2024 23:59:59 GMT
File typePNG image data, 1440 x 194, 8-bit colormap, non-interlaced Hash72a3d5e9d49b4a0967fe6d036db26a4e f4af2d244cddd22b4b918def0dc15f4c5130f167 f6fd142c8825894d1719885805c7e59553ed241031c261bbcc7252676abfa314
GET /raffle-20240510/timerTexts/desktop/en.png HTTP/1.1
Host: d16q5vvir3f28d.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: image/png
content-length: 42417
date: Fri, 10 May 2024 22:47:33 GMT
last-modified: Fri, 10 May 2024 12:56:11 GMT
etag: "72a3d5e9d49b4a0967fe6d036db26a4e"
x-amz-server-side-encryption: AES256
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
x-cache: Miss from cloudfront
via: 1.1 dbfaae0db03f11cf713bbcbdb25be4a2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: WrU9snC-6yIpR7SmAxSUyb_WGWuXjw8tmeT39UHeGWoXYUVHrGlgQA==
X-Firefox-Spdy: h2
|
|
| www.googletagmanager.com/gtag/js?id=G-548949LWLW&l=dataLayer&cx=c | 142.250.74.168 | 200 OK | 92 kB |
URL GET HTTP/3www.googletagmanager.com/gtag/js?id=G-548949LWLW&l=dataLayer&cx=c IP142.250.74.168:443
Requested byhttps://1wuqas.life/free-money?trid=bai2459008 CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT
File typeJavaScript source, ASCII text, with very long lines (5955) Hash009f52d8ea6dc9d109fe702b922cee70 13681066cbd5881ddfa26e6d6f9d651598d388e7 248a1d40b8c072cfa9cae94cd2451ace3ef8d6f9850f64617091bc814627216b
GET /gtag/js?id=G-548949LWLW&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 10 May 2024 22:47:32 GMT
expires: Fri, 10 May 2024 22:47:32 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 92212
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| www.googletagmanager.com/gtag/destination?id=DC-12688802&l=dataLayer&cx=c | 142.250.74.168 | 200 OK | 74 kB |
URL GET HTTP/3www.googletagmanager.com/gtag/destination?id=DC-12688802&l=dataLayer&cx=c IP142.250.74.168:443
Requested byhttps://1wuqas.life/free-money?trid=bai2459008 CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT
File typeJavaScript source, ASCII text, with very long lines (1822) Hash5c54b9e314ef2483c03df3f96a423e75 b825a4f63d3f81bceed045479d01c9a279fce09e 38e809a677daa0f911b51277783202b1dc828185eb55c5801c84fd2a60d1c2a7
GET /gtag/destination?id=DC-12688802&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 10 May 2024 22:47:32 GMT
expires: Fri, 10 May 2024 22:47:32 GMT
cache-control: private, max-age=900
last-modified: Fri, 10 May 2024 21:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 74062
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| www.googletagmanager.com/gtag/js?id=AW-16482547739&l=dataLayer&cx=c | 142.250.74.168 | 200 OK | 90 kB |
URL GET HTTP/3www.googletagmanager.com/gtag/js?id=AW-16482547739&l=dataLayer&cx=c IP142.250.74.168:443
Requested byhttps://1wuqas.life/free-money?trid=bai2459008 CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT
File typeJavaScript source, ASCII text, with very long lines (4179) Hash4addf7cac1dccf7a96644794f5642266 4c12819683dab2b8bc472ec5250ddddba35e9a7b 51f0b5fd3090cfed8c481a65d6619b4b2e7b9867818f33230f5a6522b94cb94f
GET /gtag/js?id=AW-16482547739&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 10 May 2024 22:47:32 GMT
expires: Fri, 10 May 2024 22:47:32 GMT
cache-control: private, max-age=900
last-modified: Fri, 10 May 2024 21:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 90352
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| 1win-cdn.com/img/coin.e3b6b94c0-237.png | 154.197.121.128 | 200 OK | 9.1 kB |
URL GET HTTP/21win-cdn.com/img/coin.e3b6b94c0-237.png IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wuqas.life/free-money?trid=bai2459008 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typePNG image data, 237 x 210, 8-bit colormap, non-interlaced Hash9200a5a4c43a62e03cd3808f82c01322 519fad294ebd207bfabc45cb4ed04aeb94466535 c39270ae61e3d5847b0e86c2087440acffa70dca8d5f9e4dcd1796944e45eb78
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/coin.e3b6b94c0-237.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:32 GMT
content-type: image/png
content-length: 9116
cf-bgj: imgq:100,h2pri
cf-polished: origSize=10466
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "663e5971-28e2"
last-modified: Fri, 10 May 2024 17:29:21 GMT
cf-cache-status: HIT
age: 853
expires: Sat, 11 May 2024 02:47:32 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78bc4c19568b-OSL
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/red-border.4f5195c5e-432.png | 154.197.121.128 | 200 OK | 5.1 kB |
URL GET HTTP/21win-cdn.com/img/red-border.4f5195c5e-432.png IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wuqas.life/free-money?trid=bai2459008 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typePNG image data, 432 x 256, 8-bit colormap, non-interlaced Hashb6a7ff52628b712fcd4a4f7b1bf3a10e ce149b100937670ef415bc66d2eff837ee12f297 9542b2421a8e61d7edb340d497941564754a17c4dc575f3118947a71f2eae97e
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/red-border.4f5195c5e-432.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:32 GMT
content-type: image/png
content-length: 5086
cf-bgj: imgq:100,h2pri
cf-polished: origSize=5930
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "663e5971-172a"
last-modified: Fri, 10 May 2024 17:29:21 GMT
cf-cache-status: HIT
age: 853
expires: Sat, 11 May 2024 02:47:32 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78bc4c1b568b-OSL
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/font/Rocketfont-latin.6b82a4379.woff2 | 154.197.121.128 | 200 OK | 6.6 kB |
URL GET HTTP/21win-cdn.com/font/Rocketfont-latin.6b82a4379.woff2 IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wuqas.life/free-money?trid=bai2459008 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 6556, version 1.0 Hashcedd4030414323747e61b4fef382fb93 b1d6b4b9f47c7f2afac940dff4ae5c216ff2092b 84d94f5c4174d7f60d77dd1c8400f3c80d850d006fd75a2f8d152dfe5d373a83
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /font/Rocketfont-latin.6b82a4379.woff2 HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1wuqas.life
DNT: 1
Connection: keep-alive
Referer: https://1win-cdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:32 GMT
content-type: application/octet-stream
content-length: 6556
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: "663bfc40-199c"
expires: Mon, 08 May 2034 22:47:32 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
accept-ranges: bytes
set-cookie: __cf_bm=MPSXuPjuRk41pGFX.eV5ehi4vKlkkwQWEL6KgpVBR7g-1715381252-1.0.1.1-GSLWDonymksTZQJRPNYzJzkCk3U8qiUc_Mk_vCSKtMjoMA537lYdRFmRDMzSc2Kb5VC24YQr1E0ndvbpF4lDTQ; path=/; expires=Fri, 10-May-24 23:17:32 GMT; domain=.1win-cdn.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78bc4f360b41-OSL
X-Firefox-Spdy: h2
|
|
| cdn3.wowza.com/1/Qlh2bVl4UWxkRXph/SHhjRFlz/hls/live/playlist.m3u8 | 151.101.65.33 | 200 OK | 144 B |
URL GET HTTP/2cdn3.wowza.com/1/Qlh2bVl4UWxkRXph/SHhjRFlz/hls/live/playlist.m3u8 IP151.101.65.33:443
Requested byhttps://1wuqas.life/free-money?trid=bai2459008 CertificateIssuerGlobalSign nv-sa Subjectcdn3.wowza.com Fingerprint88:52:5C:71:34:B1:19:86:CF:69:44:58:A6:05:7B:2F:93:54:6A:16 ValidityWed, 06 Mar 2024 19:50:09 GMT - Mon, 07 Apr 2025 19:50:08 GMT
Hash5bf5ca44a76580c2c36e059f0d668b03 166322c1bfd96328fc05993b0a10f69499acb329 ed236359045d86ab8eb15935041b896f8617a90a65dd7f90102329d5e0a2a22a
GET /1/Qlh2bVl4UWxkRXph/SHhjRFlz/hls/live/playlist.m3u8 HTTP/1.1
Host: cdn3.wowza.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1wuqas.life
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-md5: W/XKRKdlgMLDbgWfDWaLAw==
content-type: application/x-mpegURL
opc-request-id: fra-1:kGnk6Nnaq6EFqt-DrVLg3OOa6WGaNEom6mGY4QY2MbY5J5g-ucB-DL1HF6-on61_
x-api-id: s3-compatible
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-methods: POST,PUT,GET,HEAD,DELETE,OPTIONS
access-control-allow-credentials: true
access-control-expose-headers: accept-ranges,access-control-allow-credentials,access-control-allow-methods,access-control-allow-origin,cache-control,content-length,content-md5,content-type,date,etag,last-modified,opc-client-info,opc-request-id,strict-transport-security,x-amz-meta-cache-control,x-amz-meta-surrogate-key,x-amz-request-id,x-amz-version-id,x-api-id,x-content-type-options
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=5
accept-ranges: bytes
date: Fri, 10 May 2024 22:47:32 GMT
age: 5
x-served-by: cache-fra-eddf8230136-FRA, cache-hel1410026-HEL
x-cache: HIT, MISS
x-cache-hits: 18, 0
x-timer: S1715381253.754647,VS0,VE36
vary: Accept-Encoding, Accept-Encoding
access-control-allow-headers: Range
access-control-allow-origin: *
content-length: 144
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/12445.07213f8fb.js | 154.197.121.128 | 200 OK | 2.2 kB |
URL GET HTTP/21win-cdn.com/js/12445.07213f8fb.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wuqas.life/free-money?trid=bai2459008 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hash899bd7c93e74bd4c435e63fcdf0410b3 9bf264be87f239d3a21174d33f7f6f875f4c2ae1 020fd14e37bcb1fc641d5f350957a9c385c9b5277869ef233f47c1b0a8391fb3
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/12445.07213f8fb.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:32 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-15dd"
expires: Mon, 08 May 2034 22:47:32 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 878249
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78bc4c1e568b-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-548949LWLW&cid=1286244795.1715381253>m=45je4580v894728184z8894400803za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3lPl2l1&npa=1&frm=0&z=559616704 | 172.217.21.163 | 200 OK | 42 B |
URL GET HTTP/2www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-548949LWLW&cid=1286244795.1715381253>m=45je4580v894728184z8894400803za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3lPl2l1&npa=1&frm=0&z=559616704 IP172.217.21.163:443
Requested byhttps://1wuqas.life/free-money?trid=bai2459008 CertificateIssuerGoogle Trust Services LLC Subject*.google.no Fingerprint7D:68:6D:B1:32:34:52:51:20:C9:53:FF:B9:B7:8F:7E:05:F9:F5:97 ValidityTue, 16 Apr 2024 04:31:00 GMT - Tue, 09 Jul 2024 04:30:59 GMT
File typeGIF image data, version 89a, 1 x 1 Hashd89746888da2d9510b64a9f031eaecd5 d5fceb6532643d0d84ffe09c40c481ecdf59e15a ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-548949LWLW&cid=1286244795.1715381253>m=45je4580v894728184z8894400803za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3lPl2l1&npa=1&frm=0&z=559616704 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 10 May 2024 22:47:32 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| cdn3.wowza.com/1/Qlh2bVl4UWxkRXph/SHhjRFlz/hls/8njgqvzv/1080/0045fzvi/media_19107.ts | 151.101.65.33 | 200 OK | 5.5 MB |
URL GET HTTP/2cdn3.wowza.com/1/Qlh2bVl4UWxkRXph/SHhjRFlz/hls/8njgqvzv/1080/0045fzvi/media_19107.ts IP151.101.65.33:443
Requested byhttps://1wuqas.life/free-money?trid=bai2459008 CertificateIssuerGlobalSign nv-sa Subjectcdn3.wowza.com Fingerprint88:52:5C:71:34:B1:19:86:CF:69:44:58:A6:05:7B:2F:93:54:6A:16 ValidityWed, 06 Mar 2024 19:50:09 GMT - Mon, 07 Apr 2025 19:50:08 GMT
File typeMPEG transport stream data Size5.5 MB (5492044 bytes) Hash3717baacddd6b52906e6c0440dbae9ac 084a1954462ad6cd6e32413902526fe5985386ce 026b091cb472c20d9a8e22aa0650217f1033591ee9172adc23527f9b44aff785
GET /1/Qlh2bVl4UWxkRXph/SHhjRFlz/hls/8njgqvzv/1080/0045fzvi/media_19107.ts HTTP/1.1
Host: cdn3.wowza.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1wuqas.life
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-md5: Nxe6rN3WtSkG5sBEDbrprA==
content-type: video/MP2T
opc-request-id: fra-1:UaT7KgmjH8GLBBquPQmiGDuAYHyqc4rdMxgXzKyjMGjqJEkIucULuPTK08ta0EN4
x-api-id: s3-compatible
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-methods: POST,PUT,GET,HEAD,DELETE,OPTIONS
access-control-allow-credentials: true
access-control-expose-headers: accept-ranges,access-control-allow-credentials,access-control-allow-methods,access-control-allow-origin,cache-control,content-length,content-md5,content-type,date,etag,last-modified,opc-client-info,opc-request-id,strict-transport-security,x-amz-meta-cache-control,x-amz-meta-surrogate-key,x-amz-request-id,x-amz-version-id,x-api-id,x-content-type-options
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=86400
accept-ranges: bytes
date: Fri, 10 May 2024 22:47:32 GMT
age: 29
x-served-by: cache-fra-eddf8230092-FRA, cache-hel1410026-HEL
x-cache: HIT, HIT
x-cache-hits: 15, 2
x-timer: S1715381253.918402,VS0,VE2
vary: Accept-Encoding, Accept-Encoding
access-control-allow-headers: Range
access-control-allow-origin: *
content-length: 5492044
X-Firefox-Spdy: h2
|
|
| region1.analytics.google.com/g/collect?v=2&tid=G-548949LWLW>m=45je4580v894728184z8894400803za200&_p=1715381251210&_gaz=1&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=1286244795.1715381253&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&_s=1&dp=%2Ffree-money&sid=1715381252&sct=1&seg=0&dl=https%3A%2F%2F1wuqas.life%2Ffree-money%3Ftrid%3Dbai2459008&dr=https%3A%2F%2Fwinbr.xyz%2F&dt=1win&en=page_view&_fv=1&_nsi=1&_ss=1&ep.page_url=https%3A%2F%2F1wuqas.life%2Ffree-money%3Ftrid%3Dbai2459008&up.UserID=&up.platform_language=en&up.device_type=desktop&up.platform=web&up.os=other&tfd=2748 | 216.239.34.36 | 204 No Content | 0 B |
URL POST HTTP/2region1.analytics.google.com/g/collect?v=2&tid=G-548949LWLW>m=45je4580v894728184z8894400803za200&_p=1715381251210&_gaz=1&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=1286244795.1715381253&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&_s=1&dp=%2Ffree-money&sid=1715381252&sct=1&seg=0&dl=https%3A%2F%2F1wuqas.life%2Ffree-money%3Ftrid%3Dbai2459008&dr=https%3A%2F%2Fwinbr.xyz%2F&dt=1win&en=page_view&_fv=1&_nsi=1&_ss=1&ep.page_url=https%3A%2F%2F1wuqas.life%2Ffree-money%3Ftrid%3Dbai2459008&up.UserID=&up.platform_language=en&up.device_type=desktop&up.platform=web&up.os=other&tfd=2748 IP216.239.34.36:443
Requested byhttps://1wuqas.life/free-money?trid=bai2459008 CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-548949LWLW>m=45je4580v894728184z8894400803za200&_p=1715381251210&_gaz=1&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=1286244795.1715381253&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&_s=1&dp=%2Ffree-money&sid=1715381252&sct=1&seg=0&dl=https%3A%2F%2F1wuqas.life%2Ffree-money%3Ftrid%3Dbai2459008&dr=https%3A%2F%2Fwinbr.xyz%2F&dt=1win&en=page_view&_fv=1&_nsi=1&_ss=1&ep.page_url=https%3A%2F%2F1wuqas.life%2Ffree-money%3Ftrid%3Dbai2459008&up.UserID=&up.platform_language=en&up.device_type=desktop&up.platform=web&up.os=other&tfd=2748 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1wuqas.life
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: https://1wuqas.life
date: Fri, 10 May 2024 22:47:33 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/play-bold-rounded.afd7a5344.svg | 154.197.121.128 | 200 OK | 5.3 MB |
URL GET HTTP/21win-cdn.com/img/play-bold-rounded.afd7a5344.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wuqas.life/free-money?trid=bai2459008 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Size5.3 MB (5297555 bytes) Hashddf1b6b5ea9ebad7f6d7c2a2a013e9d0 b0116e8f9861a27a8a4ee2ed7dbdb51399f5a3a6 e66e45d800daa17ec0d3236bec7b98229cf10b6b8d45e8e797be4f10c7b46b9a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/play-bold-rounded.afd7a5344.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1win-cdn.com/css/86478.fa9af76aa.css
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:33 GMT
content-type: image/svg+xml
last-modified: Fri, 10 May 2024 17:29:21 GMT
etag: W/"663e5971-1a2"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6882
expires: Sat, 11 May 2024 02:47:33 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78c19fb2568b-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| cdn3.wowza.com/1/Qlh2bVl4UWxkRXph/SHhjRFlz/hls/8njgqvzv/1080/0045fzvi/media_19109.ts | 151.101.65.33 | 200 OK | 5.3 MB |
URL GET HTTP/2cdn3.wowza.com/1/Qlh2bVl4UWxkRXph/SHhjRFlz/hls/8njgqvzv/1080/0045fzvi/media_19109.ts IP151.101.65.33:443
Requested byhttps://1wuqas.life/free-money?trid=bai2459008 CertificateIssuerGlobalSign nv-sa Subjectcdn3.wowza.com Fingerprint88:52:5C:71:34:B1:19:86:CF:69:44:58:A6:05:7B:2F:93:54:6A:16 ValidityWed, 06 Mar 2024 19:50:09 GMT - Mon, 07 Apr 2025 19:50:08 GMT
File typeMPEG transport stream data Size5.3 MB (5305548 bytes) Hash95082e084e52f57037e3c989c2461f7d 5fa5896b3bca9f10cd76962f2896508b70e8a100 cb88876ddbaae90a693196e8ba15b5b872acf8bd8ab2301e77402d655f022380
GET /1/Qlh2bVl4UWxkRXph/SHhjRFlz/hls/8njgqvzv/1080/0045fzvi/media_19109.ts HTTP/1.1
Host: cdn3.wowza.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1wuqas.life
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-md5: lQguCE5S9XA348mJwkYffQ==
content-type: video/MP2T
opc-request-id: fra-1:vsBoJBGDhGNBwQ8CISODnCahKxyP4SDLK0mgi3A9IHd8--5SSp37v3Pjm0QPKyIM
x-api-id: s3-compatible
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-methods: POST,PUT,GET,HEAD,DELETE,OPTIONS
access-control-allow-credentials: true
access-control-expose-headers: accept-ranges,access-control-allow-credentials,access-control-allow-methods,access-control-allow-origin,cache-control,content-length,content-md5,content-type,date,etag,last-modified,opc-client-info,opc-request-id,strict-transport-security,x-amz-meta-cache-control,x-amz-meta-surrogate-key,x-amz-request-id,x-amz-version-id,x-api-id,x-content-type-options
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=86400
accept-ranges: bytes
age: 10
date: Fri, 10 May 2024 22:47:34 GMT
x-served-by: cache-fra-etou8220147-FRA, cache-hel1410026-HEL
x-cache: HIT, MISS
x-cache-hits: 33, 0
x-timer: S1715381254.173326,VS0,VE163
vary: Accept-Encoding, Accept-Encoding
access-control-allow-headers: Range
access-control-allow-origin: *
content-length: 5305548
X-Firefox-Spdy: h2
|
|
| region1.analytics.google.com/g/collect?v=2&tid=G-548949LWLW>m=45je4580v894728184z8894400803za200&_p=1715381251210&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=1286244795.1715381253&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&_s=2&dp=%2Ffree-money&sid=1715381252&sct=1&seg=0&dl=https%3A%2F%2F1wuqas.life%2Ffree-money%3Ftrid%3Dbai2459008&dr=https%3A%2F%2Fwinbr.xyz%2F&dt=1win&en=bets_page_banner_view&ep.page_url=https%3A%2F%2F1wuqas.life%2Ffree-money%3Ftrid%3Dbai2459008&ep.device_type=desktop&ep.platform=web&ep.os=other&ep.domain=1wuqas.life&tfd=7761 | 216.239.34.36 | 204 No Content | 0 B |
URL POST HTTP/3region1.analytics.google.com/g/collect?v=2&tid=G-548949LWLW>m=45je4580v894728184z8894400803za200&_p=1715381251210&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=1286244795.1715381253&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&_s=2&dp=%2Ffree-money&sid=1715381252&sct=1&seg=0&dl=https%3A%2F%2F1wuqas.life%2Ffree-money%3Ftrid%3Dbai2459008&dr=https%3A%2F%2Fwinbr.xyz%2F&dt=1win&en=bets_page_banner_view&ep.page_url=https%3A%2F%2F1wuqas.life%2Ffree-money%3Ftrid%3Dbai2459008&ep.device_type=desktop&ep.platform=web&ep.os=other&ep.domain=1wuqas.life&tfd=7761 IP216.239.34.36:443
Requested byhttps://1wuqas.life/free-money?trid=bai2459008 CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-548949LWLW>m=45je4580v894728184z8894400803za200&_p=1715381251210&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=1286244795.1715381253&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&_s=2&dp=%2Ffree-money&sid=1715381252&sct=1&seg=0&dl=https%3A%2F%2F1wuqas.life%2Ffree-money%3Ftrid%3Dbai2459008&dr=https%3A%2F%2Fwinbr.xyz%2F&dt=1win&en=bets_page_banner_view&ep.page_url=https%3A%2F%2F1wuqas.life%2Ffree-money%3Ftrid%3Dbai2459008&ep.device_type=desktop&ep.platform=web&ep.os=other&ep.domain=1wuqas.life&tfd=7761 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1wuqas.life
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/3 204 No Content
access-control-allow-origin: https://1wuqas.life
date: Fri, 10 May 2024 22:47:38 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| 1win-cdn.com/img/speed-and-cash.dffacd6c5.svg | 154.197.121.128 | 200 OK | 24 kB |
URL GET HTTP/21win-cdn.com/img/speed-and-cash.dffacd6c5.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wuqas.life/free-money?trid=bai2459008 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash3c62bcde419e822cfa55d45a05fa112d 77631a7cbc25e1d4567b72cc5b8c4acb43c7eb38 feb59050cb394075bb3efee348121151a8a214d673e69b1a3b8021e85a46c5f0
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/speed-and-cash.dffacd6c5.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:31 GMT
content-type: image/svg+xml
last-modified: Fri, 10 May 2024 17:29:21 GMT
etag: W/"663e5971-5bb7"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 3946
expires: Sat, 11 May 2024 02:47:31 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78b57f9f568b-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/gift.e00021fcd-733.png | 154.197.121.128 | 200 OK | 57 kB |
URL GET HTTP/21win-cdn.com/img/gift.e00021fcd-733.png IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wuqas.life/free-money?trid=bai2459008 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typePNG image data, 733 x 733, 8-bit colormap, non-interlaced Hasha3f93aac7449fb377796205057ada73c 2db1db06007c50f36efb8401ba9d3817df53ce36 03ff1463ed73dbf21608b14aa7fe498ddfb4284a71fd5aa36eb2d6641fa8a700
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/gift.e00021fcd-733.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1win-cdn.com/css/86478.fa9af76aa.css
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:31 GMT
content-type: image/png
content-length: 57353
cf-bgj: imgq:100,h2pri
cf-polished: origSize=61878
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "663e5971-f1b6"
last-modified: Fri, 10 May 2024 17:29:21 GMT
cf-cache-status: HIT
age: 3096
expires: Sat, 11 May 2024 02:47:31 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78b758cf568b-OSL
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/64581.55445f689.js | 154.197.121.128 | 200 OK | 847 B |
URL GET HTTP/21win-cdn.com/js/64581.55445f689.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wuqas.life/free-money?trid=bai2459008 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (899), with no line terminators Hash8136c6ec98a787f93fc59e7f48620c1c df9b86cab968429c1a2b9115fa0f173a03e2b6e4 d0d44d5d3b404eaedbd8f17209371d2adc0eb5d4c3919318a80b12b28608e1c5
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/64581.55445f689.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:32 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-34f"
expires: Mon, 08 May 2034 22:47:32 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 872710
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78bc4c1d568b-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/8726.6a357273b.js | 154.197.121.128 | 200 OK | 664 B |
URL GET HTTP/21win-cdn.com/js/8726.6a357273b.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wuqas.life/free-money?trid=bai2459008 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (682), with no line terminators Hash2e216c1b879ec285c8c32567174c9af4 e1e1af06fe2299d4a230eb5467395ef6bf3354cc 2e286b2372f85cadaa903f3189b912a18def9e9c561f6b4121af91682164cca2
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/8726.6a357273b.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:31 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-298"
expires: Mon, 08 May 2034 22:47:31 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 878895
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78b6682d568b-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/backgroundIcon1.38edc7251-282.png | 154.197.121.128 | 200 OK | 16 kB |
URL GET HTTP/21win-cdn.com/img/backgroundIcon1.38edc7251-282.png IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wuqas.life/free-money?trid=bai2459008 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typePNG image data, 282 x 375, 8-bit colormap, non-interlaced Hash5c970955cb4c618075557732ded02142 64db803ade273b29fad7824aa265f915a50daa09 9104baa30e74ab2ad6f9917e6acb8235e4e1bad87f34dad87ed1210474734e27
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/backgroundIcon1.38edc7251-282.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1win-cdn.com/css/86478.fa9af76aa.css
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:31 GMT
content-type: image/png
content-length: 15829
cf-bgj: imgq:100,h2pri
cf-polished: origSize=19089
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "663e5971-4a91"
last-modified: Fri, 10 May 2024 17:29:21 GMT
cf-cache-status: HIT
age: 3096
expires: Sat, 11 May 2024 02:47:31 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78b78907568b-OSL
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/android.9ab2f3011.svg | 154.197.121.128 | 200 OK | 1.1 kB |
URL GET HTTP/21win-cdn.com/img/android.9ab2f3011.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wuqas.life/free-money?trid=bai2459008 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash6c8e2b3d88518ea8679d2009cffc3f2c 82e074a0c448d7b0adbc8b03e950120b3cc92c64 037c23137aaf34b6b8f208da8e20932e6bad327209ef219f5043edadaf489227
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/android.9ab2f3011.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:31 GMT
content-type: image/svg+xml
last-modified: Fri, 10 May 2024 17:29:21 GMT
etag: W/"663e5971-427"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Sat, 11 May 2024 02:47:31 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78b70898568b-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/phones.2d1888519-1286.png | 154.197.121.128 | 200 OK | 137 kB |
URL GET HTTP/21win-cdn.com/img/phones.2d1888519-1286.png IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wuqas.life/free-money?trid=bai2459008 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typePNG image data, 1286 x 1046, 8-bit colormap, non-interlaced Size137 kB (136702 bytes) Hash7992ccb22f1542fb25f6737f77be9317 424086b1ee829a12a53d1daf021eba9519317537 6c5bc91d7e82c8684a308d6518c4f329849e39a499f5f0ef49f9d5cee546090d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/phones.2d1888519-1286.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1win-cdn.com/css/86478.fa9af76aa.css
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:31 GMT
content-type: image/png
content-length: 136702
cf-bgj: imgq:100,h2pri
cf-polished: origSize=152419
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "663e5971-25363"
last-modified: Fri, 10 May 2024 17:29:21 GMT
cf-cache-status: HIT
age: 3096
expires: Sat, 11 May 2024 02:47:31 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78b7a921568b-OSL
X-Firefox-Spdy: h2
|
|
| 1wuqas.life/firebase/8.1.1/firebase-app.js | 190.115.24.78 | 200 OK | 20 kB |
URL GET HTTP/21wuqas.life/firebase/8.1.1/firebase-app.js IP190.115.24.78:443
Requested byhttps://1wuqas.life/free-money?trid=bai2459008 CertificateIssuerLet's Encrypt Subject1wuqas.life Fingerprint01:05:C3:32:4E:7E:9E:72:BC:3B:0B:3A:CA:D2:57:3D:BC:6D:B5:4B ValidityTue, 23 Apr 2024 13:01:25 GMT - Mon, 22 Jul 2024 13:01:24 GMT
File typeJavaScript source, ASCII text, with very long lines (19927) Hash5b9dcee25dd464bbf914b48e05e770c7 3f4e99ad6ce1fb6eb6be51dbd50ffab375eb0533 01a87f9f8138f66274cfedb855c0bfbe1529600a65ed26b0c863533e1e94abce
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /firebase/8.1.1/firebase-app.js HTTP/1.1
Host: 1wuqas.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/free-money?trid=bai2459008
Cookie: __ddg1_=wyTIZ1V7LISDvKhmubWl; visit_domain=1wuqas.life; core-sticky=http://10.233.84.5:80; 1w_lang=en; 1w_locale=1; AMP_494cccfe21=JTdCJTIyZGV2aWNlSWQlMjIlM0ElMjI1NjQyYTIzYy02NTlmLTRiZjQtYjdiNC04MTI2OWM1NGZkNGYlMjIlMkMlMjJzZXNzaW9uSWQlMjIlM0ExNzE1MzgxMjUwOTU4JTJDJTIyb3B0T3V0JTIyJTNBZmFsc2UlMkMlMjJsYXN0RXZlbnRUaW1lJTIyJTNBMTcxNTM4MTI1MDk5NiUyQyUyMmxhc3RFdmVudElkJTIyJTNBMCU3RA==; AMP_MKTG_494cccfe21=JTdCJTIycmVmZXJyZXIlMjIlM0ElMjJodHRwcyUzQSUyRiUyRndpbmJyLnh5eiUyRiUyMiUyQyUyMnJlZmVycmluZ19kb21haW4lMjIlM0ElMjJ3aW5ici54eXolMjIlN0Q=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: ddos-guard
date: Thu, 09 May 2024 20:05:49 GMT
content-type: application/javascript
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: W/"663bfc40-4ded"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: ALLOW-FROM ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan, ALLOW-FROM 1win-partner.com ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan
content-encoding: br
vary: Accept-Encoding
age: 96102
content-length: 6578
ddg-cache-status: HIT
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/16633.019e17a29.js | 154.197.121.128 | 200 OK | 1.1 kB |
URL GET HTTP/21win-cdn.com/js/16633.019e17a29.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wuqas.life/free-money?trid=bai2459008 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (1136), with no line terminators Hash670d33b699884be77ea10656635a89bb 1f0831c983ebaf1f715650aaca4ff3e5464bff1e c9578dfefa7c7a2a6abf8db0b0fb163c7fdc78cc2e8da969f310002847f29804
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/16633.019e17a29.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:31 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-44c"
expires: Mon, 08 May 2034 22:47:31 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 188972
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78b6280a568b-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/bear.a11bc64c8-968.png | 154.197.121.128 | 200 OK | 110 kB |
URL GET HTTP/21win-cdn.com/img/bear.a11bc64c8-968.png IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wuqas.life/free-money?trid=bai2459008 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typePNG image data, 968 x 1143, 8-bit colormap, non-interlaced Size110 kB (110022 bytes) Hash6af44a2e860e05535e4c378661a0cdb8 33df0b4f2e813dc6dd50709d09e6d2f496b36581 e7b703632b781af71f23c74340367111db0452cd666189bb843858c1325ad941
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/bear.a11bc64c8-968.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1win-cdn.com/css/86478.fa9af76aa.css
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:31 GMT
content-type: image/png
content-length: 110022
cf-bgj: imgq:100,h2pri
cf-polished: origSize=127126
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "663e5971-1f096"
last-modified: Fri, 10 May 2024 17:29:21 GMT
cf-cache-status: HIT
age: 3096
expires: Sat, 11 May 2024 02:47:31 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78b758d3568b-OSL
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/chunk-common.1cc012ae5.js | 154.197.121.128 | 200 OK | 192 kB |
URL GET HTTP/21win-cdn.com/js/chunk-common.1cc012ae5.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wuqas.life/free-money?trid=bai2459008 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Size192 kB (191566 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/chunk-common.1cc012ae5.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:30 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: W/"663bfc40-2ec4e"
expires: Mon, 08 May 2034 22:47:30 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 173741
set-cookie: __cf_bm=p2Uuq2y2UgR5xEKvxMRXoFGgqLpB7lmiwujDbtHx0Wg-1715381250-1.0.1.1-XBOmbkWuIuYBM4oro7GssEO6ce1BWq40ZfAiT0uXDvVzjSyGAHHRifcFnkjL9glBbwmvjN.uWKho0FRDy0_UwQ; path=/; expires=Fri, 10-May-24 23:17:30 GMT; domain=.1win-cdn.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78af6b37568b-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| www.googletagmanager.com/gtm.js?id=GTM-KGKQDC7 | 142.250.74.168 | 200 OK | 379 kB |
URL GET HTTP/2www.googletagmanager.com/gtm.js?id=GTM-KGKQDC7 IP142.250.74.168:443
Requested byhttps://1wuqas.life/free-money?trid=bai2459008 CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT
Size379 kB (378751 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /gtm.js?id=GTM-KGKQDC7 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 10 May 2024 22:47:31 GMT
expires: Fri, 10 May 2024 22:47:31 GMT
cache-control: private, max-age=900
last-modified: Fri, 10 May 2024 21:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 110442
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/92592.83aecf04f.js | 154.197.121.128 | 200 OK | 25 kB |
URL GET HTTP/21win-cdn.com/js/92592.83aecf04f.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wuqas.life/free-money?trid=bai2459008 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeJavaScript source, ASCII text, with very long lines (25102), with no line terminators Hashb3673cf530ac125607635c8ecdb4cc4e 33e3f1abfc43ae593645f12805758bbb4e937815 8ae56e575e7be7b4d38538dc287c5005fd8897d56ab3a2ae504a74bbd9652bd6
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/92592.83aecf04f.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:31 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-620e"
expires: Mon, 08 May 2034 22:47:31 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 217903
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78b6280e568b-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/ios.9fc5ab9b1.svg | 154.197.121.128 | 200 OK | 1.2 kB |
URL GET HTTP/21win-cdn.com/img/ios.9fc5ab9b1.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wuqas.life/free-money?trid=bai2459008 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash6c099d7368ce3f0652dee56d15d6425f 6cc181a44b4b4e3a7b76ed652929c30f227826dd 5baffbd3e4ff499bd80919a54319527ba1655a9ab5de31ff37b4335be6bd858b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/ios.9fc5ab9b1.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:31 GMT
content-type: image/svg+xml
last-modified: Fri, 10 May 2024 17:29:21 GMT
etag: W/"663e5971-4b0"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 3438
expires: Sat, 11 May 2024 02:47:31 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78b70897568b-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| d16q5vvir3f28d.cloudfront.net/raffle-20240411/headerLink.png | 143.204.42.78 | 200 OK | 3.9 kB |
URL GET HTTP/2d16q5vvir3f28d.cloudfront.net/raffle-20240411/headerLink.png IP143.204.42.78:443
Requested byhttps://1wuqas.life/free-money?trid=bai2459008 CertificateIssuerAmazon Subject*.cloudfront.net FingerprintFA:21:45:DC:4D:94:03:A3:09:77:51:78:4A:21:F2:C5:6D:94:BE:52 ValidityTue, 10 Oct 2023 00:00:00 GMT - Thu, 19 Sep 2024 23:59:59 GMT
File typePNG image data, 124 x 48, 8-bit colormap, non-interlaced Hash3219393f1efd01cf2db20820dff57cf2 ebdbcf916084a0d5a70680021d269680e9f41d41 8bb1195fc7bb92abd77f1a9bb21ce32e20e509d25d3aef4c412b50c8fae6ec06
GET /raffle-20240411/headerLink.png HTTP/1.1
Host: d16q5vvir3f28d.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: image/png
content-length: 3884
date: Fri, 10 May 2024 03:33:37 GMT
last-modified: Thu, 11 Apr 2024 12:20:45 GMT
etag: "3219393f1efd01cf2db20820dff57cf2"
x-amz-server-side-encryption: AES256
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 dbfaae0db03f11cf713bbcbdb25be4a2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: 6aWHjYKU8c0oFznARpULogosOkFJ3Hcxm8c65ghLK9FlXKBtKo__WQ==
age: 69236
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/91217.fc8dbcaea.js | 154.197.121.128 | 200 OK | 828 B |
URL GET HTTP/21win-cdn.com/js/91217.fc8dbcaea.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wuqas.life/free-money?trid=bai2459008 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (846), with no line terminators Hash873b0a1f00b7e367ac6843a8b9e80deb b9333e21da514f326abf81822702b8897c39fb48 647917f9f3afebc3e96f7512bdfa2faf4e3b02948b908fedc205a18a5aa4c76c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/91217.fc8dbcaea.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:31 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-33c"
expires: Mon, 08 May 2034 22:47:31 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 872473
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78b4ef01568b-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/86359.48c462178.js | 154.197.121.128 | 200 OK | 634 B |
URL GET HTTP/21win-cdn.com/js/86359.48c462178.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wuqas.life/free-money?trid=bai2459008 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (654), with no line terminators Hash33a83c5ac34b557d3037a52c8dead1fe 6bd3202d3720d8c86a84a63f1975b5d53d044ef9 7eb34e53490cdfe14b7d40ae44b2bf4e92d10e204114c1bf5352f6a66c587b8b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/86359.48c462178.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:31 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-27a"
expires: Mon, 08 May 2034 22:47:31 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 872473
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78b50f1a568b-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/31310.c605a9b9f.js | 154.197.121.128 | 200 OK | 528 B |
URL GET HTTP/21win-cdn.com/js/31310.c605a9b9f.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wuqas.life/free-money?trid=bai2459008 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (546), with no line terminators Hash819ea0d23f76434d7cf7bdad5c0dc71f 06f5a3c6cd80db3f5850633d2f868f55e7e92447 3fc29ff364ab40aadf6f25a1d6423b9d333cfecf786e3cfcc04175850357eedb
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/31310.c605a9b9f.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:31 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-210"
expires: Mon, 08 May 2034 22:47:31 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 886085
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78b55f81568b-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win.direct/v4/socket.io/?Language=en&xorigin=1wuqas.life&EIO=4&transport=websocket | 134.122.54.186 | 101 Switching Protocols | 0 B |
URL GET HTTP/1.11win.direct/v4/socket.io/?Language=en&xorigin=1wuqas.life&EIO=4&transport=websocket IP134.122.54.186:443 ASN#14061 DIGITALOCEAN-ASN
Requested byhttps://1wuqas.life/free-money?trid=bai2459008 CertificateIssuerLet's Encrypt Subject*.1win.direct Fingerprint52:A8:ED:F5:F8:3D:CF:F0:55:C1:2A:96:EA:32:49:27:6C:D8:26:27 ValiditySun, 17 Mar 2024 06:46:18 GMT - Sat, 15 Jun 2024 06:46:17 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /v4/socket.io/?Language=en&xorigin=1wuqas.life&EIO=4&transport=websocket HTTP/1.1
Host: 1win.direct
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://1wuqas.life
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: Abcpq4qxqkO0uG97zMfUOQ==
DNT: 1
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Sec-Websocket-Accept: y40bwq7JJt41Gk66aKiHTf+6HbU=
Sec-Websocket-Extensions: permessage-deflate
Set-Cookie: core-sticky=a89ed6e2ee589f2b; Path=/; HttpOnly
Upgrade: websocket
|
|
| 1win-cdn.com/img/aviator-game-logo.2fb50dc03.svg | 154.197.121.128 | 200 OK | 3.1 kB |
URL GET HTTP/21win-cdn.com/img/aviator-game-logo.2fb50dc03.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wuqas.life/free-money?trid=bai2459008 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hashced188fd368f5c8439ebd4398c9c9315 3b04cd5dfecda2e4b27b203dba4a6cef1b7890ea 82811dea95287317cc83610df97a7bc61db4783bd43ef75c8131c497f7868ef6
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/aviator-game-logo.2fb50dc03.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:31 GMT
content-type: image/svg+xml
last-modified: Fri, 10 May 2024 17:29:21 GMT
etag: W/"663e5971-bfa"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 3946
expires: Sat, 11 May 2024 02:47:31 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78b57fa2568b-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/chunk-vendors.84f8d8042.js | 154.197.121.128 | 200 OK | 244 kB |
URL GET HTTP/21win-cdn.com/js/chunk-vendors.84f8d8042.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wuqas.life/free-money?trid=bai2459008 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeJavaScript source, ASCII text, with very long lines (36138) Size244 kB (244530 bytes) Hashbf6401b0dfe9edb44c1316084aec2571 f8be08eb40e34c5fc52836f090309c15946a5246 d40dcf0986210c131bef533a944dc9ca304425090c57c650b590409aa1162c47
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/chunk-vendors.84f8d8042.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:30 GMT
content-type: application/javascript; charset=utf-8
last-modified: Thu, 25 Apr 2024 11:30:31 GMT
etag: W/"662a3ed7-3bb32"
expires: Mon, 08 May 2034 22:47:30 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 873303
set-cookie: __cf_bm=_mDhubdc_tG4EEUxFEoalLeghBj.lkxMX6LvBehdVsE-1715381250-1.0.1.1-8hTsZziMi1wBOr18ONO.ch24zEDSAk7YmM7zlb8_mT6gyD6L_ALTDjhcXz3je6oQKHV_OyN3sS1ht1b__STSGg; path=/; expires=Fri, 10-May-24 23:17:30 GMT; domain=.1win-cdn.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78af6b3e568b-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/28852.501b5fba6.js | 154.197.121.128 | 200 OK | 906 B |
URL GET HTTP/21win-cdn.com/js/28852.501b5fba6.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wuqas.life/free-money?trid=bai2459008 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (924), with no line terminators Hashf97751384d582a6e650b35ebe9d32479 e545afff49a2a354c28392833508fd88ebaa4875 1df0101a9f183c7133c49e126c64e4820760e5ab7d99895d0ee7e6d514810b9b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/28852.501b5fba6.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:31 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-38a"
expires: Mon, 08 May 2034 22:47:31 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 878895
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78b53f5e568b-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/94489.2c0cf52a2.js | 154.197.121.128 | 200 OK | 1.8 kB |
URL GET HTTP/21win-cdn.com/js/94489.2c0cf52a2.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wuqas.life/free-money?trid=bai2459008 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (1795), with no line terminators Hashf2f8f684268ff94e448fc5a55e9eafd9 b991ecdde85ec3ed2c2397c4a1abbe9d4c9b1f84 45431897a45767410663bbe633f762af9ff1e7d720af5ef8b65cfb30f4e5b983
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/94489.2c0cf52a2.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:31 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-6d7"
expires: Mon, 08 May 2034 22:47:31 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 872709
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78b6280d568b-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/icons-pack-payment-full.c748a9e6d.js | 154.197.121.128 | 200 OK | 121 kB |
URL GET HTTP/21win-cdn.com/js/icons-pack-payment-full.c748a9e6d.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wuqas.life/free-money?trid=bai2459008 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size121 kB (121043 bytes) Hash3db61399d0d4c57b17b5a337d59e3f0e 9312e9b832f7c0cc755c7c8b867986babdac8628 876516cc68bca8bef6cc55a91e8f13c040dfd4d63be038326fcc515eb22ad026
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/icons-pack-payment-full.c748a9e6d.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:31 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-1d8d3"
expires: Mon, 08 May 2034 22:47:31 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 883221
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78b6b869568b-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/backgroundIcon2.30061cfe8-230.png | 154.197.121.128 | 200 OK | 12 kB |
URL GET HTTP/21win-cdn.com/img/backgroundIcon2.30061cfe8-230.png IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wuqas.life/free-money?trid=bai2459008 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typePNG image data, 230 x 222, 8-bit colormap, non-interlaced Hashb8b7fa5d9ec4f40728fbeb90c8ac65f6 fb027610c5a60b8d548e9940335f26fd2940140a 4f5fe3198d660cb56094ad843685761391bf0f089c376791d83a0468359d4e7c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/backgroundIcon2.30061cfe8-230.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1win-cdn.com/css/86478.fa9af76aa.css
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:31 GMT
content-type: image/png
content-length: 12408
cf-bgj: imgq:100,h2pri
cf-polished: origSize=15396
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "663e5971-3c24"
last-modified: Fri, 10 May 2024 17:29:21 GMT
cf-cache-status: HIT
age: 3096
expires: Sat, 11 May 2024 02:47:31 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78b78908568b-OSL
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/css/21758.dae54c10d.css | 154.197.121.128 | 200 OK | 31 kB |
URL GET HTTP/21win-cdn.com/css/21758.dae54c10d.css IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wuqas.life/free-money?trid=bai2459008 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeASCII text, with very long lines (31262) Hash042184ca7fa3adf2a29c3de64253e215 321e3142ce096f24515bf9c5699fda45dcc5e76c 672247ee69b11db439dc0db48c1b8115542d13a4c9c2f23af0a0433b453adc7a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /css/21758.dae54c10d.css HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:30 GMT
content-type: text/css
last-modified: Mon, 06 May 2024 12:32:27 GMT
etag: W/"6638cddb-7a1f"
expires: Mon, 08 May 2034 22:47:30 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 381652
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78b14cb4568b-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/21758.bc752219e.js | 154.197.121.128 | 200 OK | 415 kB |
URL GET HTTP/21win-cdn.com/js/21758.bc752219e.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wuqas.life/free-money?trid=bai2459008 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Size415 kB (415134 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/21758.bc752219e.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:30 GMT
content-type: application/javascript; charset=utf-8
last-modified: Fri, 10 May 2024 17:29:21 GMT
etag: W/"663e5971-6559e"
expires: Mon, 08 May 2034 22:47:30 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 18787
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78b14cb5568b-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| d16q5vvir3f28d.cloudfront.net/raffle-20240411/texts/desktopActive/en.svg | 143.204.42.78 | 200 OK | 18 kB |
URL GET HTTP/2d16q5vvir3f28d.cloudfront.net/raffle-20240411/texts/desktopActive/en.svg IP143.204.42.78:443
Requested byhttps://1wuqas.life/free-money?trid=bai2459008 CertificateIssuerAmazon Subject*.cloudfront.net FingerprintFA:21:45:DC:4D:94:03:A3:09:77:51:78:4A:21:F2:C5:6D:94:BE:52 ValidityTue, 10 Oct 2023 00:00:00 GMT - Thu, 19 Sep 2024 23:59:59 GMT
File typeSVG Scalable Vector Graphics image Hash1be4fa214e66db9f8cea123bbfc71115 ea8177bc2d395d1010b215e349f307d09879bf23 43c8fb3a6ead3a6d3690a706329b111816714bd76b0506d34e372357d63fb475
GET /raffle-20240411/texts/desktopActive/en.svg HTTP/1.1
Host: d16q5vvir3f28d.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: image/svg+xml
date: Fri, 10 May 2024 22:47:33 GMT
last-modified: Thu, 11 Apr 2024 12:20:47 GMT
etag: W/"1be4fa214e66db9f8cea123bbfc71115"
x-amz-server-side-encryption: AES256
x-amz-version-id: null
server: AmazonS3
content-encoding: br
vary: Accept-Encoding
x-cache: Miss from cloudfront
via: 1.1 dbfaae0db03f11cf713bbcbdb25be4a2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: fhXllP3uWB8DJQSliyZ7vzqMCGQMdyt-KCj1L12bhzCh75hzGDQiRg==
X-Firefox-Spdy: h2
|
|
| 1wuqas.life/core-js/3.33.3/minified.js | 190.115.24.78 | 200 OK | 244 kB |
URL GET HTTP/21wuqas.life/core-js/3.33.3/minified.js IP190.115.24.78:443
Requested byhttps://1wuqas.life/free-money?trid=bai2459008 CertificateIssuerLet's Encrypt Subject1wuqas.life Fingerprint01:05:C3:32:4E:7E:9E:72:BC:3B:0B:3A:CA:D2:57:3D:BC:6D:B5:4B ValidityTue, 23 Apr 2024 13:01:25 GMT - Mon, 22 Jul 2024 13:01:24 GMT
Size244 kB (244105 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /core-js/3.33.3/minified.js HTTP/1.1
Host: 1wuqas.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/free-money?trid=bai2459008
Cookie: __ddg1_=wyTIZ1V7LISDvKhmubWl
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: ddos-guard
date: Thu, 09 May 2024 23:12:49 GMT
content-type: application/javascript
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: W/"663bfc40-3b989"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: ALLOW-FROM ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan, ALLOW-FROM 1win-partner.com ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan
accept-ranges: bytes
age: 84881
ddg-cache-status: HIT
content-encoding: br
vary: Accept-Encoding
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/57091.88e10d1f5.js | 154.197.121.128 | 200 OK | 7.1 kB |
URL GET HTTP/21win-cdn.com/js/57091.88e10d1f5.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wuqas.life/free-money?trid=bai2459008 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (7359), with no line terminators Hashec7e9734bc84612116dbe2441eb8584d f9e5e91dae53241bbbf847cd892f5a072cb0c4e0 87f294e48245adabe57a93fe9f5914fcf9773511f63738a70347a4139e72b8c0
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/57091.88e10d1f5.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:31 GMT
content-type: application/javascript; charset=utf-8
last-modified: Tue, 23 Apr 2024 12:08:15 GMT
etag: W/"6627a4af-1bed"
expires: Mon, 08 May 2034 22:47:31 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 872684
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78b44e8b568b-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/91635.a2db5f817.js | 154.197.121.128 | 200 OK | 748 B |
URL GET HTTP/21win-cdn.com/js/91635.a2db5f817.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wuqas.life/free-money?trid=bai2459008 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (766), with no line terminators Hash74c5864ef446bbb00f9e7e1b39eff8f9 04696352def160b6c3536b2b11c4351f02f49780 348cacf24053c417315aaf1dd971cf88c758964beeb37725c7f683b90bb5e7d2
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/91635.a2db5f817.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:31 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-2ec"
expires: Mon, 08 May 2034 22:47:31 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 877592
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78b4ff07568b-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/6242.cf213b109.js | 154.197.121.128 | 200 OK | 2.3 kB |
URL GET HTTP/21win-cdn.com/js/6242.cf213b109.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wuqas.life/free-money?trid=bai2459008 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (2323), with no line terminators Hash3962bf34e5389a021694d0ff2d2e3141 8d15939c6126c792ce62ddae81e5b87c83d89438 ce5ed1c2a2826fd5fa51e6d0cc8b7cc5b3154c04364896d1cb55b9c78a2b0a8d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/6242.cf213b109.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:31 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-8e5"
expires: Mon, 08 May 2034 22:47:31 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 872709
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78b6280f568b-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/logoIcon.567f29019.svg | 154.197.121.128 | 200 OK | 1.1 kB |
URL GET HTTP/21win-cdn.com/img/logoIcon.567f29019.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wuqas.life/free-money?trid=bai2459008 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash85cddac6ca8cb55db6c29003c57761ed a6ad84c5207bf62294f78964cef28ce09c19451c d6ad98465a3adf55fade5b9c38b7a1e22b9ad1d8c5f2f358862cf0f4bf19fb25
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/logoIcon.567f29019.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:31 GMT
content-type: image/svg+xml
last-modified: Fri, 10 May 2024 17:29:21 GMT
etag: W/"663e5971-465"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 3096
expires: Sat, 11 May 2024 02:47:31 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78b62809568b-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/icons-pack-social.4455053b1.js | 154.197.121.128 | 200 OK | 26 kB |
URL GET HTTP/21win-cdn.com/js/icons-pack-social.4455053b1.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wuqas.life/free-money?trid=bai2459008 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeJavaScript source, ASCII text, with very long lines (25529), with no line terminators Hash1b14185591d9bcf20bd451f8e80432b5 b234f9245842f8270f24b137798dab716dca4f96 8fe516d4373eef98060bd7bd9a38c40915c5628bd90429ee567feeb3ff5e3bcb
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/icons-pack-social.4455053b1.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:31 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 24 Apr 2024 14:53:09 GMT
etag: W/"66291cd5-63b9"
expires: Mon, 08 May 2034 22:47:31 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 878895
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78b63816568b-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/58258.98332d90c.js | 154.197.121.128 | 200 OK | 2.7 kB |
URL GET HTTP/21win-cdn.com/js/58258.98332d90c.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wuqas.life/free-money?trid=bai2459008 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (2724), with no line terminators Hash8692e36ae40202509fcf29c9029676f1 7709e6929dc63ac467d0bd948268795fbec2181b b1ec5aac00e643db59f10336f15e83163d7840bcb12bf70938dea4ab61993b26
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/58258.98332d90c.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:31 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-a8c"
expires: Mon, 08 May 2034 22:47:31 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 878895
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78b67835568b-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/83307.04566d3e7.js | 154.197.121.128 | 200 OK | 694 B |
URL GET HTTP/21win-cdn.com/js/83307.04566d3e7.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wuqas.life/free-money?trid=bai2459008 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (712), with no line terminators Hashdee02df5ad0f50d02de47be1c1ae7c4f 6a2c39edf87ca5e417091eed429564b4d1e2f01d b88bf977ab822e552615f1fc21f70e43950cf7051cbbb58aa5024791d69ff2ed
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/83307.04566d3e7.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:32 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-2b6"
expires: Mon, 08 May 2034 22:47:32 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 882592
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78b9da7a568b-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| cdn3.wowza.com/1/Qlh2bVl4UWxkRXph/SHhjRFlz/hls/8njgqvzv/1080/0045fzvi/media_19108.ts | 151.101.65.33 | 200 OK | 5.3 MB |
URL GET HTTP/2cdn3.wowza.com/1/Qlh2bVl4UWxkRXph/SHhjRFlz/hls/8njgqvzv/1080/0045fzvi/media_19108.ts IP151.101.65.33:443
Requested byhttps://1wuqas.life/free-money?trid=bai2459008 CertificateIssuerGlobalSign nv-sa Subjectcdn3.wowza.com Fingerprint88:52:5C:71:34:B1:19:86:CF:69:44:58:A6:05:7B:2F:93:54:6A:16 ValidityWed, 06 Mar 2024 19:50:09 GMT - Mon, 07 Apr 2025 19:50:08 GMT
Size5.3 MB (5297276 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /1/Qlh2bVl4UWxkRXph/SHhjRFlz/hls/8njgqvzv/1080/0045fzvi/media_19108.ts HTTP/1.1
Host: cdn3.wowza.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1wuqas.life
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-md5: nZIS85cYoQkDEVmIeyE8HA==
content-type: video/MP2T
opc-request-id: fra-1:zXQIsTvUkhwhS5ATAMVn-jZunvqlBGcRZLkqCOaxR0eisUlUernVPKO8WaaKppTs
x-api-id: s3-compatible
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-methods: POST,PUT,GET,HEAD,DELETE,OPTIONS
access-control-allow-credentials: true
access-control-expose-headers: accept-ranges,access-control-allow-credentials,access-control-allow-methods,access-control-allow-origin,cache-control,content-length,content-md5,content-type,date,etag,last-modified,opc-client-info,opc-request-id,strict-transport-security,x-amz-meta-cache-control,x-amz-meta-surrogate-key,x-amz-request-id,x-amz-version-id,x-api-id,x-content-type-options
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=86400
accept-ranges: bytes
age: 19
date: Fri, 10 May 2024 22:47:33 GMT
x-served-by: cache-fra-etou8220066-FRA, cache-hel1410026-HEL
x-cache: HIT, HIT
x-cache-hits: 26, 0
x-timer: S1715381253.449888,VS0,VE1
vary: Accept-Encoding, Accept-Encoding
access-control-allow-headers: Range
access-control-allow-origin: *
content-length: 5297276
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/desktop.b9c515d35.js | 154.197.121.128 | 200 OK | 136 kB |
URL GET HTTP/21win-cdn.com/js/desktop.b9c515d35.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wuqas.life/free-money?trid=bai2459008 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size136 kB (136401 bytes) Hashd7a9ad8bd4dcb4009607dc52a7e3f3d9 3b3035ec2737cd847dc6b3805a0b192f387ffb7a 67526207ef6c971e8c9df978a52cd85959aecc4a66f3e6400fb1b0afc669f9f3
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/desktop.b9c515d35.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:30 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-214d1"
expires: Mon, 08 May 2034 22:47:30 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 210583
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78b14cb8568b-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/87327.3876b66fd.js | 154.197.121.128 | 200 OK | 991 B |
URL GET HTTP/21win-cdn.com/js/87327.3876b66fd.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wuqas.life/free-money?trid=bai2459008 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (1025), with no line terminators Hashcbdd9a90edbce74290674a3cfdbd83ca 66745bda07d1b18360ca282be23b810e5d4573da 1a7db3ba235ed62d577b91b9b07731a4b9b7fb0cd83dfa4769096d315b1bdd82
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/87327.3876b66fd.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:31 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-3df"
expires: Mon, 08 May 2034 22:47:31 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 881945
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78b62806568b-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/banknotes.2ad4fe9c6-718.png | 154.197.121.128 | 200 OK | 46 kB |
URL GET HTTP/21win-cdn.com/img/banknotes.2ad4fe9c6-718.png IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wuqas.life/free-money?trid=bai2459008 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typePNG image data, 718 x 1149, 8-bit colormap, non-interlaced Hash8200d1ede3402aebdb5e1ce51421f02f 859ccb2e8fd70371019168456d64d6a3c482d5d0 8a82e5277b33156beb8fa2bef6eed00751b71da949f6f460c8592c9a7e4246ee
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/banknotes.2ad4fe9c6-718.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1win-cdn.com/css/86478.fa9af76aa.css
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:31 GMT
content-type: image/png
content-length: 46430
cf-bgj: imgq:100,h2pri
cf-polished: origSize=53660
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "663e5971-d19c"
last-modified: Fri, 10 May 2024 17:29:21 GMT
cf-cache-status: HIT
age: 3096
expires: Sat, 11 May 2024 02:47:31 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78b758db568b-OSL
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/bg.51f8fae5b-1019.png | 154.197.121.128 | 200 OK | 93 kB |
URL GET HTTP/21win-cdn.com/img/bg.51f8fae5b-1019.png IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wuqas.life/free-money?trid=bai2459008 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typePNG image data, 1019 x 902, 8-bit colormap, non-interlaced Hash2c4bca355b672279cf42728554c692c3 98c59eae0531eadee281941b689c81e72a2ba465 9ad7b9fe9483f05c9670e1d2359ebe3582a603d002dd7b78a445a66d2014ce44
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/bg.51f8fae5b-1019.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1win-cdn.com/css/86478.fa9af76aa.css
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:31 GMT
content-type: image/png
content-length: 92976
cf-bgj: imgq:100,h2pri
cf-polished: origSize=104691
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "663e5971-198f3"
last-modified: Fri, 10 May 2024 17:29:21 GMT
cf-cache-status: HIT
age: 3096
expires: Sat, 11 May 2024 02:47:31 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78b7c936568b-OSL
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/desktop.b9c515d35.js | 154.197.121.128 | 200 OK | 136 kB |
URL GET HTTP/21win-cdn.com/js/desktop.b9c515d35.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wuqas.life/free-money?trid=bai2459008 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size136 kB (136401 bytes) Hashd7a9ad8bd4dcb4009607dc52a7e3f3d9 3b3035ec2737cd847dc6b3805a0b192f387ffb7a 67526207ef6c971e8c9df978a52cd85959aecc4a66f3e6400fb1b0afc669f9f3
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/desktop.b9c515d35.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:30 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-214d1"
expires: Mon, 08 May 2034 22:47:30 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 210583
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78b09bf4568b-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/jetx.64787fc5c.svg | 154.197.121.128 | 200 OK | 13 kB |
URL GET HTTP/21win-cdn.com/img/jetx.64787fc5c.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wuqas.life/free-money?trid=bai2459008 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash0046061bb77d38094cc0f71b7371d406 1fd7894d0117251f1eeec1a343b85532d7864a05 bac9b1ac206602f5369235b21d6373b9b6f7980ff55c4e851d8a40f00db4d0fa
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/jetx.64787fc5c.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:31 GMT
content-type: image/svg+xml
last-modified: Fri, 10 May 2024 17:29:21 GMT
etag: W/"663e5971-33f5"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 3946
expires: Sat, 11 May 2024 02:47:31 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78b57fa4568b-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/spades.e5ee6f5c9-434.png | 154.197.121.128 | 200 OK | 28 kB |
URL GET HTTP/21win-cdn.com/img/spades.e5ee6f5c9-434.png IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wuqas.life/free-money?trid=bai2459008 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typePNG image data, 434 x 479, 8-bit colormap, non-interlaced Hasha6c83afbeb1dc48a1ccb822d478d67c9 3db96954b55d710fab07919fe34081edc24b340f 01e390e53141cdc64eb5b38f6025c87b51c0f0c9e6cf2d7114db44aadcf9cee6
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/spades.e5ee6f5c9-434.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1win-cdn.com/css/86478.fa9af76aa.css
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:31 GMT
content-type: image/png
content-length: 27598
cf-bgj: imgq:100,h2pri
cf-polished: origSize=30728
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "663e5971-7808"
last-modified: Fri, 10 May 2024 17:29:21 GMT
cf-cache-status: HIT
age: 3096
expires: Sat, 11 May 2024 02:47:31 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78b768e9568b-OSL
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/745.e45080fd0.js | 154.197.121.128 | 200 OK | 24 kB |
URL GET HTTP/21win-cdn.com/js/745.e45080fd0.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wuqas.life/free-money?trid=bai2459008 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/745.e45080fd0.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:31 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-5eb8"
expires: Mon, 08 May 2034 22:47:31 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 210583
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78b44e84568b-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/26026.7b6ae97fd.js | 154.197.121.128 | 200 OK | 615 B |
URL GET HTTP/21win-cdn.com/js/26026.7b6ae97fd.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wuqas.life/free-money?trid=bai2459008 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (659), with no line terminators Hasheb732444fb9bb481cece734606b49f84 60fde2c53954544b76b2ff7190b7ce39f6461da2 6657877966787cf7b283bb1b33a4c89e5f89a2c615d0e2893838c883fecd9d0d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/26026.7b6ae97fd.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:32 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-267"
expires: Mon, 08 May 2034 22:47:32 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 886413
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78bc4c1a568b-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/86478.a0eb9f6d2.js | 154.197.121.128 | 200 OK | 127 kB |
URL GET HTTP/21win-cdn.com/js/86478.a0eb9f6d2.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wuqas.life/free-money?trid=bai2459008 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Size127 kB (126996 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/86478.a0eb9f6d2.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:31 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-1f014"
expires: Mon, 08 May 2034 22:47:31 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 210620
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78b45e92568b-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/1win-normal.34748aac6.svg | 154.197.121.128 | 200 OK | 4.6 kB |
URL GET HTTP/21win-cdn.com/img/1win-normal.34748aac6.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wuqas.life/free-money?trid=bai2459008 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash6a657a7851fa92f791304f1cdb123e9a ae2def67a366ffe67578bf82e3c47b4f1966e784 8443e4838f78a5ad2efa628846e3337e1cec32b94cfce323eb25f2e97989a02f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/1win-normal.34748aac6.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:31 GMT
content-type: image/svg+xml
last-modified: Fri, 10 May 2024 17:29:21 GMT
etag: W/"663e5971-1221"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 3088
expires: Sat, 11 May 2024 02:47:31 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78b55f8c568b-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/carRaffleDesktopHeaderTicket.1a4740acc.svg | 154.197.121.128 | 200 OK | 1.0 kB |
URL GET HTTP/21win-cdn.com/img/carRaffleDesktopHeaderTicket.1a4740acc.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wuqas.life/free-money?trid=bai2459008 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash923ec09a017c369d475682b8b60fe652 f2a4cf5f06644b65bb3df522652a41a2b09c2aa9 7dd1302808a915df5f6af1480cd4fc562a8ad77550aa3ec0a32d5663d8d6afc6
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/carRaffleDesktopHeaderTicket.1a4740acc.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:32 GMT
content-type: image/svg+xml
last-modified: Fri, 10 May 2024 17:29:21 GMT
etag: W/"663e5971-3ff"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 3933
expires: Sat, 11 May 2024 02:47:32 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78b9da74568b-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| cdn3.wowza.com/1/Qlh2bVl4UWxkRXph/SHhjRFlz/hls/8njgqvzv/1080/chunklist.m3u8 | 151.101.65.33 | 200 OK | 540 B |
URL GET HTTP/2cdn3.wowza.com/1/Qlh2bVl4UWxkRXph/SHhjRFlz/hls/8njgqvzv/1080/chunklist.m3u8 IP151.101.65.33:443
Requested byhttps://1wuqas.life/free-money?trid=bai2459008 CertificateIssuerGlobalSign nv-sa Subjectcdn3.wowza.com Fingerprint88:52:5C:71:34:B1:19:86:CF:69:44:58:A6:05:7B:2F:93:54:6A:16 ValidityWed, 06 Mar 2024 19:50:09 GMT - Mon, 07 Apr 2025 19:50:08 GMT
File typeM3U playlist, ASCII text, with very long lines (566), with no line terminators Hash314700d8f204aa38bd602deab86572d6 eed325a4dbd86aed75fac8f11b34539a5a9dcaa0 97a535f848ad89b65a2e379341ce711615e9b4c949dd98105879f89497813fa7
GET /1/Qlh2bVl4UWxkRXph/SHhjRFlz/hls/8njgqvzv/1080/chunklist.m3u8 HTTP/1.1
Host: cdn3.wowza.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1wuqas.life
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-md5: KNsAN0TpPwFahSTvIlmX2Q==
cache-control: public, max-age=5
content-type: application/x-mpegURL
opc-request-id: fra-1:YxqcFNYgYi6tm2YS7kckdyfFoZ2QdeNoUd0CnhFk-F2YRqc1sfOzF4ipw7qebFBW
x-api-id: s3-compatible
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-methods: POST,PUT,GET,HEAD,DELETE,OPTIONS
access-control-allow-credentials: true
access-control-expose-headers: accept-ranges,access-control-allow-credentials,access-control-allow-methods,access-control-allow-origin,cache-control,content-length,content-md5,content-type,date,etag,last-modified,opc-client-info,opc-request-id,strict-transport-security,x-amz-meta-cache-control,x-amz-meta-playlist-duration,x-amz-meta-segment-duration,x-amz-meta-stale-chunklist-duration,x-amz-meta-surrogate-key,x-amz-request-id,x-amz-version-id,x-api-id,x-content-type-options
via: 1.1 varnish, 1.1 varnish
segment-duration: 10.0
accept-ranges: bytes
date: Fri, 10 May 2024 22:47:32 GMT
age: 4
x-served-by: cache-fra-etou8220118-FRA, cache-hel1410026-HEL
x-cache: HIT, HIT
x-cache-hits: 8, 3
x-timer: S1715381253.888040,VS0,VE0
vary: Accept-Encoding, Accept-Encoding
access-control-allow-headers: Range
access-control-allow-origin: *
x-wowza-chunklist-expires: Fri, 10 May 2024 22:49:00 GMT
content-length: 540
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/css/99795.ab3c19c88.css | 154.197.121.128 | 200 OK | 7.4 kB |
URL GET HTTP/21win-cdn.com/css/99795.ab3c19c88.css IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wuqas.life/free-money?trid=bai2459008 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeASCII text, with very long lines (7367), with no line terminators Hashe30750b112c448b9fa78122f24daf8c6 b95178e31a33779d2cf34d95be0e290d621c1456 cdec8f3eafe7473e04e97288d7e260d77a4b58c1186ce50cc84f3a9a0522afc1
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /css/99795.ab3c19c88.css HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:31 GMT
content-type: text/css
last-modified: Fri, 26 Apr 2024 11:07:10 GMT
etag: W/"662b8ade-1cc4"
expires: Mon, 08 May 2034 22:47:31 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 49779
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78b46e98568b-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/free-money-link-image.1ada0c9e1-120.png | 154.197.121.128 | 200 OK | 5.3 kB |
URL GET HTTP/21win-cdn.com/img/free-money-link-image.1ada0c9e1-120.png IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wuqas.life/free-money?trid=bai2459008 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typePNG image data, 120 x 97, 8-bit colormap, non-interlaced Hash911fa68d94dd3f2bc8ceff2671e87bdd 9bca43449cf32e95c62291a802cad6e6c4493025 9d652f09af7a4abeaa6cd6a77f32598dd33e3b7b8a55c032409cd2ecacd11db7
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/free-money-link-image.1ada0c9e1-120.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:31 GMT
content-type: image/png
content-length: 5274
cf-bgj: imgq:100,h2pri
cf-polished: origSize=6354
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "663e5971-18d2"
last-modified: Fri, 10 May 2024 17:29:21 GMT
cf-cache-status: HIT
age: 856
expires: Sat, 11 May 2024 02:47:31 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78b70892568b-OSL
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/63502.d79807f7c.js | 154.197.121.128 | 200 OK | 135 kB |
URL GET HTTP/21win-cdn.com/js/63502.d79807f7c.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wuqas.life/free-money?trid=bai2459008 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size135 kB (135227 bytes) Hasha96e8f77207eb314deed6396463ffefa 2aa9286dba017fbcf9ff859e59b5a051cdfd73c7 227d6d7911161549ffd703d7ee317ba6994b18b40241ecfd5873768851bb5e4c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/63502.d79807f7c.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:30 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 06 May 2024 08:52:05 GMT
etag: W/"66389a35-2103b"
expires: Mon, 08 May 2034 22:47:30 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 395383
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78b14cb0568b-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1wuqas.life/img/icons/favicon-16x16-darkmode.png | 190.115.24.78 | 200 OK | 344 B |
URL GET HTTP/21wuqas.life/img/icons/favicon-16x16-darkmode.png IP190.115.24.78:443
Requested byhttps://1wuqas.life/free-money?trid=bai2459008 CertificateIssuerLet's Encrypt Subject1wuqas.life Fingerprint01:05:C3:32:4E:7E:9E:72:BC:3B:0B:3A:CA:D2:57:3D:BC:6D:B5:4B ValidityTue, 23 Apr 2024 13:01:25 GMT - Mon, 22 Jul 2024 13:01:24 GMT
File typePNG image data, 16 x 16, 8-bit colormap, non-interlaced Hash55101f46ace081073c98f0d75229ae94 384e813b0f35437de99eb269c7d5c76479e20886 e380e9db272a2b59fabadab58a1d0a0ba51fbba121eec2920d4ab7b239b85a5f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/icons/favicon-16x16-darkmode.png HTTP/1.1
Host: 1wuqas.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/free-money?trid=bai2459008
Cookie: __ddg1_=wyTIZ1V7LISDvKhmubWl; visit_domain=1wuqas.life; core-sticky=http://10.233.84.5:80
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: ddos-guard
date: Fri, 10 May 2024 09:30:48 GMT
content-type: image/png
content-length: 344
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: "663bfc40-158"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: ALLOW-FROM ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan, ALLOW-FROM 1win-partner.com ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan
accept-ranges: bytes
age: 47802
ddg-cache-status: HIT
X-Firefox-Spdy: h2
|
|
| 1wuqas.life/common/title?path=free-money&lang=en | 190.115.24.78 | 200 OK | 29 B |
URL GET HTTP/21wuqas.life/common/title?path=free-money&lang=en IP190.115.24.78:443
Requested byhttps://1wuqas.life/free-money?trid=bai2459008 CertificateIssuerLet's Encrypt Subject1wuqas.life Fingerprint01:05:C3:32:4E:7E:9E:72:BC:3B:0B:3A:CA:D2:57:3D:BC:6D:B5:4B ValidityTue, 23 Apr 2024 13:01:25 GMT - Mon, 22 Jul 2024 13:01:24 GMT
File typetroff or preprocessor input, ASCII text, with no line terminators Hash55d138477f5d21b2864ed51b2aa3b446 f493c01dcf90c45f2334b9ca47839ce0a014222b 456ce42d8f0a396a6549e0fc1e00649162a0391884d40a887f013a53f681f37b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /common/title?path=free-money&lang=en HTTP/1.1
Host: 1wuqas.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/free-money?trid=bai2459008
Cookie: __ddg1_=wyTIZ1V7LISDvKhmubWl; visit_domain=1wuqas.life; core-sticky=http://10.233.84.5:80; 1w_lang=en; 1w_locale=1; AMP_494cccfe21=JTdCJTIyZGV2aWNlSWQlMjIlM0ElMjI1NjQyYTIzYy02NTlmLTRiZjQtYjdiNC04MTI2OWM1NGZkNGYlMjIlMkMlMjJzZXNzaW9uSWQlMjIlM0ExNzE1MzgxMjUwOTU4JTJDJTIyb3B0T3V0JTIyJTNBZmFsc2UlMkMlMjJsYXN0RXZlbnRUaW1lJTIyJTNBMTcxNTM4MTI1MDk5NiUyQyUyMmxhc3RFdmVudElkJTIyJTNBMCU3RA==; AMP_MKTG_494cccfe21=JTdCJTIycmVmZXJyZXIlMjIlM0ElMjJodHRwcyUzQSUyRiUyRndpbmJyLnh5eiUyRiUyMiUyQyUyMnJlZmVycmluZ19kb21haW4lMjIlM0ElMjJ3aW5ici54eXolMjIlN0Q=
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: ddos-guard
date: Fri, 10 May 2024 22:47:31 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=3600, stale-while-revalidate=300
etag: W/"25-bM/5z02X/xOkKbh8eZCiJpcKcd0"
vary: Origin, Accept-Encoding
x-frame-options: ALLOW-FROM ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan, ALLOW-FROM 1win-partner.com ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/41543.9ecf6875c.js | 154.197.121.128 | 200 OK | 695 B |
URL GET HTTP/21win-cdn.com/js/41543.9ecf6875c.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wuqas.life/free-money?trid=bai2459008 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (713), with no line terminators Hash3a416c7a8b544cab2961aa391df25f73 1760b78a71e89b19890fc1e1d457f20fc7931b8f 63858586d9c72226c0522e2b0dbd181ef99b481aebef11049ac603b942c6876b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/41543.9ecf6875c.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:31 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-2b7"
expires: Mon, 08 May 2034 22:47:31 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 878588
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78b68841568b-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/62692.9dadb7398.js | 154.197.121.128 | 200 OK | 847 B |
URL GET HTTP/21win-cdn.com/js/62692.9dadb7398.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wuqas.life/free-money?trid=bai2459008 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (881), with no line terminators Hash2396c8bca3aec16d12512850881beeaa f5e1ff1163ce9250fb0aae5e5ae0f7b53fa92bf1 dec438624d1ac734c43c52b607f839c13cef99ab7bd4f172d32c97e81630ff18
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/62692.9dadb7398.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:31 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-34f"
expires: Mon, 08 May 2034 22:47:31 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 886085
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78b4ff04568b-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/1279.7681fe15f.js | 154.197.121.128 | 200 OK | 911 B |
URL GET HTTP/21win-cdn.com/js/1279.7681fe15f.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wuqas.life/free-money?trid=bai2459008 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (929), with no line terminators Hash3a0fd7772f5d3cd77c17b49876743f78 3eb84478f6c0ac3009e81576caf8fa6ddf4e2c5a 5d5a4e691e8df7115cff0e7b2b76131b7b633ce30509dc61fdf36c9ab36989a6
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/1279.7681fe15f.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:31 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-38f"
expires: Mon, 08 May 2034 22:47:31 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 886085
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78b6e885568b-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/pwa_ios_en.f08ddb1e6-690.png | 154.197.121.128 | 200 OK | 35 kB |
URL GET HTTP/21win-cdn.com/img/pwa_ios_en.f08ddb1e6-690.png IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wuqas.life/free-money?trid=bai2459008 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typePNG image data, 690 x 450, 8-bit colormap, non-interlaced Hash232d05b165c6b0fc9695db490aa71f47 f04ccc74ebd190747114ceeb882d51db8e9268c6 9f1c5e7317322a12fab89e9a96b3c4dcb22381d5751128217b168e3477e5e207
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/pwa_ios_en.f08ddb1e6-690.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:31 GMT
content-type: image/png
content-length: 34925
cf-bgj: imgq:100,h2pri
cf-polished: origSize=39066
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "663e5971-989a"
last-modified: Fri, 10 May 2024 17:29:21 GMT
cf-cache-status: HIT
expires: Sat, 11 May 2024 02:47:31 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78b7b92f568b-OSL
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/machine.5215290ed-998.png | 154.197.121.128 | 200 OK | 135 kB |
URL GET HTTP/21win-cdn.com/img/machine.5215290ed-998.png IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wuqas.life/free-money?trid=bai2459008 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typePNG image data, 998 x 798, 8-bit colormap, non-interlaced Size135 kB (134793 bytes) Hash366fd670c0d36b8c4ab6ec9b3e83f904 90d9a9c2e1b52f23bc26e5ec5eb479fb73307802 3c12f8783971edd4f7b48763e95d469c38b98c0fbf113e973f3baee3035e04b6
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/machine.5215290ed-998.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1win-cdn.com/css/86478.fa9af76aa.css
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:31 GMT
content-type: image/png
content-length: 134793
cf-bgj: imgq:100,h2pri
cf-polished: origSize=150340
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "663e5971-24b44"
last-modified: Fri, 10 May 2024 17:29:21 GMT
cf-cache-status: HIT
age: 3096
expires: Sat, 11 May 2024 02:47:31 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78b7c937568b-OSL
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/93041.4c457236f.js | 154.197.121.128 | 200 OK | 363 kB |
URL GET HTTP/21win-cdn.com/js/93041.4c457236f.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wuqas.life/free-money?trid=bai2459008 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Size363 kB (362719 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/93041.4c457236f.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:32 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-588df"
expires: Mon, 08 May 2034 22:47:32 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 872710
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78ba1a98568b-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/ticketFuture.fd0f9be56.svg | 154.197.121.128 | 200 OK | 4.6 kB |
URL GET HTTP/21win-cdn.com/img/ticketFuture.fd0f9be56.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wuqas.life/free-money?trid=bai2459008 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hashef8a0da0218d0c61af32b227d4d0ad2f 49dc927f49ea243939d11a18d33cdcc0534f0314 b8ce901726961a6f447ae3563656a281356472b569faac5fa86fc7bfa20c9925
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/ticketFuture.fd0f9be56.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:32 GMT
content-type: image/svg+xml
last-modified: Fri, 10 May 2024 17:29:21 GMT
etag: W/"663e5971-121a"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Sat, 11 May 2024 02:47:32 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78ba0a92568b-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/flags/en.svg | 154.197.121.128 | 200 OK | 2.2 kB |
URL GET HTTP/21win-cdn.com/img/flags/en.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wuqas.life/free-money?trid=bai2459008 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash79e4258317717cae7d54221d403e28d4 85a14a9c6aa03cf4c9ec9e942a06e5987cb61d0a 0b0d98ecb898886bc24f0a6859a7a76034f960374c9914370e69d3ac7467a697
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/flags/en.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wuqas.life/
Cookie: __cf_bm=ZANp7mLl4dBRFxuh4hK8KjCpTaFpTgY2.LukFUHxlgo-1715381250-1.0.1.1-5iDUxjBgNar28tulXP9Wwq_cyC4kuMCV5arTLeCJiJ9nL4evjX3YZjFH_4_QcgyBRRgvpHsve0HY8DvS8Byd.A
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 22:47:31 GMT
content-type: image/svg+xml
last-modified: Fri, 10 May 2024 17:29:21 GMT
etag: W/"663e5971-8ae"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 4520
expires: Sat, 11 May 2024 02:47:31 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d78b55f83568b-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|