Report - 1wywi.com/

Report Overview

Submitted URL
1wywi.com/
IP
190.115.24.78
ASN
#59692 IQWeb FZ-LLC
Submitted
2024-05-05 13:29:32
Access
public
Website Title
1win
Final URL
1wywi.com/
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
468

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
www.gstatic.com	unknown	2008-02-11	2016-07-26	2024-05-04	468 B	207 kB	142.250.74.35
www.google.no	25607	2001-02-26	2016-04-05	2024-05-05	584 B	578 B	172.217.21.163
location.services.mozilla.com	6771	1994-10-18	2014-06-01	2024-05-04	379 B	529 B	52.24.210.222
static-adm.1win-cdn.com	unknown	2022-12-12	2023-05-22	2024-04-18	697 B	689 kB	188.114.96.1
imgproxy.1win-cdn.com	unknown	2022-12-12	2022-12-22	2024-04-30	24 kB	350 kB	172.67.181.254
1win-cdn.com	unknown	2022-12-12	2022-12-12	2024-04-30	118 kB	6.1 MB	154.197.121.128
1win.direct	unknown	2022-08-16	2022-08-16	2024-04-10	1.2 kB	466 B	134.122.54.186
www.googletagmanager.com	75	2011-11-11	2013-05-22	2024-05-05	1.8 kB	362 kB	142.250.74.168
d16q5vvir3f28d.cloudfront.net	unknown	2008-04-25	2024-01-17	2024-04-30	449 B	4.5 kB	143.204.42.156
region1.analytics.google.com	unknown	1997-09-15	2022-03-17	2024-05-04	3.3 kB	1.7 kB	216.239.34.36
www.google.com	7	1997-09-15	2015-05-10	2024-03-23	401 B	1.3 kB	142.250.74.164
1wywi.com	unknown	unknown	No data	No data	5.0 kB	526 kB	190.115.24.78

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed
2024-05-05	medium	1win-cdn.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (79)

	URL	Size	First Seen	Last Seen
	1win-cdn.com/js/68410.33fbe7e58.js	58 kB	2024-04-26	2024-05-06
Pretty URL 1win-cdn.com/js/68410.33fbe7e58.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 17:36:09 Last Seen2024-05-06 22:15:29 Times Seen25 Hash 21f45c3172d7e33143eea8e305a44b18 e8e0cadeb79f04eeb42a2d313db43dafb09c3425 b978e53b96329a546a5adf0dd551aeed22f61c4de59d75a2765ee2235886925a Loading...

	www.googletagmanager.com/gtag/js?id=G-548949LWLW&l=dataLayer&cx=c	263 kB	2024-05-05	2024-05-05
Pretty URL www.googletagmanager.com/gtag/js?id=G-548949LWLW&l=dataLayer&cx=c IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-05 15:29:42 Last Seen2024-05-05 15:29:43 Times Seen2 Hash 97188e30139fc6793e07bd558875d13a 01fde26d773f3f45dc5bdb77a2b371b5d3ed5ff6 df8e8442472952fba6bc889caf5f767ae3c3cba7f41b59ae3564e5a5d6a854bf Loading...

	1win-cdn.com/js/62692.9dadb7398.js	847 B	2023-12-01	2024-05-18
Pretty URL 1win-cdn.com/js/62692.9dadb7398.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 05:14:33 Last Seen2024-05-18 08:40:25 Times Seen449 Hash 9afe6681b5ea10a8c7663a970eeafd54 1e3dafa83d751066892246ba0fbc85966e83fcb2 a31e32a08b75b8ee000531454e3e63f3814ab6cb885e9f0434fe426bbcbc87e7 Loading...

	1win-cdn.com/js/57652.297e4ecc2.js	647 B	2023-12-01	2024-05-18
Pretty URL 1win-cdn.com/js/57652.297e4ecc2.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 05:14:32 Last Seen2024-05-18 08:40:26 Times Seen443 Hash 216ec24dc6b69039aa6f2ffe247e3d23 a699b435adab6e2d4e00853d5bb26ecc4e3599dc b3448f22c1183376e60f5959e8eeb55db3157f8ce74e60e72cb8b3b0db97ea50 Loading...

	www.googletagmanager.com/gtm.js?id=GTM-KGKQDC7	366 kB	2024-05-05	2024-05-05
Pretty URL www.googletagmanager.com/gtm.js?id=GTM-KGKQDC7 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-05 15:29:42 Last Seen2024-05-05 15:29:43 Times Seen2 Hash a3be2c3c40faaf6919997c581b3ee81c 479a939138ca10b374994b99c44e561b01b27b77 7f5215558c91050f313f508bb97a4eea23f38efda99ee2a9453cc7f19222b7a2 Loading...

	1win-cdn.com/js/icons-pack-payment-full.c748a9e6d.js	121 kB	2024-04-13	2024-05-16
Pretty URL 1win-cdn.com/js/icons-pack-payment-full.c748a9e6d.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-13 04:19:49 Last Seen2024-05-16 16:24:12 Times Seen183 Hash 3db61399d0d4c57b17b5a337d59e3f0e 9312e9b832f7c0cc755c7c8b867986babdac8628 876516cc68bca8bef6cc55a91e8f13c040dfd4d63be038326fcc515eb22ad026 Loading...

	unknown	562 B	2023-10-13	2024-05-18
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-13 04:25:37 Last Seen2024-05-18 08:40:25 Times Seen646 Hash e35abe00e44b33a732fe04616d6d661a 9031f203ada1d67c9757e77d999b4b7f14fa708b e4c05446119bc3a162949df6dbac62fb9dd051be503964869331860255ae16f0 Loading...

	1win-cdn.com/js/57552.ee60d28a1.js	75 kB	2024-04-24	2024-05-18
Pretty URL 1win-cdn.com/js/57552.ee60d28a1.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 21:28:58 Last Seen2024-05-18 08:40:27 Times Seen122 Hash 3640868f35b73089eee8ce1f80955ad1 80e813108a8b082c210e8139451264d1e45bf4be a1f29c8068358d69428bf58353a89d61180a115876810909ca98e9268fac09ff Loading...

	1win-cdn.com/js/39061.47d3b467c.js	92 kB	2024-04-18	2024-05-14
Pretty URL 1win-cdn.com/js/39061.47d3b467c.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-18 07:36:05 Last Seen2024-05-14 08:17:26 Times Seen103 Hash 83d4506e6f678aff3759f690c86c3f13 8419680dd653fa9af4ac1c81de16cd11e312ad66 9f7b5ebb4189e668f5f375ff48dc4821fffacf9b3881159702486e689c87cd72 Loading...

	www.google.com/recaptcha/api.js	850 B	2024-04-24	2024-05-08
Pretty URL www.google.com/recaptcha/api.js IP 142.250.74.164 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 09:35:35 Last Seen2024-05-08 15:55:32 Times Seen1408 Hash ee87fd4035a91d937ff13613982b4170 e897502e3a58c6be2b64da98474f0d405787f5f7 7649b605b4f35666df5cbcbb03597306d9215f53f61c2a097f085fa39af9859f Loading...

	unknown	351 B	2023-10-25	2024-05-16
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-25 01:40:40 Last Seen2024-05-16 16:24:10 Times Seen127 Hash 50725e8bd51942770349d377e402887e 6fc749ca36fea5616e06fad9c3d730b40501ef97 480c402fbf1153a0a745e8cd392330a938c972ee0302364e3a252fd90c58f719 Loading...

	1wywi.com/	966 B	2024-05-05	2024-05-05
Pretty URL 1wywi.com/ IP 190.115.24.78 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-05 15:29:42 Last Seen2024-05-05 15:29:42 Times Seen1 Hash 9cac47407979cfe15a20486ec156ff54 dbb4fcd9efa762c7d868d442b261f1bfba10feba f5c76d7ae27c9cad219528fa6c4f2a2837197010e529b7e7119e039ea6a00817 Loading...

	1win-cdn.com/js/1279.7681fe15f.js	911 B	2023-12-01	2024-05-18
Pretty URL 1win-cdn.com/js/1279.7681fe15f.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 05:14:32 Last Seen2024-05-18 08:40:25 Times Seen448 Hash 28141e290f6ef740409a896799581b45 68034ac9fe2c0e71bb8ccc868540963adf4ebc7f b563de728f7ad9022ef94968360931749d32898f02f524b66a73c2630126f4a3 Loading...

	1win-cdn.com/js/icons-pack-home.d21abec30.js	19 kB	2023-12-01	2024-05-18
Pretty URL 1win-cdn.com/js/icons-pack-home.d21abec30.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 05:14:32 Last Seen2024-05-18 08:40:27 Times Seen521 Hash 325c4a59d9bc91d434baa4a7563c38b4 070a43d12a678b20daf2851076340bf4b595d5ff da9eec33115c64c998ab64b58d507a763696e716f0573c9dab499e978e599edf Loading...

	unknown	409 B	2023-03-10	2024-05-18
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 00:21:10 Last Seen2024-05-18 08:40:25 Times Seen1485 Hash efc54365d1ba6c4fb4bdf7ea1996bdbd 9f89f3485cd56eac910d9c0d6f9bd3b201074e24 da89215c040a91b80faf28d6030c58dab9d599794ef9bd1feba0fb01c621cf40 Loading...

	unknown	280 B	2023-09-09	2024-05-14
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-09 23:12:45 Last Seen2024-05-14 18:26:10 Times Seen625 Hash ccf8800179f76f96ab5ee9e2c31b34c9 bc8b036511560d2555772f2e5ce950ddc183fe1f 04598a52f743aceb0cd6af79dfa45e23b4f05f205f5c3814962e56a0225b90a1 Loading...

	unknown	199 B	2024-05-03	2024-05-06
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-03 19:30:53 Last Seen2024-05-06 23:12:04 Times Seen14 Hash c0ed801b112fd4a63e7c440e74a11f64 6fbdd9c1584d2afd786e4b1172dec3bb31e24046 b8a56d443900bfee5335b20da8fc6ab167185133dddc40231ab24da65fdaef96 Loading...

	1win-cdn.com/js/icons-pack-casino.fd47961dc.js	91 kB	2023-12-01	2024-05-18
Pretty URL 1win-cdn.com/js/icons-pack-casino.fd47961dc.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 05:14:32 Last Seen2024-05-18 08:40:27 Times Seen748 Hash caf103b3719cd36e18dd18439deac2fe b2e498d23c374abbc8ccd46f2ca03cb2bb2f41a3 4b280d2612a827e6604aef233c91cfd79b359a47065c728a350d0646c5c8a68c Loading...

	1win-cdn.com/js/745.ca3fa56a5.js	24 kB	2024-04-26	2024-05-08
Pretty URL 1win-cdn.com/js/745.ca3fa56a5.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 17:36:09 Last Seen2024-05-08 11:06:08 Times Seen31 Hash 295f0fd17b3fd8ad75db3d11e790de15 c96e411c7da299aa3660173cba7874561973b0aa 5fb69d4aecb170827b41f0df0a7dbde4f683da6f32ec5032c5274e19c0d97a44 Loading...

	1win-cdn.com/js/28852.501b5fba6.js	906 B	2023-12-01	2024-05-18
Pretty URL 1win-cdn.com/js/28852.501b5fba6.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 05:14:32 Last Seen2024-05-18 08:40:26 Times Seen445 Hash 8c454f4f9b542fe39f23206bc649d0ad 5c87d1e9b3f6f05694adea0524cd5c421222b368 429057a98cbc1fc117e33580ec952a3b52377602b06e702e1099b11891183cf9 Loading...

	1win-cdn.com/js/8653.ed7806659.js	952 B	2023-12-01	2024-05-18
Pretty URL 1win-cdn.com/js/8653.ed7806659.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 05:14:32 Last Seen2024-05-18 08:40:26 Times Seen339 Hash 6cb37362c9f47f9da06554dee435ff92 e34a75d99c356fe77ecca00e4bf6ce46fbe51e6c 8c951bf88d9566dc954964f5498e4acc49f3080391c11c96500964f87ddf701d Loading...

	unknown	320 B	2024-04-18	2024-05-16
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-18 07:36:05 Last Seen2024-05-16 16:24:10 Times Seen117 Hash b2cb4c2391077a9866f15278e2f22e28 b3c7c896176736a5c7964d09571b1d3db0a26a11 52ba3ec64c619c6ff3388e641a53b7e58ca9e9d92fab48f4da1128a3dba9de15 Loading...

	www.googletagmanager.com/gtag/destination?id=DC-12688802&l=dataLayer&cx=c	204 kB	2024-05-05	2024-05-05
Pretty URL www.googletagmanager.com/gtag/destination?id=DC-12688802&l=dataLayer&cx=c IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-05 15:29:42 Last Seen2024-05-05 15:29:43 Times Seen2 Hash c00f71aa3861c8930fdab93b821b713a 754fe3d390a0919ba3adfffa428c2c37d5d414be fed8ff9da95908852bb5aa17ec5c6faaea2d653346b212fb9fc85adee03d91aa Loading...

	1wywi.com/core-js/3.33.3/minified.js	244 kB	2023-11-30	2024-05-18
Pretty URL 1wywi.com/core-js/3.33.3/minified.js IP 190.115.24.78 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-30 12:06:40 Last Seen2024-05-18 08:40:25 Times Seen409 Hash 97ef15810bfd714fbb6955466693fa81 c33a9988b77ff3a02fd14874f2308ccf1739f8c4 e150f69a7ae98980592fe81f0f664c242834976066cb0fc326331d8983b63515 Loading...

	1win-cdn.com/js/desktop.84963e685.js	136 kB	2024-05-03	2024-05-05
Pretty URL 1win-cdn.com/js/desktop.84963e685.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-03 19:30:53 Last Seen2024-05-05 20:33:53 Times Seen16 Hash 80b2b92818b5b983234b19158d23bbeb 50deac03e087284a4574848ffd689014ab1b6b51 d44aea4b2aef0b2c8df7d4ca70287345f4ac39a4f61f8fa5931b2c53253a8c7c Loading...

	1win-cdn.com/js/86359.48c462178.js	634 B	2023-12-01	2024-05-18
Pretty URL 1win-cdn.com/js/86359.48c462178.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 05:14:33 Last Seen2024-05-18 08:40:25 Times Seen435 Hash a9c94358d9375f9d5d2475ee6c117033 ab71f0dfde4e0ea9e5a78c68934867a868f36a8a f4a61473edf04efa0863e90c136ec67d5fcb0f78eae6a2cecdb477669c06033c Loading...

	unknown	351 B	2024-04-18	2024-05-16
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-18 07:36:06 Last Seen2024-05-16 16:24:10 Times Seen117 Hash 003a98f80ebb1ce49eec0dc541b1f6cc b2e5d2f6337980e0706fd4f3b5934312ebb1126d 49340d31db7e883167a7e4feb1636ee431aca49bd18316d9842b82b43776a454 Loading...

	1win-cdn.com/js/91217.fc8dbcaea.js	828 B	2023-12-01	2024-05-18
Pretty URL 1win-cdn.com/js/91217.fc8dbcaea.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 05:14:32 Last Seen2024-05-18 08:40:26 Times Seen445 Hash ba2b6cee07a00d456f358cd9e2bf7ffc 77c0332cc2baee5b4783b7c60294284222603a97 d071f74f942a98bf42fb73282a6a91ffaf9eeb116dd49dd0900ffc396d537704 Loading...

	unknown	421 B	2023-03-12	2024-05-18
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 20:22:06 Last Seen2024-05-18 08:40:25 Times Seen1485 Hash dc37ec839376756d26f9c8925e173ac0 c7aff54b91a363e452e3338b3cf8441b3a82cbbb f139f19f43bcda296441234e4cb82550d94bde81758de7cf37bfe55df1c96717 Loading...

	www.googletagmanager.com/gtag/js?id=AW-16482547739&l=dataLayer&cx=c	253 kB	2024-05-05	2024-05-05
Pretty URL www.googletagmanager.com/gtag/js?id=AW-16482547739&l=dataLayer&cx=c IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-05 15:29:42 Last Seen2024-05-05 15:29:43 Times Seen2 Hash 01d47a0657583a68ca0d41852d397e8a 78a67746b2996622cb2413d5c9aa433bcd3c1b3f b882d50dc6eb846612a90a1667fe897ef9823eb848fa68916fb49096b10a855c Loading...

	1win-cdn.com/js/46665.703cfe1de.js	1.0 kB	2023-12-01	2024-05-18
Pretty URL 1win-cdn.com/js/46665.703cfe1de.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 05:14:32 Last Seen2024-05-18 08:40:26 Times Seen440 Hash a8e8453b85165d96566b9b00409adb90 ba4c50613470a3fc260501bdc9fedad671c0c21b c7909ffee12406973b236af27c311a6b83d035e1b134ff32a56c918195194c1b Loading...

	1wywi.com/	275 B	2024-05-03	2024-05-05
Pretty URL 1wywi.com/ IP 190.115.24.78 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-03 19:30:52 Last Seen2024-05-05 20:33:53 Times Seen11 Hash 904511eac55f563582802eddc1bc8205 f64516eb167f2a77db3ddc8814cd2e4f8b0e6261 285f0fecde590531152b2951e8866ff713a28bd75fa65cf944cedeb67be4e43d Loading...

	1win-cdn.com/js/44881.08b617166.js	418 kB	2024-05-03	2024-05-05
Pretty URL 1win-cdn.com/js/44881.08b617166.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-03 19:30:53 Last Seen2024-05-05 20:33:53 Times Seen10 Hash 3c6ebd40023f9cf42c01fb68a59fd849 6684380666e6d39e55a91202ddf42dd3b09b581a e21271d5dcad4b86611ce75ac16c5af62ef0b8d56eeaa5d13b4a7bf0eb5a1be3 Loading...

	1win-cdn.com/js/44101.3268a6e79.js	33 kB	2024-04-24	2024-05-18
Pretty URL 1win-cdn.com/js/44101.3268a6e79.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 21:28:59 Last Seen2024-05-18 08:40:25 Times Seen138 Hash 64fb718df447a3a994dcc6f6030b0488 6d312ce281fb912b3ff51e28e46239d55a7b7e8c fa3e3d09282ece932ecf45ea31c7f6bf3fea37d414070c6bcd8c01f466f4c932 Loading...

	1win-cdn.com/js/48430.9af74daeb.js	1.2 kB	2023-12-01	2024-05-18
Pretty URL 1win-cdn.com/js/48430.9af74daeb.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 05:14:32 Last Seen2024-05-18 08:40:25 Times Seen448 Hash 1ff7975a9909675793b03da1294f9681 04198fea02ca2f61451191a0916f7a3b87967bfa 06b058e9e4542070b7052f3cdb79599a4353b89529357a5a4df7258c3b1656bc Loading...

	1win-cdn.com/js/35967.a72ac7974.js	958 B	2023-12-01	2024-05-18
Pretty URL 1win-cdn.com/js/35967.a72ac7974.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 05:14:33 Last Seen2024-05-18 08:40:26 Times Seen333 Hash 9806bcc449ce96d93fe65bcffdc05c40 1a041edc174e43e94299ee18ebdb25b7b49b3036 56aec7b45747b8a8d71302ffa3af8d1f05dda5ae85e3dcc26905549c63c251a6 Loading...

	1win-cdn.com/js/37061.57ea53f4c.js	25 kB	2024-04-26	2024-05-18
Pretty URL 1win-cdn.com/js/37061.57ea53f4c.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 23:59:52 Last Seen2024-05-18 08:40:27 Times Seen117 Hash de6e0b19135b6714ea2184522788b0cb 0ef4cc5a6d0f2da9e4f29efdeef574fc55e04242 43ffcac2b1cb66acc051e53facf49692a2dbeca50e872059c1135f0fb39867aa Loading...

	1wywi.com/firebase/8.1.1/firebase-app.js	20 kB	2023-03-07	2024-05-18
Pretty URL 1wywi.com/firebase/8.1.1/firebase-app.js IP 190.115.24.78 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:45:05 Last Seen2024-05-18 08:40:26 Times Seen2199 Hash 5b9dcee25dd464bbf914b48e05e770c7 3f4e99ad6ce1fb6eb6be51dbd50ffab375eb0533 01a87f9f8138f66274cfedb855c0bfbe1529600a65ed26b0c863533e1e94abce Loading...

	1win-cdn.com/js/38209.ce0dbb534.js	1.3 kB	2024-02-20	2024-05-18
Pretty URL 1win-cdn.com/js/38209.ce0dbb534.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2024-02-20 22:52:49 Last Seen2024-05-18 08:40:25 Times Seen169 Hash 72f73ddb269d565042120562c1ec0c63 36b9b7c3b8838355aae56c42478bdfa61f5250dd b333e8bd20e8f594718ef1c195192747680b0842c347179cf6ca55c81178a006 Loading...

	1win-cdn.com/js/31310.c605a9b9f.js	528 B	2023-12-01	2024-05-18
Pretty URL 1win-cdn.com/js/31310.c605a9b9f.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 05:14:32 Last Seen2024-05-18 08:40:26 Times Seen450 Hash a81a1029c765d56df809940586f5ebf2 0af374464f6a4ad7af03cbe18ade0125c6b9fbc7 441aab7f91c07adfafb38da23b57e3787bf49c465f11afbf282a0825edec500f Loading...

	1win-cdn.com/js/chunk-vendors.84f8d8042.js	244 kB	2024-04-26	2024-05-18
Pretty URL 1win-cdn.com/js/chunk-vendors.84f8d8042.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 04:23:34 Last Seen2024-05-18 08:40:27 Times Seen139 Hash bf6401b0dfe9edb44c1316084aec2571 f8be08eb40e34c5fc52836f090309c15946a5246 d40dcf0986210c131bef533a944dc9ca304425090c57c650b590409aa1162c47 Loading...

	1win-cdn.com/js/62825.cf3a1caf6.js	736 B	2023-12-01	2024-05-18
Pretty URL 1win-cdn.com/js/62825.cf3a1caf6.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 05:14:32 Last Seen2024-05-18 08:40:26 Times Seen348 Hash 28e8d81ce74785fd3e402ba70f30570e ac5e4809cee47c9ac0f08221da5ab8358986d564 a7928d556c13082bd24d471ea1824a8771b146b4010e05159c35dddc32927c18 Loading...

	1win-cdn.com/js/20420.30b3c996e.js	573 B	2023-12-01	2024-05-18
Pretty URL 1win-cdn.com/js/20420.30b3c996e.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 05:14:32 Last Seen2024-05-18 08:40:25 Times Seen440 Hash f5d89fb15e17f73b8c6bf23ec49acf32 451fa7acd3e8f232c6d8e5a9e2685226771fbb41 a763f290f9b6982825ca91925709d7ba82ca508514f91786fa29c44b4afa763a Loading...

	1wywi.com/	25 B	2023-07-19	2024-05-18
Pretty URL 1wywi.com/ IP 190.115.24.78 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML true Observations First Seen2023-07-19 21:15:56 Last Seen2024-05-18 08:40:25 Times Seen801 Hash 2a9c68b4e7022ff8ab044251b6be11b0 6ca1d5c1984d89a849b7aafd0cc76b1efe8d77dc 6cfd8751a565c9e7d402eaa68a6d30afdf9967813d60cc28d655578e1bec7b9c Loading...

	1win-cdn.com/js/54591.72cf77712.js	8.4 kB	2024-04-24	2024-05-14
Pretty URL 1win-cdn.com/js/54591.72cf77712.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 21:28:58 Last Seen2024-05-14 20:25:15 Times Seen63 Hash cd9b599cb5d9c7f7fa861c205c7659f5 ed2725067adaac8ab0ddffd9693e58e62f4155dd 935727da6ceae568c8cb49e0512bc748bb872607fded637adc8b5f78f66df35e Loading...

	unknown	347 B	2023-06-26	2024-05-16
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-06-26 22:52:58 Last Seen2024-05-16 16:24:11 Times Seen904 Hash 150b71f7dde92027aee8fc8db2fcd0b3 faf9f0f6c34b25828fd97f37fa6b88152e55580d e9f6609639ac5f436c82395dfd4f3b3050e9140ad66b83ab152c5c829234406b Loading...

	1win-cdn.com/js/88971.a170f9f22.js	529 B	2023-12-01	2024-05-18
Pretty URL 1win-cdn.com/js/88971.a170f9f22.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 05:14:32 Last Seen2024-05-18 08:40:25 Times Seen315 Hash 88e4f6d7cb0faf6b16c158636a8553bf 357a27adf1b5615ee1897f13e0de0344254d9bea ad7459bd9492984b70993c16807c05a1b962c1e366d793cdd5646259f02b34c2 Loading...

	1wywi.com/	5.0 kB	2024-05-03	2024-05-18
Pretty URL 1wywi.com/ IP 190.115.24.78 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-03 19:30:53 Last Seen2024-05-18 08:40:25 Times Seen67 Hash bfbec13abf687324d384873ac418bc73 f6058c01634ffc9a756dba5352b5044daf1df6a7 5f1f26b2b510665b395d61f61237b2a5d562554a423aa9fe4075ddb021b448ed Loading...

	1wywi.com/	87 B	2023-07-19	2024-05-18
Pretty URL 1wywi.com/ IP 190.115.24.78 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML true Observations First Seen2023-07-19 21:15:56 Last Seen2024-05-18 08:40:25 Times Seen805 Hash 3795446a4317a989b0632a668bb1a334 56d14bb87a67b3ceb620bb61633db5e43099bd33 d28b1d0dcd44e2fdbb9ed061c9c7f5e0e0595e93b092464d38d76e335de3aed5 Loading...

	1win-cdn.com/js/10400.9ded7920f.js	10 kB	2024-04-23	2024-05-14
Pretty URL 1win-cdn.com/js/10400.9ded7920f.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-23 21:53:40 Last Seen2024-05-14 20:25:18 Times Seen110 Hash 15eac69773e4a58c28d83941ba68a74d d7a102d8e5b17065207de75d40e50e4406ff6e4a 57cf3cf3d84271aa5926a0aea38039976c7778b8cf9e182e3b1412211339994b Loading...

	unknown	316 B	2024-04-18	2024-05-16
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-18 07:36:04 Last Seen2024-05-16 16:24:10 Times Seen117 Hash 51e2b24c7620b63ffea046457fbc4af5 d9bcd9eb3b1a690e47f50fa5ba6383b3bc53b1a6 147b62c7a4294c2c35bc4030c5fd6ad0601b851f35879596b29e4215a3d63cc6 Loading...

	1wywi.com/	524 B	2023-10-13	2024-05-18
Pretty URL 1wywi.com/ IP 190.115.24.78 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML true Observations First Seen2023-10-13 04:25:36 Last Seen2024-05-18 08:40:26 Times Seen649 Hash 1cba076a7bc43f6c027239039206c8e3 b51a0930ec4aa4c5317c4771ade558fadec24239 c716ec7c8a8774ae64a4dc26521542f54ab78b436008474e797b7136299c9407 Loading...

	1win-cdn.com/js/8726.6a357273b.js	664 B	2023-12-01	2024-05-18
Pretty URL 1win-cdn.com/js/8726.6a357273b.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 05:14:32 Last Seen2024-05-18 08:40:26 Times Seen426 Hash d3791eaee8c4e61b0a5a83f911a88cee 1f439da3d55903466d31fb89708dac067916c057 c9810fa2298b1f0e1df7375b8259ba26174bb1a3d71cd5e33e2a584557179620 Loading...

	1win-cdn.com/js/icons-pack-social.4455053b1.js	26 kB	2024-04-24	2024-05-18
Pretty URL 1win-cdn.com/js/icons-pack-social.4455053b1.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 21:28:58 Last Seen2024-05-18 08:40:26 Times Seen117 Hash 1b14185591d9bcf20bd451f8e80432b5 b234f9245842f8270f24b137798dab716dca4f96 8fe516d4373eef98060bd7bd9a38c40915c5628bd90429ee567feeb3ff5e3bcb Loading...

	1win-cdn.com/js/57460.093f52cba.js	438 B	2023-12-01	2024-05-18
Pretty URL 1win-cdn.com/js/57460.093f52cba.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 05:14:32 Last Seen2024-05-18 08:40:26 Times Seen433 Hash 3940ad901c872d13b3f221d5d1753c90 d9543432f353b875d90ba22a0fe5d7edf3870d12 ffea5f4a3b9b89527a8eaa3be89086ffcb058b987b84dd614f314ec461a7b601 Loading...

	1win-cdn.com/js/58258.98332d90c.js	2.7 kB	2023-12-01	2024-05-18
Pretty URL 1win-cdn.com/js/58258.98332d90c.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 05:14:32 Last Seen2024-05-18 08:40:25 Times Seen327 Hash 429e788491131cf7a26b1e1b4b80ee2e f03316b5749e994f600acf4730886b5be0d136f8 30993561b31b29a22b8b7e999f66952c341241534c5494303bcb8bc07b5ad3e3 Loading...

	1wywi.com/firebase/8.1.1/firebase-messaging.js	41 kB	2023-03-07	2024-05-18
Pretty URL 1wywi.com/firebase/8.1.1/firebase-messaging.js IP 190.115.24.78 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:45:05 Last Seen2024-05-18 08:40:26 Times Seen2206 Hash 450e8b32262706d42cfdd438c49208f5 31c7e4aac1d1303c1e83a0b591abc3501e278668 58a372bb9d424111a2e73c427edb10db91c0f05e8f323f046d20f5cf8fd6f30f Loading...

	1wywi.com/	113 B	2024-05-03	2024-05-05
Pretty URL 1wywi.com/ IP 190.115.24.78 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-03 19:30:53 Last Seen2024-05-05 20:33:53 Times Seen11 Hash aaba43975c6d85b51dc05f083c7d305e 1e31fdb6b36b5b53164c2ff076134e4da8a92c08 57c1dfb5e42f515776c2e6450ebbab471a313eb5bca18d4eab9969c8e20ba04e Loading...

	1wywi.com/	168 B	2023-12-28	2024-05-18
Pretty URL 1wywi.com/ IP 190.115.24.78 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML true Observations First Seen2023-12-28 18:15:05 Last Seen2024-05-18 08:40:26 Times Seen315 Hash 457845cec6d736fd4ef36c7ef4b151f2 07936d0ba74365a8800c77fef3fb1407ec380ce5 bdb9495702f089c6d0a6d88e2e925a54c5ed3bb903835340562ce54d54dbd7e1 Loading...

	1win-cdn.com/js/index.8bffffec6.js	211 kB	2024-05-03	2024-05-05
Pretty URL 1win-cdn.com/js/index.8bffffec6.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-03 19:30:52 Last Seen2024-05-05 20:33:53 Times Seen11 Hash 7219f8143ca40f147127b3eeaf27541d b4912f9a1af6a102fed389cc20755fe6d8bbfde5 060288aec92db4e36afec8fe033ed0769a504c1b482cb143efdaa9d647fdc992 Loading...

	1win-cdn.com/js/18860.d3e8c1777.js	28 kB	2024-04-18	2024-05-18
Pretty URL 1win-cdn.com/js/18860.d3e8c1777.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-18 07:36:04 Last Seen2024-05-18 08:40:27 Times Seen202 Hash 4b143001b05330bb316fe6b48531dbb6 ffa1e8fc89a58cf47350481057028603fe7fff91 d2384a77cb70880903f3d1b81d47cdaf69af5bfb006fd23fb938c512ee2f486e Loading...

	www.gstatic.com/recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/recaptcha__en.js	518 kB	2024-04-24	2024-05-15
Pretty URL www.gstatic.com/recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/recaptcha__en.js IP 142.250.74.35 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 09:18:30 Last Seen2024-05-15 19:10:18 Times Seen9003 Hash e2e79d6b927169d9e0e57e3baecc0993 1299473950b2999ba0b7f39bd5e4a60eafd1819d 231336ed913a5ebd4445b85486e053caf2b81cab91318241375f3f7a245b6c6b Loading...

	1wywi.com/	4.2 kB	2024-03-30	2024-05-18
Pretty URL 1wywi.com/ IP 190.115.24.78 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML true Observations First Seen2024-03-30 16:44:18 Last Seen2024-05-18 08:40:26 Times Seen131 Hash f03d5c5d4651c5185cf95e29770acbf4 d228cd1a34da6c7d7a6fc2c3b3691d3578bd92f4 5ba081585bdcc91f38ed16b0cbdbf9dbfb3aef0886a4afa935f0a08ddf467088 Loading...

	1win-cdn.com/js/63502.06ceedfaa.js	135 kB	2024-05-02	2024-05-14
Pretty URL 1win-cdn.com/js/63502.06ceedfaa.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 14:26:19 Last Seen2024-05-14 20:25:15 Times Seen95 Hash a96e8f77207eb314deed6396463ffefa 2aa9286dba017fbcf9ff859e59b5a051cdfd73c7 227d6d7911161549ffd703d7ee317ba6994b18b40241ecfd5873768851bb5e4c Loading...

	1win-cdn.com/js/41543.9ecf6875c.js	695 B	2023-12-01	2024-05-18
Pretty URL 1win-cdn.com/js/41543.9ecf6875c.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 05:14:32 Last Seen2024-05-18 08:40:26 Times Seen345 Hash 48813f2325a439cb966c5096fc8a810a fb44ed9fb85edbd34701708c1fa10cfaa3f07bcd de64ce06fbb042ecead3cf7684326db4f0c50ac26ba91a99d3399f7de24f6ded Loading...

	unknown	320 B	2024-04-18	2024-05-16
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-18 07:36:05 Last Seen2024-05-16 16:24:11 Times Seen116 Hash 604b6a04bbd64c0897092ed7e30023bd 135732431cb91633a7fd90695a1ed085247b9564 02ddf8ff988206010b70dd08d64c44f99fbb459d3ae4cf60e41ded1cf1a995a0 Loading...

	unknown	456 B	2024-04-18	2024-05-18
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-18 07:36:05 Last Seen2024-05-18 08:40:26 Times Seen116 Hash e52b0f59624f8e74a8b3057ff5435c61 2751ea57dea85000a4310b8ce1ed42f128e15669 59024c214314c5b5bf32ca19d50e94e1bdd916c1876a2c3b982dc22bffa98340 Loading...

	1win-cdn.com/js/46719.c1d2eb9c5.js	527 B	2023-12-01	2024-05-18
Pretty URL 1win-cdn.com/js/46719.c1d2eb9c5.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 05:14:33 Last Seen2024-05-18 08:40:26 Times Seen322 Hash 4aed1e3e32871424dc1c549529ea26b8 1d2f8b2c24659b65a6c8fd249b156d8f668d46fa 579590204e7c01d12d85ed9d70750b3260a0212c70a9fdb264bce2a83449721a Loading...

	1wywi.com/	4.9 kB	2024-01-25	2024-05-18
Pretty URL 1wywi.com/ IP 190.115.24.78 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML true Observations First Seen2024-01-25 13:18:38 Last Seen2024-05-18 08:40:26 Times Seen235 Hash e39e4e132bab588b54ac8c01ee1cb792 507d529821627dea59889e1d2557482357d13902 26314cf2ae26676e29acce35b798159216131c0d472c11651870d02526f9d210 Loading...

	1win-cdn.com/js/48357.2867badf5.js	9.6 kB	2024-04-26	2024-05-18
Pretty URL 1win-cdn.com/js/48357.2867badf5.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 17:36:09 Last Seen2024-05-18 08:40:25 Times Seen66 Hash 6427c264e7bcd06afdffbb01534234c3 fc59a1bdce2fb3714732cdaa9ade074fc83e6136 2ce78d8f281221794ac114e49290c0b3e24a5d9cfb18b96f0f47c105747147bd Loading...

	1win-cdn.com/js/90206.5caf53dc9.js	12 kB	2024-02-20	2024-05-06
Pretty URL 1win-cdn.com/js/90206.5caf53dc9.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2024-02-20 22:52:50 Last Seen2024-05-06 23:12:04 Times Seen125 Hash 9b6c6ae255b71f876728a060c7a65d30 62487ce812d8cde4b41e55f4322e495288f52c8e 1122edc87ebd6ab526c31112f0eea970aa0a58adf924e3c44791d43be0292291 Loading...

	1win-cdn.com/js/91635.a2db5f817.js	748 B	2023-12-01	2024-05-18
Pretty URL 1win-cdn.com/js/91635.a2db5f817.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 05:14:32 Last Seen2024-05-18 08:40:25 Times Seen442 Hash e51646e9aa8ede0120c324fc7f1b980c d15bed4653a73a03424bc09e7746ad922a01579c 902ca682d52d4ae2808e187bbae9b7128712d732d7d5eda4cf1bad017d4f9521 Loading...

	1win-cdn.com/js/90511.4bc374431.js	637 B	2023-12-01	2024-05-18
Pretty URL 1win-cdn.com/js/90511.4bc374431.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 05:14:32 Last Seen2024-05-18 08:40:26 Times Seen446 Hash 453f1fb8f8c37b6c5c54c40e87dd038b d91d34e4b68e63be767a3ce9cd34eaa3dd41172d 52fd79478fc6b3e236a696d22135ed0c09100b9e25ff9bf93fca315d9d4ba1de Loading...

	1win-cdn.com/js/78449.1776bac9f.js	786 B	2023-12-01	2024-05-18
Pretty URL 1win-cdn.com/js/78449.1776bac9f.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 05:14:33 Last Seen2024-05-18 08:40:26 Times Seen453 Hash c9e05b247ec4862225558c72b113350d 7708f2815c38e06b3f5ed4e9c6c98622b69e3f4a ba979bcf79cb56027207dfba2cb71ac9b41ad1f38b55a0977f72091dddaa6486 Loading...

	1wywi.com/	482 B	2024-03-30	2024-05-18
Pretty URL 1wywi.com/ IP 190.115.24.78 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML true Observations First Seen2024-03-30 16:44:18 Last Seen2024-05-18 08:40:26 Times Seen130 Hash bc24bbddaf09063aa5f8250aaa64f3d8 293f3dc4dff618fa2ce2cffd58b484ff36b79d63 464c0d2eb75f1905f967d1fc1a4809f063a3085f56f76d231234d78bb28d698f Loading...

	1wywi.com/	270 B	2024-03-30	2024-05-18
Pretty URL 1wywi.com/ IP 190.115.24.78 ASN #59692 IQWeb FZ-LLC Introduced by scriptElement Embedded in HTML true Observations First Seen2024-03-30 16:44:19 Last Seen2024-05-18 08:40:26 Times Seen127 Hash 289bc12eac8d1333c742852d93dd0e77 931edfd193daa1e31e14e475d0dd467e66a33e19 87cc625c5c98e7a5971dace6ce6fc444053dd92da11a36c62ee5ed3c6f56fcb6 Loading...

	1win-cdn.com/js/chunk-common.9a0de7d23.js	177 kB	2024-05-03	2024-05-05
Pretty URL 1win-cdn.com/js/chunk-common.9a0de7d23.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-03 19:30:53 Last Seen2024-05-05 20:33:53 Times Seen13 Hash 328167dfc2e2d1c6e591611d2011e76c 46d4715f72e79fb5a56cc8a9218e335a74e2a710 ef431e25f8b3897189cccad3d14a811b800acb943d958d263686352accdaf672 Loading...

	1win-cdn.com/js/33700.8f8589382.js	992 B	2023-12-01	2024-05-18
Pretty URL 1win-cdn.com/js/33700.8f8589382.js IP 154.197.121.128 ASN #328608 Africa-on-Cloud-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 05:14:32 Last Seen2024-05-18 08:40:25 Times Seen433 Hash cca468f1fe1bebf60fb88dadcdb78142 a7c820f160c6a07b014972f8aa63e9b38f6b7ec3 0093434135f55115e84e92ac20ecc0af0ff6f9e200cc6cedbbb9d52c3504d678 Loading...

		Size	First Seen	Last Seen
	#1 Eval - 0bf001dcdb310567c52654a935c4f92a	80 B	2023-03-26	2024-05-18
Pretty Observations First Seen2023-03-26 10:50:54 Last Seen2024-05-18 08:40:26 Times Seen818 Hash 0bf001dcdb310567c52654a935c4f92a fddc3d16a5af259bcfa6b87a02bde4e3bcdc7109 a3b73a3b1e36d2bfad6fe9530c9c943f28a99cbe84d0674b555d14c3ae26c780 Loading...

HTTP Transactions (257)

URL IP Response Size

1wywi.com/img/logo/main/1win-normal.svg

190.115.24.78

200 OK

1.5 kB

URL GET HTTP/2
1wywi.com/img/logo/main/1win-normal.svg
IP
190.115.24.78:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://1wywi.com/
Certificate
IssuerLet's Encrypt
Subject1wywi.com
Fingerprint10:72:77:37:53:ED:0D:74:32:45:A4:2F:78:25:BF:F0:04:F3:31:84
ValiditySat, 04 May 2024 07:35:26 GMT - Fri, 02 Aug 2024 07:35:25 GMT

File type
SVG Scalable Vector Graphics image
Size
1.5 kB (1474 bytes)
Hash
0a5e2aff3499f587617337c0add83e72
c713ec3dbfd744114ba3b9cbf7b9ce3d40fbd8a4
a5cb3d03f299b837679eaa793491a03acc5fc1afdbc7f207b7566646f3bd2ecb

HTTP Headers

GET /img/logo/main/1win-normal.svg HTTP/1.1
Host: 1wywi.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __ddg1_=HvzQS1z7STb3yA78JxqG
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: ddos-guard
date: Sat, 04 May 2024 08:38:28 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-1221"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
content-encoding: br
vary: Accept-Encoding
age: 103828
content-length: 1474
ddg-cache-status: HIT
X-Firefox-Spdy: h2

1win-cdn.com/font/SFNSDisplay-latin.50a4eaff3.woff2

154.197.121.128

200 OK

33 kB

URL GET HTTP/2
1win-cdn.com/font/SFNSDisplay-latin.50a4eaff3.woff2
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
Web Open Font Format (Version 2), TrueType, length 33064, version 1.0
Size
33 kB (33064 bytes)
Hash
de175cbf569bb3ccf1f761c845cbd896
8d93663b858bae157ba5fc40e1400177104d71bd
df3772666587111462634070c47969ad9687bbf80d0694bb2e6c33be39434d68

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /font/SFNSDisplay-latin.50a4eaff3.woff2 HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1wywi.com/
Origin: https://1wywi.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:56 GMT
content-type: application/octet-stream
content-length: 33064
last-modified: Fri, 03 May 2024 15:33:37 GMT
etag: "663503d1-8128"
expires: Wed, 03 May 2034 13:28:56 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: MISS
accept-ranges: bytes
set-cookie: __cf_bm=CJdpE7XwlOZ.HK6EBTzqUayu4Q.9t10el7HsDvJUiWw-1714915736-1.0.1.1-mVdLnw9SVixa61nz9TpUrlLvvAcIjBX3IqSKKePcxNMS90yapz2.i9F2XtbS3BkzUwpuenrfxHepl05gAWjCaQ; path=/; expires=Sun, 05-May-24 13:58:56 GMT; domain=.1win-cdn.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113994b44568a-OSL
X-Firefox-Spdy: h2

1win-cdn.com/font/SFNSText-latin.f09aa5229.woff2

154.197.121.128

200 OK

44 kB

URL GET HTTP/2
1win-cdn.com/font/SFNSText-latin.f09aa5229.woff2
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
Web Open Font Format (Version 2), TrueType, length 43512, version 1.0
Size
44 kB (43512 bytes)
Hash
426f20bb65ea80d35f3f2a999d5d7d1e
85f211a450f26d7f0822d718fc61085a506fa455
06e02d3d2d01bb2c88786b0a2dd2d692f6659c0159ec4754f7db49c12e03b0d6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /font/SFNSText-latin.f09aa5229.woff2 HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1wywi.com/
Origin: https://1wywi.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:56 GMT
content-type: application/octet-stream
content-length: 43512
last-modified: Fri, 03 May 2024 15:33:37 GMT
etag: "663503d1-a9f8"
expires: Wed, 03 May 2034 13:28:56 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: MISS
accept-ranges: bytes
set-cookie: __cf_bm=h2lObxwdjL4YnzvdDUGkjrygkRiDBmxFzdVUtfV4Bvg-1714915736-1.0.1.1-W1UYIwf7VmFRCZgc2FvakpABhhIxmNVg0t.JQPQjqFBOqUBaqC.POmbV95ies0llIcKayehg4xT2xYrUBuIYBg; path=/; expires=Sun, 05-May-24 13:58:56 GMT; domain=.1win-cdn.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113994b46568a-OSL
X-Firefox-Spdy: h2

1win-cdn.com/js/desktop.84963e685.js

154.197.121.128

200 OK

44 kB

URL GET HTTP/2
1win-cdn.com/js/desktop.84963e685.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
gzip compressed data, from Unix
Size
44 kB (43932 bytes)
Hash
6ff1f350f39ad4712da3d7afc7a941da
a18d984f0e08136c726a40ede355c3ff286dddc3
42bf008fe7992d49f0247ffeef4d3d8129140dbccb024ce080dd460663b29f62

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/desktop.84963e685.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:56 GMT
content-type: application/javascript; charset=utf-8
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-214ff"
expires: Wed, 03 May 2034 13:28:56 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 163498
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f1139b18ba0afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/js/desktop.84963e685.js

154.197.121.128

200 OK

37 kB

URL GET HTTP/2
1win-cdn.com/js/desktop.84963e685.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
gzip compressed data, from Unix
Size
37 kB (37248 bytes)
Hash
be46226621fc2b6eddaa1adf0ef6ebe3
5f5c86f9b145824d6caa2cd5ffaf6b4d5489dc66
128cdb4ff9e7c078bbb3d00d7e5521f76464930251dd74609edc2d99b167fb2f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/desktop.84963e685.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:56 GMT
content-type: application/javascript; charset=utf-8
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-214ff"
expires: Wed, 03 May 2034 13:28:56 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 163498
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f1139bb9200afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win.direct/v4/socket.io/?Language=en&xorigin=1wywi.com&EIO=4&transport=websocket

134.122.54.186

0 B

URL
1win.direct/v4/socket.io/?Language=en&xorigin=1wywi.com&EIO=4&transport=websocket
IP
134.122.54.186:0
ASN
#14061 DIGITALOCEAN-ASN

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /v4/socket.io/?Language=en&xorigin=1wywi.com&EIO=4&transport=websocket HTTP/1.1
Host: 1win.direct
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://1wywi.com
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: Pm02sk9DFgc9oxyqUP0oMg==
DNT: 1
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Sec-Websocket-Accept: MpvFqVIl18ETN3lqAq/5NqwbUE8=
Sec-Websocket-Extensions: permessage-deflate
Set-Cookie: core-sticky=1371491aca8680b; Path=/; HttpOnly
Upgrade: websocket

1win-cdn.com/js/37061.57ea53f4c.js

154.197.121.128

200 OK

20 kB

URL GET HTTP/2
1win-cdn.com/js/37061.57ea53f4c.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
gzip compressed data, from Unix
Size
20 kB (20459 bytes)
Hash
360a5df193bed33a254042f182d26d16
d527709ab803f0050beb7b3d6e34090255e1eaff
33811e60ee0d759a2653c1b3ef1ce52ed3a5ee23c798deb72651d72fb5b20325

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/37061.57ea53f4c.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:57 GMT
content-type: application/javascript; charset=utf-8
last-modified: Fri, 26 Apr 2024 16:49:25 GMT
etag: W/"662bdb15-6074"
expires: Wed, 03 May 2034 13:28:57 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 407725
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f1139eeb530afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1wywi.com/

190.115.24.78

200 OK

203 kB

URL User Request GET HTTP/2
1wywi.com/
IP
190.115.24.78:443
ASN
#59692 IQWeb FZ-LLC

Certificate
IssuerLet's Encrypt
Subject1wywi.com
Fingerprint10:72:77:37:53:ED:0D:74:32:45:A4:2F:78:25:BF:F0:04:F3:31:84
ValiditySat, 04 May 2024 07:35:26 GMT - Fri, 02 Aug 2024 07:35:25 GMT

File type
gzip compressed data, from Unix
Size
203 kB (203137 bytes)
Hash
b341010bf34c456413a96a10e3aafff9
ef2d8789b90b09dd6cba69658c668a110bc401b6
5bd24a37e2e3f187e60cfe61cfec67fe3a4bd83b52866ca691b3f5baebbe85ad

HTTP Headers

GET / HTTP/1.1
Host: 1wywi.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg1_=HvzQS1z7STb3yA78JxqG; Domain=.1wywi.com; HttpOnly; Path=/; Expires=Mon, 05-May-2025 13:28:56 GMT
date: Sun, 05 May 2024 13:28:56 GMT
content-type: text/html; charset=utf-8
x-request-id: RP8OxVBoX1zg3haY
vary: Origin
access-control-allow-origin: *
x-match-domain: 1wywi.com
x-frame-options: ALLOW-FROM   ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan, ALLOW-FROM 1win-partner.com  ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/present-with-light.bd57fb068-151.png

154.197.121.128

200 OK

5.6 kB

URL GET HTTP/2
1win-cdn.com/img/present-with-light.bd57fb068-151.png
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
PNG image data, 151 x 161, 8-bit colormap, non-interlaced
Size
5.6 kB (5600 bytes)
Hash
a804ad67f4add53f8c251c2ebc80469d
4108aeab2f7a7c3720885edeb445e6131a383a49
06cee660e5b0dfa3ec59c1a1e03e4ab3da6cb22d1e49c9c51f9cf84ed925e304

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/present-with-light.bd57fb068-151.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:57 GMT
content-type: image/png
content-length: 5600
cf-bgj: imgq:100,h2pri
cf-polished: origSize=6732
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "663503d2-1a4c"
last-modified: Fri, 03 May 2024 15:33:38 GMT
cf-cache-status: HIT
age: 1371
expires: Sun, 05 May 2024 17:28:57 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f1139fcbe20afa-OSL
X-Firefox-Spdy: h2

1win-cdn.com/js/38209.ce0dbb534.js

154.197.121.128

200 OK

1.2 kB

URL GET HTTP/2
1win-cdn.com/js/38209.ce0dbb534.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
gzip compressed data, from Unix
Size
1.2 kB (1203 bytes)
Hash
0ecf63116fc2f8f751795f095b4ed1a2
cdd4319211e7db60a42acbf788d26ee1c3ec7d91
745d36aab0d0a377becc316d92f28962563407768f8485844612b37b1cd7009f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/38209.ce0dbb534.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:57 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-51f"
expires: Wed, 03 May 2034 13:28:57 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 407725
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f1139fcbe10afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

www.googletagmanager.com/gtm.js?id=GTM-KGKQDC7

142.250.74.168

200 OK

106 kB

URL GET HTTP/2
www.googletagmanager.com/gtm.js?id=GTM-KGKQDC7
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE
ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (50345)
Size
106 kB (106334 bytes)
Hash
a3be2c3c40faaf6919997c581b3ee81c
479a939138ca10b374994b99c44e561b01b27b77
7f5215558c91050f313f508bb97a4eea23f38efda99ee2a9453cc7f19222b7a2

HTTP Headers

GET /gtm.js?id=GTM-KGKQDC7 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 05 May 2024 13:28:57 GMT
expires: Sun, 05 May 2024 13:28:57 GMT
cache-control: private, max-age=900
last-modified: Sun, 05 May 2024 12:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 106334
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

1win-cdn.com/js/chunk-vendors.84f8d8042.js

154.197.121.128

200 OK

98 kB

URL GET HTTP/2
1win-cdn.com/js/chunk-vendors.84f8d8042.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
gzip compressed data, from Unix
Size
98 kB (97622 bytes)
Hash
f74383d0c367ba3087f44b29965e9448
a02bb19e4b29202da73abc815c4094f3346920d0
1a2b18acf67b829937cb0e95b55f67c0bdee164ff263ec4a1b6060cbb02c3621

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/chunk-vendors.84f8d8042.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:56 GMT
content-type: application/javascript; charset=utf-8
last-modified: Thu, 25 Apr 2024 11:30:31 GMT
etag: W/"662a3ed7-3bb32"
expires: Wed, 03 May 2034 13:28:56 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 407789
set-cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA; path=/; expires=Sun, 05-May-24 13:58:56 GMT; domain=.1win-cdn.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113994f650afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/js/index.8bffffec6.js

154.197.121.128

200 OK

108 kB

URL GET HTTP/2
1win-cdn.com/js/index.8bffffec6.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
gzip compressed data, from Unix
Size
108 kB (108114 bytes)
Hash
fd887a32394d8a6f566f889f8a8699b4
8ceba641f47c480cb369344fb3b3a272ee2f2c98
e1c75283d124c4ab7dca39c81a8c20b88b25f8c29628667f86f767c7c6b7138a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/index.8bffffec6.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:56 GMT
content-type: application/javascript; charset=utf-8
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-336f2"
expires: Wed, 03 May 2034 13:28:56 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 165040
set-cookie: __cf_bm=P1tFnJo4PwePmW7FS8Fy0D0jG_XscNy33mTS95gSeFs-1714915736-1.0.1.1-GJLSQaObwFemVtDPtm2tiaQrxCG9yb2wUC1sGe3tQwdJ8QihgxMbL7XYiQDhgAZ1t_3e5j15ixAeIPSYh7xfTQ; path=/; expires=Sun, 05-May-24 13:58:56 GMT; domain=.1win-cdn.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113994f640afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/js/68410.33fbe7e58.js

154.197.121.128

200 OK

24 kB

URL GET HTTP/2
1win-cdn.com/js/68410.33fbe7e58.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
gzip compressed data, from Unix
Size
24 kB (24453 bytes)
Hash
73701bd8e9e68a6a9e5d5d0afdd2074b
efdc192d6b680e6abbc2667be00d156593c5fdf2
b9439c4997c52624a7e1bcaabc24ffd90962b0f3820218af17a6428033d219b8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/68410.33fbe7e58.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:57 GMT
content-type: application/javascript; charset=utf-8
last-modified: Fri, 26 Apr 2024 11:07:10 GMT
etag: W/"662b8ade-e07c"
expires: Wed, 03 May 2034 13:28:57 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 412079
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f1139f1b720afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/js/39061.47d3b467c.js

154.197.121.128

200 OK

24 kB

URL GET HTTP/2
1win-cdn.com/js/39061.47d3b467c.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
gzip compressed data, from Unix
Size
24 kB (23547 bytes)
Hash
268bd16e1b2b580afc137764e058cf1d
19a22ba8d91bee582f056b81831a3c6bc8fc53b5
4453e8834cf0d49c408c9c00ba06e451fbe3d58d1f6223cc6cfd9d7ad8c40fde

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/39061.47d3b467c.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:57 GMT
content-type: application/javascript; charset=utf-8
last-modified: Fri, 03 May 2024 08:45:03 GMT
etag: W/"6634a40f-16929"
expires: Wed, 03 May 2034 13:28:57 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 188409
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f1139efb5c0afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

imgproxy.1win-cdn.com/unsafe/banner_desktop_main_1x/plain/https://1win-cdn.com/img/cashback.f5a548e68-399.png@png

172.67.181.254

200 OK

58 kB

URL GET HTTP/2
imgproxy.1win-cdn.com/unsafe/banner_desktop_main_1x/plain/https://1win-cdn.com/img/cashback.f5a548e68-399.png@png
IP
172.67.181.254:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
PNG image data, 363 x 429, 8-bit colormap, non-interlaced
Size
58 kB (58091 bytes)
Hash
f5c26decf32eb643468c81ea9dc51585
32f26e84d2cc98f1f932ebba175eb9bb1cb18cfd
05bc5fe29e1b5dd0da7faf912adab322dbf0297cb36d5efdb12d64aff4d98ac7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /unsafe/banner_desktop_main_1x/plain/https://1win-cdn.com/img/cashback.f5a548e68-399.png@png HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:57 GMT
content-type: image/png
content-length: 58091
cache-control: public, max-age=31536000
content-disposition: inline; filename="cashback.f5a548e68-399.png"
content-security-policy: script-src 'none'
etag: "bYO6A3TkrGzIprX68BfyOBGJEQnSmCYqqMK6NzP2zdM/RIjY2MzExOTVhLWNjOTki"
x-request-id: _aNjZdmyrajc8nPHTFr2D
cf-cache-status: HIT
age: 401103
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xX7zSOoei4AS4BOJlrRLl7xkUGATy8dbBLiAVP878VNHwsBNx8BOih2DLctlas%2BLlHnkzteAR6GiTZWdpBkrcFOWJiLduwM1BCdukMfVIjgR2OrPDlvdLjOtZVxACQSQTlrP%2FjOgsN4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a19d3f569c-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

1win-cdn.com/img/home-poker-banner-bg.daea5f5cb-600.png

154.197.121.128

200 OK

20 kB

URL GET HTTP/2
1win-cdn.com/img/home-poker-banner-bg.daea5f5cb-600.png
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
PNG image data, 600 x 295, 8-bit colormap, non-interlaced
Size
20 kB (19467 bytes)
Hash
b924bd42443557a1ef9d41f043ddf175
a9db601e2941557cba7e3e688390aa43e8411e2e
8103c7873a41f0c2d28c5738b5bfb26bf324123930e0f49f7cf83964211b1def

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/home-poker-banner-bg.daea5f5cb-600.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:57 GMT
content-type: image/png
content-length: 19467
cf-bgj: imgq:100,h2pri
cf-polished: origSize=21524
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "663503d2-5414"
last-modified: Fri, 03 May 2024 15:33:38 GMT
cf-cache-status: HIT
expires: Sun, 05 May 2024 17:28:57 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a16d560afa-OSL
X-Firefox-Spdy: h2

1win-cdn.com/img/aviator-game-logo.2fb50dc03.svg

154.197.121.128

200 OK

2.0 kB

URL GET HTTP/2
1win-cdn.com/img/aviator-game-logo.2fb50dc03.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
gzip compressed data, from Unix
Size
2.0 kB (1996 bytes)
Hash
c4b14463506c40e98e85823cd517331f
5d821101d91753ac90ae7191de1b097c62404a9b
104022a98864ae9c79b770be34a64d99e20c88c19645f80c35801c23431684b7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/aviator-game-logo.2fb50dc03.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:57 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-bfa"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5079
expires: Sun, 05 May 2024 17:28:57 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a0ecf40afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

imgproxy.1win-cdn.com/unsafe/banner_desktop_main_1x/plain/https://1win-cdn.com/img/bonus.8be9e8f98-362.png@png

172.67.181.254

200 OK

50 kB

URL GET HTTP/2
imgproxy.1win-cdn.com/unsafe/banner_desktop_main_1x/plain/https://1win-cdn.com/img/bonus.8be9e8f98-362.png@png
IP
172.67.181.254:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
PNG image data, 362 x 429, 8-bit colormap, non-interlaced
Size
50 kB (49865 bytes)
Hash
b0b99e0a3f5f6fc44052e30eae903c63
822d3283ea4b2e2dba9b7454a3cce37dd7b67d7a
e8a9883494dafb98df5bc26bae6e699673f4dcc1ee90aa8b5296f3ff88f66954

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /unsafe/banner_desktop_main_1x/plain/https://1win-cdn.com/img/bonus.8be9e8f98-362.png@png HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:57 GMT
content-type: image/png
content-length: 49865
cache-control: public, max-age=31536000
content-disposition: inline; filename="bonus.8be9e8f98-362.png"
content-security-policy: script-src 'none'
etag: "bYO6A3TkrGzIprX68BfyOBGJEQnSmCYqqMK6NzP2zdM/RIjY2MzExOTVhLWMyMGQi"
x-request-id: 9_ruTBS0Tkm7jz1RUzGRw
cf-cache-status: HIT
age: 401455
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jTAmC3EgOLlQFslk5pOfbLhXuI7ireHuRawb96Xr23TzMwj4xpquHK%2BgDV7fqhrivSs1Bbq2XeNWZZ%2Fr1%2F3maJW6W6jHtDUmI3WADhQSVJUImWbN0ej1TlH5d08ZiNIoFiVZmE2w7nE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a19d45569c-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

1win-cdn.com/img/free-money-link-image.1ada0c9e1-120.png

154.197.121.128

200 OK

5.3 kB

URL GET HTTP/2
1win-cdn.com/img/free-money-link-image.1ada0c9e1-120.png
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
PNG image data, 120 x 97, 8-bit colormap, non-interlaced
Size
5.3 kB (5274 bytes)
Hash
911fa68d94dd3f2bc8ceff2671e87bdd
9bca43449cf32e95c62291a802cad6e6c4493025
9d652f09af7a4abeaa6cd6a77f32598dd33e3b7b8a55c032409cd2ecacd11db7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/free-money-link-image.1ada0c9e1-120.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:57 GMT
content-type: image/png
content-length: 5274
cf-bgj: imgq:100,h2pri
cf-polished: origSize=6354
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "663503d2-18d2"
last-modified: Fri, 03 May 2024 15:33:38 GMT
cf-cache-status: HIT
age: 485
expires: Sun, 05 May 2024 17:28:57 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a1dd980afa-OSL
X-Firefox-Spdy: h2

1win-cdn.com/js/icons-pack-home.d21abec30.js

154.197.121.128

200 OK

5.9 kB

URL GET HTTP/2
1win-cdn.com/js/icons-pack-home.d21abec30.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
gzip compressed data, from Unix
Size
5.9 kB (5858 bytes)
Hash
12ab19199acaa4e150727c944b777e44
77585db28bfc3de62b13a1c2daa6795613c769d4
8c9c7aa35267a9013589a781052aa36163a45300331b6f110b71fa39639f27d9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/icons-pack-home.d21abec30.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:57 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-49ea"
expires: Wed, 03 May 2034 13:28:57 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 420970
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a16d530afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/sprite-tvbet-frame@2.52cde99d0-256.png

154.197.121.128

200 OK

3.9 kB

URL GET HTTP/2
1win-cdn.com/img/sprite-tvbet-frame@2.52cde99d0-256.png
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
PNG image data, 256 x 256, 8-bit colormap, non-interlaced
Size
3.9 kB (3888 bytes)
Hash
bd11730c197227300ae5e1b00b8cc637
c0e28cfb09642e9402f12f9c6677242ef671de33
2868cadf19218572e4970158bb91602551898a040cac6fed88b1d98d77f1b649

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/sprite-tvbet-frame@2.52cde99d0-256.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:57 GMT
content-type: image/png
content-length: 3888
cf-bgj: imgq:100,h2pri
cf-polished: origSize=4458
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "663503d1-116a"
last-modified: Fri, 03 May 2024 15:33:37 GMT
cf-cache-status: HIT
age: 5070
expires: Sun, 05 May 2024 17:28:57 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a21dcc0afa-OSL
X-Firefox-Spdy: h2

1win-cdn.com/img/sprite-roulette-frame@2.76ea5a241-256.png

154.197.121.128

200 OK

27 kB

URL GET HTTP/2
1win-cdn.com/img/sprite-roulette-frame@2.76ea5a241-256.png
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
PNG image data, 256 x 256, 8-bit colormap, non-interlaced
Size
27 kB (27297 bytes)
Hash
9a35699413d56978ea4af6896f0aa16c
c22d50770f376a17d5539919541496a1e1e5a626
396126da9646bf2bf8d5a2a9f1e449391db7861540ad243e0ca8c3e0c40fd012

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/sprite-roulette-frame@2.76ea5a241-256.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:57 GMT
content-type: image/png
content-length: 27297
cf-bgj: imgq:100,h2pri
cf-polished: origSize=29770
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "663503d1-744a"
last-modified: Fri, 03 May 2024 15:33:37 GMT
cf-cache-status: HIT
age: 5070
expires: Sun, 05 May 2024 17:28:57 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a21dd00afa-OSL
X-Firefox-Spdy: h2

1win-cdn.com/js/35967.a72ac7974.js

154.197.121.128

200 OK

354 kB

URL GET HTTP/2
1win-cdn.com/js/35967.a72ac7974.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
gzip compressed data, from Unix
Size
354 kB (354443 bytes)
Hash
6868d482b1f0f2c8643e3b527532144c
ebba54d2a012f48aa305ce887a394ce1900b59a6
bb2cc28f6407ee09892ce25a089e3747e59a541c1ad797f9c1dd52e343ca2863

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/35967.a72ac7974.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:57 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-3be"
expires: Wed, 03 May 2034 13:28:57 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 407724
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a17d620afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/sprite-dice-frame@2.8e0d70675-256.png

154.197.121.128

200 OK

16 kB

URL GET HTTP/2
1win-cdn.com/img/sprite-dice-frame@2.8e0d70675-256.png
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
PNG image data, 256 x 256, 8-bit colormap, non-interlaced
Size
16 kB (15901 bytes)
Hash
2018c59c5dccfaec96873d1ce9a60276
46ad94df758fdb9f0a257d99fcf52314cf5df926
b57379b1cd70db0d460ce31140e81eb78d3347ad6f7dd2cf9fe1c624d5e65439

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/sprite-dice-frame@2.8e0d70675-256.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:57 GMT
content-type: image/png
content-length: 15901
cf-bgj: imgq:100,h2pri
cf-polished: origSize=17269
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "663503d1-4375"
last-modified: Fri, 03 May 2024 15:33:37 GMT
cf-cache-status: HIT
age: 5070
expires: Sun, 05 May 2024 17:28:57 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a21dd20afa-OSL
X-Firefox-Spdy: h2

1win-cdn.com/img/sprite-poker-frame@2.50a0c1527-256.png

154.197.121.128

200 OK

9.4 kB

URL GET HTTP/2
1win-cdn.com/img/sprite-poker-frame@2.50a0c1527-256.png
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
PNG image data, 256 x 256, 8-bit colormap, non-interlaced
Size
9.4 kB (9422 bytes)
Hash
e46f588febb018229e3c2450c4a3d4f0
4904652973205c308ead578918f7ff5a6a27bf0e
855739792866720d46d60d1a9696327132ecb9a4e9420ec40a861c41a6e57e20

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/sprite-poker-frame@2.50a0c1527-256.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:57 GMT
content-type: image/png
content-length: 9422
cf-bgj: imgq:100,h2pri
cf-polished: origSize=10453
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "663503d1-28d5"
last-modified: Fri, 03 May 2024 15:33:37 GMT
cf-cache-status: HIT
age: 5070
expires: Sun, 05 May 2024 17:28:57 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a22dd50afa-OSL
X-Firefox-Spdy: h2

1win-cdn.com/js/8653.ed7806659.js

154.197.121.128

200 OK

430 kB

URL GET HTTP/2
1win-cdn.com/js/8653.ed7806659.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
gzip compressed data, from Unix
Size
430 kB (430291 bytes)
Hash
61010e56119d5dbeae2efb3663e2bfa6
45ee6c71252b13fb4f5715ac328f0ee7fe25ecc6
fb7f1a071305657ff9503cdd795f40413dce52e1a13f5d2c93f96baef0ebe2b8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/8653.ed7806659.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:57 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-3b8"
expires: Wed, 03 May 2034 13:28:57 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 412078
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a17d640afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/sprite-roulette@2.255074856-256.webp

154.197.121.128

200 OK

720 kB

URL GET HTTP/2
1win-cdn.com/img/sprite-roulette@2.255074856-256.webp
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
RIFF (little-endian) data, Web/P image
Size
720 kB (719644 bytes)
Hash
344d71695bd0f387fedd84fba6ace2c1
1d37e2d66ab1098072febc0a0dc3769d44090048
7775854f4b641fa2c9f954c79de9d4bd51ffea8b9bc74d8e01768718cc438003

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/sprite-roulette@2.255074856-256.webp HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:57 GMT
content-type: image/webp
content-length: 719644
last-modified: Fri, 03 May 2024 15:33:37 GMT
etag: "663503d1-afb1c"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5070
expires: Sun, 05 May 2024 17:28:57 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a21dd10afa-OSL
X-Firefox-Spdy: h2

1win-cdn.com/font/SFNSDisplay-cyrillic.e423f3776.woff2

154.197.121.128

200 OK

17 kB

URL GET HTTP/2
1win-cdn.com/font/SFNSDisplay-cyrillic.e423f3776.woff2
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
Web Open Font Format (Version 2), TrueType, length 16852, version 1.0
Size
17 kB (16852 bytes)
Hash
c4f31a30bdf4dbced79fb75fc03111cf
14765799051deb933539e19f1ffa26198cabd4c1
cded98e2b95ccbf34690d20e4d466e2457d754f960b819d052d188dae2c9e9fc

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /font/SFNSDisplay-cyrillic.e423f3776.woff2 HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1wywi.com
DNT: 1
Connection: keep-alive
Referer: https://1win-cdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:58 GMT
content-type: application/octet-stream
content-length: 16852
last-modified: Fri, 03 May 2024 15:33:37 GMT
etag: "663503d1-41d4"
expires: Wed, 03 May 2034 13:28:58 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: MISS
accept-ranges: bytes
set-cookie: __cf_bm=4uEYNFoS2sN_Fs8lX_xu8x9s1DM28p.mcw6jvFb0.eU-1714915738-1.0.1.1-ZzOfLJMX_JWZqKxjsTtJISP1iFVTG3J8FV5q4lnO_TicFyhJCJaV79yl3aWKmi2vsFGwfjHQYFtkYQwCPdP_YA; path=/; expires=Sun, 05-May-24 13:58:58 GMT; domain=.1win-cdn.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a20da3568a-OSL
X-Firefox-Spdy: h2

1win-cdn.com/img/sprite-poker@2.a38733e7a-256.webp

154.197.121.128

200 OK

361 kB

URL GET HTTP/2
1win-cdn.com/img/sprite-poker@2.a38733e7a-256.webp
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
RIFF (little-endian) data, Web/P image
Size
361 kB (360930 bytes)
Hash
3da44652926631bc4fc847cfcbad6c71
a5f7955272162e543d5db897e200d00d3af22b22
354fe37cee669fe141e1e1dcb3b5a12df1ff2b9b34be38b4f2e20dd46fdb7d2a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/sprite-poker@2.a38733e7a-256.webp HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:57 GMT
content-type: image/webp
content-length: 360930
last-modified: Fri, 03 May 2024 15:33:37 GMT
etag: "663503d1-581e2"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5070
expires: Sun, 05 May 2024 17:28:57 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a22dd80afa-OSL
X-Firefox-Spdy: h2

1win-cdn.com/img/home-poker-banner-bg.a77f0d650-600.webp

154.197.121.128

200 OK

12 kB

URL GET HTTP/2
1win-cdn.com/img/home-poker-banner-bg.a77f0d650-600.webp
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
RIFF (little-endian) data, Web/P image
Size
12 kB (12264 bytes)
Hash
45df6c11399190f031e9db37f9f4e785
a8a641e38f707a584b72a5ad5c010e7bbcd7920c
121521ac13372efb3f1ab4c324432d8660fbea196e96df7916ce7457699705a3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/home-poker-banner-bg.a77f0d650-600.webp HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:58 GMT
content-type: image/webp
content-length: 12264
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: "663503d2-2fe8"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5071
expires: Sun, 05 May 2024 17:28:58 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a2de4f0afa-OSL
X-Firefox-Spdy: h2

1win-cdn.com/js/8726.6a357273b.js

154.197.121.128

200 OK

34 kB

URL GET HTTP/2
1win-cdn.com/js/8726.6a357273b.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
gzip compressed data, from Unix
Size
34 kB (34328 bytes)
Hash
88b2c2d83a26756ef6a2a3bfe7604ac9
cd07f5f674c546c0c3a6d90cb75f9bc124953322
797d2319240181c35f2a1fae9519428d914bf9d9234abac0817a874e57b72e58

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/8726.6a357273b.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:57 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-298"
expires: Wed, 03 May 2034 13:28:57 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 413381
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a17d5d0afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

imgproxy.1win-cdn.com/unsafe/banner_desktop_main_1x/plain/https://1win-cdn.com/img/cashback.f5a548e68-399.png@avif

172.67.181.254

200 OK

6.5 kB

URL GET HTTP/2
imgproxy.1win-cdn.com/unsafe/banner_desktop_main_1x/plain/https://1win-cdn.com/img/cashback.f5a548e68-399.png@avif
IP
172.67.181.254:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
ISO Media, AVIF Image
Size
6.5 kB (6537 bytes)
Hash
6eb918cc26ed4d4b3f96d5b031ebdd69
aca2ee56704a569aa16df44cd5420c8bfb31c6f1
3fba98236326ef72ca6967cc5e0f6ccd4f0f8cce5d06df23e1cbd78713ada4e9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /unsafe/banner_desktop_main_1x/plain/https://1win-cdn.com/img/cashback.f5a548e68-399.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:58 GMT
content-type: image/avif
content-length: 6537
cache-control: public, max-age=31536000
content-disposition: inline; filename="cashback.f5a548e68-399.avif"
content-security-policy: script-src 'none'
etag: "afr-jhlkuoDx_XrwjiuFbkzj6HdVsjvDmAeQvV8BbYs/RIjY2MmY4NjBmLWNjOTki"
x-request-id: thjwTp6RlW19O_drMhS7L
cf-cache-status: HIT
age: 421554
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CAUF8K%2Fl%2Fwt%2F%2FXULKrNH%2FDseamAygf3Gu4njiZ7n%2F%2FTKGCRK%2F%2B6Zo46hqWGcnwkikSpfYi4c4kTTSYNYMkB6XklRP8o7EvJrgVEywYHTqQcyN0o0E9u9xqGi7QMwOT1IGfff7tNYYTQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a38f74569c-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

1win-cdn.com/img/pwa_ios_en.f08ddb1e6-690.png

154.197.121.128

200 OK

35 kB

URL GET HTTP/2
1win-cdn.com/img/pwa_ios_en.f08ddb1e6-690.png
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
PNG image data, 690 x 450, 8-bit colormap, non-interlaced
Size
35 kB (34925 bytes)
Hash
232d05b165c6b0fc9695db490aa71f47
f04ccc74ebd190747114ceeb882d51db8e9268c6
9f1c5e7317322a12fab89e9a96b3c4dcb22381d5751128217b168e3477e5e207

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/pwa_ios_en.f08ddb1e6-690.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:58 GMT
content-type: image/png
content-length: 34925
cf-bgj: imgq:100,h2pri
cf-polished: origSize=39066
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "663503d2-989a"
last-modified: Fri, 03 May 2024 15:33:38 GMT
cf-cache-status: HIT
age: 3946
expires: Sun, 05 May 2024 17:28:58 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a49fcf0afa-OSL
X-Firefox-Spdy: h2

imgproxy.1win-cdn.com/unsafe/banner_desktop_main_1x/plain/https://1win-cdn.com/img/bonus.8be9e8f98-362.png@avif

172.67.181.254

200 OK

5.3 kB

URL GET HTTP/2
imgproxy.1win-cdn.com/unsafe/banner_desktop_main_1x/plain/https://1win-cdn.com/img/bonus.8be9e8f98-362.png@avif
IP
172.67.181.254:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
ISO Media, AVIF Image
Size
5.3 kB (5298 bytes)
Hash
2644fa31ed595bed0cb922c0c7539272
de9318bf140b0f2ea79f367170734ff434917747
8b139975393524fcf487dbb870a640733d99cfb4352c679c7449baf2ca2babcd

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /unsafe/banner_desktop_main_1x/plain/https://1win-cdn.com/img/bonus.8be9e8f98-362.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:58 GMT
content-type: image/avif
content-length: 5298
cache-control: public, max-age=31536000
content-disposition: inline; filename="bonus.8be9e8f98-362.avif"
content-security-policy: script-src 'none'
etag: "afr-jhlkuoDx_XrwjiuFbkzj6HdVsjvDmAeQvV8BbYs/RIjY2MzExOTVhLWMyMGQi"
x-request-id: uUYzSMqbksJzETyQNoHBA
cf-cache-status: HIT
age: 406960
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pU%2Fu%2FOr%2BAo7MLizygnUEowZz%2BAldtE%2F8FL1RD7k2p5I%2BIW0aiV9vDsGiv6sj2Mx4vLFZNnZBko5Cm06RuDP6HbtzgApkGSR4wcdNL4L0ZxTCMatLchEuaZ14tSj6jO1BNjhlwwCj0hk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a508d2569c-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

1win-cdn.com/img/casino-mentor.f6b6387ac-172.png

154.197.121.128

200 OK

1.9 kB

URL GET HTTP/2
1win-cdn.com/img/casino-mentor.f6b6387ac-172.png
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
PNG image data, 172 x 50, 8-bit colormap, non-interlaced
Size
1.9 kB (1857 bytes)
Hash
3ec6ec7d9016e953c300249c2af5704f
e7b2ec568a2118a744cdd1fabe6fa8959c637532
135d5b6cdac55c8f3598b1d5d04bcf737608501709df2567d270fd30ba02b25a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/casino-mentor.f6b6387ac-172.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:58 GMT
content-type: image/png
content-length: 1857
cf-bgj: imgq:100,h2pri
cf-polished: origSize=1976
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "663503d2-7b8"
last-modified: Fri, 03 May 2024 15:33:38 GMT
cf-cache-status: HIT
age: 5916
expires: Sun, 05 May 2024 17:28:58 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a5181c0afa-OSL
X-Firefox-Spdy: h2

1win-cdn.com/img/betraja.5cf6f15c0-75.png

154.197.121.128

200 OK

1.1 kB

URL GET HTTP/2
1win-cdn.com/img/betraja.5cf6f15c0-75.png
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
PNG image data, 75 x 75, 8-bit colormap, non-interlaced
Size
1.1 kB (1054 bytes)
Hash
2840e342f235c6d7d76db654ff6a0edd
8f81dc2954a1e234394d7b284e02742730f25f37
2ad89292fa4c717acf6c24a9fa1f4c795f1e63f7e03bd4800c73f989c595a950

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/betraja.5cf6f15c0-75.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:58 GMT
content-type: image/png
content-length: 1054
cf-bgj: imgq:100,h2pri
cf-polished: origSize=1174
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "663503d2-496"
last-modified: Fri, 03 May 2024 15:33:38 GMT
cf-cache-status: HIT
age: 267
expires: Sun, 05 May 2024 17:28:58 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a5181b0afa-OSL
X-Firefox-Spdy: h2

1win-cdn.com/img/best-bitcoin-casino.9c1716b1a-50.png

154.197.121.128

200 OK

972 B

URL GET HTTP/2
1win-cdn.com/img/best-bitcoin-casino.9c1716b1a-50.png
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
PNG image data, 50 x 50, 8-bit colormap, non-interlaced
Size
972 B (972 bytes)
Hash
d75b75efec83a2230764a8fed9d1dd3e
ee4318789396290da2017d433fe622b9a005aff2
24397ec04f26d6b7c9465094a088ab89e4a4216accd5cb45e8563f694dd3fcd5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/best-bitcoin-casino.9c1716b1a-50.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:58 GMT
content-type: image/png
content-length: 972
cf-bgj: imgq:100,h2pri
cf-polished: origSize=1035
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "663503d2-40b"
last-modified: Fri, 03 May 2024 15:33:38 GMT
cf-cache-status: HIT
age: 5916
expires: Sun, 05 May 2024 17:28:58 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a5181e0afa-OSL
X-Firefox-Spdy: h2

1win-cdn.com/img/cricket-betting-guru.cfe7d4265-500.png

154.197.121.128

200 OK

8.1 kB

URL GET HTTP/2
1win-cdn.com/img/cricket-betting-guru.cfe7d4265-500.png
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
PNG image data, 500 x 500, 8-bit colormap, non-interlaced
Size
8.1 kB (8067 bytes)
Hash
953b3b7e0c94ed3c3af678f19b076c5a
993c897eadbd5f11f4fa712cda067ea633c8e68f
d996933d2daf078f08f1460583730af70894c8e2317c273661c10aa3affc5acd

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/cricket-betting-guru.cfe7d4265-500.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:58 GMT
content-type: image/png
content-length: 8067
cf-bgj: imgq:100,h2pri
cf-polished: origSize=9249
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "663503d2-2421"
last-modified: Fri, 03 May 2024 15:33:38 GMT
cf-cache-status: HIT
age: 267
expires: Sun, 05 May 2024 17:28:58 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a5181f0afa-OSL
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=G-548949LWLW&l=dataLayer&cx=c

142.250.74.168

200 OK

92 kB

URL GET HTTP/3
www.googletagmanager.com/gtag/js?id=G-548949LWLW&l=dataLayer&cx=c
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE
ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT

File type
JavaScript source, ASCII text, with very long lines (5955)
Size
92 kB (91523 bytes)
Hash
97188e30139fc6793e07bd558875d13a
01fde26d773f3f45dc5bdb77a2b371b5d3ed5ff6
df8e8442472952fba6bc889caf5f767ae3c3cba7f41b59ae3564e5a5d6a854bf

HTTP Headers

GET /gtag/js?id=G-548949LWLW&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 05 May 2024 13:28:58 GMT
expires: Sun, 05 May 2024 13:28:58 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 91523
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.googletagmanager.com/gtag/js?id=AW-16482547739&l=dataLayer&cx=c

142.250.74.168

200 OK

87 kB

URL GET HTTP/3
www.googletagmanager.com/gtag/js?id=AW-16482547739&l=dataLayer&cx=c
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE
ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT

File type
JavaScript source, ASCII text, with very long lines (4179)
Size
87 kB (87447 bytes)
Hash
01d47a0657583a68ca0d41852d397e8a
78a67746b2996622cb2413d5c9aa433bcd3c1b3f
b882d50dc6eb846612a90a1667fe897ef9823eb848fa68916fb49096b10a855c

HTTP Headers

GET /gtag/js?id=AW-16482547739&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 05 May 2024 13:28:58 GMT
expires: Sun, 05 May 2024 13:28:58 GMT
cache-control: private, max-age=900
last-modified: Sun, 05 May 2024 12:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 87447
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.googletagmanager.com/gtag/destination?id=DC-12688802&l=dataLayer&cx=c

142.250.74.168

200 OK

74 kB

URL GET HTTP/3
www.googletagmanager.com/gtag/destination?id=DC-12688802&l=dataLayer&cx=c
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE
ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT

File type
JavaScript source, ASCII text, with very long lines (1822)
Size
74 kB (73919 bytes)
Hash
c00f71aa3861c8930fdab93b821b713a
754fe3d390a0919ba3adfffa428c2c37d5d414be
fed8ff9da95908852bb5aa17ec5c6faaea2d653346b212fb9fc85adee03d91aa

HTTP Headers

GET /gtag/destination?id=DC-12688802&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 05 May 2024 13:28:58 GMT
expires: Sun, 05 May 2024 13:28:58 GMT
cache-control: private, max-age=900
last-modified: Sun, 05 May 2024 12:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 73919
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

1win-cdn.com/img/500_i18_bg.0e037ee17-1320.webp

154.197.121.128

200 OK

40 kB

URL GET HTTP/2
1win-cdn.com/img/500_i18_bg.0e037ee17-1320.webp
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 1320x427, Scaling: [none]x[none], YUV color, decoders should clamp
Size
40 kB (39614 bytes)
Hash
14de8fd7c8de24bb9f6f89ddd3c2d480
9635193c712dafa2c58339dee09588880a96a980
633593c73a175eabb2a5716a04aa84b1b49fc8e4ac4687b07509db36350076b7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/500_i18_bg.0e037ee17-1320.webp HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:58 GMT
content-type: image/webp
content-length: 39614
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: "663503d2-9abe"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 318
expires: Sun, 05 May 2024 17:28:58 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a649220afa-OSL
X-Firefox-Spdy: h2

1win-cdn.com/img/500_i18_img.77110d4f9-1320.webp

154.197.121.128

200 OK

25 kB

URL GET HTTP/2
1win-cdn.com/img/500_i18_img.77110d4f9-1320.webp
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
RIFF (little-endian) data, Web/P image
Size
25 kB (25292 bytes)
Hash
1f85b44a5305e8928fcae8922301d92a
7ecc0724a7560af7c4debc83014bab875eba685b
660ffadc474a5738fb2d93662e90e32d80dad0baa670e737854347ef8e4b904d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/500_i18_img.77110d4f9-1320.webp HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:58 GMT
content-type: image/webp
content-length: 25292
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: "663503d2-62cc"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 318
expires: Sun, 05 May 2024 17:28:58 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a659230afa-OSL
X-Firefox-Spdy: h2

1win-cdn.com/img/fifa.604717ea7.svg

154.197.121.128

200 OK

54 kB

URL GET HTTP/2
1win-cdn.com/img/fifa.604717ea7.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
gzip compressed data, from Unix
Size
54 kB (54243 bytes)
Hash
d2ef39337b26388a7efde6373d2da229
ed6acf33106fc11b38e9ec3601472385556bbe43
9fc1ec196b92ca384c05dfb77b37768644aa45ccf2c8ba94180960b1479375ea

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/fifa.604717ea7.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:58 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-39c"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Sun, 05 May 2024 17:28:58 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a4afd70afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/1play/8cd3ae6e-3840-454e-8e42-434cd48af16c.jpg@avif

172.67.181.254

200 OK

6.3 kB

URL GET HTTP/2
imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/1play/8cd3ae6e-3840-454e-8e42-434cd48af16c.jpg@avif
IP
172.67.181.254:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
ISO Media, AVIF Image
Size
6.3 kB (6321 bytes)
Hash
049927e2f79d1b3f7c0db06be6378930
bc6a9c76a5027d6e63381bb7cf0ff70068d06792
8488c7746bd184e9f0210a44f098d433e1f94e2bec27d1e26c2b75cf82250b17

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/1play/8cd3ae6e-3840-454e-8e42-434cd48af16c.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:58 GMT
content-type: image/avif
content-length: 6321
cache-control: public, max-age=31536000
content-disposition: inline; filename="8cd3ae6e-3840-454e-8e42-434cd48af16c.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY2MTY2NmI4LTJiMmQxIg"
x-request-id: uf4G2aWnOYwTdyosxHGo1
cf-cache-status: HIT
age: 406957
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xUUnRyi%2FL5HdcjS68TlrmxQomRxf%2BKiS1pusznh9JF6or7DuxCcdTBDtvLeXAgnez9Egpcu82r%2BB2N5lAruij9sVddVQAycdw9KPH7M65mavMe7iUtaRO2xMxBTdomk8YO6kSbDoo3E%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a74b24569c-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/spinomenal/61ea6817-a009-4c14-94a8-2d97fb8082c3.png@avif

172.67.181.254

200 OK

6.1 kB

URL GET HTTP/2
imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/spinomenal/61ea6817-a009-4c14-94a8-2d97fb8082c3.png@avif
IP
172.67.181.254:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
ISO Media, AVIF Image
Size
6.1 kB (6121 bytes)
Hash
172757f78e8e2026f280f94f4d032035
17cea3940511dbbbb5077e78e28ddadef3090931
f0480a63411ce5b83d0c87ea580863a1a6908dc635db4309719cf9119d3df28f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/spinomenal/61ea6817-a009-4c14-94a8-2d97fb8082c3.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:58 GMT
content-type: image/avif
content-length: 6121
cache-control: public, max-age=31536000
content-disposition: inline; filename="61ea6817-a009-4c14-94a8-2d97fb8082c3.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1ODk1MmJlLTZhY2Q4Ig"
x-request-id: mDzQ5h6tWKlbyUv2bDsmx
cf-cache-status: HIT
age: 417320
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CHW77aQUv6H%2FxjU9tKMeu5tJNRcM8ewSAJ5bqmt8mbtg4eRVYTWTFeWicieVIuTqw%2FES%2BfIg5W6xYULR1wIgYhF6hF2ntVjeefQNCbhaOYCjUGDxD3KE3J0OnPyk1pXdMjVW7svZ4BI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a74b28569c-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

1win-cdn.com/js/48357.2867badf5.js

154.197.121.128

200 OK

8.5 kB

URL GET HTTP/2
1win-cdn.com/js/48357.2867badf5.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
gzip compressed data, from Unix
Size
8.5 kB (8519 bytes)
Hash
0f30bdf677ad2e7e3c3d5aacc2bd2d72
29286c6935c9f94f3ed511c0e5a1de7ee1576f3f
f0bbfebe2162fbabe5c739ef60ac15b66201093557714efa00607035345c3515

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/48357.2867badf5.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:57 GMT
content-type: application/javascript; charset=utf-8
last-modified: Fri, 03 May 2024 08:45:03 GMT
etag: W/"6634a40f-256e"
expires: Wed, 03 May 2034 13:28:57 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 188615
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f1139f0b610afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1wywi.com/common/title?path=bets&lang=en

190.115.24.78

200 OK

6.8 kB

URL GET HTTP/2
1wywi.com/common/title?path=bets&lang=en
IP
190.115.24.78:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://1wywi.com/
Certificate
IssuerLet's Encrypt
Subject1wywi.com
Fingerprint10:72:77:37:53:ED:0D:74:32:45:A4:2F:78:25:BF:F0:04:F3:31:84
ValiditySat, 04 May 2024 07:35:26 GMT - Fri, 02 Aug 2024 07:35:25 GMT

File type
gzip compressed data, from Unix
Size
6.8 kB (6808 bytes)
Hash
22810ffee54dea4af6761d16e64babb9
23e218465e512faa3b7eaef0fb927092254898af
7efb7e9a59455a57494abca55ece723f00d96fda9cb211df9fbf12c9f9d23eae

HTTP Headers

GET /common/title?path=bets&lang=en HTTP/1.1
Host: 1wywi.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __ddg1_=HvzQS1z7STb3yA78JxqG; visit_domain=1wywi.com; core-sticky=http://10.233.94.251:80; 1w_lang=en; 1w_locale=1; AMP_494cccfe21=JTdCJTIyZGV2aWNlSWQlMjIlM0ElMjJiNjA0NmYzMy00MDIzLTQwNjAtODI2Ni0wNDIzMjMwZGFlNGElMjIlMkMlMjJzZXNzaW9uSWQlMjIlM0ExNzE0OTE1NzM3MTE4JTJDJTIyb3B0T3V0JTIyJTNBZmFsc2UlMkMlMjJsYXN0RXZlbnRUaW1lJTIyJTNBMTcxNDkxNTczNzE1MiUyQyUyMmxhc3RFdmVudElkJTIyJTNBMCU3RA==; AMP_MKTG_494cccfe21=JTdCJTdE
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: ddos-guard
date: Sun, 05 May 2024 13:28:58 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=3600, stale-while-revalidate=300
etag: W/"25-bM/5z02X/xOkKbh8eZCiJpcKcd0"
vary: Origin, Accept-Encoding
x-frame-options: ALLOW-FROM   ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan, ALLOW-FROM 1win-partner.com  ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/max%20win%20gaming.00fa88483.svg

154.197.121.128

200 OK

9.8 kB

URL GET HTTP/2
1win-cdn.com/img/max%20win%20gaming.00fa88483.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
gzip compressed data, from Unix
Size
9.8 kB (9786 bytes)
Hash
3f4bcc8e2810e5998f47764c04daf659
50bc5a57bde5743f79b69a656509b76f9094316e
d3b0e381f446d665a0af01677857e7b1e5df16e539d6a8695129c02b4300e78b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/max%20win%20gaming.00fa88483.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:59 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-2fb"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 486
expires: Sun, 05 May 2024 17:28:59 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a98c010afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/nolimit%20city.5b7440267.svg

154.197.121.128

200 OK

6.7 kB

URL GET HTTP/2
1win-cdn.com/img/nolimit%20city.5b7440267.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
gzip compressed data, from Unix
Size
6.7 kB (6744 bytes)
Hash
7b2fb713176f4be2971ebd0188776fa9
8501b9d3b7ff198e25eb0461cd87b2f6f3dadafd
e8b88aac1b70856fe5bd1ff9c5badf0205fdb6abf2321a73055b0786610d673f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/nolimit%20city.5b7440267.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:59 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-693"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 794
expires: Sun, 05 May 2024 17:28:59 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a99c130afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/apollo%20play.610da8846.svg

154.197.121.128

200 OK

14 kB

URL GET HTTP/2
1win-cdn.com/img/apollo%20play.610da8846.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
gzip compressed data, from Unix
Size
14 kB (13922 bytes)
Hash
307342d921bdcb3441c7022aef8bc6d4
39069ce1ac3fbe98c9f5b51fd6b7396aab5b0047
62a5483a80a53e5e1aad144ff19d5d61ce741205ea9b753117c009ed0b1028d3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/apollo%20play.610da8846.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:58 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-158b"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 485
expires: Sun, 05 May 2024 17:28:58 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a7fac30afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/js/78449.1776bac9f.js

154.197.121.128

200 OK

21 kB

URL GET HTTP/2
1win-cdn.com/js/78449.1776bac9f.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
gzip compressed data, from Unix
Size
21 kB (21200 bytes)
Hash
cd7339a063ad1ec3e7e1fc5b9e6125a9
70692149cab27e3efecf28b629b7709bb08a1d05
4717d336446d14fda02290e274e023af3007e9194604eeedb303997ccd29c516

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/78449.1776bac9f.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:58 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-312"
expires: Wed, 03 May 2034 13:28:58 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 412843
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a7da9e0afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/apparat.f7a706d8e.svg

154.197.121.128

200 OK

12 kB

URL GET HTTP/2
1win-cdn.com/img/apparat.f7a706d8e.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
gzip compressed data, from Unix
Size
12 kB (11612 bytes)
Hash
2175c45a651c4d635fc96f9fcfe43337
bffa905baae6215265040809ec8c39a11980ed4c
1c6cf6b23b0db5b878012b3bd7deafa7505451cb9646fc452aa4310267348de9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/apparat.f7a706d8e.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:58 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-183"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 485
expires: Sun, 05 May 2024 17:28:58 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a80ac50afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/swintt.7c851d380.svg

154.197.121.128

200 OK

8.7 kB

URL GET HTTP/2
1win-cdn.com/img/swintt.7c851d380.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
gzip compressed data, from Unix
Size
8.7 kB (8688 bytes)
Hash
df4888609cc77876939e18b4d8c662ee
825f25dc417d3632cb99f4b38935d72c150f398a
80d2932dbc201a540b266f6077e98e25f753f8f3059fb3fa10d0f075d8eabeec

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/swintt.7c851d380.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:59 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-1ab"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 486
expires: Sun, 05 May 2024 17:28:59 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113aa3cda0afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/endorphina.20b721ba6.svg

154.197.121.128

200 OK

17 kB

URL GET HTTP/2
1win-cdn.com/img/endorphina.20b721ba6.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
gzip compressed data, from Unix
Size
17 kB (16956 bytes)
Hash
e95e3a50413d22a7247c14c36e7f68b9
5f49fa208fb102a46f4bd15627e22e1f3238efd1
c2a2c258becfec81edbeb216bb07bd2f0d2049e9cdb65e279a1aa69d65cec307

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/endorphina.20b721ba6.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:59 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-1bc9"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 777
expires: Sun, 05 May 2024 17:28:59 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a8cb680afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/cyberslots.988fdd12e.svg

154.197.121.128

200 OK

13 kB

URL GET HTTP/2
1win-cdn.com/img/cyberslots.988fdd12e.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
gzip compressed data, from Unix
Size
13 kB (12836 bytes)
Hash
44cc1abf9f3a02460fe53a452317126e
96ee18f033c2d2dbce1994edaab872889ab5fe68
46b4dceda26349f1e68eb2b9825d02af3ad7c9b035b523f14bcd55e40ab12400

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/cyberslots.988fdd12e.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:58 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-901"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 485
expires: Sun, 05 May 2024 17:28:58 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a89b350afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/agt.893343a61.svg

154.197.121.128

200 OK

20 kB

URL GET HTTP/2
1win-cdn.com/img/agt.893343a61.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
gzip compressed data, from Unix
Size
20 kB (19502 bytes)
Hash
a2f1e6e33fabf6b77a492311d510d10a
cfbe47022e14220f772c739aa9678da6b08df771
8735d8a3a6282fdccb49830abbbfd00aed585421ed2dff35b5dd2ee437c9be54

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/agt.893343a61.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:58 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-4be"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 100
expires: Sun, 05 May 2024 17:28:58 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a7ca9b0afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/retrogames.bb592a878.svg

154.197.121.128

200 OK

9.9 kB

URL GET HTTP/2
1win-cdn.com/img/retrogames.bb592a878.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
gzip compressed data, from Unix
Size
9.9 kB (9898 bytes)
Hash
216d5a802ac86ecd177dd7f80d09c0f0
9aa195deb8e3c0637ff83d6b700a06d1681763d5
59c98230315a4224e51fc45c8a7ff623ef7ad752fa36bcde401d7bae60d5e2d9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/retrogames.bb592a878.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:59 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-1cb4"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 794
expires: Sun, 05 May 2024 17:28:59 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a9ec9a0afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/amusnet%20interactive.428b45c71.svg

154.197.121.128

200 OK

10 kB

URL GET HTTP/2
1win-cdn.com/img/amusnet%20interactive.428b45c71.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
gzip compressed data, from Unix
Size
10 kB (10079 bytes)
Hash
d3dd483319354bafe26ccf899aa8c9b3
dee0b665837370faec533fa04a5717999cdc2f1e
46b4be1826400a7b2bbe504b1df4d7eb3d1e35ea7050ef86a841f5d906511373

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/amusnet%20interactive.428b45c71.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:58 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-2a0"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 2891
expires: Sun, 05 May 2024 17:28:58 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a7eab00afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/7mojos%20slots.c8ad63b4f.svg

154.197.121.128

200 OK

24 kB

URL GET HTTP/2
1win-cdn.com/img/7mojos%20slots.c8ad63b4f.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
gzip compressed data, from Unix
Size
24 kB (24065 bytes)
Hash
b0000ab1d0711264af29ced45da0c316
f1f9dd9e983f314e649cbef6c80e7219846da8c6
4828d3f5d53a6ec2b2ee943a1cd8f423c0a145c5653dae9e467a0940cfe149bc

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/7mojos%20slots.c8ad63b4f.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:58 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-233d"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 485
expires: Sun, 05 May 2024 17:28:58 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a7ca990afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/aaf2d443-c77f-48d2-b319-c986f21359b9.png@avif

172.67.181.254

200 OK

11 kB

URL GET HTTP/2
imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/aaf2d443-c77f-48d2-b319-c986f21359b9.png@avif
IP
172.67.181.254:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
ISO Media, AVIF Image
Size
11 kB (10793 bytes)
Hash
69589818044ff973aa67c696e7e394fd
0f03ad92c7eb38789b111436be2e733faad871a4
11b7536dae29bf130716d915551940bb971627b613ef1ea7e1e351a0411bc534

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/aaf2d443-c77f-48d2-b319-c986f21359b9.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:59 GMT
content-type: image/avif
content-length: 10793
cache-control: public, max-age=31536000
content-disposition: inline; filename="aaf2d443-c77f-48d2-b319-c986f21359b9.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY0MDljNTQ5LTRmZWNiIg"
x-request-id: BsBdAEl7D51TnYMcZ71aV
cf-cache-status: HIT
age: 406958
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FCO3Nx3ORRisxgeMibv8AxoWgqECIvnxqbxf6jjCrQ8fejzFRVx3S%2B6enGWd%2BzWcrySB4lAgIWBovn%2B2u8fJFuxRVcicy8GIHNuJsYfA%2Fd00gXITzDT9ExsjW23r%2FqnOEQCQG%2BNaE4Y%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113abe802569c-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/bd529428-aaab-4991-a790-150cd6317398.jpg@avif

172.67.181.254

200 OK

5.0 kB

URL GET HTTP/2
imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/bd529428-aaab-4991-a790-150cd6317398.jpg@avif
IP
172.67.181.254:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
ISO Media, AVIF Image
Size
5.0 kB (5004 bytes)
Hash
3c7a3851260b12a9627faa9016f3ce1f
9df4442c906d9741c13ef21ed9eefb5f99d044c5
8b330aef0c0829a3f623aacd997fcae862db1c1b712f56cfdde0c267417d4942

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/bd529428-aaab-4991-a790-150cd6317398.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:59 GMT
content-type: image/avif
content-length: 5004
cache-control: public, max-age=31536000
content-disposition: inline; filename="bd529428-aaab-4991-a790-150cd6317398.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY2MDQwNTUwLTEzNTFiIg"
x-request-id: POGVM5U7XburYgl2LOHs0
cf-cache-status: HIT
age: 421554
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MjRaCLIDYAfSedqan7EmnD3bvZlCD7HuCNn12cEcDlftvP3SR%2Bwy9MU3Oaz20gahdGgHEREywjGa4eBfbLWxoz%2FbC3QqAHO3Gvn9HzHB%2Fnt4YhPs7n%2BdwCX3%2Be0m5hPMcB6zwY5yzdw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113abe805569c-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/pragmatic/2189ff93-376e-4fb5-bcd2-30ed6afb4cbb.png@avif

172.67.181.254

200 OK

6.0 kB

URL GET HTTP/2
imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/pragmatic/2189ff93-376e-4fb5-bcd2-30ed6afb4cbb.png@avif
IP
172.67.181.254:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
ISO Media, AVIF Image
Size
6.0 kB (5951 bytes)
Hash
45ccd50f5dfaf7808c6795422417f214
38499698cec05af36aa2bc0e390952e400486003
50255b7836fb64aa3258a941253e4a85e7d77d42a4dd8b8129955c20945d7ebc

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/pragmatic/2189ff93-376e-4fb5-bcd2-30ed6afb4cbb.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:59 GMT
content-type: image/avif
content-length: 5951
cache-control: public, max-age=31536000
content-disposition: inline; filename="2189ff93-376e-4fb5-bcd2-30ed6afb4cbb.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY2MTdiYTBhLTYyM2ZiIg"
x-request-id: vlwtQiswla1uj5KnUB_aU
cf-cache-status: HIT
age: 406957
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FGmVmqI8CoHl8Y7lvfxhpSKiQfqXaNayJjzUT2VQRaAUsIDe50Mx%2BFcpMjw7FFV46UPhhk0jd9ziVd6siXJeBbFL1TMz0Ze6PNzc7uAdYN3PVJ0vdRFNDUfPfBIfxsHYfETjov2YLj0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113abe804569c-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/6f680e79-feec-4211-9534-21a166c91202.jpg@avif

172.67.181.254

200 OK

4.7 kB

URL GET HTTP/2
imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/6f680e79-feec-4211-9534-21a166c91202.jpg@avif
IP
172.67.181.254:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
ISO Media, AVIF Image
Size
4.7 kB (4683 bytes)
Hash
4e85a0bde3faf39a0eb79d1afbf94a3c
bfda6edfa14599e73e5a8096ae707b7355fb9d2f
fea08e33454d5f3e26915f9862ba5acc30108166648fa38500e19f7cb1324473

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/6f680e79-feec-4211-9534-21a166c91202.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:59 GMT
content-type: image/avif
content-length: 4683
cache-control: public, max-age=31536000
content-disposition: inline; filename="6f680e79-feec-4211-9534-21a166c91202.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1YzM2MzcyLTFhNTFhIg"
x-request-id: SDhj3o6iI09jSaV1xC7zB
cf-cache-status: HIT
age: 412862
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=p0OEtxBhHYfNIhj8vHL2miEGPHZ632bwMETIPsiSwtuxpRpmnbOq%2FOUqZTOqL2JQTbcFJkH%2Bm1pQj%2FbS55vprxMJscuOLVdG6VmuF0IzHowodqOHHQegexAjfNsUmTVnSEkwRCccTiM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113abe80e569c-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/tvbet/a6a15f20-ce33-4ddc-9763-e38986fcdb2c.jpg@avif

172.67.181.254

200 OK

6.6 kB

URL GET HTTP/2
imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/tvbet/a6a15f20-ce33-4ddc-9763-e38986fcdb2c.jpg@avif
IP
172.67.181.254:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
ISO Media, AVIF Image
Size
6.6 kB (6634 bytes)
Hash
e96a71a5fe56033b87ca3809fb4fab55
22b9068fece941bf32a6e67885ea41fd70233ac6
e7d80eb4af58fe47ec89fadcf5b2e5969f43527c11668ae3f4af541fe61a5853

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/tvbet/a6a15f20-ce33-4ddc-9763-e38986fcdb2c.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:59 GMT
content-type: image/avif
content-length: 6634
cache-control: public, max-age=31536000
content-disposition: inline; filename="a6a15f20-ce33-4ddc-9763-e38986fcdb2c.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY2MGMxZWU2LTNlZDNkIg"
x-request-id: qDJlJ2R-SOJh4usDIwbZn
cf-cache-status: HIT
age: 421554
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YObATt%2FQPbSg1GoXSguI2IhtM4g6l4xOu%2FYclPWHEWZhWliZf8tBrk1ijAH58i7dCvp5c6OkcGhPa%2BfQ24SEywKwJn6rlh5pUgjXpwPoD5WelXVfGvDlOdDjhKxRS0orHVYVM3ATHIE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113abe814569c-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/728d6758-6f50-4b1b-8132-2430ff7e0aa6.jpeg@avif

172.67.181.254

200 OK

7.5 kB

URL GET HTTP/2
imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/728d6758-6f50-4b1b-8132-2430ff7e0aa6.jpeg@avif
IP
172.67.181.254:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
ISO Media, AVIF Image
Size
7.5 kB (7460 bytes)
Hash
91cb93c7b3bcfdaf5be22dd889c68647
20c0af4b44bfe11283e15f237fa8c762a10d4711
c8a4e944374127623a31b75cec94c6b6d3509cb961f03169774cd8d725b0cb4a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/728d6758-6f50-4b1b-8132-2430ff7e0aa6.jpeg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:59 GMT
content-type: image/avif
content-length: 7460
cache-control: public, max-age=31536000
content-disposition: inline; filename="728d6758-6f50-4b1b-8132-2430ff7e0aa6.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY0NzQ2ZGJmLWRhZDki"
x-request-id: nlnrqp76oKsPxZfPgQlZm
cf-cache-status: HIT
age: 406958
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=j0a89dGv5t%2BgIUVDxL0qxWwI70xw6b4NWkgEpE6%2BGGExCJAzw28trqCrh5xExHA4EcwkL6OiPScyf72MdTgUYFJSpBEO16%2FNyWnamNAjIB%2FlO5VTYBqFioJU1M7bYMEVD6MJgbpkFDM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113abe815569c-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/cf957920-b419-48fc-9770-c04187b3098d.jpg@avif

172.67.181.254

200 OK

8.2 kB

URL GET HTTP/2
imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/cf957920-b419-48fc-9770-c04187b3098d.jpg@avif
IP
172.67.181.254:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
ISO Media, AVIF Image
Size
8.2 kB (8152 bytes)
Hash
4690a4b61d201902c45336db8106dff9
939591a5793aa03ab3071614e332b2b9d25e4c27
26f706b40a0dfebff8f896074f248c0dd60d2ce1372c3d23bf8bc14c862fe976

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/cf957920-b419-48fc-9770-c04187b3098d.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:59 GMT
content-type: image/avif
content-length: 8152
cache-control: public, max-age=31536000
content-disposition: inline; filename="cf957920-b419-48fc-9770-c04187b3098d.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY0MzY5ODg1LTFmOWIzIg"
x-request-id: CuQxJIWN1LOaM0eYxzpAe
cf-cache-status: HIT
age: 412080
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CWkok9d1a%2FlXKPBHM4rbeapSz23jPN5Y8cdqOn3rtEmoZFN61Cv1%2BZJ%2F6JY7moGjtUEXk28QH4fs9NLVds1HevKhJe2XXv9h0sbPdb22Cra9%2FHC%2FxqqTrp9LYgd44sc6lRm%2FdozV5io%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113abf818569c-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

1win-cdn.com/js/48430.9af74daeb.js

154.197.121.128

200 OK

11 kB

URL GET HTTP/2
1win-cdn.com/js/48430.9af74daeb.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
gzip compressed data, from Unix
Size
11 kB (11007 bytes)
Hash
5c784ed382a023680ffc448b72aad4c9
69c51aca325de2ae07768d72fafc8afb7747e443
e16352214e5cfdfcd2671d4fd37bc4a47d26f21cae704ba6c0a593902731b60b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/48430.9af74daeb.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:57 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-496"
expires: Wed, 03 May 2034 13:28:57 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 412078
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f1139febff0afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/e6dd9f4c-282a-4040-8fcc-256b4d959834.jpg@avif

172.67.181.254

200 OK

9.3 kB

URL GET HTTP/2
imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/e6dd9f4c-282a-4040-8fcc-256b4d959834.jpg@avif
IP
172.67.181.254:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
ISO Media, AVIF Image
Size
9.3 kB (9286 bytes)
Hash
0f8864e9375258e414b04c6732d13b3b
e5577d640e162a5d812d94c60bf9d8aa2ef0dd46
2f41e33d30919a1521364450bb1e867a1f7851f25f7ec18b0325fc51f123793e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/e6dd9f4c-282a-4040-8fcc-256b4d959834.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:59 GMT
content-type: image/avif
content-length: 9286
cache-control: public, max-age=31536000
content-disposition: inline; filename="e6dd9f4c-282a-4040-8fcc-256b4d959834.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1NWY0Y2IzLTIzZDY3Ig"
x-request-id: ocH5-jbdxAxetP0OmPcPA
cf-cache-status: HIT
age: 406958
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hRim%2BKmkTNfly4qaZELIvrPUdoVjLny%2FzyCfboI1kPUyptwIEzzn7E1sq8cTu9%2FPbOyeVyBtN9tHMWnjZg18sFzvB0R40MguM2kJafye%2BfHZ7VIYHFX13O62IQ3vTMp8blPpzAI1JC4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113abf81b569c-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

1win-cdn.com/js/91217.fc8dbcaea.js

154.197.121.128

200 OK

8.4 kB

URL GET HTTP/2
1win-cdn.com/js/91217.fc8dbcaea.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
gzip compressed data, from Unix
Size
8.4 kB (8411 bytes)
Hash
205a478427f777b3f0672ca2e395028a
720cc00a64a9968ad05691c7df101327e4cd559f
c33365fb24881d8cb45da3900e2c2768086539ae222a1a08ec3d93750b9a47cb

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/91217.fc8dbcaea.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:57 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-33c"
expires: Wed, 03 May 2034 13:28:57 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 406959
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f1139fbbce0afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/57228a66-bd62-4072-a80c-3bef549a758c.jpg@avif

172.67.181.254

200 OK

9.4 kB

URL GET HTTP/2
imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/57228a66-bd62-4072-a80c-3bef549a758c.jpg@avif
IP
172.67.181.254:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
ISO Media, AVIF Image
Size
9.4 kB (9433 bytes)
Hash
7eb2cba4654091d306b65c6fe0a8f631
e1a4eecb3f5db01aa2774cf811e3c2cda95f426b
ffd6b30a5e9e4e68ea1f492d19ba67578359d3a390dd90ea295cbc4bd81827d9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/57228a66-bd62-4072-a80c-3bef549a758c.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:59 GMT
content-type: image/avif
content-length: 9433
cache-control: public, max-age=31536000
content-disposition: inline; filename="57228a66-bd62-4072-a80c-3bef549a758c.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY0MzY4Mzc0LTI1MTcxIg"
x-request-id: Y_S_l8ymuWqEP5rYiQsvA
cf-cache-status: HIT
age: 421554
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=l4Iwr%2FLtruRXLK098VADaSbXoqVpW7zOXqVowVQHH6jIHwszwLL5UAZUXhHsYSY%2FFT7BN05ownMQNjHdFTg2KqXWKLQJtxtxBnk%2FtE%2BNBXTHTtQSsisMQvwOyqsfjax99tauded6ucg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113abf822569c-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/pragmatic/096d2c09-0aad-4662-8a89-4d8777978e05.png@avif

172.67.181.254

200 OK

5.0 kB

URL GET HTTP/2
imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/pragmatic/096d2c09-0aad-4662-8a89-4d8777978e05.png@avif
IP
172.67.181.254:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
ISO Media, AVIF Image
Size
5.0 kB (4967 bytes)
Hash
4ed163b7295ee97d380351dd868d4216
6987db5ad9f1b684e98e657aacb7dd38706e6a34
f612299c5c7d80db2a40298d6efbcce5aa740cbf02b0bfad807a91a60a11f606

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/pragmatic/096d2c09-0aad-4662-8a89-4d8777978e05.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:59 GMT
content-type: image/avif
content-length: 4967
cache-control: public, max-age=31536000
content-disposition: inline; filename="096d2c09-0aad-4662-8a89-4d8777978e05.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1ZGRmMGJkLTRkZmFlIg"
x-request-id: tIWim6rSgFENbirgZB3aQ
cf-cache-status: HIT
age: 417729
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7LHpWE9Y73qChNZ4xgwoibLg%2FbIwZCwW3F4CHd1xbAaiS7od%2BBgrd6xbk%2F9GJ4IcMUrijMq2BnqnfVszLvS1eShWDnUpRUOD7gC%2FvwVRi4En9gaGWHkVjboqhL4GjDVfmfMBtLjEhYs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113abe80c569c-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

d16q5vvir3f28d.cloudfront.net/raffle-20240411/headerLink.png

143.204.42.156

200 OK

3.9 kB

URL GET HTTP/2
d16q5vvir3f28d.cloudfront.net/raffle-20240411/headerLink.png
IP
143.204.42.156:443
ASN
#16509 AMAZON-02

Requested by
https://1wywi.com/
Certificate
IssuerAmazon
Subject*.cloudfront.net
FingerprintFA:21:45:DC:4D:94:03:A3:09:77:51:78:4A:21:F2:C5:6D:94:BE:52
ValidityTue, 10 Oct 2023 00:00:00 GMT - Thu, 19 Sep 2024 23:59:59 GMT

File type
PNG image data, 124 x 48, 8-bit colormap, non-interlaced
Size
3.9 kB (3884 bytes)
Hash
3219393f1efd01cf2db20820dff57cf2
ebdbcf916084a0d5a70680021d269680e9f41d41
8bb1195fc7bb92abd77f1a9bb21ce32e20e509d25d3aef4c412b50c8fae6ec06

HTTP Headers

GET /raffle-20240411/headerLink.png HTTP/1.1
Host: d16q5vvir3f28d.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: image/png
content-length: 3884
last-modified: Thu, 11 Apr 2024 12:20:45 GMT
x-amz-server-side-encryption: AES256
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
date: Sat, 04 May 2024 19:07:17 GMT
etag: "3219393f1efd01cf2db20820dff57cf2"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 410f51195842d9b592b15d6588c36654.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: jEqYiALWtD2c9vz_e-Q79T74Y_FC-NVoGKyBiAcdVVp6RI58Gu7zGw==
age: 66103
X-Firefox-Spdy: h2

1win-cdn.com/js/91635.a2db5f817.js

154.197.121.128

200 OK

29 kB

URL GET HTTP/2
1win-cdn.com/js/91635.a2db5f817.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
gzip compressed data, from Unix
Size
29 kB (29367 bytes)
Hash
db7cef79e3cd71b9f31f1045693d40ea
e72a82269a1a50991cd96288714a3082eed4ce3f
2e2b8ba9d77c71de90cb49d8ad08732db7c6d0f043af18d9fd3d65fa36f856c1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/91635.a2db5f817.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:57 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-2ec"
expires: Wed, 03 May 2034 13:28:57 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 412078
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f1139fcbdf0afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/1win%20games.9b8574150.svg

154.197.121.128

200 OK

42 kB

URL GET HTTP/2
1win-cdn.com/img/1win%20games.9b8574150.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
gzip compressed data, from Unix
Size
42 kB (41911 bytes)
Hash
03817eb3e6ce9b99f2bd2c78da952961
8ad5ee7d11c308840b8ee2432aaa6bc9a1eda7cc
e262e86de67fd38eaa86f1cb429f3b2e1cc3c5b37ee8f424f5af0e85c407a6aa

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/1win%20games.9b8574150.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:58 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-643"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 100
expires: Sun, 05 May 2024 17:28:58 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a6b9740afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

www.gstatic.com/recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/recaptcha__en.js

142.250.74.35

200 OK

206 kB

URL GET HTTP/2
www.gstatic.com/recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/recaptcha__en.js
IP
142.250.74.35:443
ASN
#15169 GOOGLE

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
JavaScript source, ASCII text, with very long lines (631)
Size
206 kB (205803 bytes)
Hash
e2e79d6b927169d9e0e57e3baecc0993
1299473950b2999ba0b7f39bd5e4a60eafd1819d
231336ed913a5ebd4445b85486e053caf2b81cab91318241375f3f7a245b6c6b

HTTP Headers

GET /recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1wywi.com
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 205803
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 01:56:11 GMT
expires: Fri, 02 May 2025 01:56:11 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 22 Apr 2024 21:03:35 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 300768
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-548949LWLW&cid=915493815.1714915740&gtm=45je4510v894728184z8894400803za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3lPl2l1&npa=1&z=1893722343

172.217.21.163

200 OK

42 B

URL GET HTTP/2
www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-548949LWLW&cid=915493815.1714915740&gtm=45je4510v894728184z8894400803za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3lPl2l1&npa=1&z=1893722343
IP
172.217.21.163:443
ASN
#15169 GOOGLE

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.no
Fingerprint7D:68:6D:B1:32:34:52:51:20:C9:53:FF:B9:B7:8F:7E:05:F9:F5:97
ValidityTue, 16 Apr 2024 04:31:00 GMT - Tue, 09 Jul 2024 04:30:59 GMT

File type
GIF image data, version 89a, 1 x 1
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-548949LWLW&cid=915493815.1714915740&gtm=45je4510v894728184z8894400803za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3lPl2l1&npa=1&z=1893722343 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sun, 05 May 2024 13:28:59 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

1win-cdn.com/img/ct%20interactive.74b20dbc3.svg

154.197.121.128

200 OK

6.1 kB

URL GET HTTP/2
1win-cdn.com/img/ct%20interactive.74b20dbc3.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
6.1 kB (6060 bytes)
Hash
abd4833a63631248be87db89aae1aecb
ce5f6afaa34f4863df3393c53dac1ad0bc8068c2
48c610380eb1b8fa4012a80c1845e10ee7e826f3bbb7b389750c91ffa69dae83

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/ct%20interactive.74b20dbc3.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:58 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-889"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 485
expires: Sun, 05 May 2024 17:28:58 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a89b310afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

region1.analytics.google.com/g/collect?v=2&tid=G-548949LWLW&gtm=45je4510v894728184z8894400803za200&_p=1714915737404&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=915493815.1714915740&ul=en-us&sr=1280x1024&pscdl=noapi&_s=2&dp=%2F&sid=1714915739&sct=1&seg=0&dl=https%3A%2F%2F1wywi.com%2F&dt=1win&en=slider_banner_view&ep.page_url=https%3A%2F%2F1wywi.com%2F&ep.device_type=desktop&ep.platform=web&ep.os=other&ep.domain=1wywi.com&tfd=8746

216.239.34.36

204 No Content

0 B

URL POST HTTP/3
region1.analytics.google.com/g/collect?v=2&tid=G-548949LWLW&gtm=45je4510v894728184z8894400803za200&_p=1714915737404&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=915493815.1714915740&ul=en-us&sr=1280x1024&pscdl=noapi&_s=2&dp=%2F&sid=1714915739&sct=1&seg=0&dl=https%3A%2F%2F1wywi.com%2F&dt=1win&en=slider_banner_view&ep.page_url=https%3A%2F%2F1wywi.com%2F&ep.device_type=desktop&ep.platform=web&ep.os=other&ep.domain=1wywi.com&tfd=8746
IP
216.239.34.36:443
ASN
#15169 GOOGLE

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE
ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /g/collect?v=2&tid=G-548949LWLW&gtm=45je4510v894728184z8894400803za200&_p=1714915737404&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=915493815.1714915740&ul=en-us&sr=1280x1024&pscdl=noapi&_s=2&dp=%2F&sid=1714915739&sct=1&seg=0&dl=https%3A%2F%2F1wywi.com%2F&dt=1win&en=slider_banner_view&ep.page_url=https%3A%2F%2F1wywi.com%2F&ep.device_type=desktop&ep.platform=web&ep.os=other&ep.domain=1wywi.com&tfd=8746 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1wywi.com
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers

HTTP/3 204 No Content
access-control-allow-origin: https://1wywi.com
date: Sun, 05 May 2024 13:29:05 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

1win-cdn.com/img/bonus.75b0226c8-1320.webp

154.197.121.128

200 OK

48 kB

URL GET HTTP/2
1win-cdn.com/img/bonus.75b0226c8-1320.webp
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 1320x427, Scaling: [none]x[none], YUV color, decoders should clamp
Size
48 kB (47824 bytes)
Hash
8c760c7064f0128ae142377fd17b2a06
edfcaffb6cd42075bfecedd2153fd44764d69df7
32161eece0cfdf13f56657eae013b7c465da15413d352eb0eca7ad536808750c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/bonus.75b0226c8-1320.webp HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 05 May 2024 13:29:17 GMT
content-type: image/webp
content-length: 47824
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: "663503d2-bad0"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: REVALIDATED
expires: Sun, 05 May 2024 17:29:17 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f1141a2e040afa-OSL
X-Firefox-Spdy: h2

1win-cdn.com/img/bonus_hover_1.eb9b2d69a-1320.webp

154.197.121.128

200 OK

48 kB

URL GET HTTP/2
1win-cdn.com/img/bonus_hover_1.eb9b2d69a-1320.webp
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 1320x427, Scaling: [none]x[none], YUV color, decoders should clamp
Size
48 kB (47816 bytes)
Hash
5495ba7e07dc7a05a6008b8585bca92b
f8dadc060dcf17862805f72d7815c9b9b119375e
570d0b7b7b49c540125d6b4636dcd2284e0c18a2c015ea56035b21ae91e400c7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/bonus_hover_1.eb9b2d69a-1320.webp HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 05 May 2024 13:29:17 GMT
content-type: image/webp
content-length: 47816
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: "663503d2-bac8"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: REVALIDATED
expires: Sun, 05 May 2024 17:29:17 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f1141a1e020afa-OSL
X-Firefox-Spdy: h2

region1.analytics.google.com/g/collect?v=2&tid=G-548949LWLW&gtm=45je4510v894728184z8894400803za200&_p=1714915737404&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=915493815.1714915740&ul=en-us&sr=1280x1024&pscdl=noapi&_s=3&dp=%2F&sid=1714915739&sct=1&seg=0&dl=https%3A%2F%2F1wywi.com%2F&dt=1win&en=slider_banner_view&ep.page_url=https%3A%2F%2F1wywi.com%2F&ep.device_type=desktop&ep.platform=web&ep.os=other&ep.domain=1wywi.com&tfd=26217

216.239.34.36

204 No Content

0 B

URL POST HTTP/3
region1.analytics.google.com/g/collect?v=2&tid=G-548949LWLW&gtm=45je4510v894728184z8894400803za200&_p=1714915737404&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=915493815.1714915740&ul=en-us&sr=1280x1024&pscdl=noapi&_s=3&dp=%2F&sid=1714915739&sct=1&seg=0&dl=https%3A%2F%2F1wywi.com%2F&dt=1win&en=slider_banner_view&ep.page_url=https%3A%2F%2F1wywi.com%2F&ep.device_type=desktop&ep.platform=web&ep.os=other&ep.domain=1wywi.com&tfd=26217
IP
216.239.34.36:443
ASN
#15169 GOOGLE

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE
ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /g/collect?v=2&tid=G-548949LWLW&gtm=45je4510v894728184z8894400803za200&_p=1714915737404&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=915493815.1714915740&ul=en-us&sr=1280x1024&pscdl=noapi&_s=3&dp=%2F&sid=1714915739&sct=1&seg=0&dl=https%3A%2F%2F1wywi.com%2F&dt=1win&en=slider_banner_view&ep.page_url=https%3A%2F%2F1wywi.com%2F&ep.device_type=desktop&ep.platform=web&ep.os=other&ep.domain=1wywi.com&tfd=26217 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1wywi.com
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers

HTTP/3 204 No Content
access-control-allow-origin: https://1wywi.com
date: Sun, 05 May 2024 13:29:22 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

location.services.mozilla.com/v1/country?key=no-mozilla-api-key

52.24.210.222

48 B

URL
location.services.mozilla.com/v1/country?key=no-mozilla-api-key
IP
52.24.210.222:0
ASN
#16509 AMAZON-02

File type
JSON text data
Size
48 B (48 bytes)
Hash
94bc553225a6cddab963f4053273b388
57ffc8bd333dfe0bf3a05a5945ee15f9c15b0672
977bc9f6239939e6e0a2682325098f1bf0109e1450f040536670acf0f8798cb6

HTTP Headers

GET /v1/country?key=no-mozilla-api-key HTTP/1.1
Host: location.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 2592000
Cache-Control: private, no-cache, no-store, must-revalidate
Content-Security-Policy: default-src 'none'; report-uri /__cspreport__
Content-Type: application/json
Date: Sun, 05 May 2024 13:29:24 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
Content-Length: 48
Connection: keep-alive

1win-cdn.com/img/cool%20games.019d15340.svg

154.197.121.128

200 OK

346 kB

URL GET HTTP/2
1win-cdn.com/img/cool%20games.019d15340.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
gzip compressed data, from Unix
Size
346 kB (345592 bytes)
Hash
af9fe8820dc5f5db14022baf8d9d9c13
dd784dc80b5d7d13817e2f64da4209ec8d70b697
4e55b81f5192cc7e36a022d05e3f6ecedae7f88fea8d92e3f1ded12a69af1549

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/cool%20games.019d15340.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:58 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-e13"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 485
expires: Sun, 05 May 2024 17:28:58 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a88b270afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

static-adm.1win-cdn.com/banner-files/46gFMSTQIPqJxLalK5SGf1Qu3vBY1sRPesH8oR3qqpg9WVTmHGsLr4EVG50m6vA-Yhk3QAH7z8q80aD30ApLYjvPhvJBl8FvX1ER.png

188.114.96.1

688 kB

URL
static-adm.1win-cdn.com/banner-files/46gFMSTQIPqJxLalK5SGf1Qu3vBY1sRPesH8oR3qqpg9WVTmHGsLr4EVG50m6vA-Yhk3QAH7z8q80aD30ApLYjvPhvJBl8FvX1ER.png
IP
188.114.96.1:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 1508 x 484, 8-bit/color RGB, non-interlaced
Size
688 kB (687886 bytes)
Hash
77ba95ad8ddaa7f3daa66a219bb6cfa2
ec691214380c50d53169cf50a5df33224ddfea98
6ead41def293f3004e67e4101523c17c691a41b7b42fbdf58dfb1687101628bd

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /banner-files/46gFMSTQIPqJxLalK5SGf1Qu3vBY1sRPesH8oR3qqpg9WVTmHGsLr4EVG50m6vA-Yhk3QAH7z8q80aD30ApLYjvPhvJBl8FvX1ER.png HTTP/1.1
Host: static-adm.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:29:25 GMT
content-type: image/png
content-length: 687886
last-modified: Tue, 13 Feb 2024 22:30:34 GMT
etag: "65cbed8a-a7f0e"
cache-control: max-age=14400
cf-cache-status: HIT
age: 6655
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=W%2B4IH6%2Bd08P0Rfrsnw%2Bj65d907ixcAIkkwkfQOrWujV%2BEzNzL800afHFXtgDr4r4lV%2F%2FgUfL9%2BPB4KrwPPPIwhJ4HimX195R18OeN12aAPyofC8fyrsX%2FiqsO2VJoLiJTAqYNdCl%2FSX6YQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f1144f9b4156bf-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

region1.analytics.google.com/g/collect?v=2&tid=G-548949LWLW&gtm=45je4510v894728184z8894400803za200&_p=1714915737404&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=915493815.1714915740&ul=en-us&sr=1280x1024&pscdl=noapi&_s=4&dp=%2F&sid=1714915739&sct=1&seg=0&dl=https%3A%2F%2F1wywi.com%2F&dt=1win&en=slider_banner_view&ep.page_url=https%3A%2F%2F1wywi.com%2F&ep.device_type=desktop&ep.platform=web&ep.os=other&ep.domain=1wywi.com&tfd=32545

216.239.34.36

0 B

URL
region1.analytics.google.com/g/collect?v=2&tid=G-548949LWLW&gtm=45je4510v894728184z8894400803za200&_p=1714915737404&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=915493815.1714915740&ul=en-us&sr=1280x1024&pscdl=noapi&_s=4&dp=%2F&sid=1714915739&sct=1&seg=0&dl=https%3A%2F%2F1wywi.com%2F&dt=1win&en=slider_banner_view&ep.page_url=https%3A%2F%2F1wywi.com%2F&ep.device_type=desktop&ep.platform=web&ep.os=other&ep.domain=1wywi.com&tfd=32545
IP
216.239.34.36:0
ASN
#15169 GOOGLE

Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE
ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /g/collect?v=2&tid=G-548949LWLW&gtm=45je4510v894728184z8894400803za200&_p=1714915737404&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=915493815.1714915740&ul=en-us&sr=1280x1024&pscdl=noapi&_s=4&dp=%2F&sid=1714915739&sct=1&seg=0&dl=https%3A%2F%2F1wywi.com%2F&dt=1win&en=slider_banner_view&ep.page_url=https%3A%2F%2F1wywi.com%2F&ep.device_type=desktop&ep.platform=web&ep.os=other&ep.domain=1wywi.com&tfd=32545 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1wywi.com
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers

HTTP/3 204 No Content
access-control-allow-origin: https://1wywi.com
date: Sun, 05 May 2024 13:29:28 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

1win-cdn.com/img/slotmill.c42ddd447.svg

154.197.121.128

200 OK

13 kB

URL GET HTTP/2
1win-cdn.com/img/slotmill.c42ddd447.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
13 kB (13075 bytes)
Hash
39d48e4b982998cd10417bd09dcc0afc
541c60c508d7777db2cd0e49c18cf32219532dd8
3e18df680be6da9246c3675408ec0e7e107891281a863ab9b6377832b44ee48f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/slotmill.c42ddd447.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:59 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-3313"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5072
expires: Sun, 05 May 2024 17:28:59 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113aa1cbb0afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/sprite-dice@2.6e1ac0ed1-256.webp

154.197.121.128

200 OK

430 kB

URL GET HTTP/2
1win-cdn.com/img/sprite-dice@2.6e1ac0ed1-256.webp
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
RIFF (little-endian) data, Web/P image
Size
430 kB (429680 bytes)
Hash
abaa6833958bdc5427e6fa573cbfa70a
d43989916cc382e4e3d983933d9cd52a7d1dbeb2
51ba8ea694483e38020360731af53be7cd411671786008119b70b2a320e3bd92

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/sprite-dice@2.6e1ac0ed1-256.webp HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:57 GMT
content-type: image/webp
content-length: 429680
last-modified: Fri, 03 May 2024 15:33:37 GMT
etag: "663503d1-68e70"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5070
expires: Sun, 05 May 2024 17:28:57 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a21dd30afa-OSL
X-Firefox-Spdy: h2

imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/1play/0c8b561e-d1d5-4e08-903f-f0b53d280c7c.jpg@avif

172.67.181.254

200 OK

5.6 kB

URL GET HTTP/2
imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/1play/0c8b561e-d1d5-4e08-903f-f0b53d280c7c.jpg@avif
IP
172.67.181.254:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
ISO Media, AVIF Image
Size
5.6 kB (5627 bytes)
Hash
baf3f199ffdfb682bbcd9d3837e517c0
3803d7a122952937942ab92c0724af229c4f2dfe
2e33b0efc808c5c2e8e2741821e0b3aa7f595fd7c5d14b51a5b0b75c5fd87058

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/1play/0c8b561e-d1d5-4e08-903f-f0b53d280c7c.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:58 GMT
content-type: image/avif
content-length: 5627
cache-control: public, max-age=31536000
content-disposition: inline; filename="0c8b561e-d1d5-4e08-903f-f0b53d280c7c.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1YjM4MThkLTE2MjkwIg"
x-request-id: sqvHPCw8RSGhIoq_jQMf2
cf-cache-status: HIT
age: 421553
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YVAcf6qm3pfA%2FBGLL%2Bt8xiC3oO8awWY7lLzBi%2Fb4WiBt5B6Qf1akWv41RIpL4i0ZMFDVGJadfzksojYrgXShxgsZ6b4%2BzZz4gE6joKc3QkIcviEB%2F%2FYxPy2A77mjr78X0rZidF6VXk8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a74b2a569c-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

1win-cdn.com/img/oryx.ddc50c514.svg

154.197.121.128

200 OK

1.4 kB

URL GET HTTP/2
1win-cdn.com/img/oryx.ddc50c514.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
1.4 kB (1367 bytes)
Hash
be6fe09456c38389975b47be1d6e664c
aa63088e5bb8604d301bf747e760f3fbb47cca9d
f8822aadbf4cdec8d633d4b6e8e4928dde87a143cf57d6d9f018ffe50809f1b7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/oryx.ddc50c514.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:59 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-557"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 486
expires: Sun, 05 May 2024 17:28:59 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a9ac3a0afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/carRaffleDesktopHeaderTicket.1a4740acc.svg

154.197.121.128

200 OK

1.0 kB

URL GET HTTP/2
1win-cdn.com/img/carRaffleDesktopHeaderTicket.1a4740acc.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
1.0 kB (1023 bytes)
Hash
923ec09a017c369d475682b8b60fe652
f2a4cf5f06644b65bb3df522652a41a2b09c2aa9
7dd1302808a915df5f6af1480cd4fc562a8ad77550aa3ec0a32d5663d8d6afc6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/carRaffleDesktopHeaderTicket.1a4740acc.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:58 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-3ff"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 485
expires: Sun, 05 May 2024 17:28:58 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a518200afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/pg%20soft.fdb9d6567.svg

154.197.121.128

200 OK

1.4 kB

URL GET HTTP/2
1win-cdn.com/img/pg%20soft.fdb9d6567.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
1.4 kB (1440 bytes)
Hash
71eb5806fcdd473839d2654d03c3fd5e
76a63507f2c2a26ffc343182aaa5d3278197ab88
dcf4ddaaf54ac6541b02df2c9198fe4743b219ec65ec8caa67b999e6a07335dd

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/pg%20soft.fdb9d6567.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:59 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-5a0"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 486
expires: Sun, 05 May 2024 17:28:59 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a9cc6a0afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/playbro.9ed310f23.svg

154.197.121.128

200 OK

4.8 kB

URL GET HTTP/2
1win-cdn.com/img/playbro.9ed310f23.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
4.8 kB (4839 bytes)
Hash
221b773f0eb73aa28f7617e628f7fc2f
67e3b29f4a951351da5183dd7d6e083fbc991322
4ad7ef6a7e11897fa2b2830921fe86a3d878866c81c87d159f90732be0d30e9d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/playbro.9ed310f23.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:59 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-12e7"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 486
expires: Sun, 05 May 2024 17:28:59 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a9cc860afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/endorphina/16b695c0-a55e-4b62-a358-7f28a054f5c3.png@avif

172.67.181.254

200 OK

8.1 kB

URL GET HTTP/2
imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/endorphina/16b695c0-a55e-4b62-a358-7f28a054f5c3.png@avif
IP
172.67.181.254:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
ISO Media, AVIF Image
Size
8.1 kB (8133 bytes)
Hash
0e5690478eedfa1df868b3925ae7765f
2b5c93c92cd6c824f2b78e3eca5acdcd0848c5a7
efc476f654991ceb6e2ec648f67789fe3f5a56c2e85dcabae86175ee1a1f06d0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/endorphina/16b695c0-a55e-4b62-a358-7f28a054f5c3.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:59 GMT
content-type: image/avif
content-length: 8133
cache-control: public, max-age=31536000
content-disposition: inline; filename="16b695c0-a55e-4b62-a358-7f28a054f5c3.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1NmY0YzBmLTViZWY2Ig"
x-request-id: wIvVBE6Ca87qQK-_rWGwc
cf-cache-status: HIT
age: 417729
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BC1cgT0ltMkqM4gbpdqDJ6CxhOlkL5Tupno9ZStA47U2q5%2BjMFXnPuZcCCu3eNdLIr83pJnIMuRaJufoOD92ddpImDc7RbmG73jSgNf%2FIRsuF0Ca%2BwWDXghH%2FWDWLEnxISTk0oHDK3A%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113aafeec569c-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

1win-cdn.com/js/28852.501b5fba6.js

154.197.121.128

200 OK

906 B

URL GET HTTP/2
1win-cdn.com/js/28852.501b5fba6.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (924), with no line terminators
Size
906 B (906 bytes)
Hash
f97751384d582a6e650b35ebe9d32479
e545afff49a2a354c28392833508fd88ebaa4875
1df0101a9f183c7133c49e126c64e4820760e5ab7d99895d0ee7e6d514810b9b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/28852.501b5fba6.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:57 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-38a"
expires: Wed, 03 May 2034 13:28:57 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 413381
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f1139fec0a0afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/barbara%20bang.790acb7dc.svg

154.197.121.128

200 OK

27 kB

URL GET HTTP/2
1win-cdn.com/img/barbara%20bang.790acb7dc.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
27 kB (26842 bytes)
Hash
287d95b42ce0b42532a5c8caff190779
6d6b4d0d17c558215c719336d124ba53a7118083
739c17db57dc727e751e65cf1d4aed12fb371a1e40060a3b22c92e630219e945

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/barbara%20bang.790acb7dc.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:58 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-68da"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5412
expires: Sun, 05 May 2024 17:28:58 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a80acf0afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/lucky-jet.f927485da.svg

154.197.121.128

200 OK

4.0 kB

URL GET HTTP/2
1win-cdn.com/img/lucky-jet.f927485da.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
4.0 kB (3981 bytes)
Hash
46387a9ff4a17ec246107df243120bfb
f662dcb3e5629d8b9dcd169f73e31f95309bda40
b3cffaeaa51fa3689ab70d930776d565a90ab7caaaace2f1cac5f67cfc13205f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/lucky-jet.f927485da.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:57 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-f8d"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5079
expires: Sun, 05 May 2024 17:28:57 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a0dcec0afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/js/icons-pack-payment-full.c748a9e6d.js

154.197.121.128

200 OK

121 kB

URL GET HTTP/2
1win-cdn.com/js/icons-pack-payment-full.c748a9e6d.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
121 kB (121043 bytes)
Hash
3db61399d0d4c57b17b5a337d59e3f0e
9312e9b832f7c0cc755c7c8b867986babdac8628
876516cc68bca8bef6cc55a91e8f13c040dfd4d63be038326fcc515eb22ad026

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/icons-pack-payment-full.c748a9e6d.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:57 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-1d8d3"
expires: Wed, 03 May 2034 13:28:57 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 417707
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a1ad7b0afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/betsoft.cc500155f.svg

154.197.121.128

200 OK

4.7 kB

URL GET HTTP/2
1win-cdn.com/img/betsoft.cc500155f.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
4.7 kB (4742 bytes)
Hash
fa91200f1738243c9a1bf9ebf853c238
43a438416c285aaf55c7f2edb2676616ffa0c838
9235396681ab2e82a2b5ce89e4f2e711f69cde3f6fb83af4050e110c4a55d3c9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/betsoft.cc500155f.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:58 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-1286"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 485
expires: Sun, 05 May 2024 17:28:58 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a83aee0afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/js/chunk-common.9a0de7d23.js

154.197.121.128

200 OK

177 kB

URL GET HTTP/2
1win-cdn.com/js/chunk-common.9a0de7d23.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type

Size
177 kB (177178 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/chunk-common.9a0de7d23.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:56 GMT
content-type: application/javascript; charset=utf-8
last-modified: Fri, 03 May 2024 08:45:03 GMT
etag: W/"6634a40f-2b41a"
expires: Wed, 03 May 2034 13:28:56 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 188681
set-cookie: __cf_bm=Ouw2MoikRQUV79hdKbHOP3Y2ucQ100GfLoaOlI73U8A-1714915736-1.0.1.1-ZtCmMgwUHz4gtfXzW3vL3ScNNKO5eaa2.RSrf172lCiD4cDMuQTR2Cn8rHsahIbqLht7Myo0Fh1Y_RMsUgGK6w; path=/; expires=Sun, 05-May-24 13:58:56 GMT; domain=.1win-cdn.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113994f620afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/js/58258.98332d90c.js

154.197.121.128

200 OK

2.7 kB

URL GET HTTP/2
1win-cdn.com/js/58258.98332d90c.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (2724), with no line terminators
Size
2.7 kB (2700 bytes)
Hash
8692e36ae40202509fcf29c9029676f1
7709e6929dc63ac467d0bd948268795fbec2181b
b1ec5aac00e643db59f10336f15e83163d7840bcb12bf70938dea4ab61993b26

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/58258.98332d90c.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:57 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-a8c"
expires: Wed, 03 May 2034 13:28:57 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 413381
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a17d630afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/1play/e47f89a4-3663-4c9d-bc45-fe1845d34e1b.png@avif

172.67.181.254

200 OK

5.1 kB

URL GET HTTP/2
imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/1play/e47f89a4-3663-4c9d-bc45-fe1845d34e1b.png@avif
IP
172.67.181.254:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
ISO Media, AVIF Image
Size
5.1 kB (5097 bytes)
Hash
78c35d95a329313abe507e5fd846f7b7
31fb39c006cc6629f8e0c3041eb47bd3e07c4eec
0dd9631740338687b4b97e20f6f7df31f2b2a649af5da408f1283db108a8929e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/1play/e47f89a4-3663-4c9d-bc45-fe1845d34e1b.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:58 GMT
content-type: image/avif
content-length: 5097
cache-control: public, max-age=31536000
content-disposition: inline; filename="e47f89a4-3663-4c9d-bc45-fe1845d34e1b.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1YjM4MTA2LTRjMTU0Ig"
x-request-id: AgTsFYATSt543oOCtJFQF
cf-cache-status: HIT
age: 412079
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ogMGoKa1D3ZvwJZayqdPBza9hJZTyUahqcCEemJvanHxqEYqRvt4LWlkUYKHY5F01WDNCsCkyr3dbz1MQsfE1FqOb19kXUJ%2FWvpF2OT8YsmmCz46BI8E6VqRywxooPEDW7dpmyBQJzU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a74b2e569c-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

1win-cdn.com/img/netgame.8e28ed366.svg

154.197.121.128

200 OK

2.9 kB

URL GET HTTP/2
1win-cdn.com/img/netgame.8e28ed366.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
2.9 kB (2917 bytes)
Hash
f7a27f15353cbc6d80464cb321e6f7cd
8e9d03da3c5f00a3a228b545cb8759e837059323
c7829189320f0892562d94639b839e69ab98bc4148e5827a634127bcc2ba9740

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/netgame.8e28ed366.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:59 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-b65"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 4811
expires: Sun, 05 May 2024 17:28:59 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a98c100afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/js/86359.48c462178.js

154.197.121.128

200 OK

634 B

URL GET HTTP/2
1win-cdn.com/js/86359.48c462178.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (654), with no line terminators
Size
634 B (634 bytes)
Hash
33a83c5ac34b557d3037a52c8dead1fe
6bd3202d3720d8c86a84a63f1975b5d53d044ef9
7eb34e53490cdfe14b7d40ae44b2bf4e92d10e204114c1bf5352f6a66c587b8b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/86359.48c462178.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:57 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-27a"
expires: Wed, 03 May 2034 13:28:57 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 406959
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f1139fdbfb0afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/bookmaker-rating-en.e5dcc84dd.svg

154.197.121.128

200 OK

19 kB

URL GET HTTP/2
1win-cdn.com/img/bookmaker-rating-en.e5dcc84dd.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
19 kB (19124 bytes)
Hash
6cc20c3ddeede7970b09582754e1fe3e
343b04db5d2d9bc03ccdbbe914c61b2a41245ba6
11419071480a1e574e8e7d0b7bcbd505c2e3f0506233b781cd4e1e3965e95816

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/bookmaker-rating-en.e5dcc84dd.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:58 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-4ab4"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6973
expires: Sun, 05 May 2024 17:28:58 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a508160afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/genii.367222bbe.svg

154.197.121.128

200 OK

3.8 kB

URL GET HTTP/2
1win-cdn.com/img/genii.367222bbe.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
3.8 kB (3789 bytes)
Hash
237593257bbdb3559e06330cf7e76c54
c3e1a90bb3397fff3428fdd71d2a4d7df74ea164
2b84c2a6e55531b52b615ebaba90cd7bb757fe1399e901927b4aba9f1718b097

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/genii.367222bbe.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:59 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-ecd"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 486
expires: Sun, 05 May 2024 17:28:59 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a92bb60afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/netent.95417a961.svg

154.197.121.128

200 OK

1.0 kB

URL GET HTTP/2
1win-cdn.com/img/netent.95417a961.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
1.0 kB (1015 bytes)
Hash
24c2a93da817e20deb8796b20655510d
e0e0acc2a55fd9623907272dac8f96c8f30360c6
01707112895fbab90532a0afbe23c9ec0402c8f73656fb87e74eca54550a5bcf

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/netent.95417a961.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:59 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-3f7"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 794
expires: Sun, 05 May 2024 17:28:59 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a98c0e0afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/superlotto.0b2069aeb.svg

154.197.121.128

200 OK

7.0 kB

URL GET HTTP/2
1win-cdn.com/img/superlotto.0b2069aeb.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
7.0 kB (6997 bytes)
Hash
128046b1d7f6f312cc287763f0c22336
4d2984a448e97d8b6e5b34a4c9fd08dfceb6f4a1
8531767fbaba9dae9a2f659ba50799bef2f9f0c207105bd1010f5e0a12b84f89

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/superlotto.0b2069aeb.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:59 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-1b55"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5072
expires: Sun, 05 May 2024 17:28:59 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113aa3cd70afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/wta.c6d5e2ef3.svg

154.197.121.128

200 OK

3.3 kB

URL GET HTTP/2
1win-cdn.com/img/wta.c6d5e2ef3.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
3.3 kB (3332 bytes)
Hash
040d7f0a9e965031fe2520530582a5d3
015a448fc7cbd8ca0b74360915ee71513921dbc1
fac8ba2fc8936b7a7f9faf5e0f94031ec8ad096c8094f026fc5fb67d5b2bff59

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/wta.c6d5e2ef3.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:58 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-d04"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5916
expires: Sun, 05 May 2024 17:28:58 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a49fd20afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/fazi.19d7f4b72.svg

154.197.121.128

200 OK

645 B

URL GET HTTP/2
1win-cdn.com/img/fazi.19d7f4b72.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
645 B (645 bytes)
Hash
c2948d97afb6d8e1cf8e7b50b62a9272
a1607553e252407e35addae9b48c1cedfeebd048
309347ec479f691cb02b9aaac9c06aea9cbefa075c591a35b0651e8928e64792

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/fazi.19d7f4b72.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:59 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-285"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 486
expires: Sun, 05 May 2024 17:28:59 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a8eb8d0afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/flags/ru.svg

154.197.121.128

200 OK

272 B

URL GET HTTP/2
1win-cdn.com/img/flags/ru.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
272 B (272 bytes)
Hash
1e2eacb55168e45f6bbdbfc284e0b55b
0de213a0e24d44e6224f44df56a5f8abc494a6bb
a753be656b537e9622f95996dd87e012d7e9daa74511a6465dea7023782d6dc7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/flags/ru.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:59 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-110"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 4081
expires: Sun, 05 May 2024 17:28:59 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113abde3f0afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/js/57552.ee60d28a1.js

154.197.121.128

200 OK

75 kB

URL GET HTTP/2
1win-cdn.com/js/57552.ee60d28a1.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
75 kB (75307 bytes)
Hash
3640868f35b73089eee8ce1f80955ad1
80e813108a8b082c210e8139451264d1e45bf4be
a1f29c8068358d69428bf58353a89d61180a115876810909ca98e9268fac09ff

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/57552.ee60d28a1.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:57 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 24 Apr 2024 12:10:29 GMT
etag: W/"6628f6b5-1262b"
expires: Wed, 03 May 2034 13:28:57 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 417707
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f1139efb590afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/thunderkick.6962312e1.svg

154.197.121.128

200 OK

841 B

URL GET HTTP/2
1win-cdn.com/img/thunderkick.6962312e1.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
841 B (841 bytes)
Hash
ee06089b308c5065a8e92a32b7b38686
2e83ac75ceb109c245525a733cfb3efc97cc42bd
24c651706b7981a60f137cc5b44b8d28dd81116565ffbdaef6687c8b41e4da21

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/thunderkick.6962312e1.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:59 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-349"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 486
expires: Sun, 05 May 2024 17:28:59 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113aa5ce90afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/fbcbd07e-2fbd-4b00-9edd-96eaae801b22.png@avif

172.67.181.254

200 OK

8.3 kB

URL GET HTTP/2
imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/fbcbd07e-2fbd-4b00-9edd-96eaae801b22.png@avif
IP
172.67.181.254:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
ISO Media, AVIF Image
Size
8.3 kB (8337 bytes)
Hash
9867f5ddac7eff5f2fd88dfdec8fd493
6ea9a242437fe23c61e09a00030ae3eee78d3cd1
2a35868035bda3ac30307b7226b56456bb7bab2d244b808e07d3384cd18ba1e1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/fbcbd07e-2fbd-4b00-9edd-96eaae801b22.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:59 GMT
content-type: image/avif
content-length: 8337
cache-control: public, max-age=31536000
content-disposition: inline; filename="fbcbd07e-2fbd-4b00-9edd-96eaae801b22.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1ZTFkNjFmLTdjN2M4Ig"
x-request-id: I85TlysGV19zGB3VN3wxj
cf-cache-status: HIT
age: 406958
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JM720td5kIKGa2P0LgZVcSmXlgn5Cnp%2FVq9ZW5iote4k4Z%2BFF1fLhxfism9BGoI6EBVQKQ4I1%2Fp%2Bg7c41IJEUm%2BO11JtQbQ3I7Vxf7zPB8%2FRY3qgsTzG%2FVYjM8i3PGomHcCInINc4Ak%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113aafef8569c-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

1win-cdn.com/css/index.fd224ee8e.css

154.197.121.128

200 OK

6.2 kB

URL GET HTTP/2
1win-cdn.com/css/index.fd224ee8e.css
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
ASCII text, with very long lines (6186), with no line terminators
Size
6.2 kB (6179 bytes)
Hash
c218042c31114bc4c7a311d8b19cb43e
c6e84556a091c219daf13d98091e46a6623b7b5d
d9600b9cedc5ef763fc5d021974dede1a25f1449d2b42d496044932ed716edf5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/index.fd224ee8e.css HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:56 GMT
content-type: text/css
last-modified: Thu, 04 Apr 2024 11:31:45 GMT
etag: W/"660e8fa1-1823"
expires: Wed, 03 May 2034 13:28:56 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 420971
set-cookie: __cf_bm=urkAZsR6mcFuWB_AlaRoSnzQ0y9NRahuQnnZ3YYXUpk-1714915736-1.0.1.1-MNA9x97wxSGdEkzBGvBMZKtsptDxsflKAthTUFx_NMS8hivQmv_Ro.k.JfYYjWXVXElCNOgwCcac.iYQLXTTHA; path=/; expires=Sun, 05-May-24 13:58:56 GMT; domain=.1win-cdn.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113995f670afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/js/90511.4bc374431.js

154.197.121.128

200 OK

637 B

URL GET HTTP/2
1win-cdn.com/js/90511.4bc374431.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (655), with no line terminators
Size
637 B (637 bytes)
Hash
a148eff943a30bc50c489b0cf73349ca
757f5c140878aca4fd1e3c8936e54f6abe59f95f
ce9597252bbb61b1a89d84ac59a501e64985510009e7521964cdbf9933e32c09

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/90511.4bc374431.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:57 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-27d"
expires: Wed, 03 May 2034 13:28:57 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 407302
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a16d4f0afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/js/icons-pack-casino.fd47961dc.js

154.197.121.128

200 OK

91 kB

URL GET HTTP/2
1win-cdn.com/js/icons-pack-casino.fd47961dc.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
91 kB (91385 bytes)
Hash
caf103b3719cd36e18dd18439deac2fe
b2e498d23c374abbc8ccd46f2ca03cb2bb2f41a3
4b280d2612a827e6604aef233c91cfd79b359a47065c728a350d0646c5c8a68c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/icons-pack-casino.fd47961dc.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:58 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-164f9"
expires: Wed, 03 May 2034 13:28:58 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 417663
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a75a100afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/fugaso.1a40d61ad.svg

154.197.121.128

200 OK

2.4 kB

URL GET HTTP/2
1win-cdn.com/img/fugaso.1a40d61ad.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
2.4 kB (2385 bytes)
Hash
fbe83afa72fe7a858d1fcd467a7e3acb
5dc85aabeac449d7287662a7b6ffe2936e447b84
21f646343e711bc51884ff1699ff6dc11de867dd10a58fee0ad946c197d46cc0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/fugaso.1a40d61ad.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:59 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-951"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 4811
expires: Sun, 05 May 2024 17:28:59 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a8fb930afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/mancala%20gaming.441ae5f23.svg

154.197.121.128

200 OK

3.2 kB

URL GET HTTP/2
1win-cdn.com/img/mancala%20gaming.441ae5f23.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
3.2 kB (3216 bytes)
Hash
fecafa12f578f5ced554ed31aba5c852
7e1f6f044c0508f11d1c5a58a41c3d1423bd7069
77c790b43104ff72a4363c886ef16e2716f2de4bd9b8a870b1228aec39924fe7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/mancala%20gaming.441ae5f23.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:59 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-c90"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5413
expires: Sun, 05 May 2024 17:28:59 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a97bfa0afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/silverback.297288e25.svg

154.197.121.128

200 OK

42 kB

URL GET HTTP/2
1win-cdn.com/img/silverback.297288e25.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
42 kB (41693 bytes)
Hash
2910b9f6ba7f900a0246432d2777b217
86b09b58a3eb69c70f175e577cfefd4efe1dfa0c
b5274849cf17745568ee5854a736f1ca11cf874511dc6554884c6083155fdde2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/silverback.297288e25.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:59 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-a2dd"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5072
expires: Sun, 05 May 2024 17:28:59 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a9fca80afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/spinomenal/b766d86a-eade-487b-98e3-7c58464e62de.png@avif

172.67.181.254

200 OK

9.3 kB

URL GET HTTP/2
imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/spinomenal/b766d86a-eade-487b-98e3-7c58464e62de.png@avif
IP
172.67.181.254:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
ISO Media, AVIF Image
Size
9.3 kB (9300 bytes)
Hash
19ea6dc62a4b1d3b87a9940660698dd1
8c3052c6f52d60b40824437d282619e91034db7a
37fdf454398cc9c71d94e939cd12dc958e9380d776cc895395d52fca7ff78308

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/spinomenal/b766d86a-eade-487b-98e3-7c58464e62de.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:59 GMT
content-type: image/avif
content-length: 9300
cache-control: public, max-age=31536000
content-disposition: inline; filename="b766d86a-eade-487b-98e3-7c58464e62de.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY0MTJlYmFlLTMwYjZmIg"
x-request-id: H5JlTxFxiug-gsAN0uQr1
cf-cache-status: HIT
age: 417732
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CaFo%2BRTolFWq%2B1QdKjIxh6IbFieSzmCR5GGJWeTKmLERuoe16VS4fcutYK11cd%2B6%2FSLCM5i96BXCAhOakZntrqogZL9afzbZzOCiPmWO1AgGE68Tk1QxPGywvVcPuuNl8Tkyh6uI3Ak%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113aafeea569c-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

1win-cdn.com/img/igrosoft.69f8e3ca4.svg

154.197.121.128

200 OK

1.3 kB

URL GET HTTP/2
1win-cdn.com/img/igrosoft.69f8e3ca4.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
1.3 kB (1280 bytes)
Hash
c193a82075a3318b6b01f6652548e025
008409af9a242969c8c0205fc8052d17b61410b3
71151a1f7c348dc26ab089351320dfd6cf0ccfe3c0019c475e0917c0f9b353f8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/igrosoft.69f8e3ca4.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:59 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-500"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 486
expires: Sun, 05 May 2024 17:28:59 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a94bc90afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/upgaming.242b9e921.svg

154.197.121.128

200 OK

4.8 kB

URL GET HTTP/2
1win-cdn.com/img/upgaming.242b9e921.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
4.8 kB (4764 bytes)
Hash
aeb4cc1caa82c4f55b3598ea0c7003fd
8c1eec585578ba1c3803b2d6b724d67cb8e3de25
236f3b8b8aad7f6ad5e23aa1eaf555fb7420d9dd6eb1df70e7957b1707554982

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/upgaming.242b9e921.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:59 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-129c"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 486
expires: Sun, 05 May 2024 17:28:59 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113aa6d0a0afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/css/desktop.ce19676b9.css

154.197.121.128

200 OK

74 kB

URL GET HTTP/2
1win-cdn.com/css/desktop.ce19676b9.css
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
74 kB (74198 bytes)
Hash
7ccddbf87de59dd21244d8912c0a6893
1158dca7d9aa8817fae573a25ecf4c8be6b513a6
55f9a6a47127fab3ab7e8c9ccbae03aa63992b4010583731ab171e22942fb3f1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/desktop.ce19676b9.css HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:56 GMT
content-type: text/css
last-modified: Fri, 26 Apr 2024 11:07:10 GMT
etag: W/"662b8ade-121d6"
expires: Wed, 03 May 2034 13:28:56 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 412078
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f1139b18bb0afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win.direct/v4/socket.io/?Language=en&xorigin=1wywi.com&EIO=4&transport=websocket

134.122.54.186

101 Switching Protocols

0 B

URL GET HTTP/1.1
1win.direct/v4/socket.io/?Language=en&xorigin=1wywi.com&EIO=4&transport=websocket
IP
134.122.54.186:443
ASN
#14061 DIGITALOCEAN-ASN

Requested by
https://1wywi.com/
Certificate
IssuerLet's Encrypt
Subject*.1win.direct
Fingerprint52:A8:ED:F5:F8:3D:CF:F0:55:C1:2A:96:EA:32:49:27:6C:D8:26:27
ValiditySun, 17 Mar 2024 06:46:18 GMT - Sat, 15 Jun 2024 06:46:17 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /v4/socket.io/?Language=en&xorigin=1wywi.com&EIO=4&transport=websocket HTTP/1.1
Host: 1win.direct
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://1wywi.com
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: Pm02sk9DFgc9oxyqUP0oMg==
DNT: 1
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Sec-Websocket-Accept: MpvFqVIl18ETN3lqAq/5NqwbUE8=
Sec-Websocket-Extensions: permessage-deflate
Set-Cookie: core-sticky=1371491aca8680b; Path=/; HttpOnly
Upgrade: websocket

1wywi.com/img/icons/favicon-16x16-darkmode.png

190.115.24.78

200 OK

344 B

URL GET HTTP/2
1wywi.com/img/icons/favicon-16x16-darkmode.png
IP
190.115.24.78:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://1wywi.com/
Certificate
IssuerLet's Encrypt
Subject1wywi.com
Fingerprint10:72:77:37:53:ED:0D:74:32:45:A4:2F:78:25:BF:F0:04:F3:31:84
ValiditySat, 04 May 2024 07:35:26 GMT - Fri, 02 Aug 2024 07:35:25 GMT

File type
PNG image data, 16 x 16, 8-bit colormap, non-interlaced
Size
344 B (344 bytes)
Hash
55101f46ace081073c98f0d75229ae94
384e813b0f35437de99eb269c7d5c76479e20886
e380e9db272a2b59fabadab58a1d0a0ba51fbba121eec2920d4ab7b239b85a5f

HTTP Headers

GET /img/icons/favicon-16x16-darkmode.png HTTP/1.1
Host: 1wywi.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __ddg1_=HvzQS1z7STb3yA78JxqG; visit_domain=1wywi.com; core-sticky=http://10.233.94.251:80
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
date: Sun, 05 May 2024 09:50:01 GMT
content-type: image/png
content-length: 344
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: "663503d2-158"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: ALLOW-FROM   ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan, ALLOW-FROM 1win-partner.com  ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan
accept-ranges: bytes
age: 13135
ddg-cache-status: HIT
X-Firefox-Spdy: h2

imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/bfgames/9d7c96cf-66aa-4580-9563-baa3f940db93.jpg@avif

172.67.181.254

200 OK

9.9 kB

URL GET HTTP/2
imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/bfgames/9d7c96cf-66aa-4580-9563-baa3f940db93.jpg@avif
IP
172.67.181.254:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
ISO Media, AVIF Image
Size
9.9 kB (9892 bytes)
Hash
26af576690cab574a1d969032fdc5f16
8f279f854c9eaaf667d3a0c92c5a5276f9f01cd4
2a0d9e95e9d3526457ba6469ad12b84828057965145caee52dec0388ab28a614

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/bfgames/9d7c96cf-66aa-4580-9563-baa3f940db93.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:59 GMT
content-type: image/avif
content-length: 9892
cache-control: public, max-age=31536000
content-disposition: inline; filename="9d7c96cf-66aa-4580-9563-baa3f940db93.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1MWQyN2EzLTIzOTk3Ig"
x-request-id: oLIa4BJLqwG1HB5BEqpqM
cf-cache-status: HIT
age: 413424
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0fF1uxqkZkXjxA640rPHcL%2BYzLVXm4iofuhCYkh5mRh22xbl%2B7JfMtk%2FNjWxmab20PiQ6a17tDufAR4PukwluQbCjfAIUELs8u1UZ9zXOHYGN7Ymn8pmyIa4HIRfi5EJtddle5KR7KE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113aafef1569c-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

1win-cdn.com/img/elbet.701d0b0cd.svg

154.197.121.128

200 OK

11 kB

URL GET HTTP/2
1win-cdn.com/img/elbet.701d0b0cd.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
11 kB (10829 bytes)
Hash
bd34c45017a4b3fe3d0813abbe16f113
2177a96200b95aa21ece71bfcbeadd200904c279
2ac83316161088868fcb56ac9812110d94b73567efab5e25b7387089d1ba7624

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/elbet.701d0b0cd.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:59 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-2a4d"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 486
expires: Sun, 05 May 2024 17:28:59 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a8bb590afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/onetouch.b026a50c5.svg

154.197.121.128

200 OK

2.4 kB

URL GET HTTP/2
1win-cdn.com/img/onetouch.b026a50c5.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
2.4 kB (2394 bytes)
Hash
f04cb7d15621db8eda5af2216a4f824f
a0aa7231bfbe4ddc48be81716c3b31ba5c1702ec
de4ec671f76aa1afb93d074c5ea3b64d3d759cf404a142b359be0d9fccedb84e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/onetouch.b026a50c5.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:59 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-95a"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 486
expires: Sun, 05 May 2024 17:28:59 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a9ac270afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/js/54591.72cf77712.js

154.197.121.128

200 OK

8.4 kB

URL GET HTTP/2
1win-cdn.com/js/54591.72cf77712.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
ASCII text, with very long lines (8698), with no line terminators
Size
8.4 kB (8448 bytes)
Hash
41e975f16f531883d5f266775d139f88
a2ac8d31191bc2a25f164475aee38ff975a15770
d145c232509fd3e58a93c5493202d4dfbf825abe18935a455dfcaacab663a85c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/54591.72cf77712.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:57 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 24 Apr 2024 14:53:09 GMT
etag: W/"66291cd5-2100"
expires: Wed, 03 May 2034 13:28:57 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 413381
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f1139f2b790afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/spinomenal/61ea6817-a009-4c14-94a8-2d97fb8082c3.png@png

0.0.0.0

0 B

URL GET
imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/spinomenal/61ea6817-a009-4c14-94a8-2d97fb8082c3.png@png
IP
0.0.0.0:0
ASN
#0

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/spinomenal/61ea6817-a009-4c14-94a8-2d97fb8082c3.png@png HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

1win-cdn.com/img/evoplay.cfa676ca9.svg

154.197.121.128

200 OK

2.6 kB

URL GET HTTP/2
1win-cdn.com/img/evoplay.cfa676ca9.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
2.6 kB (2596 bytes)
Hash
7b4d8b1998ceae4f1e4defe0e5b322a9
b60d4fa2033a28349d7920647907368835ab514d
ba06d2a9476e9302fb1576b656f6c522ada52d31d30e9461649e874207ca18bb

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/evoplay.cfa676ca9.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:59 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-a24"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 4811
expires: Sun, 05 May 2024 17:28:59 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a8db7a0afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/wazdan.1cf2cebcc.svg

154.197.121.128

200 OK

2.0 kB

URL GET HTTP/2
1win-cdn.com/img/wazdan.1cf2cebcc.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
2.0 kB (1981 bytes)
Hash
f19410782a9e906c5987a9ec3dec0a8e
9df4dc8c8b7defde41a5caea964099dd1c882245
728bdcd00db7137c2e314ddf1f2dbe368b5a66d31ff5ccf0ca8e8ba83e3da5c9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/wazdan.1cf2cebcc.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:59 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-7bd"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 794
expires: Sun, 05 May 2024 17:28:59 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113aa7d120afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/6c924d76-6964-4196-b545-1cc5c1ce019e.jpg@avif

172.67.181.254

200 OK

3.3 kB

URL GET HTTP/2
imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/6c924d76-6964-4196-b545-1cc5c1ce019e.jpg@avif
IP
172.67.181.254:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
ISO Media, AVIF Image
Size
3.3 kB (3320 bytes)
Hash
b521bef6762ffadc98bae1073bc51102
d954bae917b2dbe88dd99f4861378026617c0051
5ea36ff6bcb73fe3cb477b259728a597be8b170546984eb824ec3582d1c6e207

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/6c924d76-6964-4196-b545-1cc5c1ce019e.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:59 GMT
content-type: image/avif
content-length: 3320
cache-control: public, max-age=31536000
content-disposition: inline; filename="6c924d76-6964-4196-b545-1cc5c1ce019e.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1NTIwNWFmLTEwNzYxIg"
x-request-id: xOqcr0pspglCrlGtEnLgs
cf-cache-status: HIT
age: 413424
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tpftPBaoPttZw4uR5pMzvDvgqhPc2GwV2XZFIVXE%2B1e4qzenA8TN03use3m4lyVEdiMgS0AW1gxNy2JC6LLMXK8IUdyduOWs7rgwEWJapge6PEPK7jefFUM4JopI5r6cxJuKNkG6Zu0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113aaeedc569c-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/mrslotty/7fdd4ca4-61a6-451c-9533-185b9f88a4da.png@avif

172.67.181.254

200 OK

7.4 kB

URL GET HTTP/2
imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/mrslotty/7fdd4ca4-61a6-451c-9533-185b9f88a4da.png@avif
IP
172.67.181.254:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
ISO Media, AVIF Image
Size
7.4 kB (7407 bytes)
Hash
4841c7a15b396644ee7ba8554ffb5bf6
a2829093874a49809c29b2d4a186e1af8cea5153
1e8c5d052a6863b10764bb9391767143f9c6599b48d966322520927913fb3d9c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/mrslotty/7fdd4ca4-61a6-451c-9533-185b9f88a4da.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:59 GMT
content-type: image/avif
content-length: 7407
cache-control: public, max-age=31536000
content-disposition: inline; filename="7fdd4ca4-61a6-451c-9533-185b9f88a4da.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1MDg1NWMyLTQ5ZTFmIg"
x-request-id: ayKlLuwlDWjGizyzfc3h7
cf-cache-status: HIT
age: 415124
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=c9xhLbmNbVgBKkxOlxGqfhy7wxTTM1RGQQd4ddFAMYr3qgLHvdfSk5i%2BB9BrGXLONEiO9OTx%2Fo1f5JjTOIY2mI4dXokA%2FMo4%2B3Boxzu4gW1Sni4VfYIWRD1%2BsWoB36ZUj0QEiBjvAkg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113aaeee3569c-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

1win-cdn.com/js/63502.06ceedfaa.js

154.197.121.128

200 OK

135 kB

URL GET HTTP/2
1win-cdn.com/js/63502.06ceedfaa.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
135 kB (135227 bytes)
Hash
a96e8f77207eb314deed6396463ffefa
2aa9286dba017fbcf9ff859e59b5a051cdfd73c7
227d6d7911161549ffd703d7ee317ba6994b18b40241ecfd5873768851bb5e4c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/63502.06ceedfaa.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:56 GMT
content-type: application/javascript; charset=utf-8
last-modified: Fri, 03 May 2024 08:45:03 GMT
etag: W/"6634a40f-2103b"
expires: Wed, 03 May 2034 13:28:56 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 188680
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f1139bb9160afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/aviatrix.b5fd712c8.svg

154.197.121.128

200 OK

14 kB

URL GET HTTP/2
1win-cdn.com/img/aviatrix.b5fd712c8.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
14 kB (13566 bytes)
Hash
c92109aa9c320cc21b175481d4219bac
624606f9179e2fe695a087e64df63ec4cedf912b
8892810b3c337925e0e2a61199d9fee94a589789225f916bc9aa6d0b6c76b438

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/aviatrix.b5fd712c8.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:58 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-34fe"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 4810
expires: Sun, 05 May 2024 17:28:58 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a80acb0afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/gamomat.593230062.svg

154.197.121.128

200 OK

643 B

URL GET HTTP/2
1win-cdn.com/img/gamomat.593230062.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
643 B (643 bytes)
Hash
bfaa3d42e6ab264b9080e74f867e85de
5026f5b14a42af9eaaf3d09468fa27728287cdae
9911098f481a732b6e8ae3ff8ce922ae03f087eba0d8359f1ad1a23b8a71e630

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/gamomat.593230062.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:59 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-283"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 794
expires: Sun, 05 May 2024 17:28:59 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a92bb00afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/40223bea-129c-45a9-afed-277cad8ba9a1.png@avif

172.67.181.254

200 OK

5.9 kB

URL GET HTTP/2
imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/40223bea-129c-45a9-afed-277cad8ba9a1.png@avif
IP
172.67.181.254:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
ISO Media, AVIF Image
Size
5.9 kB (5859 bytes)
Hash
9d19a8ee72d8c48af25fdc64baaa1377
845b03e70fa87c6cd8025abe3c257117e0d88bb6
02a25486cea99e7a7cbc3a72ed94b5466705f26440184d1a2f2f5ebff6695ce3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/40223bea-129c-45a9-afed-277cad8ba9a1.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:59 GMT
content-type: image/avif
content-length: 5859
cache-control: public, max-age=31536000
content-disposition: inline; filename="40223bea-129c-45a9-afed-277cad8ba9a1.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY0MDA5OTI1LTMwMWYwIg"
x-request-id: Gtd2gR3NIUujjGjkA0lEY
cf-cache-status: HIT
age: 406958
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IawLvWstcVnzDgLsDfTyfwS7oC9LoRGu2oOrjMzPlgmmU9l6ybHHv%2FeHX0vJPp%2FvWUED%2FjgSRB8nkJR8S0SIyPNWPWpE%2FT%2B8aPVJNcx1yAt%2Fr233Vz%2BwMRZGwf5KXkmeV9AZ4ORvc8o%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113aaeedf569c-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

1win-cdn.com/img/big%20time%20gaming.e2bd46001.svg

154.197.121.128

200 OK

5.6 kB

URL GET HTTP/2
1win-cdn.com/img/big%20time%20gaming.e2bd46001.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
5.6 kB (5609 bytes)
Hash
736482b909f3d90f4b87845b06343f95
05501f25bbd97642449a87b6113fbb3a2cf36f41
68f08269f37245370fb3122fa2c76f755644e1a9cce3e1abb1cda283aff2de62

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/big%20time%20gaming.e2bd46001.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:58 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-15e9"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 485
expires: Sun, 05 May 2024 17:28:58 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a85afd0afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/spinmatic.f74cf69af.svg

154.197.121.128

200 OK

2.2 kB

URL GET HTTP/2
1win-cdn.com/img/spinmatic.f74cf69af.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
2.2 kB (2157 bytes)
Hash
12c6733c47b71d93b36447dcb999d080
f6440015ef35215d9009b4f08340145df1f7d9e1
fb365d3e4d36a26db4aae3e00690d0b35f5289b5e80c371ed687b7239be22f07

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/spinmatic.f74cf69af.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:59 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-86d"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 486
expires: Sun, 05 May 2024 17:28:59 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113aa2cd30afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/worldmatch.9f3d40aa7.svg

154.197.121.128

200 OK

522 B

URL GET HTTP/2
1win-cdn.com/img/worldmatch.9f3d40aa7.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
522 B (522 bytes)
Hash
c3aab966ecda4dadceb7b556b4205478
e8e501768b244593d7e5a59b6a7cf77e3b0d4581
ba1ec219d7a5dafe4c7ce5aa35171278f90b26d55c3ce4b1fd2474ce69487bf1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/worldmatch.9f3d40aa7.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:59 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-20a"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5413
expires: Sun, 05 May 2024 17:28:59 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113aa7d130afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/kalamba.6e06f7faa.svg

154.197.121.128

200 OK

2.7 kB

URL GET HTTP/2
1win-cdn.com/img/kalamba.6e06f7faa.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
2.7 kB (2716 bytes)
Hash
7c40c808f85699562366c94d8075727c
daba803ead149eec52b19b82e57afa940922e3c1
8b130bc8c17d44e469cdaabdb68bf8bd4fd819a3763227a6c5601b28a637b8d1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/kalamba.6e06f7faa.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:59 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-a9c"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 794
expires: Sun, 05 May 2024 17:28:59 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a97bf60afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1wywi.com/firebase/8.1.1/firebase-messaging.js

190.115.24.78

200 OK

41 kB

URL GET HTTP/2
1wywi.com/firebase/8.1.1/firebase-messaging.js
IP
190.115.24.78:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://1wywi.com/
Certificate
IssuerLet's Encrypt
Subject1wywi.com
Fingerprint10:72:77:37:53:ED:0D:74:32:45:A4:2F:78:25:BF:F0:04:F3:31:84
ValiditySat, 04 May 2024 07:35:26 GMT - Fri, 02 Aug 2024 07:35:25 GMT

File type
JavaScript source, ASCII text, with very long lines (40719)
Size
41 kB (40741 bytes)
Hash
450e8b32262706d42cfdd438c49208f5
31c7e4aac1d1303c1e83a0b591abc3501e278668
58a372bb9d424111a2e73c427edb10db91c0f05e8f323f046d20f5cf8fd6f30f

HTTP Headers

GET /firebase/8.1.1/firebase-messaging.js HTTP/1.1
Host: 1wywi.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __ddg1_=HvzQS1z7STb3yA78JxqG; visit_domain=1wywi.com; core-sticky=http://10.233.94.251:80; 1w_lang=en; 1w_locale=1; AMP_494cccfe21=JTdCJTIyZGV2aWNlSWQlMjIlM0ElMjJiNjA0NmYzMy00MDIzLTQwNjAtODI2Ni0wNDIzMjMwZGFlNGElMjIlMkMlMjJzZXNzaW9uSWQlMjIlM0ExNzE0OTE1NzM3MTE4JTJDJTIyb3B0T3V0JTIyJTNBZmFsc2UlMkMlMjJsYXN0RXZlbnRUaW1lJTIyJTNBMTcxNDkxNTczNzE1MiUyQyUyMmxhc3RFdmVudElkJTIyJTNBMCU3RA==; AMP_MKTG_494cccfe21=JTdCJTdE
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
date: Sat, 04 May 2024 08:38:28 GMT
content-type: application/javascript
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-9f25"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: ALLOW-FROM   ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan, ALLOW-FROM 1win-partner.com  ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan
content-encoding: br
vary: Accept-Encoding
age: 103830
content-length: 10915
ddg-cache-status: HIT
X-Firefox-Spdy: h2

1win-cdn.com/img/electric%20elephant%20.dd56c804d.svg

154.197.121.128

200 OK

5.2 kB

URL GET HTTP/2
1win-cdn.com/img/electric%20elephant%20.dd56c804d.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
5.2 kB (5179 bytes)
Hash
ee4b076249d3d52c42ca2f59e03cae25
d072a4002835fbd0279757a42bed97a398e7adf7
9eeb2fb4664558d20a84cd82fb347d73ef91975eb4a5c5ee274b16f3ebd9c495

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/electric%20elephant%20.dd56c804d.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:59 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-143b"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 486
expires: Sun, 05 May 2024 17:28:59 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a8bb5f0afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/gaming%20corps.5c3f3647c.svg

154.197.121.128

200 OK

1.9 kB

URL GET HTTP/2
1win-cdn.com/img/gaming%20corps.5c3f3647c.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
1.9 kB (1936 bytes)
Hash
ddcf2a0ddef8449807db0b7419c39291
9757b762ac3efb096bd45b869ee4d06565a1e9c2
f03dab28c20b3b25823b4b64bbd27953a463c5e9bd7b5bcfa12930f6793fb1e4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/gaming%20corps.5c3f3647c.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:59 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-790"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1134
expires: Sun, 05 May 2024 17:28:59 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a91bad0afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/ezugi.a9c66babd.svg

154.197.121.128

200 OK

1.4 kB

URL GET HTTP/2
1win-cdn.com/img/ezugi.a9c66babd.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
1.4 kB (1439 bytes)
Hash
329b99ccd51d8cd3e1a5c8a1b83a84eb
ad907259ddfcffb089829ad24a4411ff1cd4b1c0
96e851dca3bca1d7d99061ec91cab28bd2c037ce8732e80a4ed601e86c0e67c4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/ezugi.a9c66babd.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:59 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-59f"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 486
expires: Sun, 05 May 2024 17:28:59 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a8eb800afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/games%20inc.64fb099a0.svg

154.197.121.128

200 OK

695 B

URL GET HTTP/2
1win-cdn.com/img/games%20inc.64fb099a0.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
695 B (695 bytes)
Hash
3d90ca2a78e19006ff1926510ed316d4
0becc591fcf773fa9e56396884dfd0f963a46e73
e7d7da9c1e3909de31009cba4f854e960403196039b489c7e42d4d6ad3acec0c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/games%20inc.64fb099a0.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:59 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-2b7"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 486
expires: Sun, 05 May 2024 17:28:59 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a91baa0afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1wywi.com/core-js/3.33.3/minified.js

190.115.24.78

200 OK

244 kB

URL GET HTTP/2
1wywi.com/core-js/3.33.3/minified.js
IP
190.115.24.78:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://1wywi.com/
Certificate
IssuerLet's Encrypt
Subject1wywi.com
Fingerprint10:72:77:37:53:ED:0D:74:32:45:A4:2F:78:25:BF:F0:04:F3:31:84
ValiditySat, 04 May 2024 07:35:26 GMT - Fri, 02 Aug 2024 07:35:25 GMT

File type

Size
244 kB (244105 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /core-js/3.33.3/minified.js HTTP/1.1
Host: 1wywi.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __ddg1_=HvzQS1z7STb3yA78JxqG
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
date: Sun, 05 May 2024 13:28:56 GMT
content-type: application/javascript
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-3b989"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: ALLOW-FROM   ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan, ALLOW-FROM 1win-partner.com  ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan
content-encoding: br
vary: Accept-Encoding
age: 0
ddg-cache-status: MISS
X-Firefox-Spdy: h2

1win-cdn.com/img/pwa_android_en.b229a444a-690.png

154.197.121.128

200 OK

33 kB

URL GET HTTP/2
1win-cdn.com/img/pwa_android_en.b229a444a-690.png
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
PNG image data, 690 x 450, 8-bit colormap, non-interlaced
Size
33 kB (33278 bytes)
Hash
43e03a24e305838eac0629c5cbf85550
85c71568d1008a17b928ac548987911daf187020
368a53c990be07280c5f3d3a726f0365f24befd9da404e98c139d88d8b5bf10b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/pwa_android_en.b229a444a-690.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:58 GMT
content-type: image/png
content-length: 33278
cf-bgj: imgq:100,h2pri
cf-polished: origSize=37637
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "663503d2-9305"
last-modified: Fri, 03 May 2024 15:33:38 GMT
cf-cache-status: HIT
age: 4003
expires: Sun, 05 May 2024 17:28:58 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a38edc0afa-OSL
X-Firefox-Spdy: h2

1win-cdn.com/img/3%20oaks%20gaming.a6d146d58.svg

154.197.121.128

200 OK

2.7 kB

URL GET HTTP/2
1win-cdn.com/img/3%20oaks%20gaming.a6d146d58.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
2.7 kB (2722 bytes)
Hash
443b070227be618d0513c134be5b65f2
cea77f63f79f4a2406af9f75e29078e40c69f9e3
99766510c4cf78a018e87ef969b90f738755e653efa66e1b5f2f9e6ab7d41ed8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/3%20oaks%20gaming.a6d146d58.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:58 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-aa2"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 793
expires: Sun, 05 May 2024 17:28:58 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a7aa680afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/relax.1a68769f8.svg

154.197.121.128

200 OK

1.4 kB

URL GET HTTP/2
1win-cdn.com/img/relax.1a68769f8.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
1.4 kB (1407 bytes)
Hash
d29d9c49a3e8be4842246e8b658651b1
71129bcf41f71edffe3fb4db0b4ff2faf37bd536
67d8edefc6b96e711c297519bc268d93c477cebc6a6cd0f912bb1567ee2a71eb

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/relax.1a68769f8.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:59 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-57f"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5413
expires: Sun, 05 May 2024 17:28:59 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a9ec990afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/ada717cd-e63b-40b2-adbf-c1009964d6f0.png@avif

172.67.181.254

200 OK

7.8 kB

URL GET HTTP/2
imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/ada717cd-e63b-40b2-adbf-c1009964d6f0.png@avif
IP
172.67.181.254:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
ISO Media, AVIF Image
Size
7.8 kB (7785 bytes)
Hash
6a86c5bb3ff2902051c8a5b9212df604
4c871b9b1b0da3cb252977e3177d302cad6230fd
131c4194037afc4e0e990751d6b75b478eef845d855d2d20bc2722612ddf671c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/ada717cd-e63b-40b2-adbf-c1009964d6f0.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:59 GMT
content-type: image/avif
content-length: 7785
cache-control: public, max-age=31536000
content-disposition: inline; filename="ada717cd-e63b-40b2-adbf-c1009964d6f0.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY2MWNlZTJkLTZiYjFhIg"
x-request-id: soAn6Cv9FDG1lRMNVYG9M
cf-cache-status: HIT
age: 413186
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2M%2BwfbwwYJAnkm9UDoe1A3de5q3dWPpicaHVbUoHiN5fXpdMViPhetnfShOqHHYNNX24BvCVndLDKk7lL1Ju%2FDQrnipEElmv3aiFqpmDRYurgL2f5h%2Fpz4DRlysyQGFRdcN83joo9qM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113aafeeb569c-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

1win-cdn.com/img/500_i18_bg.d251a9b83-1508.png

0.0.0.0

0 B

URL GET
1win-cdn.com/img/500_i18_bg.d251a9b83-1508.png
IP
0.0.0.0:0
ASN
#0

Requested by
https://1wywi.com/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/500_i18_bg.d251a9b83-1508.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

1win-cdn.com/img/boomerang.413a98511.svg

154.197.121.128

200 OK

36 kB

URL GET HTTP/2
1win-cdn.com/img/boomerang.413a98511.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
36 kB (35896 bytes)
Hash
d37b7a09c29c7e0179175433f4b9cff7
9c24e32b7e570cd294ee7400d7b6b96348a6a8f9
e9eaf42baf55a608a7663e6f63812bd1faf020d3d75d6c12ddec5ea4b945e53a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/boomerang.413a98511.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:58 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-8c38"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 485
expires: Sun, 05 May 2024 17:28:58 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a86b130afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/skywind.9cd4f870b.svg

154.197.121.128

200 OK

1.5 kB

URL GET HTTP/2
1win-cdn.com/img/skywind.9cd4f870b.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
1.5 kB (1507 bytes)
Hash
6133bd0ec680372c4b1478cca75bd999
852e07d884235f5b480657590f2cba1ce4d53d7f
6e09ca60ae8119229bdebf17f96b69ea481296cf4da7dbd9c2d27ee8111d30f0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/skywind.9cd4f870b.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:59 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-5e3"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 794
expires: Sun, 05 May 2024 17:28:59 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113aa0caa0afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/js/1279.7681fe15f.js

154.197.121.128

200 OK

911 B

URL GET HTTP/2
1win-cdn.com/js/1279.7681fe15f.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (929), with no line terminators
Size
911 B (911 bytes)
Hash
3a0fd7772f5d3cd77c17b49876743f78
3eb84478f6c0ac3009e81576caf8fa6ddf4e2c5a
5d5a4e691e8df7115cff0e7b2b76131b7b633ce30509dc61fdf36c9ab36989a6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/1279.7681fe15f.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:57 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-38f"
expires: Wed, 03 May 2034 13:28:57 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 420571
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a1cd910afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/hacksaw.5f0e80ecd.svg

154.197.121.128

200 OK

841 B

URL GET HTTP/2
1win-cdn.com/img/hacksaw.5f0e80ecd.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
841 B (841 bytes)
Hash
3371207f99abc98b9fb8ae8e13877c7c
82efe0611bab5262b245fbc98522a20bb2fc6529
ca3477693ffb8842144691591c6344d96dd368cb41b51aaf5e9e40ece7338831

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/hacksaw.5f0e80ecd.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:59 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-349"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5413
expires: Sun, 05 May 2024 17:28:59 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a94bc80afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/platipus.dd3b50ce6.svg

154.197.121.128

200 OK

3.7 kB

URL GET HTTP/2
1win-cdn.com/img/platipus.dd3b50ce6.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
3.7 kB (3716 bytes)
Hash
47208726d4dd191a03af9229fc538eb2
0ef7c3f6b3788794db7709213ecaee1b7558a5c2
b27442adef75a0afbde2ad9cacddd4d871e0a302390e6e860c59d627013b32f2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/platipus.dd3b50ce6.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:59 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-e84"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 486
expires: Sun, 05 May 2024 17:28:59 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a9cc750afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/js/745.ca3fa56a5.js

154.197.121.128

200 OK

24 kB

URL GET HTTP/2
1win-cdn.com/js/745.ca3fa56a5.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type

Size
24 kB (24248 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/745.ca3fa56a5.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:57 GMT
content-type: application/javascript; charset=utf-8
last-modified: Fri, 03 May 2024 08:45:03 GMT
etag: W/"6634a40f-5eb8"
expires: Wed, 03 May 2034 13:28:57 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 188409
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f1139f2b7b0afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/ufc.0ef6261ee.svg

154.197.121.128

200 OK

1.3 kB

URL GET HTTP/2
1win-cdn.com/img/ufc.0ef6261ee.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
1.3 kB (1319 bytes)
Hash
5e1d7cc60040fd95a490ccc47b6d1e2a
7a5e6176ec8156ab9cdbbe382e92390f05bb388b
f993e31c54b287c1ba4d046fb9e9fee3959cbf3a3608c7e8da6cfb4daa1ec083

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/ufc.0ef6261ee.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:58 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-527"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5916
expires: Sun, 05 May 2024 17:28:58 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a49fd10afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/cq9.5d5072e17.svg

154.197.121.128

200 OK

4.6 kB

URL GET HTTP/2
1win-cdn.com/img/cq9.5d5072e17.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
4.6 kB (4619 bytes)
Hash
47469c2cd9d79b1305e3e02f76d0dc24
d63ca4b97bbdd2533e5c1ac86bacd621a4150410
cbdced2050313c54915ec2417995b7de59675fffbbedf861202570a6e4ad5536

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/cq9.5d5072e17.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:58 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-120b"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 485
expires: Sun, 05 May 2024 17:28:58 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a88b2a0afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/js/18860.d3e8c1777.js

154.197.121.128

200 OK

28 kB

URL GET HTTP/2
1win-cdn.com/js/18860.d3e8c1777.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
JavaScript source, ASCII text, with very long lines (27990), with no line terminators
Size
28 kB (27990 bytes)
Hash
4b143001b05330bb316fe6b48531dbb6
ffa1e8fc89a58cf47350481057028603fe7fff91
d2384a77cb70880903f3d1b81d47cdaf69af5bfb006fd23fb938c512ee2f486e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/18860.d3e8c1777.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:56 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 15 Apr 2024 14:08:41 GMT
etag: W/"661d34e9-6d56"
expires: Wed, 03 May 2034 13:28:56 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 407787
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f1139ba90e0afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/playtech.cecac3222.svg

154.197.121.128

200 OK

2.6 kB

URL GET HTTP/2
1win-cdn.com/img/playtech.cecac3222.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
2.6 kB (2560 bytes)
Hash
54cb545ad750e3e670cc7cfaed81c2d4
f808d9b539d13d64c4b405da4dca9b0db732b87e
2bcda89b73c859c34d62c330205d603cb247ae31b00e987f3c3bfaaa3ba2a64e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/playtech.cecac3222.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:59 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-a00"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 777
expires: Sun, 05 May 2024 17:28:59 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a9dc890afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/reelplay.06dc7f4c0.svg

154.197.121.128

200 OK

25 kB

URL GET HTTP/2
1win-cdn.com/img/reelplay.06dc7f4c0.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
25 kB (24761 bytes)
Hash
b322085b94eec118c20d5acba9ea8465
616f9440231bd629e6d2b6aea1d1baac51386151
542c8ac685d4bf37c20fe8c1b758db347c1300495f467ee0cf4d335239c42b26

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/reelplay.06dc7f4c0.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:59 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-60b9"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5072
expires: Sun, 05 May 2024 17:28:59 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a9ec980afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/css/47729.aeb93cc08.css

154.197.121.128

200 OK

8.6 kB

URL GET HTTP/2
1win-cdn.com/css/47729.aeb93cc08.css
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
ASCII text, with very long lines (8604), with no line terminators
Size
8.6 kB (8601 bytes)
Hash
869f5272fe034aeed4673ff39a6a21b8
3479ef5492e46c2643d5926aca2ae140245cc031
1fdaca341cccef31f8dab533d2f841f1cddde134cdcc916b1340be3b797ee74a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/47729.aeb93cc08.css HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:57 GMT
content-type: text/css
last-modified: Fri, 26 Apr 2024 11:07:10 GMT
etag: W/"662b8ade-2199"
expires: Wed, 03 May 2034 13:28:57 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 406823
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f1139f3b810afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/onlyplay.1c7a3c455.svg

154.197.121.128

200 OK

1.7 kB

URL GET HTTP/2
1win-cdn.com/img/onlyplay.1c7a3c455.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
1.7 kB (1709 bytes)
Hash
c3e69f9fed9cc0cf56f269a871ebf7b8
24c64655556df116228009b2d0e64950404e45a2
c983a2f37ed5b2c73940d48dc81e885d6fa8136a5e0f3399e426e427dd7ff5ff

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/onlyplay.1c7a3c455.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:59 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-6ad"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 101
expires: Sun, 05 May 2024 17:28:59 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a9ac380afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/css/48357.321450720.css

154.197.121.128

200 OK

20 kB

URL GET HTTP/2
1win-cdn.com/css/48357.321450720.css
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
ASCII text, with very long lines (19490)
Size
20 kB (19491 bytes)
Hash
c612b8dc334f97071bd0193e5163597e
faeeddcec1adfa35b47ec9d0220fe8555ae74468
f55f61953438a991f45ae0d9c1be37fd60d198eb413769c34e9565b3f5bfe63e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/48357.321450720.css HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:57 GMT
content-type: text/css
last-modified: Fri, 26 Apr 2024 11:07:10 GMT
etag: W/"662b8ade-4c23"
expires: Wed, 03 May 2034 13:28:57 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 417707
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f1139efb5d0afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

www.google.com/recaptcha/api.js

142.250.74.164

200 OK

850 B

URL GET HTTP/2
www.google.com/recaptcha/api.js
IP
142.250.74.164:443
ASN
#15169 GOOGLE

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subjectwww.google.com
FingerprintC6:A2:DC:31:5A:53:FA:DD:55:71:A3:F4:DD:43:3D:16:71:B8:B3:99
ValidityTue, 16 Apr 2024 04:20:32 GMT - Tue, 09 Jul 2024 04:20:31 GMT

File type
JavaScript source, ASCII text, with very long lines (850), with no line terminators
Size
850 B (850 bytes)
Hash
ee87fd4035a91d937ff13613982b4170
e897502e3a58c6be2b64da98474f0d405787f5f7
7649b605b4f35666df5cbcbb03597306d9215f53f61c2a097f085fa39af9859f

HTTP Headers

GET /recaptcha/api.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
expires: Sun, 05 May 2024 13:28:57 GMT
date: Sun, 05 May 2024 13:28:57 GMT
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

1win-cdn.com/js/46719.c1d2eb9c5.js

154.197.121.128

200 OK

527 B

URL GET HTTP/2
1win-cdn.com/js/46719.c1d2eb9c5.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (545), with no line terminators
Size
527 B (527 bytes)
Hash
8375a4110ec42498df870269f31e79db
d974e51c02dbdc175ffa8d4384b385ecce38e581
b63b4ea04779e05a75b5e69f026faa71ee3601834dc416ce230a65ef9171d861

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/46719.c1d2eb9c5.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:58 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-20f"
expires: Wed, 03 May 2034 13:28:58 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 420571
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a74a080afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/turbo%20games.0a45ae56b.svg

154.197.121.128

200 OK

1.0 kB

URL GET HTTP/2
1win-cdn.com/img/turbo%20games.0a45ae56b.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
1.0 kB (1046 bytes)
Hash
a3d3ed5aaed2f3fd7a089aa6b6e00aea
d366f4c84c203fd116575a62676b89bcd97c5816
8c7289cbe7f24989aef5f3b52bf00d1178c03b134a718bdbf54d7ffa7d8426ed

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/turbo%20games.0a45ae56b.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:59 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-416"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 777
expires: Sun, 05 May 2024 17:28:59 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113aa6d060afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/04f67ecf-d744-4f0e-b33b-5fee6d24649e.jpg@avif

172.67.181.254

200 OK

6.9 kB

URL GET HTTP/2
imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/04f67ecf-d744-4f0e-b33b-5fee6d24649e.jpg@avif
IP
172.67.181.254:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
ISO Media, AVIF Image
Size
6.9 kB (6917 bytes)
Hash
f4d034b11dd303021ad639388d1721bb
eb5131c3192a0ce42a3d1e5eb706e14dbf5f9efa
c1f8592835a5491c95e668858c9b1a8fbf74f6644bbaa8d1f4a4efbf8cc637b0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/04f67ecf-d744-4f0e-b33b-5fee6d24649e.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:59 GMT
content-type: image/avif
content-length: 6917
cache-control: public, max-age=31536000
content-disposition: inline; filename="04f67ecf-d744-4f0e-b33b-5fee6d24649e.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY0ODgyYjA3LTFjMjM5Ig"
x-request-id: 1yyGRHeiPvnFDJlVeYtGo
cf-cache-status: HIT
age: 417030
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MiZqTXRVorNcpazw781B%2FZ9kytQinNUzhMElKaY7SJHYA0X%2B%2BAuNS%2BaNNSmmGs4OHCLkJKAhVynP5PNKIXFsF2YNiI3ggI1wNvY3eE2zW%2Fv%2B%2Bzf%2FKT2sBTm%2BnPasiAexlgsjkeJxEA8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113aafef5569c-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

1win-cdn.com/img/sa%20gaming.396c34ca4.svg

154.197.121.128

200 OK

2.4 kB

URL GET HTTP/2
1win-cdn.com/img/sa%20gaming.396c34ca4.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
2.4 kB (2376 bytes)
Hash
eec27b0a30619e016eae50d11f9a53b9
ff3da2add15102d508e5f361ba5fef6c01bafcc4
d980864e2bbbbf04843596ec55869200f0fb749ae5113b85b17d377bc8acbab8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/sa%20gaming.396c34ca4.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:59 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-948"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5072
expires: Sun, 05 May 2024 17:28:59 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a9fca50afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/js/44101.3268a6e79.js

154.197.121.128

200 OK

33 kB

URL GET HTTP/2
1win-cdn.com/js/44101.3268a6e79.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
JavaScript source, ASCII text, with very long lines (33049), with no line terminators
Size
33 kB (33049 bytes)
Hash
64fb718df447a3a994dcc6f6030b0488
6d312ce281fb912b3ff51e28e46239d55a7b7e8c
fa3e3d09282ece932ecf45ea31c7f6bf3fea37d414070c6bcd8c01f466f4c932

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/44101.3268a6e79.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:57 GMT
content-type: application/javascript; charset=utf-8
last-modified: Fri, 26 Apr 2024 11:07:10 GMT
etag: W/"662b8ade-8119"
expires: Wed, 03 May 2034 13:28:57 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 420970
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f1139eeb540afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/speed-and-cash.dffacd6c5.svg

154.197.121.128

200 OK

24 kB

URL GET HTTP/2
1win-cdn.com/img/speed-and-cash.dffacd6c5.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
24 kB (23479 bytes)
Hash
3c62bcde419e822cfa55d45a05fa112d
77631a7cbc25e1d4567b72cc5b8c4acb43c7eb38
feb59050cb394075bb3efee348121151a8a214d673e69b1a3b8021e85a46c5f0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/speed-and-cash.dffacd6c5.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:57 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-5bb7"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 3733
expires: Sun, 05 May 2024 17:28:57 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a0ecf30afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/common/banners/all-v2?lang=en&type=desktop&bannersType=main&localeId=1

154.197.121.128

200 OK

4.9 kB

URL GET HTTP/2
1win-cdn.com/common/banners/all-v2?lang=en&type=desktop&bannersType=main&localeId=1
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
troff or preprocessor input, Unicode text, UTF-8 text, with very long lines (5344), with no line terminators
Size
4.9 kB (4946 bytes)
Hash
89c96dfa73f51909c42f915c5b1ce6b3
8f3d17e349c684d68b50031a265ca235e8b62ef4
e6f6767e9ba421bcdab27d342e23dabfee1bbcc7b0691e1a009041e02f73eb2b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /common/banners/all-v2?lang=en&type=desktop&bannersType=main&localeId=1 HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1wywi.com
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:58 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: *
etag: W/"21ce-G+w/bJ5mwJlUDylGk/bOXwQAuRE"
vary: Origin
expires: Sun, 05 May 2024 13:28:58 GMT
cache-control: max-age=0
x-frame-options: DENY
cf-cache-status: DYNAMIC
set-cookie: __cf_bm=gzQ831SUukOrKUeSqEe1X5rnekFkCNATp_XB26qbkpg-1714915738-1.0.1.1-IiVKNsu74m_yJlgcj3hQ1oZkPnRD.hVQgVliW_lYzVwZX29B9MSaOv4G_1uVWx3KNpIv.LiRUemdYBd9.bDayA; path=/; expires=Sun, 05-May-24 13:58:58 GMT; domain=.1win-cdn.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 87f113a38f61568a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/1x2gaming.00302c7de.svg

154.197.121.128

200 OK

2.6 kB

URL GET HTTP/2
1win-cdn.com/img/1x2gaming.00302c7de.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
2.6 kB (2555 bytes)
Hash
113eb6d7137f5f70e8e824f5487e85bd
3d4d5852693e551b81b3d8106608e11bdb3a5080
72f4e464420bdd29f86767f770246a82e37d7d54e601f3f460fdcaf351339a0b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/1x2gaming.00302c7de.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:58 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-9fb"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 485
expires: Sun, 05 May 2024 17:28:58 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a7aa670afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1wywi.com/firebase/8.1.1/firebase-app.js

190.115.24.78

200 OK

20 kB

URL GET HTTP/2
1wywi.com/firebase/8.1.1/firebase-app.js
IP
190.115.24.78:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://1wywi.com/
Certificate
IssuerLet's Encrypt
Subject1wywi.com
Fingerprint10:72:77:37:53:ED:0D:74:32:45:A4:2F:78:25:BF:F0:04:F3:31:84
ValiditySat, 04 May 2024 07:35:26 GMT - Fri, 02 Aug 2024 07:35:25 GMT

File type
JavaScript source, ASCII text, with very long lines (19927)
Size
20 kB (19949 bytes)
Hash
5b9dcee25dd464bbf914b48e05e770c7
3f4e99ad6ce1fb6eb6be51dbd50ffab375eb0533
01a87f9f8138f66274cfedb855c0bfbe1529600a65ed26b0c863533e1e94abce

HTTP Headers

GET /firebase/8.1.1/firebase-app.js HTTP/1.1
Host: 1wywi.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __ddg1_=HvzQS1z7STb3yA78JxqG; visit_domain=1wywi.com; core-sticky=http://10.233.94.251:80; 1w_lang=en; 1w_locale=1; AMP_494cccfe21=JTdCJTIyZGV2aWNlSWQlMjIlM0ElMjJiNjA0NmYzMy00MDIzLTQwNjAtODI2Ni0wNDIzMjMwZGFlNGElMjIlMkMlMjJzZXNzaW9uSWQlMjIlM0ExNzE0OTE1NzM3MTE4JTJDJTIyb3B0T3V0JTIyJTNBZmFsc2UlMkMlMjJsYXN0RXZlbnRUaW1lJTIyJTNBMTcxNDkxNTczNzE1MiUyQyUyMmxhc3RFdmVudElkJTIyJTNBMCU3RA==; AMP_MKTG_494cccfe21=JTdCJTdE
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
date: Sun, 05 May 2024 13:28:57 GMT
content-type: application/javascript
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-4ded"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: ALLOW-FROM   ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan, ALLOW-FROM 1win-partner.com  ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan
content-encoding: br
vary: Accept-Encoding
age: 0
ddg-cache-status: MISS
X-Firefox-Spdy: h2

1win-cdn.com/js/57460.093f52cba.js

154.197.121.128

200 OK

438 B

URL GET HTTP/2
1win-cdn.com/js/57460.093f52cba.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (460), with no line terminators
Size
438 B (438 bytes)
Hash
6dec8ed713dfd3300ca7f2907fe2f259
a467664dd1f209c8b7360ae5088144073d4b6272
a359d5ee11e7b5c08922355687a9b639fb2d73f1a259db499e935d49dfba9386

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/57460.093f52cba.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:58 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-1b6"
expires: Wed, 03 May 2034 13:28:58 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 417702
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a7ba800afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/elk.c0f58697d.svg

154.197.121.128

200 OK

983 B

URL GET HTTP/2
1win-cdn.com/img/elk.c0f58697d.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
983 B (983 bytes)
Hash
58995520e7430cd69b54d08c244aacc1
3db7918420563842879038fd5b4ba2050458ddeb
5110cb34328fe32430f0ef1a8a85709a1245aa2df8d876656a6dd74c8ed5accb

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/elk.c0f58697d.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:59 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-3d7"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 486
expires: Sun, 05 May 2024 17:28:59 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a8cb640afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/uefa.093dd4fef.svg

154.197.121.128

200 OK

1.9 kB

URL GET HTTP/2
1win-cdn.com/img/uefa.093dd4fef.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
1.9 kB (1922 bytes)
Hash
252f6dec5cdba134798b102acab7283f
a159330042e787e62a548cbf2dc4dcb59a00fced
7bcf663e19c650e822b1f795b49a01535cc7994e2aaf701b8b3f7a98fbbd9696

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/uefa.093dd4fef.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:58 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-782"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5916
expires: Sun, 05 May 2024 17:28:58 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a49fd00afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/1spin4win.bb21057a4.svg

154.197.121.128

200 OK

1.2 kB

URL GET HTTP/2
1win-cdn.com/img/1spin4win.bb21057a4.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
1.2 kB (1242 bytes)
Hash
c7e582dcd4acb7d74e4065abbe28183e
d04183d1e1dc6665f54a667c7977b6c6a3672791
671ef5f707012d29c043164d157ca7028d371107dca629046657198f1f0173c8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/1spin4win.bb21057a4.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:58 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-4da"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 485
expires: Sun, 05 May 2024 17:28:58 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a78a4a0afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/7mojos%20live.cb6749a25.svg

154.197.121.128

200 OK

6.6 kB

URL GET HTTP/2
1win-cdn.com/img/7mojos%20live.cb6749a25.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
6.6 kB (6639 bytes)
Hash
63dcbe9ebaa3f238a8c0152142b06a03
cac36df8800a2f72b9b51f9eeffd74e82be4ae7e
c22e31035811334913ddbd32cfc1881c38c08fdd4d4b4c1c5362ecb6ee23a316

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/7mojos%20live.cb6749a25.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:58 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-19ef"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 485
expires: Sun, 05 May 2024 17:28:58 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a7ca960afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/goldenrace.4bb50c89d.svg

154.197.121.128

200 OK

2.2 kB

URL GET HTTP/2
1win-cdn.com/img/goldenrace.4bb50c89d.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
2.2 kB (2186 bytes)
Hash
273a325a862af8a6f05811ac5a7c7f29
936efb3df57c80b5ee35a1ebed295fe90ec13145
0e9220c87c66f8eec886bcb17e5beb3242f287ea3099ff14d81e49c41d2c4d32

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/goldenrace.4bb50c89d.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:59 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-88a"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 486
expires: Sun, 05 May 2024 17:28:59 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a92bb80afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/quickspin.d9067a98a.svg

154.197.121.128

200 OK

2.4 kB

URL GET HTTP/2
1win-cdn.com/img/quickspin.d9067a98a.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
2.4 kB (2388 bytes)
Hash
2981087d9047df84f1f173886d7f2353
27ee3db1546e61fb1042fe15065f39266f85bcc8
5dcab82097da033050612cbf50989d6cc9d2fe6823af9c8ea82affdc504e5a3d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/quickspin.d9067a98a.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:59 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-954"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 794
expires: Sun, 05 May 2024 17:28:59 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a9ec950afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/spinomenal/816dc231-c8b7-4ffb-bae9-d78caff7e923.jpg@avif

172.67.181.254

200 OK

7.4 kB

URL GET HTTP/2
imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/spinomenal/816dc231-c8b7-4ffb-bae9-d78caff7e923.jpg@avif
IP
172.67.181.254:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
ISO Media, AVIF Image
Size
7.4 kB (7441 bytes)
Hash
7d78a951d170034c2ce027bf5ea6c69f
56ffbce11b718eceeb70ad7ac12f28f44f3c8b93
8edab6a41bf81d3abcef43bc57b4c446cd3c493af6eb231409f7b0ecaaf56dfd

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/spinomenal/816dc231-c8b7-4ffb-bae9-d78caff7e923.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:59 GMT
content-type: image/avif
content-length: 7441
cache-control: public, max-age=31536000
content-disposition: inline; filename="816dc231-c8b7-4ffb-bae9-d78caff7e923.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1YjNhOTQ4LTI4YTY3Ig"
x-request-id: DqTBFz-huGT-LFs2ZsACa
cf-cache-status: HIT
age: 406958
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mKw6tTdapgG%2FaGP2MJVaO29uF1%2Bs7XbCkprk6WNev7J2rIECbyB9hgZdn0%2F60RUKfY1xR9vuWjMstVKkL%2BF%2FtSGlfcc9IkSSI1mOGrioabdiqjW3Fn4aobxdFyr421tmumvNceQAHuQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113aaeed8569c-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

1win-cdn.com/js/41543.9ecf6875c.js

154.197.121.128

200 OK

695 B

URL GET HTTP/2
1win-cdn.com/js/41543.9ecf6875c.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (713), with no line terminators
Size
695 B (695 bytes)
Hash
3a416c7a8b544cab2961aa391df25f73
1760b78a71e89b19890fc1e1d457f20fc7931b8f
63858586d9c72226c0522e2b0dbd181ef99b481aebef11049ac603b942c6876b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/41543.9ecf6875c.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:57 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-2b7"
expires: Wed, 03 May 2034 13:28:57 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 413074
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a17d660afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/leap.f4cfad944.svg

154.197.121.128

200 OK

2.5 kB

URL GET HTTP/2
1win-cdn.com/img/leap.f4cfad944.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
2.5 kB (2461 bytes)
Hash
9129fc106fce1317a16bb3acbd708de8
64dead6ad9646ce68218ae82cf9d369811d3b88d
993824f1fe4aa4c5c4132998d9b0a11fb719a92494f86e32d015a980473a59af

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/leap.f4cfad944.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:59 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-99d"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 486
expires: Sun, 05 May 2024 17:28:59 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a97bf70afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/js/icons-pack-social.4455053b1.js

154.197.121.128

200 OK

26 kB

URL GET HTTP/2
1win-cdn.com/js/icons-pack-social.4455053b1.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
JavaScript source, ASCII text, with very long lines (25529), with no line terminators
Size
26 kB (25529 bytes)
Hash
1b14185591d9bcf20bd451f8e80432b5
b234f9245842f8270f24b137798dab716dca4f96
8fe516d4373eef98060bd7bd9a38c40915c5628bd90429ee567feeb3ff5e3bcb

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/icons-pack-social.4455053b1.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:57 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 24 Apr 2024 14:53:09 GMT
etag: W/"66291cd5-63b9"
expires: Wed, 03 May 2034 13:28:57 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 413381
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a17d680afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/bet2tech.41863da88.svg

154.197.121.128

200 OK

1.8 kB

URL GET HTTP/2
1win-cdn.com/img/bet2tech.41863da88.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
1.8 kB (1823 bytes)
Hash
37036b9327cf2f08f10c828a969255cc
110c9e121e3f79982f785db63213d01a94faf4b0
13efe39819f6ca0b2ae3ceba64c239738536fee39cd1d6a4a142079050975f2a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/bet2tech.41863da88.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:58 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-71f"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 485
expires: Sun, 05 May 2024 17:28:58 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a81ad50afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/js/44881.08b617166.js

154.197.121.128

200 OK

418 kB

URL GET HTTP/2
1win-cdn.com/js/44881.08b617166.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type

Size
418 kB (417890 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/44881.08b617166.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:56 GMT
content-type: application/javascript; charset=utf-8
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-66062"
expires: Wed, 03 May 2034 13:28:56 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 165039
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f1139bb91f0afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/bf%20games.7559aed26.svg

154.197.121.128

200 OK

5.0 kB

URL GET HTTP/2
1win-cdn.com/img/bf%20games.7559aed26.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
5.0 kB (4994 bytes)
Hash
b94bb2811096b861bfbf8fbcd4de9149
17418a385bb399e79588ba1f6d3ee661c40197c5
c1f44795037017c6bfdb6b4e563a6c9323468cc8df433cfd871784dcf55472f1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/bf%20games.7559aed26.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:58 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-1382"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 4810
expires: Sun, 05 May 2024 17:28:58 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a84af60afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/betgames.f9572e26f.svg

154.197.121.128

200 OK

3.1 kB

URL GET HTTP/2
1win-cdn.com/img/betgames.f9572e26f.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
3.1 kB (3051 bytes)
Hash
22c1b0dd1e37b9c443eda963fe76d96e
7cdb9b3ec3c095dd657c2bc18489b00fc8f5f7fd
058002db89099b878d2fceffc78b9bdc47a5c5e990ebab7af3d1a9bac806a4f6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/betgames.f9572e26f.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:58 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-beb"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 776
expires: Sun, 05 May 2024 17:28:58 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a82add0afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/revolver.25aaacada.svg

154.197.121.128

200 OK

3.9 kB

URL GET HTTP/2
1win-cdn.com/img/revolver.25aaacada.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
3.9 kB (3880 bytes)
Hash
49db2026a7b56b5525113dde1df88e5f
145eaf3e89aaa41bc641b6cfd321d900f74065d6
6f0a14e96df44350c7101bb3382f02983f1eb98fced9d4309cf99b2210a96adc

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/revolver.25aaacada.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:59 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-f28"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5072
expires: Sun, 05 May 2024 17:28:59 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a9ec9c0afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/tvbet.fea6d0222.svg

154.197.121.128

200 OK

9.4 kB

URL GET HTTP/2
1win-cdn.com/img/tvbet.fea6d0222.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
9.4 kB (9418 bytes)
Hash
daf98e0c0d45cb1db158d09bd07e4959
2c28a0c557fb1cf89267d49d2d5ff2a958f896c9
e3f1319aa5c6feb25f6b42156eda20d784b7a7fa6ed97488292a7f5e23b44ab4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/tvbet.fea6d0222.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:59 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-24ca"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 794
expires: Sun, 05 May 2024 17:28:59 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113aa6d070afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/0ba3209c-cc88-4939-8825-8169ef474010.jpg@avif

172.67.181.254

200 OK

8.4 kB

URL GET HTTP/2
imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/0ba3209c-cc88-4939-8825-8169ef474010.jpg@avif
IP
172.67.181.254:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
ISO Media, AVIF Image
Size
8.4 kB (8415 bytes)
Hash
19f229b84c704888d3b7a617d4ea0d5f
ead41a6984c57debbde1fdbe6820dcdd07634f99
2ded6d38b4a260c8c2b217d42f160b0ad2e5f2ffba86bc3f4b98c660c29ff870

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/0ba3209c-cc88-4939-8825-8169ef474010.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:59 GMT
content-type: image/avif
content-length: 8415
cache-control: public, max-age=31536000
content-disposition: inline; filename="0ba3209c-cc88-4939-8825-8169ef474010.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY2MjhiZjVkLTIwNzNlIg"
x-request-id: qm6oGx3zgZoAvqzoU-0Oq
cf-cache-status: HIT
age: 413424
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0BPCKkru9hyVlZiTWv21Hc5OWvJsr5SewvUTAdsXrDEL%2B958deUZItk7%2FV9TMLlSYU568A0ioI8iRdvZ51iMfjIZxf1MhGXnwW%2BlRRpS6Te8PDYdkI%2BvF2POyN%2B6QxVooiYNRrMhBGA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113aafeef569c-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

1win-cdn.com/js/20420.30b3c996e.js

154.197.121.128

200 OK

573 B

URL GET HTTP/2
1win-cdn.com/js/20420.30b3c996e.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (591), with no line terminators
Size
573 B (573 bytes)
Hash
41330d1d45db0c752d96abc28dbb0644
3e716caf3e130d706d19fff163b8fda8b91574eb
fbcbcecc2dd56e59b3e7ae495a64eafdbee9d493cd3b86ba0ebe14f75e031dc0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/20420.30b3c996e.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:58 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-23d"
expires: Wed, 03 May 2034 13:28:58 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 420970
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a83ae40afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/bgaming.ae3573ff9.svg

154.197.121.128

200 OK

4.0 kB

URL GET HTTP/2
1win-cdn.com/img/bgaming.ae3573ff9.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
4.0 kB (3997 bytes)
Hash
f2081caf12b5dad178e766a8bd906e19
5ffdd19030dd7868b979fa8c19243e62b70eabb8
ac0b648f44a2ab64ba3f4e7517ebbe6ba9ff28082268f67b9afebc0d8d38e884

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/bgaming.ae3573ff9.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:58 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-f9d"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 776
expires: Sun, 05 May 2024 17:28:58 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a85afc0afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/playson.2ff1c7d85.svg

154.197.121.128

200 OK

2.8 kB

URL GET HTTP/2
1win-cdn.com/img/playson.2ff1c7d85.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
2.8 kB (2789 bytes)
Hash
241ae7d1512148f38162202a1838bcf7
7937917d26b57052c052b0cce94f5d1697c8caa7
a6bbee3377db6138a13bd0bd2bc21f778d1f5744a38653efe4acb48d8078367e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/playson.2ff1c7d85.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:59 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-ae5"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 486
expires: Sun, 05 May 2024 17:28:59 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a9dc870afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/js/90206.5caf53dc9.js

154.197.121.128

200 OK

12 kB

URL GET HTTP/2
1win-cdn.com/js/90206.5caf53dc9.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type

Size
12 kB (11528 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/90206.5caf53dc9.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:57 GMT
content-type: application/javascript; charset=utf-8
last-modified: Fri, 26 Apr 2024 11:07:10 GMT
etag: W/"662b8ade-2d08"
expires: Wed, 03 May 2034 13:28:57 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 407789
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f1139f0b6a0afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/js/46665.703cfe1de.js

154.197.121.128

200 OK

1.0 kB

URL GET HTTP/2
1win-cdn.com/js/46665.703cfe1de.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (1042), with no line terminators
Size
1.0 kB (1022 bytes)
Hash
530c1fc3208b67ba84edf563465386ad
d2ae074df39f95da703f5a582a2dadec59962e2c
82df31a277f44a4f8045b7081e23b00003dcadb0f695354354559aaff26a392a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/46665.703cfe1de.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:58 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-3fe"
expires: Wed, 03 May 2034 13:28:58 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 420970
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a7ca940afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/pragmatic/c_d25464ae840baf966d3d1019c718c0fc.png@avif

172.67.181.254

200 OK

6.4 kB

URL GET HTTP/2
imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/pragmatic/c_d25464ae840baf966d3d1019c718c0fc.png@avif
IP
172.67.181.254:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
ISO Media, AVIF Image
Size
6.4 kB (6364 bytes)
Hash
4e7067f0087797bc8a2752288c82d468
7a97f30b9cf7b7c0167847006aefcd3411e4c414
626952781c5dcc08fb5dc238ced257f7bcc86ed4e656e61c829199ab4f023e62

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/pragmatic/c_d25464ae840baf966d3d1019c718c0fc.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:59 GMT
content-type: image/avif
content-length: 6364
cache-control: public, max-age=31536000
content-disposition: inline; filename="c_d25464ae840baf966d3d1019c718c0fc.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjYyOGUyMTVlLTRiYWM1Ig"
x-request-id: TlNWZ38pE9uIHD6irnmEj
cf-cache-status: HIT
age: 412862
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wCe2g%2BMVnHgZUVnswNjEHXHBu05uamCbBmqELVaf5xiwiJ1zoR9U%2BhPirALC%2FL8d5VMy37j173zRhOaP3egI4U6UzThyz%2BUEIv%2BXaN6KeS%2F2oCy8Wz8umRqSKnsMclSgBGW%2B9dEPEEo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113abf826569c-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

1win-cdn.com/img/fiba.4b405b699.svg

154.197.121.128

200 OK

1.2 kB

URL GET HTTP/2
1win-cdn.com/img/fiba.4b405b699.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
1.2 kB (1230 bytes)
Hash
4aa9ad25fbbca388328ba8098758f0c7
82dc10c520383464da8039c4175e315c182ccf2e
c9a23ae008a3f9ef8714a6dfd1ddb0ee0c70c17fe3bb81bf54794c649ebebf29

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/fiba.4b405b699.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:58 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-4ce"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 887
expires: Sun, 05 May 2024 17:28:58 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a49fd30afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/liw.134f23084.svg

154.197.121.128

200 OK

7.8 kB

URL GET HTTP/2
1win-cdn.com/img/liw.134f23084.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
7.8 kB (7838 bytes)
Hash
264daa943330a145d35b4c46632ff260
9eb716994914e9640f1a2965a0cef6eeb6c2eba0
f0224d25386512226df690d731c56ff27c141f6c608684d2c3d67fa9e26594de

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/liw.134f23084.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:59 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-1e9e"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 486
expires: Sun, 05 May 2024 17:28:59 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a97bf90afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/js/62825.cf3a1caf6.js

154.197.121.128

200 OK

736 B

URL GET HTTP/2
1win-cdn.com/js/62825.cf3a1caf6.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (768), with no line terminators
Size
736 B (736 bytes)
Hash
a56324a88fee02690b8a3ed35e889018
18e9af315ba78b3b7f467894aa838ef2eefee254
dd0ed1a086018d01466171d96d3c7d99fe4a0d88e8d965bd2d08f31dfa541202

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/62825.cf3a1caf6.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:57 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-2e0"
expires: Wed, 03 May 2034 13:28:57 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 407725
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a19d740afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/rubyplay.b4553f39e.svg

154.197.121.128

200 OK

7.6 kB

URL GET HTTP/2
1win-cdn.com/img/rubyplay.b4553f39e.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
7.6 kB (7557 bytes)
Hash
3858ea5c6be5319073b0453eac475c1b
72be49666df66401b531cfe9658ae2b64f897b0b
fb96a6365440b705da9c72c59a869499f4872ed922243f9d248536974a860980

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/rubyplay.b4553f39e.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:59 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-1d85"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 4811
expires: Sun, 05 May 2024 17:28:59 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a9ec9e0afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/flags/en.svg

154.197.121.128

200 OK

2.2 kB

URL GET HTTP/2
1win-cdn.com/img/flags/en.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
2.2 kB (2222 bytes)
Hash
79e4258317717cae7d54221d403e28d4
85a14a9c6aa03cf4c9ec9e942a06e5987cb61d0a
0b0d98ecb898886bc24f0a6859a7a76034f960374c9914370e69d3ac7467a697

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/flags/en.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:57 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-8ae"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5245
expires: Sun, 05 May 2024 17:28:57 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f1139ffc160afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/1play/8cd3ae6e-3840-454e-8e42-434cd48af16c.jpg@png

172.67.181.254

200 OK

0 B

URL GET HTTP/2
imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/1play/8cd3ae6e-3840-454e-8e42-434cd48af16c.jpg@png
IP
172.67.181.254:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/1play/8cd3ae6e-3840-454e-8e42-434cd48af16c.jpg@png HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:58 GMT
content-type: image/png
content-length: 53775
cache-control: public, max-age=31536000
content-disposition: inline; filename="8cd3ae6e-3840-454e-8e42-434cd48af16c.png"
content-security-policy: script-src 'none'
etag: "YivgRLogmnYHS1cXPJjS1dpZXN4A7BZ3bWbLSqbfqjQ/RIjY2MTY2NmI4LTJiMmQxIg"
x-request-id: kWh-NKk8329mVK9k5vj5-
cf-cache-status: HIT
age: 416782
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hO7OVnl9sLz7lJgAb1acsWH%2F1iV3VEjR9z%2B3UCWYyeoB%2BmG7dTuUSjpKFww%2F5D2j3aOwyJEerLFOEjEFInK5o%2F3%2BgIZT1fE4ghv608KImSPPT2neSzQKi%2B%2F0M7Z1%2Bs7cSpN6GVt0edQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a6ba79569c-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

1win-cdn.com/img/belatra.1e7508387.svg

154.197.121.128

200 OK

5.1 kB

URL GET HTTP/2
1win-cdn.com/img/belatra.1e7508387.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
5.1 kB (5114 bytes)
Hash
3a3db4a05ec45ff249ff2330cc6131d9
d4e82a85d11863ae6e91cf542676f8ed0dc5a130
356a6b1e0c2826d245756e52b8505d57e4cc1d2059957fe6fa4b4c37ce6754ff

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/belatra.1e7508387.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:58 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-13fa"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 485
expires: Sun, 05 May 2024 17:28:58 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a81ad10afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/caleta.b1dc71f69.svg

154.197.121.128

200 OK

1.3 kB

URL GET HTTP/2
1win-cdn.com/img/caleta.b1dc71f69.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
1.3 kB (1304 bytes)
Hash
bbba19a0f7e2c3b02a8ca7d7c833eb63
5dd340d9cc4c395174865b155829f3054fb29275
96061a9a0bc3a990d16e91b8c52ca6436dfde7223b3e9741bee8a772f4559ccd

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/caleta.b1dc71f69.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:58 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-518"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 485
expires: Sun, 05 May 2024 17:28:58 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a87b1d0afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/thunderspin.2d11ae63d.svg

154.197.121.128

200 OK

2.5 kB

URL GET HTTP/2
1win-cdn.com/img/thunderspin.2d11ae63d.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
2.5 kB (2520 bytes)
Hash
604f41c295f537f07943cfe15d6f15f2
ab1b0075af6b7a8c6aa80eaa1ffbec9931a09369
9a89dee21e4f99f3d08e324ca4d4c6b1c08f3acc53bbc9027d57757359734198

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/thunderspin.2d11ae63d.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:59 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-9d8"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5072
expires: Sun, 05 May 2024 17:28:59 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113aa6d020afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/1x2%20multiplayer.00302c7de.svg

154.197.121.128

200 OK

2.6 kB

URL GET HTTP/2
1win-cdn.com/img/1x2%20multiplayer.00302c7de.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
2.6 kB (2555 bytes)
Hash
113eb6d7137f5f70e8e824f5487e85bd
3d4d5852693e551b81b3d8106608e11bdb3a5080
72f4e464420bdd29f86767f770246a82e37d7d54e601f3f460fdcaf351339a0b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/1x2%20multiplayer.00302c7de.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:58 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-9fb"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 485
expires: Sun, 05 May 2024 17:28:58 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a78a4e0afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/atmosfera.32402e33f.svg

154.197.121.128

200 OK

9.0 kB

URL GET HTTP/2
1win-cdn.com/img/atmosfera.32402e33f.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
9.0 kB (8973 bytes)
Hash
3ba4610ae40c2d70390afaa7cba36721
01eeff20113a096675d71c018a7f109c8e53da28
815ee6469c0e9ab67b094e7e529109be7cd887973cfa0d784ac1638e9e5b5637

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/atmosfera.32402e33f.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:58 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-230d"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 485
expires: Sun, 05 May 2024 17:28:58 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a80ac60afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/truelab.ec113fba7.svg

154.197.121.128

200 OK

2.0 kB

URL GET HTTP/2
1win-cdn.com/img/truelab.ec113fba7.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
2.0 kB (1968 bytes)
Hash
edd84be1aaadcb0b503864bea380f168
af4583fc1079d7d5e07cc6ca22b56f9eeaab7418
d73eced8792c2507b075c7a7a313f1e228700fda1108d4ab44d707b36b241e06

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/truelab.ec113fba7.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:59 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-7b0"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 486
expires: Sun, 05 May 2024 17:28:59 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113aa6d030afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/sprite-tvbet@2.888adc8ee-256.webp

154.197.121.128

200 OK

354 kB

URL GET HTTP/2
1win-cdn.com/img/sprite-tvbet@2.888adc8ee-256.webp
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
RIFF (little-endian) data, Web/P image
Size
354 kB (353842 bytes)
Hash
8df817e5ef0af5dc8279d3f20cae9bc3
12c85bcc74a48053c92f3f75ce3c14e1a19e46d3
61a0f98511e6c60430ab044d1f80e1c9eff83f577064d465cc5f893ba3ce0fee

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/sprite-tvbet@2.888adc8ee-256.webp HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:57 GMT
content-type: image/webp
content-length: 353842
last-modified: Fri, 03 May 2024 15:33:37 GMT
etag: "663503d1-56632"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5070
expires: Sun, 05 May 2024 17:28:57 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a21dcd0afa-OSL
X-Firefox-Spdy: h2

1win-cdn.com/js/88971.a170f9f22.js

154.197.121.128

200 OK

529 B

URL GET HTTP/2
1win-cdn.com/js/88971.a170f9f22.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (547), with no line terminators
Size
529 B (529 bytes)
Hash
747fc30343cbabbbcd8246b2a4598ccc
9bf22fb112b065a447c3dc013d3e513f7814566d
7970a6d096e6162d9b534b3160178c89ea5aa9c041f6adf5294be76148e09780

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/88971.a170f9f22.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:58 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-211"
expires: Wed, 03 May 2034 13:28:58 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 421664
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a78a3c0afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/100hp%20gaming.8352a77d8.svg

154.197.121.128

200 OK

2.4 kB

URL GET HTTP/2
1win-cdn.com/img/100hp%20gaming.8352a77d8.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
2.4 kB (2357 bytes)
Hash
4ed7fa45e0933ca6d981ea7fdd5e86ad
9da697d8f40394da2cc17c0c82e73cb1130023d3
619d6f72aec387dbde0c96adf91a96436c6c496d67a67841a4058fda6283210d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/100hp%20gaming.8352a77d8.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:58 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-935"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 4810
expires: Sun, 05 May 2024 17:28:58 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a78a470afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/4theplayer.f89265cdd.svg

154.197.121.128

200 OK

4.2 kB

URL GET HTTP/2
1win-cdn.com/img/4theplayer.f89265cdd.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
4.2 kB (4199 bytes)
Hash
5cb7cf2507e642be8dd905487dc5ab67
68ad93bac5948542dade50964d8384eb9bff3573
f5bc2b7e50f7ecad4b80ce6102973c2cba12fdbd502b64505788c6f82ba08b66

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/4theplayer.f89265cdd.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:58 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-1067"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 485
expires: Sun, 05 May 2024 17:28:58 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a7aa6f0afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/fantasma.8f4e2392c.svg

154.197.121.128

200 OK

3.4 kB

URL GET HTTP/2
1win-cdn.com/img/fantasma.8f4e2392c.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
3.4 kB (3380 bytes)
Hash
2b6e488681e5af743e430cce2f0c2187
5a3102291017d617e6346a59664b1ec7eece4423
f34079a7f0c56e9ef5af475418998e11aa38c64bf4900827c830263eb9e8ac11

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/fantasma.8f4e2392c.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:59 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-d34"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 486
expires: Sun, 05 May 2024 17:28:59 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a8eb8b0afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/salsa.8d18d113d.svg

154.197.121.128

200 OK

4.5 kB

URL GET HTTP/2
1win-cdn.com/img/salsa.8d18d113d.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
4.5 kB (4487 bytes)
Hash
8ddc56d0a9c2b1ae996c3521eddfae36
db430c81bcb0d7090c4067b858c8d48f0ba5d320
08bcd575204796b49e6590b14d0aef61c53647132f039606f45957b971c37844

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/salsa.8d18d113d.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:59 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-1187"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5072
expires: Sun, 05 May 2024 17:28:59 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a9fca70afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/nhl.9b1a4945d.svg

154.197.121.128

200 OK

5.5 kB

URL GET HTTP/2
1win-cdn.com/img/nhl.9b1a4945d.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
5.5 kB (5508 bytes)
Hash
776fb511daa35474ef8291916961aab6
58a4d5e39d8d100ef715b74a99bc5920259578f1
4e5efe564f1dfb5226aabc8c88a454033a02f175a7e9c807314a05b9eebc7571

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/nhl.9b1a4945d.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:58 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-1584"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5916
expires: Sun, 05 May 2024 17:28:58 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a4afd40afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/amatic.1ad22f1f0.svg

154.197.121.128

200 OK

1.0 kB

URL GET HTTP/2
1win-cdn.com/img/amatic.1ad22f1f0.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
1.0 kB (1024 bytes)
Hash
beaad3ec246cc02d25e05017a1e1739a
391c594a7f9ff5db52bfbd1c41e6577e6ac49dc7
184333dfcbe0cc2997b77991da69552dd91fe8d480186f8a8b76187e11e00a84

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/amatic.1ad22f1f0.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:58 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-400"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 793
expires: Sun, 05 May 2024 17:28:58 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a7daa40afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/betsolutions.5d0a153ca.svg

154.197.121.128

200 OK

1.6 kB

URL GET HTTP/2
1win-cdn.com/img/betsolutions.5d0a153ca.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
1.6 kB (1565 bytes)
Hash
066b7782f9f8acb732cd85f2df1344ac
7bb3c193cb5dd835fec3e3ce7ed032be4200afc9
95ee3f610ca3eb081f9fd0b7c61dc40ea0e5f470b0ba72dee69c1a06a9198e35

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/betsolutions.5d0a153ca.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:58 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-61d"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 485
expires: Sun, 05 May 2024 17:28:58 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a83af30afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/smartsoft.d4a2c90f3.svg

154.197.121.128

200 OK

4.4 kB

URL GET HTTP/2
1win-cdn.com/img/smartsoft.d4a2c90f3.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
4.4 kB (4399 bytes)
Hash
e363d734db0fb177f2d082d5ec933b2e
21840bbc0a0843627d204818be4abba494436a12
ba8913cfda5417b5d2d8015dd340def1fc7cec97a5c875ba14590a044a5daa53

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/smartsoft.d4a2c90f3.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:59 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-112f"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 777
expires: Sun, 05 May 2024 17:28:59 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113aa2cc20afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/jetx.64787fc5c.svg

154.197.121.128

200 OK

13 kB

URL GET HTTP/2
1win-cdn.com/img/jetx.64787fc5c.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
13 kB (13301 bytes)
Hash
0046061bb77d38094cc0f71b7371d406
1fd7894d0117251f1eeec1a343b85532d7864a05
bac9b1ac206602f5369235b21d6373b9b6f7980ff55c4e851d8a40f00db4d0fa

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/jetx.64787fc5c.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:57 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-33f5"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 3733
expires: Sun, 05 May 2024 17:28:57 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a11d0d0afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/css/44881.dae54c10d.css

154.197.121.128

200 OK

31 kB

URL GET HTTP/2
1win-cdn.com/css/44881.dae54c10d.css
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
ASCII text, with very long lines (31262)
Size
31 kB (31263 bytes)
Hash
042184ca7fa3adf2a29c3de64253e215
321e3142ce096f24515bf9c5699fda45dcc5e76c
672247ee69b11db439dc0db48c1b8115542d13a4c9c2f23af0a0433b453adc7a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/44881.dae54c10d.css HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:56 GMT
content-type: text/css
last-modified: Fri, 26 Apr 2024 11:07:10 GMT
etag: W/"662b8ade-7a1f"
expires: Wed, 03 May 2034 13:28:56 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 407788
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f1139bb9170afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1wywi.com/affiliate:link_visit?visit_domain=1wywi.com&sub_ids=undefined

190.115.24.78

200 OK

37 B

URL GET HTTP/2
1wywi.com/affiliate:link_visit?visit_domain=1wywi.com&sub_ids=undefined
IP
190.115.24.78:443
ASN
#59692 IQWeb FZ-LLC

Requested by
https://1wywi.com/
Certificate
IssuerLet's Encrypt
Subject1wywi.com
Fingerprint10:72:77:37:53:ED:0D:74:32:45:A4:2F:78:25:BF:F0:04:F3:31:84
ValiditySat, 04 May 2024 07:35:26 GMT - Fri, 02 Aug 2024 07:35:25 GMT

File type
troff or preprocessor input, ASCII text, with no line terminators
Size
37 B (37 bytes)
Hash
2f6af1a09e6d352c1603fe2326189744
baed183cee7c7fd534e8519a683c9f398e696329
7dbce63a298c62ef7fd9b97b1512bcfc0fb402338670dbd194362e0ffac42458

HTTP Headers

GET /affiliate:link_visit?visit_domain=1wywi.com&sub_ids=undefined HTTP/1.1
Host: 1wywi.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1wywi.com/
DNT: 1
Connection: keep-alive
Cookie: __ddg1_=HvzQS1z7STb3yA78JxqG; visit_domain=1wywi.com
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: ddos-guard
date: Sun, 05 May 2024 13:28:56 GMT
content-type: application/json; charset=utf-8
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Authorization, X-Origin
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin: undefined
access-control-expose-headers: Authorization
access-control-max-age: 7200
etag: W/"25-Zj67mG54TfZ031q1ea2QwFUXWX4"
set-cookie: core-sticky=http://10.233.94.251:80; Path=/; HttpOnly
x-powered-by: Express
x-frame-options: ALLOW-FROM   ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan, ALLOW-FROM 1win-partner.com  ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2

1win-cdn.com/img/mascot%20gaming.21cafbe70.svg

154.197.121.128

200 OK

5.2 kB

URL GET HTTP/2
1win-cdn.com/img/mascot%20gaming.21cafbe70.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
5.2 kB (5199 bytes)
Hash
692c90ac31385db12fe64a48ec01b77a
e9249716fcbdc6e0b75b798d0f37ed6942a045da
d0b041e1a396908bda558a5d224edb3cd80787d88910beb2fdb2dc4e5186045a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/mascot%20gaming.21cafbe70.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:59 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-144f"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5072
expires: Sun, 05 May 2024 17:28:59 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a97bfe0afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/red%20tiger.157f419e2.svg

154.197.121.128

200 OK

15 kB

URL GET HTTP/2
1win-cdn.com/img/red%20tiger.157f419e2.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
15 kB (14736 bytes)
Hash
f0a8d4ae6c95b6d6b2b0bbbaa62aad9d
9ea188283d324f5c87a802c14ec3386167e7e2a8
4572ee67d26acf1ccb35decf47651e67464a7dc0a438d79c721b9ba739f14d2e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/red%20tiger.157f419e2.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:59 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-3990"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 486
expires: Sun, 05 May 2024 17:28:59 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a9ec970afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/spearhead.27c37f3dd.svg

154.197.121.128

200 OK

1.2 kB

URL GET HTTP/2
1win-cdn.com/img/spearhead.27c37f3dd.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
1.2 kB (1194 bytes)
Hash
b7d0037b4b499acbf11a3a7d22d9f7e8
b4a122e841ea28158af2f35adaf0b802713ffda3
aaa2c2f064d9c7709062169ce8ef64c7e6158b89d6700351c1be538cb0bdc0fe

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/spearhead.27c37f3dd.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:59 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-4aa"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 794
expires: Sun, 05 May 2024 17:28:59 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113aa2cd10afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/gamebeat.5649e97f9.svg

154.197.121.128

200 OK

1.1 kB

URL GET HTTP/2
1win-cdn.com/img/gamebeat.5649e97f9.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
1.1 kB (1138 bytes)
Hash
f47237dc478a7b0d1ed4d2687cc13396
66ce5afa1722b78b22858e1ae057290f36a13c81
af0e90737145635ae2a9807d550dfc2bd2746cbc50f74b828a3aa4c0e9a8ca19

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/gamebeat.5649e97f9.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:59 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-472"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 777
expires: Sun, 05 May 2024 17:28:59 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a90ba40afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/js/57652.297e4ecc2.js

154.197.121.128

200 OK

647 B

URL GET HTTP/2
1win-cdn.com/js/57652.297e4ecc2.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (667), with no line terminators
Size
647 B (647 bytes)
Hash
53d580c5f29a2a838b6595fa6ff0f0a3
ab60adb7207a806d271778effe677ed01dc144b0
d09039f573818646e722fef48f6f9d999dc7382548877a5699e9b45be29ec6dc

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/57652.297e4ecc2.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:57 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-287"
expires: Wed, 03 May 2034 13:28:57 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 420571
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a16d4c0afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/css/68410.d56f51302.css

154.197.121.128

200 OK

45 kB

URL GET HTTP/2
1win-cdn.com/css/68410.d56f51302.css
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
ASCII text, with very long lines (44871)
Size
45 kB (44872 bytes)
Hash
e4497915b5678c70601e6434394f6575
55146388fda855fb7d8710ce9f62ee3b4c420640
9b9430eac542be7137a39afac89a9e57e69987fe5bf34dbbc475d1c1409eb177

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/68410.d56f51302.css HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:57 GMT
content-type: text/css
last-modified: Wed, 24 Apr 2024 16:22:14 GMT
etag: W/"662931b6-af48"
expires: Wed, 03 May 2034 13:28:57 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 309472
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f1139f1b710afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/boldplay.70a46bd71.svg

154.197.121.128

200 OK

4.7 kB

URL GET HTTP/2
1win-cdn.com/img/boldplay.70a46bd71.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
4.7 kB (4668 bytes)
Hash
b9145dace81bbcbef7d60609e72c9c63
c182aef9dae96fe22563e38cf8ad0bd5cfb9f588
8efe8d59068c4a443da7fca222bf01d3a94a01db7c7ace4463c434ff0aa93235

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/boldplay.70a46bd71.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:58 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-123c"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5071
expires: Sun, 05 May 2024 17:28:58 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a86b090afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/yggdrasil.a6bc350dc.svg

154.197.121.128

200 OK

5.8 kB

URL GET HTTP/2
1win-cdn.com/img/yggdrasil.a6bc350dc.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
5.8 kB (5783 bytes)
Hash
1156d7b0c16ee989276ab38995b5e316
2efca22c943534eec487d1441efc9c1280c0ce62
05a95300234033b2ad7ffbf88873540ae90bfb3b849dc207666d8deed966d24d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/yggdrasil.a6bc350dc.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:59 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-1697"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 794
expires: Sun, 05 May 2024 17:28:59 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113aa7d160afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/zillion.c0e3dd6f0.svg

154.197.121.128

200 OK

684 B

URL GET HTTP/2
1win-cdn.com/img/zillion.c0e3dd6f0.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
684 B (684 bytes)
Hash
d9e09ca4e933fc8dabb60c1335cb7cd6
37b3bb2ea200f88ae0f7c681547dfba6fcce1449
fb15bc779be9be33fbb41082ce8c6defe5cbeb6273b2a3cf620e40ef4416c177

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/zillion.c0e3dd6f0.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:59 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-2ac"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5072
expires: Sun, 05 May 2024 17:28:59 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113aa8d1f0afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

region1.analytics.google.com/g/collect?v=2&tid=G-548949LWLW&gtm=45je4510v894728184z8894400803za200&_p=1714915737404&_gaz=1&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=915493815.1714915740&ul=en-us&sr=1280x1024&pscdl=noapi&_s=1&dp=%2F&sid=1714915739&sct=1&seg=0&dl=https%3A%2F%2F1wywi.com%2F&dt=1win&en=page_view&_fv=1&_nsi=1&_ss=1&ep.page_url=https%3A%2F%2F1wywi.com%2F&up.UserID=&up.platform_language=en&up.device_type=desktop&up.platform=web&up.os=other&tfd=3682

216.239.34.36

204 No Content

0 B

URL POST HTTP/2
region1.analytics.google.com/g/collect?v=2&tid=G-548949LWLW&gtm=45je4510v894728184z8894400803za200&_p=1714915737404&_gaz=1&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=915493815.1714915740&ul=en-us&sr=1280x1024&pscdl=noapi&_s=1&dp=%2F&sid=1714915739&sct=1&seg=0&dl=https%3A%2F%2F1wywi.com%2F&dt=1win&en=page_view&_fv=1&_nsi=1&_ss=1&ep.page_url=https%3A%2F%2F1wywi.com%2F&up.UserID=&up.platform_language=en&up.device_type=desktop&up.platform=web&up.os=other&tfd=3682
IP
216.239.34.36:443
ASN
#15169 GOOGLE

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE
ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /g/collect?v=2&tid=G-548949LWLW&gtm=45je4510v894728184z8894400803za200&_p=1714915737404&_gaz=1&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=915493815.1714915740&ul=en-us&sr=1280x1024&pscdl=noapi&_s=1&dp=%2F&sid=1714915739&sct=1&seg=0&dl=https%3A%2F%2F1wywi.com%2F&dt=1win&en=page_view&_fv=1&_nsi=1&_ss=1&ep.page_url=https%3A%2F%2F1wywi.com%2F&up.UserID=&up.platform_language=en&up.device_type=desktop&up.platform=web&up.os=other&tfd=3682 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1wywi.com
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

HTTP/2 204 No Content
access-control-allow-origin: https://1wywi.com
date: Sun, 05 May 2024 13:29:00 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

1win-cdn.com/img/bonus_hover_1.a84694805-1979.png

0.0.0.0

0 B

URL GET
1win-cdn.com/img/bonus_hover_1.a84694805-1979.png
IP
0.0.0.0:0
ASN
#0

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/bonus_hover_1.a84694805-1979.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

1win-cdn.com/img/spadegaming.8dc1e9a8e.svg

154.197.121.128

200 OK

3.8 kB

URL GET HTTP/2
1win-cdn.com/img/spadegaming.8dc1e9a8e.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
3.8 kB (3805 bytes)
Hash
747a1c4577c4f0216b3c2312e11b1950
c38313a9fb030d29f16ed7bbc1dab939a874aff5
e6e69bc9af907311e8e0d47d368dc74a985349748dc05803b4717e4aa8a3f6c1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/spadegaming.8dc1e9a8e.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:59 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-edd"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 486
expires: Sun, 05 May 2024 17:28:59 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113aa2ccc0afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/itf.9b1402c42.svg

154.197.121.128

200 OK

2.8 kB

URL GET HTTP/2
1win-cdn.com/img/itf.9b1402c42.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
2.8 kB (2800 bytes)
Hash
27cca74bc2226d97c21e7f62ff3d1865
737970ba7c15660eb385cd530793056ea1106019
c1ee5d4712434ef1e4d165c360d4931abdf99d8e8fc81bfa8d64ca8cf8f9fe64

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/itf.9b1402c42.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:58 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-af0"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Sun, 05 May 2024 17:28:58 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a4afd60afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/spinomenal.e0cf93b3a.svg

154.197.121.128

200 OK

2.3 kB

URL GET HTTP/2
1win-cdn.com/img/spinomenal.e0cf93b3a.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
2.3 kB (2256 bytes)
Hash
cccb25968af8377b09aaabb6aac79736
84938c2eeb2043bd681550b012601b0b0a2395b0
59b22e2b3007555e659e3a56f1c622f3635e7e0a7f284ce7b9a56dfe5fde9e9d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/spinomenal.e0cf93b3a.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:58 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-8d0"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 100
expires: Sun, 05 May 2024 17:28:58 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a719d80afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/edict.ca67383de.svg

154.197.121.128

200 OK

13 kB

URL GET HTTP/2
1win-cdn.com/img/edict.ca67383de.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
13 kB (12806 bytes)
Hash
7794e14088c92dc44e186b65dfd0782b
f81ec0b93e38339b2e2f8f94d2f7c568b8943fff
c7f35f1baf838b1d2df12f6f0c9ec002d9fc4f57fcee414b74fad3cabb71864a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/edict.ca67383de.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:58 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-3206"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 485
expires: Sun, 05 May 2024 17:28:58 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a8ab3e0afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/gameart.7beff0d18.svg

154.197.121.128

200 OK

2.6 kB

URL GET HTTP/2
1win-cdn.com/img/gameart.7beff0d18.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
2.6 kB (2608 bytes)
Hash
0316280cc350cb02b448e29142cbc493
16182a01de1fe9f3918bdfff51002844776c1b08
be85aab3a3bd01ae6471157366d278a01d650882cccaa670c8d5472eda92a073

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/gameart.7beff0d18.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:59 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-a30"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 486
expires: Sun, 05 May 2024 17:28:59 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a8fb9e0afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/habanero.92654c79c.svg

154.197.121.128

200 OK

3.6 kB

URL GET HTTP/2
1win-cdn.com/img/habanero.92654c79c.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
3.6 kB (3561 bytes)
Hash
9d25ca67fcccda561c314873654994a8
0e5592059d8c6114a25d0affd4af7e50e44d36af
e43f0e0abd0ae12393dc2b91c459fdcf045669e63be099f9cb44cd37904bd761

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/habanero.92654c79c.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:59 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-de9"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 486
expires: Sun, 05 May 2024 17:28:59 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a94bc70afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/js/10400.9ded7920f.js

154.197.121.128

200 OK

10 kB

URL GET HTTP/2
1win-cdn.com/js/10400.9ded7920f.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
JavaScript source, ASCII text, with very long lines (10227), with no line terminators
Size
10 kB (10227 bytes)
Hash
15eac69773e4a58c28d83941ba68a74d
d7a102d8e5b17065207de75d40e50e4406ff6e4a
57cf3cf3d84271aa5926a0aea38039976c7778b8cf9e182e3b1412211339994b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/10400.9ded7920f.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:57 GMT
content-type: application/javascript; charset=utf-8
last-modified: Fri, 03 May 2024 08:45:03 GMT
etag: W/"6634a40f-27f3"
expires: Wed, 03 May 2034 13:28:57 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 188615
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f1139f1b6e0afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/evolution.acb5f3085.svg

154.197.121.128

200 OK

2.5 kB

URL GET HTTP/2
1win-cdn.com/img/evolution.acb5f3085.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
2.5 kB (2522 bytes)
Hash
a27852d0f8f77af9c6a274605b932984
415500832c34ac475d87411fa799dead414701b4
c162d16756ed886b03e4195178b00ea6d54baa3e71ce40f0dd46f3ebb3643e39

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/evolution.acb5f3085.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:59 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-9da"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 777
expires: Sun, 05 May 2024 17:28:59 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a8db760afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/1win-normal.34748aac6.svg

154.197.121.128

200 OK

4.6 kB

URL GET HTTP/2
1win-cdn.com/img/1win-normal.34748aac6.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
4.6 kB (4641 bytes)
Hash
6a657a7851fa92f791304f1cdb123e9a
ae2def67a366ffe67578bf82e3c47b4f1966e784
8443e4838f78a5ad2efa628846e3337e1cec32b94cfce323eb25f2e97989a02f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/1win-normal.34748aac6.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:57 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-1221"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 100
expires: Sun, 05 May 2024 17:28:57 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a01c220afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/atp.e87cf2801.svg

154.197.121.128

200 OK

12 kB

URL GET HTTP/2
1win-cdn.com/img/atp.e87cf2801.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
12 kB (12058 bytes)
Hash
3fc6d0c6036c51b4dfe66e116e849214
86ce1aaadafc27a3777f00411012d449f3ae9637
8f671c058e48d1614f577f5acae1f1c27c7ce6af1cc2bcebb8cdacc1280f5207

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/atp.e87cf2801.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:58 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-2f1a"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 887
expires: Sun, 05 May 2024 17:28:58 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a4afd50afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/pragmatic/3223fafb-6b1b-46ba-bb4e-d667854eb8e8.png@avif

172.67.181.254

200 OK

8.2 kB

URL GET HTTP/2
imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/pragmatic/3223fafb-6b1b-46ba-bb4e-d667854eb8e8.png@avif
IP
172.67.181.254:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
ISO Media, AVIF Image
Size
8.2 kB (8197 bytes)
Hash
2bb5dde390003652a0eb9ebe2ec82506
a380f9976a7e050fb4d5d16645fb739f1c012635
8a7bde50fbfc69782f930b7983c89539fa483d076ec7bfd327cbf615987bed3b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/pragmatic/3223fafb-6b1b-46ba-bb4e-d667854eb8e8.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:59 GMT
content-type: image/avif
content-length: 8197
cache-control: public, max-age=31536000
content-disposition: inline; filename="3223fafb-6b1b-46ba-bb4e-d667854eb8e8.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1NGIzZjM1LTMwNzIxIg"
x-request-id: ejgpplgS_jgdEjE0wtm06
cf-cache-status: HIT
age: 406957
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0wtHZWvHIyvQBTPwNtIaVn3%2FbNYGzUqeSCNqkU%2F4Ey2q%2FN8wZYwROks2wt3HZuImkWkd9babm%2FHDNo9nq1r3zW2BBR2pZ6dK%2Fnemy1v0mfd%2BIJ7x%2FIGxe0N%2FjnnRK2YScBnWxBUStAI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113abf81f569c-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

1win-cdn.com/img/bombay%20live.ab678ab94.svg

154.197.121.128

200 OK

1.5 kB

URL GET HTTP/2
1win-cdn.com/img/bombay%20live.ab678ab94.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
1.5 kB (1460 bytes)
Hash
291aed0c4eee33d7354cb7440283934c
ed96adcc70c1f20adad6a9b7a4fa494c45a0d66e
e74a67564e0b43deb9d4a6cf97c232567d7dc8111c457c32360d695c21692291

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/bombay%20live.ab678ab94.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:58 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-5b4"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 485
expires: Sun, 05 May 2024 17:28:58 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a86b100afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/gamzix.c753c377b.svg

154.197.121.128

200 OK

3.9 kB

URL GET HTTP/2
1win-cdn.com/img/gamzix.c753c377b.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
3.9 kB (3899 bytes)
Hash
c9bdfac4b8a9fec4171e1e4eaada52d9
e0ecf83a680f3cb4750ca30306d444bf25e8a890
a9f4f158614d42eb732421ef41983f0cbfe1f29e95101bd315d0b3d238f1d21d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/gamzix.c753c377b.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:59 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-f3b"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 486
expires: Sun, 05 May 2024 17:28:59 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a92bb20afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/img/pragmatic.2e7a96b71.svg

154.197.121.128

200 OK

2.4 kB

URL GET HTTP/2
1win-cdn.com/img/pragmatic.2e7a96b71.svg
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
SVG Scalable Vector Graphics image
Size
2.4 kB (2387 bytes)
Hash
0318d08339acfa9fb15b1f56bb22b145
caa87d78a9c14af0beeb66733294652e6b1627b8
24fe7388e4f3fc5ddea45e6369a02683ca4ecbe85d5e18c8f67d47a69709cea9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/pragmatic.2e7a96b71.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:59 GMT
content-type: image/svg+xml
last-modified: Fri, 03 May 2024 15:33:38 GMT
etag: W/"663503d2-953"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 4811
expires: Sun, 05 May 2024 17:28:59 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113a9ec920afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/a2d833f8-b8d6-4fb7-8063-08501557df20.png@avif

172.67.181.254

200 OK

7.7 kB

URL GET HTTP/2
imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/a2d833f8-b8d6-4fb7-8063-08501557df20.png@avif
IP
172.67.181.254:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
ISO Media, AVIF Image
Size
7.7 kB (7665 bytes)
Hash
a301711d2f250aac2cf9a7b842d5639e
f64334b263231df3e7505d31d155e4277e8337db
c44c30f8bb76dda1f98ed40d6aa5eb9e0b906618ba0ef88033c315b926d51668

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/a2d833f8-b8d6-4fb7-8063-08501557df20.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:59 GMT
content-type: image/avif
content-length: 7665
cache-control: public, max-age=31536000
content-disposition: inline; filename="a2d833f8-b8d6-4fb7-8063-08501557df20.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1ZmQ1ZTBlLTRmM2ViIg"
x-request-id: BJABdYmHfcvdKcjvabDcx
cf-cache-status: HIT
age: 417729
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1mkoW7AcFneT5aSP4pfD4kNJ3x1J0AmUouXedAPWmrreNFe6APBJ4xWd2B4MUpbkF4%2FNbuU8OxJllEM379Fawbzrsdg4FG3%2FYD3EZnk9J2gTB%2FkcnmOvnryUPeTW%2BUkeb4GbsWC%2Fbsw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f113aaeee4569c-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

1win-cdn.com/js/31310.c605a9b9f.js

154.197.121.128

200 OK

528 B

URL GET HTTP/2
1win-cdn.com/js/31310.c605a9b9f.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (546), with no line terminators
Size
528 B (528 bytes)
Hash
819ea0d23f76434d7cf7bdad5c0dc71f
06f5a3c6cd80db3f5850633d2f868f55e7e92447
3fc29ff364ab40aadf6f25a1d6423b9d333cfecf786e3cfcc04175850357eedb

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/31310.c605a9b9f.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:57 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-210"
expires: Wed, 03 May 2034 13:28:57 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 420571
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f1139ffc130afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/js/62692.9dadb7398.js

154.197.121.128

200 OK

847 B

URL GET HTTP/2
1win-cdn.com/js/62692.9dadb7398.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (881), with no line terminators
Size
847 B (847 bytes)
Hash
2396c8bca3aec16d12512850881beeaa
f5e1ff1163ce9250fb0aae5e5ae0f7b53fa92bf1
dec438624d1ac734c43c52b607f839c13cef99ab7bd4f172d32c97e81630ff18

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/62692.9dadb7398.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:57 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-34f"
expires: Wed, 03 May 2034 13:28:57 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 420571
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f1139fbbcf0afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1win-cdn.com/js/33700.8f8589382.js

154.197.121.128

200 OK

992 B

URL GET HTTP/2
1win-cdn.com/js/33700.8f8589382.js
IP
154.197.121.128:443
ASN
#328608 Africa-on-Cloud-AS

Requested by
https://1wywi.com/
Certificate
IssuerGoogle Trust Services LLC
Subject1win-cdn.com
Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A
ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (1010), with no line terminators
Size
992 B (992 bytes)
Hash
7a56ca20c70147de869fb6f869c24757
8ba632a6c326ca6152d0c51a202527013eeb42f4
543572cbc25b63dbaf723d527cdb47a50c56655698f3eae1708b30e881429640

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/33700.8f8589382.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wywi.com/
Cookie: __cf_bm=5dxZPifAtpazyk6.k.GBrt0CcnfLC3rFUPV0k4m4q1A-1714915736-1.0.1.1-nWwU.wQ5etrp.iYYI86rBSQqqbUwpFJUiBeCgg9G5gOA2rKzmwTylVPwF7Jm6mdX1FCIrV1iU6AT7HuBuKWXpA
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 13:28:57 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-3e0"
expires: Wed, 03 May 2034 13:28:57 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 417267
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f1139ffc100afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (79)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL