IP190.115.24.78:443
Requested byhttps://1wxht.com/1.txt?1714793956632 CertificateIssuerLet's Encrypt Subject1wxht.com Fingerprint55:54:CF:42:C9:BE:AD:EB:59:BB:E2:32:C2:3F:B7:53:B2:E7:A6:65 ValidityTue, 30 Apr 2024 20:38:55 GMT - Mon, 29 Jul 2024 20:38:54 GMT
File typeMS Windows icon resource - 1 icon, 32x32, 32 bits/pixel Hashbad0d4174bec312273029c694f83abf6 84e56f06bd5b90f11f4940249e7faa92bc432b33 9b851d13163697b8d06ddfa1fa8e577f9cbc90cb2022c2063de172cbfdd4a61d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: 1wxht.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxht.com/1.txt?1714793956632
Cookie: __ddg1_=lEP3Ii2uZrzXyUQK6xMt
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: ddos-guard
date: Tue, 07 May 2024 12:06:10 GMT
content-type: image/x-icon
last-modified: Tue, 25 Jul 2023 09:29:53 GMT
etag: W/"64bf9611-10be"
x-frame-options: ALLOW-FROM ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan, ALLOW-FROM 1win-partner.com ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan
content-encoding: gzip
age: 241863
content-length: 497
ddg-cache-status: HIT
X-Firefox-Spdy: h2
|
| 1wtsso.life/1.txt?1714793956632 | 190.115.24.78 | 301 Moved Permanently | 8 B |
URL User Request GET HTTP/21wtsso.life/1.txt?1714793956632 IP190.115.24.78:443
CertificateIssuerLet's Encrypt Subject1wtsso.life FingerprintB0:01:F6:6F:EF:59:55:42:A1:AD:0A:EB:68:3E:F2:A7:9D:1C:F2:A6 ValidityTue, 07 May 2024 09:20:55 GMT - Mon, 05 Aug 2024 09:20:54 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /1.txt?1714793956632 HTTP/1.1
Host: 1wtsso.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 301 Moved Permanently
server: ddos-guard
set-cookie: __ddg1_=11Z7E36DqrZdEnyMF9e1; Domain=.1wtsso.life; HttpOnly; Path=/; Expires=Sat, 10-May-2025 07:17:12 GMT
date: Fri, 10 May 2024 07:17:12 GMT
content-type: text/html
location: https://1wxht.com/1.txt?1714793956632
access-control-allow-origin: *
content-encoding: br
vary: Accept-Encoding
age: 0
ddg-cache-status: MISS
X-Firefox-Spdy: h2
|
| 1wxht.com/1.txt?1714793956632 | 190.115.24.78 | 200 OK | 8 B |
URL User Request GET HTTP/21wxht.com/1.txt?1714793956632 IP190.115.24.78:443
CertificateIssuerLet's Encrypt Subject1wxht.com Fingerprint55:54:CF:42:C9:BE:AD:EB:59:BB:E2:32:C2:3F:B7:53:B2:E7:A6:65 ValidityTue, 30 Apr 2024 20:38:55 GMT - Mon, 29 Jul 2024 20:38:54 GMT
File typeASCII text, with no line terminators Hash45300fc64b3508897a13baa31fc46129 42df810ef3aef40e621856cf2f23f761acd47a16 d12275dadec507c4335f8da693eaf428b29b70e5009e14a76e3dc4005d1a12b4
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /1.txt?1714793956632 HTTP/1.1
Host: 1wxht.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg1_=lEP3Ii2uZrzXyUQK6xMt; Domain=.1wxht.com; HttpOnly; Path=/; Expires=Sat, 10-May-2025 07:17:12 GMT
date: Fri, 10 May 2024 06:23:15 GMT
content-type: text/plain
last-modified: Wed, 08 May 2024 22:27:12 GMT
access-control-allow-origin: *
accept-ranges: bytes
etag: W/"663bfc40-8"
age: 3237
ddg-cache-status: HIT
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
|