| 1wtsso.life/core-js/3.33.3/minified.js | 190.115.24.78 | 200 OK | 74 kB |
URL GET HTTP/21wtsso.life/core-js/3.33.3/minified.js IP190.115.24.78:443
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerLet's Encrypt Subject1wtsso.life FingerprintED:11:A9:B8:48:3F:E0:84:9D:82:E4:25:9F:C9:0D:03:D8:E4:CC:C0 ValidityFri, 19 Apr 2024 07:02:26 GMT - Thu, 18 Jul 2024 07:02:25 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (31999) Hash38facf849f100d0fe6269a53a7bca451 9bb69f981438d48b093bd1eb673885476b4932f0 ce68e1614ab493deaecfa6eb9711736de0348248e1d559b5f6dfb5dc4c29b459
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /core-js/3.33.3/minified.js HTTP/1.1
Host: 1wtsso.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register
Cookie: __ddg1_=cWD3UqJL96uidBXJXWUT; sub_ids=sub1=wdu161j31kq648r03084k716
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: ddos-guard
date: Thu, 18 Apr 2024 08:49:34 GMT
content-type: application/javascript
last-modified: Tue, 16 Apr 2024 10:46:25 GMT
etag: W/"661e5701-3b989"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: ALLOW-FROM ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan, ALLOW-FROM 1win-partner.com ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan
content-encoding: br
vary: Accept-Encoding
age: 604819
content-length: 74537
ddg-cache-status: HIT,HIT
X-Firefox-Spdy: h2
|
|
| 1wtsso.life/img/logo/main/1win-normal.svg | 190.115.24.78 | 200 OK | 1.5 kB |
URL GET HTTP/21wtsso.life/img/logo/main/1win-normal.svg IP190.115.24.78:443
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerLet's Encrypt Subject1wtsso.life FingerprintED:11:A9:B8:48:3F:E0:84:9D:82:E4:25:9F:C9:0D:03:D8:E4:CC:C0 ValidityFri, 19 Apr 2024 07:02:26 GMT - Thu, 18 Jul 2024 07:02:25 GMT
File typeSVG Scalable Vector Graphics image Hash0a5e2aff3499f587617337c0add83e72 c713ec3dbfd744114ba3b9cbf7b9ce3d40fbd8a4 a5cb3d03f299b837679eaa793491a03acc5fc1afdbc7f207b7566646f3bd2ecb
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/logo/main/1win-normal.svg HTTP/1.1
Host: 1wtsso.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register
Cookie: __ddg1_=cWD3UqJL96uidBXJXWUT; sub_ids=sub1=wdu161j31kq648r03084k716
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: ddos-guard
date: Mon, 15 Apr 2024 13:07:44 GMT
content-type: image/svg+xml
last-modified: Mon, 15 Apr 2024 11:50:04 GMT
etag: W/"661d146c-1221"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
content-encoding: br
vary: Accept-Encoding
age: 848528
content-length: 1474
ddg-cache-status: HIT,HIT
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/font/SFNSDisplay-latin.50a4eaff3.woff2 | 154.197.121.128 | 200 OK | 33 kB |
URL GET HTTP/21win-cdn.com/font/SFNSDisplay-latin.50a4eaff3.woff2 IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 33064, version 1.0 Hashde175cbf569bb3ccf1f761c845cbd896 8d93663b858bae157ba5fc40e1400177104d71bd df3772666587111462634070c47969ad9687bbf80d0694bb2e6c33be39434d68
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /font/SFNSDisplay-latin.50a4eaff3.woff2 HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1wtsso.life/
Origin: https://1wtsso.life
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:52 GMT
content-type: application/octet-stream
content-length: 33064
last-modified: Mon, 15 Apr 2024 11:50:03 GMT
etag: "661d146b-8128"
expires: Sun, 23 Apr 2034 08:49:52 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 783430
accept-ranges: bytes
set-cookie: __cf_bm=ECfdr2FkF8Lu346y2vPg2OueDA12xRwOp9AGwdw1lnQ-1714034992-1.0.1.1-jzBAMMp.zUuK5J.OYgGhT3m3u5KQCMGSNp4_XtfsPVP5vIYIaU.GY2cvtf.0gWJLR30DnJPzJwJRdPGv2uy2HQ; path=/; expires=Thu, 25-Apr-24 09:19:52 GMT; domain=.1win-cdn.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d150c5ba0b4fa-OSL
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/font/SFNSText-latin.f09aa5229.woff2 | 154.197.121.128 | 200 OK | 44 kB |
URL GET HTTP/21win-cdn.com/font/SFNSText-latin.f09aa5229.woff2 IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 43512, version 1.0 Hash426f20bb65ea80d35f3f2a999d5d7d1e 85f211a450f26d7f0822d718fc61085a506fa455 06e02d3d2d01bb2c88786b0a2dd2d692f6659c0159ec4754f7db49c12e03b0d6
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /font/SFNSText-latin.f09aa5229.woff2 HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1wtsso.life/
Origin: https://1wtsso.life
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:52 GMT
content-type: application/octet-stream
content-length: 43512
last-modified: Mon, 15 Apr 2024 11:50:03 GMT
etag: "661d146b-a9f8"
expires: Sun, 23 Apr 2034 08:49:52 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 597912
accept-ranges: bytes
set-cookie: __cf_bm=EUJuC1IRzqxBJMT0XqsLKE19fyTR7HQtF5RQIfJ_GQw-1714034992-1.0.1.1-Wx1X_pjv6ilrlyEMuogK.Gsv3aLwD0vWmCySJv2pFZpCvK2FXQptbPpukj3VQTGl4p.LxbdTE2bDVRuWVdZMsw; path=/; expires=Thu, 25-Apr-24 09:19:52 GMT; domain=.1win-cdn.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d150c5ba7b4fa-OSL
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/desktop.bc817c89d.js | 154.197.121.128 | 200 OK | 37 kB |
URL GET HTTP/21win-cdn.com/js/desktop.bc817c89d.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typegzip compressed data, from Unix Hashd907cd014260786c37cef2c20b46f00d 4eecd1a6a59de01c16ba4d4f1995da224e458ed1 7b126db2b24a3b71a69e5c581216ee93fffbb56f3782103247bd3f8db1d74a82
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/desktop.bc817c89d.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:52 GMT
content-type: application/javascript; charset=utf-8
last-modified: Thu, 25 Apr 2024 07:09:59 GMT
etag: W/"662a01c7-21828"
expires: Sun, 23 Apr 2034 08:49:52 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 4734
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d150d7bffb524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/css/desktop.ec875fd7a.css | 154.197.121.128 | 200 OK | 24 kB |
URL GET HTTP/21win-cdn.com/css/desktop.ec875fd7a.css IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typegzip compressed data, from Unix Hashc3bc0f88b2d6423d59bfe131376bb721 4ccd56b2455feb8d7c0428c003109027fc2105e1 f9f637777cd7941cb448bc88424cd97023bdb4696183eb9bbf0f1f48c2bf91fb
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /css/desktop.ec875fd7a.css HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:52 GMT
content-type: text/css
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-124af"
expires: Sun, 23 Apr 2034 08:49:52 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1826026
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d150d7c01b524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/53516.4b15046bf.js | 154.197.121.128 | 200 OK | 34 kB |
URL GET HTTP/21win-cdn.com/js/53516.4b15046bf.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typegzip compressed data, from Unix Hashc8d3f6a0521ba4eff07e24401ba6d9b6 12eae98fa99d749d66442169c5cc919cbdf24067 64579d5449a981eb9497eac552ec8108ee0bd865282dc26ef65b7c539e1a57bb
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/53516.4b15046bf.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:52 GMT
content-type: application/javascript; charset=utf-8
last-modified: Thu, 25 Apr 2024 08:10:17 GMT
etag: W/"662a0fe9-20f87"
expires: Sun, 23 Apr 2034 08:49:52 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1538
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d150e5cd9b524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/css/92620.dae54c10d.css | 154.197.121.128 | 200 OK | 16 kB |
URL GET HTTP/21win-cdn.com/css/92620.dae54c10d.css IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typegzip compressed data, from Unix Hash86ff8454478e0a4af7dd69ce4e13f788 9befef84cc9b15d9560c109aaa115ae93227cf1e 30660bf4a6b7f7b688cd8f199a160c20c67aeb8c80b0428f134d7d8beb1007b1
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /css/92620.dae54c10d.css HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:52 GMT
content-type: text/css
last-modified: Tue, 23 Apr 2024 11:53:44 GMT
etag: W/"6627a148-7a1f"
expires: Sun, 23 Apr 2034 08:49:52 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 160557
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d150e6cdcb524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/desktop.bc817c89d.js | 154.197.121.128 | 200 OK | 45 kB |
URL GET HTTP/21win-cdn.com/js/desktop.bc817c89d.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typegzip compressed data, from Unix Hash29c5f47220cb234ec4b89d9573c38e54 31166ad0d8b07aca7a766f3a006c2cddd0a26ca2 7727aa121596f69e8f94e6b6c248d0705e86abdc80557caf728521d0f78049a3
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/desktop.bc817c89d.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:52 GMT
content-type: application/javascript; charset=utf-8
last-modified: Thu, 25 Apr 2024 07:09:59 GMT
etag: W/"662a01c7-21828"
expires: Sun, 23 Apr 2034 08:49:52 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 4734
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d150e6ce8b524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win.direct/v4/socket.io/?Language=en&xorigin=1wtsso.life&EIO=4&transport=websocket | 134.122.54.186 | | 0 B |
URL 1win.direct/v4/socket.io/?Language=en&xorigin=1wtsso.life&EIO=4&transport=websocket IP134.122.54.186:0 ASN#14061 DIGITALOCEAN-ASN
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /v4/socket.io/?Language=en&xorigin=1wtsso.life&EIO=4&transport=websocket HTTP/1.1
Host: 1win.direct
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://1wtsso.life
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: aI58uhZbacN4Nq/60vJlbQ==
DNT: 1
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Sec-Websocket-Accept: BWY62b9pj8PCPr8sYifshSO8NNY=
Sec-Websocket-Extensions: permessage-deflate
Set-Cookie: core-sticky=c6a048f545bf1872; Path=/; HttpOnly
Upgrade: websocket
|
|
| 1wtsso.life/firebase/8.1.1/firebase-app.js | 190.115.24.78 | 200 OK | 6.6 kB |
URL GET HTTP/21wtsso.life/firebase/8.1.1/firebase-app.js IP190.115.24.78:443
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerLet's Encrypt Subject1wtsso.life FingerprintED:11:A9:B8:48:3F:E0:84:9D:82:E4:25:9F:C9:0D:03:D8:E4:CC:C0 ValidityFri, 19 Apr 2024 07:02:26 GMT - Thu, 18 Jul 2024 07:02:25 GMT
File typeJavaScript source, ASCII text, with very long lines (19927) Hash5b9dcee25dd464bbf914b48e05e770c7 3f4e99ad6ce1fb6eb6be51dbd50ffab375eb0533 01a87f9f8138f66274cfedb855c0bfbe1529600a65ed26b0c863533e1e94abce
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /firebase/8.1.1/firebase-app.js HTTP/1.1
Host: 1wtsso.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/casino/list?&open=register
Cookie: __ddg1_=cWD3UqJL96uidBXJXWUT; sub_ids=sub1=wdu161j31kq648r03084k716; visit_domain=1wtsso.life; core-sticky=http://10.233.108.84:80; 1w_lang=en; 1w_locale=1; AMP_494cccfe21=JTdCJTIyZGV2aWNlSWQlMjIlM0ElMjJkMTg1MDk0Yi00ZDRmLTRiNzUtODJkMy1mNzVmNWJhNmJlZGYlMjIlMkMlMjJzZXNzaW9uSWQlMjIlM0ExNzE0MDM0OTkyNTkzJTJDJTIyb3B0T3V0JTIyJTNBZmFsc2UlMkMlMjJsYXN0RXZlbnRUaW1lJTIyJTNBMTcxNDAzNDk5MjYzMSUyQyUyMmxhc3RFdmVudElkJTIyJTNBMCU3RA==; AMP_MKTG_494cccfe21=JTdCJTdE
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: ddos-guard
date: Mon, 15 Apr 2024 13:07:46 GMT
content-type: application/javascript
last-modified: Mon, 15 Apr 2024 11:50:04 GMT
etag: W/"661d146c-4ded"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: ALLOW-FROM ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan, ALLOW-FROM 1win-partner.com ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan
content-encoding: br
vary: Accept-Encoding
age: 848526
content-length: 6578
ddg-cache-status: HIT,HIT
X-Firefox-Spdy: h2
|
|
| 1wtsso.life/firebase/8.1.1/firebase-messaging.js | 190.115.24.78 | 200 OK | 11 kB |
URL GET HTTP/21wtsso.life/firebase/8.1.1/firebase-messaging.js IP190.115.24.78:443
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerLet's Encrypt Subject1wtsso.life FingerprintED:11:A9:B8:48:3F:E0:84:9D:82:E4:25:9F:C9:0D:03:D8:E4:CC:C0 ValidityFri, 19 Apr 2024 07:02:26 GMT - Thu, 18 Jul 2024 07:02:25 GMT
File typeJavaScript source, ASCII text, with very long lines (40719) Hash450e8b32262706d42cfdd438c49208f5 31c7e4aac1d1303c1e83a0b591abc3501e278668 58a372bb9d424111a2e73c427edb10db91c0f05e8f323f046d20f5cf8fd6f30f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /firebase/8.1.1/firebase-messaging.js HTTP/1.1
Host: 1wtsso.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/casino/list?&open=register
Cookie: __ddg1_=cWD3UqJL96uidBXJXWUT; sub_ids=sub1=wdu161j31kq648r03084k716; visit_domain=1wtsso.life; core-sticky=http://10.233.108.84:80; 1w_lang=en; 1w_locale=1; AMP_494cccfe21=JTdCJTIyZGV2aWNlSWQlMjIlM0ElMjJkMTg1MDk0Yi00ZDRmLTRiNzUtODJkMy1mNzVmNWJhNmJlZGYlMjIlMkMlMjJzZXNzaW9uSWQlMjIlM0ExNzE0MDM0OTkyNTkzJTJDJTIyb3B0T3V0JTIyJTNBZmFsc2UlMkMlMjJsYXN0RXZlbnRUaW1lJTIyJTNBMTcxNDAzNDk5MjYzMSUyQyUyMmxhc3RFdmVudElkJTIyJTNBMCU3RA==; AMP_MKTG_494cccfe21=JTdCJTdE
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: ddos-guard
date: Tue, 16 Apr 2024 21:26:23 GMT
content-type: application/javascript
last-modified: Tue, 16 Apr 2024 10:46:25 GMT
etag: W/"661e5701-9f25"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: ALLOW-FROM ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan, ALLOW-FROM 1win-partner.com ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan
content-encoding: br
vary: Accept-Encoding
age: 732209
content-length: 10915
ddg-cache-status: HIT,HIT
X-Firefox-Spdy: h2
|
|
| www.googletagmanager.com/gtm.js?id=GTM-KGKQDC7 | 142.250.74.168 | 200 OK | 106 kB |
URL GET HTTP/2www.googletagmanager.com/gtm.js?id=GTM-KGKQDC7 IP142.250.74.168:443
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com Fingerprint1E:33:2E:4B:C3:51:05:B7:73:DC:21:BF:3E:02:B3:16:D8:0B:AB:BB ValidityMon, 18 Mar 2024 19:37:14 GMT - Mon, 10 Jun 2024 19:37:13 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (50345) Size106 kB (105728 bytes) Hashd1dd0ac1d85ea7674cc9f2eaf6fae2ba b88660b7ca1e436d037c8bbb67606a8d821576b6 42ab4d663cb8f06dac8f6797221a0c120e50d2d5714fc16b91fbccb9b4a7dbe6
GET /gtm.js?id=GTM-KGKQDC7 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 25 Apr 2024 08:49:52 GMT
expires: Thu, 25 Apr 2024 08:49:52 GMT
cache-control: private, max-age=900
last-modified: Thu, 25 Apr 2024 06:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 105728
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/39061.10c025600.js | 154.197.121.128 | 200 OK | 30 kB |
URL GET HTTP/21win-cdn.com/js/39061.10c025600.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typegzip compressed data, from Unix Hashc3efc3797fc0e44161bc467e9c809a86 fe24798cc7770579a5bbd3de1fbdb633878692c2 b294c3d405f941175cf8530b30d886b9e9ab99544919b001249ac041ee48ad57
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/39061.10c025600.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:52 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 24 Apr 2024 12:10:29 GMT
etag: W/"6628f6b5-16929"
expires: Sun, 23 Apr 2034 08:49:52 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 72237
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d1511bfc1b524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/free-money-link-image.1ada0c9e1-120.png | 154.197.121.128 | 200 OK | 5.3 kB |
URL GET HTTP/21win-cdn.com/img/free-money-link-image.1ada0c9e1-120.png IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typePNG image data, 120 x 97, 8-bit colormap, non-interlaced Hash911fa68d94dd3f2bc8ceff2671e87bdd 9bca43449cf32e95c62291a802cad6e6c4493025 9d652f09af7a4abeaa6cd6a77f32598dd33e3b7b8a55c032409cd2ecacd11db7
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/free-money-link-image.1ada0c9e1-120.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:53 GMT
content-type: image/png
content-length: 5274
cf-bgj: imgq:100,h2pri
cf-polished: origSize=6354
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "662931b6-18d2"
last-modified: Wed, 24 Apr 2024 16:22:14 GMT
cf-cache-status: HIT
age: 6029
expires: Thu, 25 Apr 2024 12:49:53 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d1513496cb524-OSL
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/lucky-jet.f927485da.svg | 154.197.121.128 | 200 OK | 36 kB |
URL GET HTTP/21win-cdn.com/img/lucky-jet.f927485da.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typegzip compressed data, from Unix Hash28be03068e73eefe699e0e4b29d9bbf9 b4df6be0c703dc3aaec3dcb2e910dceec58797b9 f3157644005a83faef374d9b36364c5281da48cdb39a1a8205b176d98abedbac
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/lucky-jet.f927485da.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:53 GMT
content-type: image/svg+xml
last-modified: Thu, 25 Apr 2024 07:09:59 GMT
etag: W/"662a01c7-f8d"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1109
expires: Thu, 25 Apr 2024 12:49:53 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d1513091ab524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/emoji-slots.1c6e965b9-160.png | 154.197.121.128 | 200 OK | 7.8 kB |
URL GET HTTP/21win-cdn.com/img/emoji-slots.1c6e965b9-160.png IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typePNG image data, 160 x 160, 8-bit colormap, non-interlaced Hash87325735734a61a6dcf78148f1eb9fef 934481694321a7c02aca3fc865355eb732f7d0cc 6f6332331617980bbe000550b8ec83e3ab48cc35a952ba512f7fac2b9dfae881
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/emoji-slots.1c6e965b9-160.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:53 GMT
content-type: image/png
content-length: 7806
cf-bgj: imgq:100,h2pri
cf-polished: origSize=8977
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "662931b6-2311"
last-modified: Wed, 24 Apr 2024 16:22:14 GMT
cf-cache-status: HIT
age: 7064
expires: Thu, 25 Apr 2024 12:49:53 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d15153af1b524-OSL
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/banner_desktop_casino_1x/plain/https://1win-cdn.com/casino-images/game_of_week/259a973a-5e05-4f33-87ed-623fd1e3b05b.png@avif | 172.67.181.254 | 200 OK | 18 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/banner_desktop_casino_1x/plain/https://1win-cdn.com/casino-images/game_of_week/259a973a-5e05-4f33-87ed-623fd1e3b05b.png@avif IP172.67.181.254:443
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
Hash639cce1cffcb21ba54cdd6d994c9d678 d2b7127ae8e50726bd6211509b71d455bb0f68cd 2aba8f73ffa97e79377ca41ae0758163a8a948b39dded9a4f8e8ad08a0223e87
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/banner_desktop_casino_1x/plain/https://1win-cdn.com/casino-images/game_of_week/259a973a-5e05-4f33-87ed-623fd1e3b05b.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:53 GMT
content-type: image/avif
content-length: 17718
cache-control: public, max-age=31536000
content-disposition: inline; filename="259a973a-5e05-4f33-87ed-623fd1e3b05b.avif"
content-security-policy: script-src 'none'
etag: "aAW6VDAor011uV9XSvPmkLd6FEDbuXicemelEDsn6Hk/RIjY2Mjc3YjdkLWU0MGUxIg"
expires: Tue, 30 Apr 2024 09:13:12 GMT
x-request-id: ykd__S-VaYwqVmEUMQK9G
cf-cache-status: HIT
age: 171401
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=z7Tg8QmIM0O2xBQXa4aAJS05EEn8%2FeTPzA3jgXu3kFskLfGL9%2Bg1%2Bh%2BaC0bqV6UTLnrVORAZlKhpJTa0UoaZrD5Ha3qV6ooVvFEMVrepbm7Hv05MPKHTTfzS7lmKfdynJIKFVDxN0nQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d15157b3356ab-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/44101.f1c080287.js | 154.197.121.128 | 200 OK | 50 kB |
URL GET HTTP/21win-cdn.com/js/44101.f1c080287.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typegzip compressed data, from Unix Hash601e7b1375a83c876974705cbb73195b 99c9066d0565d5ca51cd2893e281c0c1ed31b428 09dddd9959f61504aadd9188023028c948a1d69b86f9ef47ac748d803a2d7878
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/44101.f1c080287.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:52 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 24 Apr 2024 12:10:29 GMT
etag: W/"6628f6b5-8119"
expires: Sun, 23 Apr 2034 08:49:52 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 73434
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d1511afa8b524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/infingames/c971b3cb-1bf8-4fc0-8970-fb258a3a0ac3.jpg@png | 172.67.181.254 | 200 OK | 206 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/infingames/c971b3cb-1bf8-4fc0-8970-fb258a3a0ac3.jpg@png IP172.67.181.254:443
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typePNG image data, 419 x 314, 8-bit/color RGB, non-interlaced Size206 kB (205741 bytes) Hash6357d842961469b93dfab5d30a787d31 a021d7a51d9ff9e31e28ff24e34ff389f44d18f2 068943eb0868ea0dfa9a9b8b0e197fa2a0a93a31f50e37e9ead038f0968c837b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/infingames/c971b3cb-1bf8-4fc0-8970-fb258a3a0ac3.jpg@png HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:53 GMT
content-type: image/png
content-length: 205741
cache-control: public, max-age=31536000
content-disposition: inline; filename="c971b3cb-1bf8-4fc0-8970-fb258a3a0ac3.png"
content-security-policy: script-src 'none'
etag: "YivgRLogmnYHS1cXPJjS1dpZXN4A7BZ3bWbLSqbfqjQ/RIjY0NTExYzUwLTJjYTViIg"
expires: Thu, 25 Apr 2024 12:03:08 GMT
x-request-id: 2aemAFe1OjTjV4auPg-vU
cf-cache-status: HIT
age: 593205
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DqfMN6OP7hPU69SSgwbIUpVZcoOwOf9qEuCOHJpIdTgpSV7mg6hk6eHHWIXhPlhFlfqnX5Ko%2FzORtD%2BLdfFSAV%2BzqpSgRmrE9MaqXwopgL7WBXcOAr4GOPHLM5jQsYVbsI5c4XebtUo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d1515bb7d56ab-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/500_i18_bg.0e037ee17-1320.webp | 154.197.121.128 | 200 OK | 40 kB |
URL GET HTTP/21win-cdn.com/img/500_i18_bg.0e037ee17-1320.webp IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 1320x427, Scaling: [none]x[none], YUV color, decoders should clamp Hash14de8fd7c8de24bb9f6f89ddd3c2d480 9635193c712dafa2c58339dee09588880a96a980 633593c73a175eabb2a5716a04aa84b1b49fc8e4ac4687b07509db36350076b7
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/500_i18_bg.0e037ee17-1320.webp HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:53 GMT
content-type: image/webp
content-length: 39614
last-modified: Thu, 25 Apr 2024 08:10:16 GMT
etag: "662a0fe8-9abe"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Thu, 25 Apr 2024 12:49:53 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d15159b52b524-OSL
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/62873.c94378d02.js | 154.197.121.128 | 200 OK | 65 kB |
URL GET HTTP/21win-cdn.com/js/62873.c94378d02.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typegzip compressed data, from Unix Hash2a529e846e3d014ec73ff3b19ae1b8f4 04189c3d0679df77abd276e8c04df5198f5a81ce 5667af0e68ba42cf2f76fe8b9c3934f69dd158029643dc5f5e00d787a5a2776a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/62873.c94378d02.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:52 GMT
content-type: application/javascript; charset=utf-8
last-modified: Tue, 23 Apr 2024 11:53:44 GMT
etag: W/"6627a148-556"
expires: Sun, 23 Apr 2034 08:49:52 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 160394
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d15117f7db524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/spinomenal/816dc231-c8b7-4ffb-bae9-d78caff7e923.jpg@png | 172.67.181.254 | 200 OK | 260 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/spinomenal/816dc231-c8b7-4ffb-bae9-d78caff7e923.jpg@png IP172.67.181.254:443
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typePNG image data, 419 x 314, 8-bit/color RGB, non-interlaced Size260 kB (259640 bytes) Hash68842dabdd37c7fe88115bad80bbd8f3 f183bc6423677e03b354e751e2425bad9be1b0d2 f1d49078b6d1ce36a7acdc4d425d052e11ece832607f35fd8f03e6c68c340dbb
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/spinomenal/816dc231-c8b7-4ffb-bae9-d78caff7e923.jpg@png HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:53 GMT
content-type: image/png
content-length: 259640
cache-control: public, max-age=31536000
content-disposition: inline; filename="816dc231-c8b7-4ffb-bae9-d78caff7e923.png"
content-security-policy: script-src 'none'
etag: "YivgRLogmnYHS1cXPJjS1dpZXN4A7BZ3bWbLSqbfqjQ/RIjY1YjNhOTQ4LTI4YTY3Ig"
expires: Tue, 23 Apr 2024 08:22:50 GMT
x-request-id: Oe3eTLE6HtamxOVAf3KA6
cf-cache-status: HIT
age: 156416
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2wPng3EC9N%2BwqEzj4uGFcHuSceDDIjT%2BAOxUt%2FQiha93dPA0UQIDaAfkIIxLq9AxsD2et01XB8VB6Ilmsq5C48Mcmsl%2BFScku2dut35ablArBw%2FPG0iHW3ifLjutqiBvWJsab%2Fd5tzU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d1515bb8a56ab-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/mrslotty/3570f391-99ef-4e57-9ae5-c12a42b6e98e.png@png | 172.67.181.254 | 200 OK | 219 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/mrslotty/3570f391-99ef-4e57-9ae5-c12a42b6e98e.png@png IP172.67.181.254:443
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typePNG image data, 419 x 314, 8-bit/color RGB, non-interlaced Size219 kB (218899 bytes) Hash22ac9827e78e4474224381e0499fc222 d8d0c2fbcba8017f4165df3de1137374c287e238 fdf9084d2d42ec288df3ba5822a3aea0932142057b4d5273c178de1c6f9326b2
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/mrslotty/3570f391-99ef-4e57-9ae5-c12a42b6e98e.png@png HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:53 GMT
content-type: image/png
content-length: 218899
cache-control: public, max-age=31536000
content-disposition: inline; filename="3570f391-99ef-4e57-9ae5-c12a42b6e98e.png"
content-security-policy: script-src 'none'
etag: "YivgRLogmnYHS1cXPJjS1dpZXN4A7BZ3bWbLSqbfqjQ/RIjY2MDk5YjU0LTQ2YWExIg"
expires: Thu, 25 Apr 2024 10:21:20 GMT
x-request-id: uqOstvIyXEvC05dHDeAS4
cf-cache-status: HIT
age: 599313
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jv01Xw%2BA5DbSB582zfWJakgcePY7ODHHGFktac3GjK%2BOz3Uh2CAp4VxsB6yIvKc6vONXFaMUZQFWPt2hRymElGxaMZw2%2Bez44lItanE7x%2BLq49Qg2qj%2FxvUPt%2BkzqLK8agWKnyHelrk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d15161be156ab-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/softswiss/a2d833f8-b8d6-4fb7-8063-08501557df20.png@png | 172.67.181.254 | 200 OK | 242 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/softswiss/a2d833f8-b8d6-4fb7-8063-08501557df20.png@png IP172.67.181.254:443
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typePNG image data, 419 x 314, 8-bit/color RGB, non-interlaced Size242 kB (242119 bytes) Hash9a52fe2c84058ce55e66960b1b641210 9430db2ba2a5bcac4397433b7371d30efd5029b0 95b103953be7e6c849ccd6e56666def2140d2fea620e13102d2a570ad679e56f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/softswiss/a2d833f8-b8d6-4fb7-8063-08501557df20.png@png HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:53 GMT
content-type: image/png
content-length: 242119
cache-control: public, max-age=31536000
content-disposition: inline; filename="a2d833f8-b8d6-4fb7-8063-08501557df20.png"
content-security-policy: script-src 'none'
etag: "YivgRLogmnYHS1cXPJjS1dpZXN4A7BZ3bWbLSqbfqjQ/RIjY1ZmQ1ZTBlLTRmM2ViIg"
expires: Tue, 23 Apr 2024 09:47:49 GMT
x-request-id: kxi-7GrQWYISexPKCkuGG
cf-cache-status: HIT
age: 156416
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=h3uZI4yq5voBdn88mtizHdD6v7hfyjuFvb22if9r39aDCLjWaU1q49RLOKsUSm%2FlGogYLGneb%2BkJwkIqfjZiRRfYE%2F5ny8URs%2FXYTRydbxVMh0XTQUI6%2B7WQG%2Bkg1aZaxBsJ2y1yakM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d15166c4756ab-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/spinomenal/b766d86a-eade-487b-98e3-7c58464e62de.png@png | 172.67.181.254 | 200 OK | 151 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/spinomenal/b766d86a-eade-487b-98e3-7c58464e62de.png@png IP172.67.181.254:443
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typePNG image data, 300 x 225, 8-bit/color RGB, non-interlaced Size151 kB (150697 bytes) Hash911db65185943a50059067d28aae8807 5a581a20c7c48303c5a002a3dac96e1fa2857d7d 1e6a1037dc57e2bac13b4ac5d506bf68ea411018fd4a4af388a3827532708c75
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/spinomenal/b766d86a-eade-487b-98e3-7c58464e62de.png@png HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:53 GMT
content-type: image/png
content-length: 150697
cache-control: public, max-age=31536000
content-disposition: inline; filename="b766d86a-eade-487b-98e3-7c58464e62de.png"
content-security-policy: script-src 'none'
etag: "YivgRLogmnYHS1cXPJjS1dpZXN4A7BZ3bWbLSqbfqjQ/RIjY0MTJlYmFlLTMwYjZmIg"
expires: Tue, 23 Apr 2024 09:14:11 GMT
x-request-id: IWZ8Lvmy2Il8lpk-soOZZ
cf-cache-status: HIT
age: 156416
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=27hIc%2B1UNCc8%2B50mYBHDbb7ki1t88llgz0qLbhhx7862aRCyR%2Bdue9ScaPqZyhvscNZhxK5rKYx3PbuU92tpAc29bW3SC7YycsUrEGxJbaRZKryWh7IIzyXWDu0Rg6Yn0xMyS5d9%2Bl0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d15166c4c56ab-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/infingames/ada717cd-e63b-40b2-adbf-c1009964d6f0.png@png | 172.67.181.254 | 200 OK | 220 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/infingames/ada717cd-e63b-40b2-adbf-c1009964d6f0.png@png IP172.67.181.254:443
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typePNG image data, 419 x 314, 8-bit/color RGB, non-interlaced Size220 kB (220360 bytes) Hash0eb4b1605ebc6d7bb0029dd7413a5d5d ec1cbae4e12cfb09de874350dd391c8fd55732fd ca16b26aad9a2facca42df47d7e9e2971ee3920ef264698c690d4898199b1855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/infingames/ada717cd-e63b-40b2-adbf-c1009964d6f0.png@png HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:53 GMT
content-type: image/png
content-length: 220360
cache-control: public, max-age=31536000
content-disposition: inline; filename="ada717cd-e63b-40b2-adbf-c1009964d6f0.png"
content-security-policy: script-src 'none'
etag: "YivgRLogmnYHS1cXPJjS1dpZXN4A7BZ3bWbLSqbfqjQ/RIjY2MWNlZTJkLTZiYjFhIg"
expires: Tue, 30 Apr 2024 01:11:55 GMT
x-request-id: FGJ8883WHoXTjDITcBY0F
cf-cache-status: HIT
age: 200278
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xE0aVfbxdZXTIaCc0UAy5aFsWZLQd5kJ1M0%2F1IKclbMMdXOlSJDC12MQAW6AhDXbgokNES1eZmqzyBmLKcp03XnIvi2IMv3AR5cSlKp8wApVJjkeQu8tFmspchDt%2B0jbAq9RElwAHIA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d15167c4e56ab-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/softswiss/a6bce22c-f7ed-4ce4-9414-3a9c284f6175.jpg@png | 172.67.181.254 | 200 OK | 236 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/softswiss/a6bce22c-f7ed-4ce4-9414-3a9c284f6175.jpg@png IP172.67.181.254:443
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typePNG image data, 419 x 314, 8-bit/color RGB, non-interlaced Size236 kB (236159 bytes) Hash15e20af718c969ee5c71d6750840550c eae41711101bdd876ce5196f920b78fcc3f619ae 32b32d483c2367f989e90404946717c45101e21cfa9b2f4a4fa21cb88d87927b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/softswiss/a6bce22c-f7ed-4ce4-9414-3a9c284f6175.jpg@png HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:53 GMT
content-type: image/png
content-length: 236159
cache-control: public, max-age=31536000
content-disposition: inline; filename="a6bce22c-f7ed-4ce4-9414-3a9c284f6175.png"
content-security-policy: script-src 'none'
etag: "YivgRLogmnYHS1cXPJjS1dpZXN4A7BZ3bWbLSqbfqjQ/RIjY2MGE2MTVkLTRkNDcyIg"
expires: Thu, 25 Apr 2024 10:21:21 GMT
x-request-id: DIEeJVa9SumRVdwfljuv2
cf-cache-status: HIT
age: 599312
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=O4NgnidWo2nL8ep%2FTvevWp%2FW06uihu3asXkgb0Caf9RRb4%2FPWnDCi5zutYYoZhVjiRG4GiGThNOXTS1Gv1WJCBaxNPUQhScqUmX1sNk7Kaeb1nwlpZb8TH7fxLRWeJCUXLkhhMfFXJE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d15167c5156ab-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/softswiss/e5e6ff35-98dc-4923-abf3-6f2fe59515fe.png@png | 172.67.181.254 | 200 OK | 124 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/softswiss/e5e6ff35-98dc-4923-abf3-6f2fe59515fe.png@png IP172.67.181.254:443
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typePNG image data, 300 x 225, 8-bit/color RGB, non-interlaced Size124 kB (123495 bytes) Hash6dcb9803a52ca57b6f86ecb3e25eb3b4 2e05832ad846d724cef35fa09ebb9eff11d41246 810a169ca3da7734cfdb6a78ce5029cfde22eeaa4879d32ad772b11e36bed80d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/softswiss/e5e6ff35-98dc-4923-abf3-6f2fe59515fe.png@png HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:53 GMT
content-type: image/png
content-length: 123495
cache-control: public, max-age=31536000
content-disposition: inline; filename="e5e6ff35-98dc-4923-abf3-6f2fe59515fe.png"
content-security-policy: script-src 'none'
etag: "YivgRLogmnYHS1cXPJjS1dpZXN4A7BZ3bWbLSqbfqjQ/RIjY0ZTM1M2QzLTJjM2QyIg"
expires: Thu, 25 Apr 2024 10:14:24 GMT
x-request-id: iaaWP0hSiODzAhgjdf2RO
cf-cache-status: HIT
age: 599729
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ePu67%2B1nJVFNuqNZC6l5nOXwJnPKLthIWV7eX6KhCwOxLaWKwZaxx3a5GRWpF%2BK5p2ogYhtXyvm4N8JI1IoWnDkO5qhuZUNFZeKvTHn5KlZtFu%2FjJS4JAeqCQ0yxirREmaq3I3ojNd4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d15169c7156ab-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/14681.3d5bceb66.js | 154.197.121.128 | 200 OK | 257 kB |
URL GET HTTP/21win-cdn.com/js/14681.3d5bceb66.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typegzip compressed data, from Unix Size257 kB (257073 bytes) Hashd2473d00c37b00f0c16c35703be3df97 6f6401fed046286b151f160fdcd10ebb0cdb796d 77f8ba37b13203118aa5a427e9c032d8ccc32cb05f51850ba5cde6980e6e0708
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/14681.3d5bceb66.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:53 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-24d"
expires: Sun, 23 Apr 2034 08:49:53 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1241751
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d1514da9bb524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/endorphina/16b695c0-a55e-4b62-a358-7f28a054f5c3.png@png | 172.67.181.254 | 200 OK | 222 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/endorphina/16b695c0-a55e-4b62-a358-7f28a054f5c3.png@png IP172.67.181.254:443
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typePNG image data, 419 x 314, 8-bit/color RGBA, non-interlaced Size222 kB (221985 bytes) Hashe445a7a7e32feb228ba18d8c14e15a2a ab9a44ad40aeff2d93a4bc980a9b85402ea20c06 84d7cb1d330cc4e84a43b9079a512561f59ef855f462015851c099c9d6d6ae23
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/endorphina/16b695c0-a55e-4b62-a358-7f28a054f5c3.png@png HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:53 GMT
content-type: image/png
content-length: 221985
cache-control: public, max-age=31536000
content-disposition: inline; filename="16b695c0-a55e-4b62-a358-7f28a054f5c3.png"
content-security-policy: script-src 'none'
etag: "YivgRLogmnYHS1cXPJjS1dpZXN4A7BZ3bWbLSqbfqjQ/RIjY1NmY0YzBmLTViZWY2Ig"
expires: Tue, 23 Apr 2024 09:48:03 GMT
x-request-id: MRMH1yaMNOsnPLZRoFqEn
cf-cache-status: HIT
age: 53890
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lDaX8HaT8ooXZRZnBU5XJaBisUtce0Uat4SOgz3wquHmtG6slOH9%2BoUjwkxW8yIICDJ%2FDJAqoQNts3fGVy%2BrDbfLXxvS1Cs3scAAP%2BgHIbhT9wrluHZ9aGbg%2F8AJzUBnMeHD%2F5R8%2BNw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d15176d7956ab-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/spinomenal/816dc231-c8b7-4ffb-bae9-d78caff7e923.jpg@avif | 172.67.181.254 | 200 OK | 7.4 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/spinomenal/816dc231-c8b7-4ffb-bae9-d78caff7e923.jpg@avif IP172.67.181.254:443
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
Hash7d78a951d170034c2ce027bf5ea6c69f 56ffbce11b718eceeb70ad7ac12f28f44f3c8b93 8edab6a41bf81d3abcef43bc57b4c446cd3c493af6eb231409f7b0ecaaf56dfd
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/spinomenal/816dc231-c8b7-4ffb-bae9-d78caff7e923.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:54 GMT
content-type: image/avif
content-length: 7441
cache-control: public, max-age=31536000
content-disposition: inline; filename="816dc231-c8b7-4ffb-bae9-d78caff7e923.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1YjNhOTQ4LTI4YTY3Ig"
expires: Mon, 29 Apr 2024 18:57:37 GMT
x-request-id: kRpnqKOPXudhGZD4vHPWX
cf-cache-status: HIT
age: 222737
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VRLHSHjTcD9FZLxG3EJ7ecy8EoMnochA9qfmtjskKf5TdxymlOnhKGdnxEyU6Ko7KGc8GBfJOdnwMZ0Z7aniUiFdcZ%2BCLMlCUqQG8PSlmYh4CqQAJIh029qPYNrXxvOUYD0%2F0Zfs%2BNo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d15189efb56ab-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/40223bea-129c-45a9-afed-277cad8ba9a1.png@avif | 172.67.181.254 | 200 OK | 5.9 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/40223bea-129c-45a9-afed-277cad8ba9a1.png@avif IP172.67.181.254:443
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
Hash9d19a8ee72d8c48af25fdc64baaa1377 845b03e70fa87c6cd8025abe3c257117e0d88bb6 02a25486cea99e7a7cbc3a72ed94b5466705f26440184d1a2f2f5ebff6695ce3
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/40223bea-129c-45a9-afed-277cad8ba9a1.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:54 GMT
content-type: image/avif
content-length: 5859
cache-control: public, max-age=31536000
content-disposition: inline; filename="40223bea-129c-45a9-afed-277cad8ba9a1.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY0MDA5OTI1LTMwMWYwIg"
expires: Mon, 29 Apr 2024 11:00:27 GMT
x-request-id: wLC7bWAi7BoajwYRueYxn
cf-cache-status: HIT
age: 251366
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2mUU0ywpYqazDDQOVQo9VtQLB1lPw%2FOv8vIIuqeEtlpLgHz%2FnDdk26ejNfOiWDO%2BCr2m2Fz%2BuTDYfISAjJpygqXmGkqOlIqWmlE0x%2BEQn9Mnd5xtkgHPJ3xi%2F2L77gsZZ0%2Bx6gn5%2BRg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d1518af0256ab-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/ada717cd-e63b-40b2-adbf-c1009964d6f0.png@avif | 172.67.181.254 | 200 OK | 7.8 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/ada717cd-e63b-40b2-adbf-c1009964d6f0.png@avif IP172.67.181.254:443
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
Hash6a86c5bb3ff2902051c8a5b9212df604 4c871b9b1b0da3cb252977e3177d302cad6230fd 131c4194037afc4e0e990751d6b75b478eef845d855d2d20bc2722612ddf671c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/ada717cd-e63b-40b2-adbf-c1009964d6f0.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:54 GMT
content-type: image/avif
content-length: 7785
cache-control: public, max-age=31536000
content-disposition: inline; filename="ada717cd-e63b-40b2-adbf-c1009964d6f0.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY2MWNlZTJkLTZiYjFhIg"
expires: Mon, 29 Apr 2024 11:00:28 GMT
x-request-id: wdVogJG6lGKG5dXt_-vLW
cf-cache-status: HIT
age: 251366
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XNCdVq7liZk%2BEN8tMblvGOTJYkQ%2F6QvpNWU82OsS9F8ifdGyuhDzv9teRMbIbRcYV5LCcbB4xjV869BX3oZ4%2BG7yHH%2B%2F3IzQ7QhTQZmNySEGHqJzwL8u%2F4VNzTbxZhcxTcYUXYXACx4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d1518bf2456ab-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/css/70244.c404f84dd.css | 154.197.121.128 | 200 OK | 20 kB |
URL GET HTTP/21win-cdn.com/css/70244.c404f84dd.css IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typegzip compressed data, from Unix Hashaf22d7d80e3dcbd7a42b339550d8fdd4 78ffc5294028fdc17a316ebf746e504e1e777d5c 5c2b4779c7e8e90a5403f66c7bcf2c823b7038bb4b2b75af808751eae8cfc0da
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /css/70244.c404f84dd.css HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:52 GMT
content-type: text/css
last-modified: Thu, 18 Apr 2024 14:14:56 GMT
etag: W/"66212ae0-6edc"
expires: Sun, 23 Apr 2034 08:49:52 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 582177
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d1511fff9b524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/43097ed5-2830-494a-b011-fe3f59895a87.png@avif | 172.67.181.254 | 200 OK | 8.8 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/43097ed5-2830-494a-b011-fe3f59895a87.png@avif IP172.67.181.254:443
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
Hashaaef155f89410ff2275a6c3602b9ab23 4ab672c0f009b1222e5ff53a2118256502d7f432 13e111aa3ac846bfe4f9a4354c58d2166676b0f4c5f46e7b789db866a4772f5b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/43097ed5-2830-494a-b011-fe3f59895a87.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:54 GMT
content-type: image/avif
content-length: 8780
cache-control: public, max-age=31536000
content-disposition: inline; filename="43097ed5-2830-494a-b011-fe3f59895a87.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY0OWU5Nzc1LTMxOTNlIg"
expires: Mon, 29 Apr 2024 11:00:27 GMT
x-request-id: kixacmKlp8egspE-9OWEd
cf-cache-status: HIT
age: 251366
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Lf6mtNi%2Bvl1MWPbID%2BU98D6xwTTrdIIIhFG5EI4wBhqAH%2F8HlaoA7nn5VPkjPSqoSt9UiYvNwK9prpAGXWctgzdO2Qw4Yrtt3zC0YIywH6YIMKomW8Xw6%2FAdy0xF6EyoYNMs2H%2BG2Cs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d1518ef6c56ab-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/endorphina/3a74cb93-c140-47e2-b2a7-6c79fe6141a1.png@avif | 172.67.181.254 | 200 OK | 7.6 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/endorphina/3a74cb93-c140-47e2-b2a7-6c79fe6141a1.png@avif IP172.67.181.254:443
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
Hash69e833418f266350c9733c499c60719d a32e6447c9fad953e53c6ecbafb842d6808a3a3a 089d20430d098cd7159674f9a6e712b1be0d02edf74da7f9b74108688bf85837
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/endorphina/3a74cb93-c140-47e2-b2a7-6c79fe6141a1.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:54 GMT
content-type: image/avif
content-length: 7585
cache-control: public, max-age=31536000
content-disposition: inline; filename="3a74cb93-c140-47e2-b2a7-6c79fe6141a1.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1NjVkMmJmLTJkMWQxIg"
expires: Mon, 29 Apr 2024 11:00:27 GMT
x-request-id: 5yS1KuZAZa2FvNUZgb0a_
cf-cache-status: HIT
age: 251366
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4hMh%2FKlQ2WajV0G%2BOqn4gqw1tLjWf0c%2FOZve3A9lNriQnMOXV0VKxmDLLjP6asyPr4or7wdUsfnDKbh%2FqZAg8zxHJtJV0N42tliesR%2BuXh3uIRSBfpodRAmlAP922rkR6%2FqftJFRvXY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d1518ef7156ab-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/bfgames/c_f62e3a405aef5f1d40fc145c65eaf21c.jpg@avif | 172.67.181.254 | 200 OK | 3.0 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/bfgames/c_f62e3a405aef5f1d40fc145c65eaf21c.jpg@avif IP172.67.181.254:443
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
Hashb84b8eee62be54ca3943144aff77f777 21301288f3a804d07b877766a6525b46581bfb27 6f57255cb5f92f68022061354e308f3e73e69852035f41591d51f29e70146e86
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/bfgames/c_f62e3a405aef5f1d40fc145c65eaf21c.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:54 GMT
content-type: image/avif
content-length: 2996
cache-control: public, max-age=31536000
content-disposition: inline; filename="c_f62e3a405aef5f1d40fc145c65eaf21c.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjYxM2EyNThlLTEzMTYi"
expires: Thu, 25 Apr 2024 09:25:34 GMT
x-request-id: qsdOHGaEnnLxSPfvTOaD0
cf-cache-status: HIT
age: 602660
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UIR8palh%2FDKRohtalu5FPhKWwo8LEPC%2F79QfpB6r9gWvG7%2FI9rRj7sD%2FQz6Q3opla9cebmnfR0hKkbwDHI%2BQiROTlQAFJF8a%2BUPgXNtg%2B8zaz9Gn4saXi0b%2BThoCasBmUsE0LgdCWlc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d1518ff7b56ab-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/f6079dcf-04df-4bfd-bb7c-8d454bdcb21b.png@avif | 172.67.181.254 | 200 OK | 8.3 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/f6079dcf-04df-4bfd-bb7c-8d454bdcb21b.png@avif IP172.67.181.254:443
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
Hash5a3ba0dae96f50ad592fd6eb8dd93fee c4e9678f3997e55855e24e41a7e6086276830275 8a5bd44f9e77f472f75fa8d3c5e7d6e790ada844a06c6c16ab8181436b0452d3
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/f6079dcf-04df-4bfd-bb7c-8d454bdcb21b.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:54 GMT
content-type: image/avif
content-length: 8300
cache-control: public, max-age=31536000
content-disposition: inline; filename="f6079dcf-04df-4bfd-bb7c-8d454bdcb21b.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY0MDA5N2I1LTNiNjcxIg"
expires: Fri, 26 Apr 2024 02:04:34 GMT
x-request-id: rdy8DScnH1oXzWTmibCXf
cf-cache-status: HIT
age: 542720
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=snGBW9J1gpJdq%2FpUxeQGIegfqZ72qFuGZXri9NcsM6dZIWm%2FDcyt9wsK8NfQiNq2xrDX04rkGhUM5AgjpwiF8tFB4BH5SrBSZH79mfCRH4A2vhFwqG7luvOnDfyTpytajdcQcJOzyCY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d1518ff7e56ab-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/046c1ad8-2d45-45d3-b7ca-e339ffc44393.png@avif | 172.67.181.254 | 200 OK | 6.3 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/046c1ad8-2d45-45d3-b7ca-e339ffc44393.png@avif IP172.67.181.254:443
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
Hash82df8b1a95cb8818dd1583ad7af183ac 565eff4d65902dc985ae3eae8de2861cf7a2bd42 464cd4b7e6112e8c8f0130974a91f0a3c6c914ff042159348553397a3fbdb597
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/046c1ad8-2d45-45d3-b7ca-e339ffc44393.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:54 GMT
content-type: image/avif
content-length: 6260
cache-control: public, max-age=31536000
content-disposition: inline; filename="046c1ad8-2d45-45d3-b7ca-e339ffc44393.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1NDRmZWJjLTRhN2VjIg"
expires: Fri, 26 Apr 2024 02:04:34 GMT
x-request-id: G5ykrltwcwWGDizozfpyy
cf-cache-status: HIT
age: 542720
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GnRyS4fpkdaU%2FWTf6JhY13Klhe%2FNrL0vgxiZb1B1P%2FLBP0eHcFav8gHoVX95f3Eq5JAhyvO9qL4UMLGgy5k%2B1Rg2PN9AlWf17GlYsUztLc2EppMHD5nYNt9Pk9p5FPnzgLSxsWkaP3g%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d15190f8756ab-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/amatic.1ad22f1f0.svg | 154.197.121.128 | 200 OK | 8.5 kB |
URL GET HTTP/21win-cdn.com/img/amatic.1ad22f1f0.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typegzip compressed data, from Unix Hash905f932468ffdbccf23800658056fd9f 30b2ea1cacd8f1b7935639381bd4a06d47ea7984 7a13bd304d2ed59fa776442826efa32d40836f55fe83c22c555814136d597f87
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/amatic.1ad22f1f0.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:53 GMT
content-type: image/svg+xml
last-modified: Wed, 24 Apr 2024 16:22:14 GMT
etag: W/"662931b6-400"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6028
expires: Thu, 25 Apr 2024 12:49:53 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d15181e43b524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/zillion.c0e3dd6f0.svg | 154.197.121.128 | 200 OK | 11 kB |
URL GET HTTP/21win-cdn.com/img/zillion.c0e3dd6f0.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typegzip compressed data, from Unix Hash2f61dc60ff22cc6a92ce13023b1b78ac d705078365a711fccde66b7d366bba33f4e06a76 ca8edbab4f1df005efce51730ecea9cdfca814a7050bd8e9a11e3587ce4ef316
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/zillion.c0e3dd6f0.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:53 GMT
content-type: image/svg+xml
last-modified: Wed, 24 Apr 2024 16:22:15 GMT
etag: W/"662931b7-2ac"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6028
expires: Thu, 25 Apr 2024 12:49:53 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d1517fe27b524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/mrslotty/e44a0723-8123-49b7-a817-b5e81c10ba6a.png@avif | 172.67.181.254 | 200 OK | 9.4 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/mrslotty/e44a0723-8123-49b7-a817-b5e81c10ba6a.png@avif IP172.67.181.254:443
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
Hash23d27fbc486c8af1aecccb6a643301ca cab294760cd7325c9584ea19f2b2aa5392c303c9 af77512a4eefe1f96acec3ba446760d0d09941bb4ce516051e3dc2a397cb8424
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/mrslotty/e44a0723-8123-49b7-a817-b5e81c10ba6a.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:54 GMT
content-type: image/avif
content-length: 9420
cache-control: public, max-age=31536000
content-disposition: inline; filename="e44a0723-8123-49b7-a817-b5e81c10ba6a.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1ZGI0OGVkLTUyMGE4Ig"
expires: Fri, 26 Apr 2024 02:04:34 GMT
x-request-id: 07yCXG5FdVInXKbkV7F7k
cf-cache-status: HIT
age: 542720
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=m0%2F5IDylpP2Oaoac389OzkffRUTRUkwbauJfaztALqW5hWjF1m9gz7aP3lsf97h9p0dEF%2BPHuXVneER6xFMRNusRYJDeFWl4B0HK%2FaKiYv55pS0wd1qAQJUNgxdDmRkpLiX%2FMZsCP6A%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d15191f9c56ab-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/31310.c605a9b9f.js | 154.197.121.128 | 200 OK | 9.2 kB |
URL GET HTTP/21win-cdn.com/js/31310.c605a9b9f.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typegzip compressed data, from Unix Hash3e286f2f94d683d42234282732b3f11a f2fb9aa381b51c2b99f382b9b664f62a2a46db83 2e78d01705bb1ba1982dc58cc90d6e07bdc5e72bdf465010b96c0d5468ad6dbf
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/31310.c605a9b9f.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:53 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-210"
expires: Sun, 23 Apr 2034 08:49:53 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1826020
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d1512c8e7b524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/6a36f17d-bda4-4022-af1d-ba9749b4370d.jpeg@avif | 172.67.181.254 | 200 OK | 6.7 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/6a36f17d-bda4-4022-af1d-ba9749b4370d.jpeg@avif IP172.67.181.254:443
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
Hashdd6365a511a38b20b83426422943720b 3ba2b5ca7d7262218c495320d68930af138c2caa 8bf0df78ffb495b9bc8efbda27bed7cfa70cd1d84d3d47e693487d1fdf598bc6
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/6a36f17d-bda4-4022-af1d-ba9749b4370d.jpeg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:54 GMT
content-type: image/avif
content-length: 6714
cache-control: public, max-age=31536000
content-disposition: inline; filename="6a36f17d-bda4-4022-af1d-ba9749b4370d.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY0ZjA1MzQwLTFjYmRkIg"
expires: Thu, 25 Apr 2024 10:40:53 GMT
x-request-id: _8z3qztdvi0d4gU8H0ZEI
cf-cache-status: HIT
age: 598141
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZenXliJQJL6macbb8iPn%2BIiz8MvRQI2OdzoIrVwEX4irK9dq%2FJcIOArZYRZE8LFPga7Pfa%2BQpS5vtgyPkiUHBPH8ETJQ2CWWETrH1zRoJzGIsNFrbDA8SDgRcTyAdTP7V5vMioLqw%2B0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d15192fb456ab-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/common/banners/all-v2?lang=en&type=desktop&bannersType=casino&localeId=1 | 154.197.121.128 | 200 OK | 15 kB |
URL GET HTTP/21win-cdn.com/common/banners/all-v2?lang=en&type=desktop&bannersType=casino&localeId=1 IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typegzip compressed data, from Unix Hash8d5baa4293285f747b561ad15d83ca8c 0521476f21e8fb35efbc859febddf7760db673a9 1281b06afe6e65959c4a2d2d5500f2301541abbb0fc1021f6f2b62db717de153
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /common/banners/all-v2?lang=en&type=desktop&bannersType=casino&localeId=1 HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1wtsso.life
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:53 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: *
etag: W/"6e67-dvUU6zfFluQCSkLQZqalGX7OhnQ"
vary: Origin
expires: Thu, 25 Apr 2024 08:49:53 GMT
cache-control: max-age=0
x-frame-options: DENY
cf-cache-status: DYNAMIC
set-cookie: __cf_bm=VpyBbYWZbExtu1o3BHL1B3MpgNf2DcuSTXpA3hG_Hq8-1714034993-1.0.1.1-OzJSN0QHoqtdQlzlOV0.WzRq_8Qy6XTtl.vShK.8gBYH4mOuJeN51x2.DkXkKxXmxKbi942CJmf_CU7JibheaQ; path=/; expires=Thu, 25-Apr-24 09:19:53 GMT; domain=.1win-cdn.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 879d1513aae0b4fa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/bfgames/c_f4ab01a2d9bb9ae2ed5f3576b4fb9fc3.jpg@avif | 172.67.181.254 | 200 OK | 8.2 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/bfgames/c_f4ab01a2d9bb9ae2ed5f3576b4fb9fc3.jpg@avif IP172.67.181.254:443
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
Hash1c15fa01c476447093bb27eab0e35536 32855e3ccc396e96c2debadcc982396fd054ac0e caab2ace656ea67b0e0ce586517c3f82cabc50927d6d154b008cf6219a67f4ed
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/bfgames/c_f4ab01a2d9bb9ae2ed5f3576b4fb9fc3.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:54 GMT
content-type: image/avif
content-length: 8202
cache-control: public, max-age=31536000
content-disposition: inline; filename="c_f4ab01a2d9bb9ae2ed5f3576b4fb9fc3.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjYyNjZhYzc4LWFlNjMi"
expires: Thu, 25 Apr 2024 10:40:53 GMT
x-request-id: P1yh8qqLat0wFmIe1hwc_
cf-cache-status: HIT
age: 598141
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pzBwEUKH%2Fow%2Fvee0juUV8WdcVLxI%2BALk02utHxnl%2BGj1ey38Ilv82cWETIJAisPR1mgjExRs52rLbBEKcVzK22dXmwVRmogUWbOCY39ovuw44NGi0FDvJgCQJEd8Qc8Mp49BX%2BzYmvU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d15191fa056ab-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/b66d7a82-7e0e-4461-815f-03c4e37367bc.png@avif | 172.67.181.254 | 200 OK | 7.7 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/b66d7a82-7e0e-4461-815f-03c4e37367bc.png@avif IP172.67.181.254:443
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
Hash59dc0c8364af19cbd9df286058166da0 6f22523fccc24ee83f3550fb44793ceb5d63f2d1 19a74f92ccef157bba0aa43a0bdff5acf8b03c65924edca4c1676b80ab7dbb5b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/b66d7a82-7e0e-4461-815f-03c4e37367bc.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:54 GMT
content-type: image/avif
content-length: 7728
cache-control: public, max-age=31536000
content-disposition: inline; filename="b66d7a82-7e0e-4461-815f-03c4e37367bc.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1OTdmMTNkLTVjMzk3Ig"
expires: Fri, 26 Apr 2024 02:04:34 GMT
x-request-id: G6u-Dmo4TL_il64VhV7jw
cf-cache-status: HIT
age: 542720
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LEHLufuNTdyzWQaBcm3r6u3JCc9KOQGzhlT9L4Pnq1ZGeebovXxMRAU6J8fGPBqylCMmSRSM5gTPplLEFIqeJWPNChtWcNEdfmEbFvUlHDdq5dnuqmw47Z9BDckwRTrIUSOO8mHfY0k%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d15192fbe56ab-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/bd0fa37c-d05c-4bf6-bc4d-6eae06bc2b8e.jpg@avif | 172.67.181.254 | 200 OK | 7.9 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/bd0fa37c-d05c-4bf6-bc4d-6eae06bc2b8e.jpg@avif IP172.67.181.254:443
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
Hashc8ebe3b26cc5a8d527f6e58ad7838b6c ede563719eaf4ec059895d4c8990c056b454ffdf 6520662873d7e8737cbf258e9c064b97b7580db5043f8d73316a499995e5a12c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/bd0fa37c-d05c-4bf6-bc4d-6eae06bc2b8e.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:54 GMT
content-type: image/avif
content-length: 7885
cache-control: public, max-age=31536000
content-disposition: inline; filename="bd0fa37c-d05c-4bf6-bc4d-6eae06bc2b8e.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1YjBkMjliLTFkZTdjIg"
expires: Fri, 26 Apr 2024 02:04:34 GMT
x-request-id: t0Z3YuS7kPEGAOtc7wIFv
cf-cache-status: HIT
age: 542720
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=N8CPxlXwI3bHyWNveONOYZM3KsDq61i9M9iq%2FT3QtWFHwviNelvYiMKU60bk3%2FlXqNcT48BUaEURptJv9J1xlfQVxQo5TgLTf4UjysbgShS5cKp%2FDQB3Yk6jq3IGgWgYxk%2FfAE5PXlk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d15192fc656ab-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/aac4d623-5134-4bf1-9cb3-49c6a8128b9b.jpg@avif | 172.67.181.254 | 200 OK | 7.7 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/aac4d623-5134-4bf1-9cb3-49c6a8128b9b.jpg@avif IP172.67.181.254:443
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
Hash8d5a5983bddda8e2cb584a761eb7190e 34171fd6ca23b5e00cbef69371cb0f4b321c8a16 647a3351196579eade487fd8be23ac3c4bbbfa6166a54ad800fc455859667682
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/aac4d623-5134-4bf1-9cb3-49c6a8128b9b.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:54 GMT
content-type: image/avif
content-length: 7665
cache-control: public, max-age=31536000
content-disposition: inline; filename="aac4d623-5134-4bf1-9cb3-49c6a8128b9b.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1ODJmMDE3LTFlMzU4Ig"
expires: Fri, 26 Apr 2024 02:04:34 GMT
x-request-id: Ny1UW9vKlRBhzeQ3ofaPh
cf-cache-status: HIT
age: 542720
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=R5rvMRhZv3vCz%2FZnIyhhCaaSGHPDbozTdmmN9nt8%2BLCCLToMeIBGZj1eVEVTRLZ9g0J7iNNCr9dLWnn4WgoxnTBOGWgZIqW3DzmJ9Eb0gOCHF8P3n2LyX55HzAQJsbbP1rRLkPValFw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d15192fc956ab-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/6d5adbef-0809-492a-9bac-2a122d002b61.jpeg@avif | 172.67.181.254 | 200 OK | 7.9 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/6d5adbef-0809-492a-9bac-2a122d002b61.jpeg@avif IP172.67.181.254:443
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
Hash921bdde4dd01cfb3626ecc0026e9d8b1 ae8eb4b04b71d0c65065f98885e3af5523694902 eedfdb25ba59a7914b923b0c509aa53faa03ca3302293bd3d9f3b64fa794a99d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/6d5adbef-0809-492a-9bac-2a122d002b61.jpeg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:54 GMT
content-type: image/avif
content-length: 7917
cache-control: public, max-age=31536000
content-disposition: inline; filename="6d5adbef-0809-492a-9bac-2a122d002b61.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1ODQ1ZGQ1LTMzMmE4Ig"
expires: Fri, 26 Apr 2024 02:04:34 GMT
x-request-id: SDr5m0fN5iXg8ZgL6_wqL
cf-cache-status: HIT
age: 542720
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OytD5VJ21lb4u6L6JZutQKuP85Kx5DQjPukiiB%2BKp6j36AVjLu8fOg4Dv7e6GuVkYY6DKFKquhtLaeSk1J2c3HKmtRj7yG%2BoSCRY8Z11Uyx2xP471zoCNAgFMX6AD2jr%2FySABThdX9Y%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d15192fcc56ab-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/dbc5db56-b061-4362-ae84-ed051b568d0b.png@avif | 172.67.181.254 | 200 OK | 9.0 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/dbc5db56-b061-4362-ae84-ed051b568d0b.png@avif IP172.67.181.254:443
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
Hashdbbfd0e60e264a9de69a94942dcf0daa b71f91f5b2859f8ff0867e7fade0870f928e6cc8 520d8b3fb7a2056495d2504ad9ee2f3f29e142abb6ed7af0a858603ddfbefe25
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/dbc5db56-b061-4362-ae84-ed051b568d0b.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:54 GMT
content-type: image/avif
content-length: 9026
cache-control: public, max-age=31536000
content-disposition: inline; filename="dbc5db56-b061-4362-ae84-ed051b568d0b.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1YmI1ZGRhLTUwMTFmIg"
expires: Fri, 26 Apr 2024 02:04:34 GMT
x-request-id: uN2cfUUdVkx-ZWRmg7MOE
cf-cache-status: HIT
age: 542720
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=22LiBxty22gcKmoHq91lAUcvrEJ%2BrsN4tYwlJ4aPoR39oXnDb7wW2AJhvLXHfYsnKaX9JJX4nfkDV8LQcRbhRZlhnd14PpLC2fCmcnPvUrEzxgOAzTFMGRPI5NKQB7E0IjX3Lc4%2BefI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d15192fc356ab-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/bfgames/5771c41a-5bb6-4ced-8f5d-a93b7be3163b.jpg@avif | 172.67.181.254 | 200 OK | 7.0 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/bfgames/5771c41a-5bb6-4ced-8f5d-a93b7be3163b.jpg@avif IP172.67.181.254:443
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
Hashdc9dd1a97ca5a0f20ee954665553580c 945be6ae016cd9d5036a2eb09f01d82c93314120 727a0e6c04b446aa45225d9eef1c9142af6b477c4e10ff67d2f2cfbdb588ebf4
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/bfgames/5771c41a-5bb6-4ced-8f5d-a93b7be3163b.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:54 GMT
content-type: image/avif
content-length: 7024
cache-control: public, max-age=31536000
content-disposition: inline; filename="5771c41a-5bb6-4ced-8f5d-a93b7be3163b.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1NGI3YzExLTIwOWU3Ig"
expires: Fri, 26 Apr 2024 02:04:34 GMT
x-request-id: qza1fB5ysXAPDc3xRTZcY
cf-cache-status: HIT
age: 542720
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wy8bufYDXARDQyrTGR0D7zoB3N4jJC3VBrkXJjp3dZV1VsAHYe4d4ofcATLCS73g8cad%2F5c7PE1LbtFhnhU1COUGjslbbkTtS4jEICkQWE3NZZkoRPEUCj6xaIdHlHgd2yI5o3nWoHQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d15193fe056ab-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/6c924d76-6964-4196-b545-1cc5c1ce019e.jpg@avif | 172.67.181.254 | 200 OK | 3.3 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/6c924d76-6964-4196-b545-1cc5c1ce019e.jpg@avif IP172.67.181.254:443
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
Hashb521bef6762ffadc98bae1073bc51102 d954bae917b2dbe88dd99f4861378026617c0051 5ea36ff6bcb73fe3cb477b259728a597be8b170546984eb824ec3582d1c6e207
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/6c924d76-6964-4196-b545-1cc5c1ce019e.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:54 GMT
content-type: image/avif
content-length: 3320
cache-control: public, max-age=31536000
content-disposition: inline; filename="6c924d76-6964-4196-b545-1cc5c1ce019e.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1NTIwNWFmLTEwNzYxIg"
expires: Fri, 26 Apr 2024 02:04:34 GMT
x-request-id: Goy8-Em1cQcV1fizJGBVC
cf-cache-status: HIT
age: 542720
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MPJ%2FLLbeGFCHRSb6dAyN8BTO0hU2L5bdIcimEGrGccix4o1sPxTJUFFNU3O3wk7LI5GiNrgeaCFsmU8zdUiXPhMDVl4SDImhLhdZuueZk%2BFhT%2Bll1BEO0L5rI8XWRGtuW4%2Bkq6Lq81w%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d15193fd956ab-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/28852.501b5fba6.js | 154.197.121.128 | 200 OK | 15 kB |
URL GET HTTP/21win-cdn.com/js/28852.501b5fba6.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typegzip compressed data, from Unix Hashbf30b8146c05933a151ecd8b081b4165 4c53916b771c361649b07f5133cbfb6249b4c13f fa2eaa567c5cc97b9755e5f5e5a7b19112bc1693db8f0d2fa0e2ea8ea5523564
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/28852.501b5fba6.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:53 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-38a"
expires: Sun, 23 Apr 2034 08:49:53 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1826020
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d1512889cb524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/spinomenal.e0cf93b3a.svg | 154.197.121.128 | 200 OK | 10 kB |
URL GET HTTP/21win-cdn.com/img/spinomenal.e0cf93b3a.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typegzip compressed data, from Unix Hash43fc4a0126043cf57ce53b73c9f07a32 4206d0f42a74811f3ef3a25701ffbe2c22773277 fb5e5871879458f9ce888fb2b4259a886c13b6d89fa077f42e51a523a48eeb23
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/spinomenal.e0cf93b3a.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:53 GMT
content-type: image/svg+xml
last-modified: Wed, 24 Apr 2024 16:22:15 GMT
etag: W/"662931b7-8d0"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1105
expires: Thu, 25 Apr 2024 12:49:53 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d1515bb6eb524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/62330210-340e-4ed3-aca6-640fe741a193.jpg@avif | 172.67.181.254 | 200 OK | 6.8 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/62330210-340e-4ed3-aca6-640fe741a193.jpg@avif IP172.67.181.254:443
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
Hasha8d37c60cb1b69c54ad71d70fdff5893 5c03da11ea4ee0eedd24726c56c88ec3687d42bb 6ae485f43dd6e9576e1da2b2130261fc31173fcca772711bf4bdc23f64403bb7
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/62330210-340e-4ed3-aca6-640fe741a193.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:54 GMT
content-type: image/avif
content-length: 6774
cache-control: public, max-age=31536000
content-disposition: inline; filename="62330210-340e-4ed3-aca6-640fe741a193.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY0MjZiYmYzLTE5MDBhIg"
expires: Mon, 29 Apr 2024 11:00:28 GMT
x-request-id: STYdkaLyWr7tkWJnWG-5Y
cf-cache-status: HIT
age: 251366
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ljD9q%2By8lZHIFaDwS9gqsiPLp64TSmb0QRuq%2BNzVCxDRL60bqUEteNgpgJ%2FDjk65zLFia%2FZE3P1kraGeg9MYoOlXEfLUYp8zrh0fyaiVm5wPJ%2F22SAs5MzodFNMfVsCzL5D6YExCJK4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d15193fdc56ab-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/726a5af4-eb51-4dea-bdb3-0c15a08bda37.jpg@avif | 172.67.181.254 | 200 OK | 8.9 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/726a5af4-eb51-4dea-bdb3-0c15a08bda37.jpg@avif IP172.67.181.254:443
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
Hash717b797e017da14d3a011e7c1ff14be7 e38b4a56787649a0c71a33746fb967daad623f33 e0fc8ebc776ae489f111b3248efe221aec36124ee31abf94db8dc544e3dd372b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/726a5af4-eb51-4dea-bdb3-0c15a08bda37.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:54 GMT
content-type: image/avif
content-length: 8895
cache-control: public, max-age=31536000
content-disposition: inline; filename="726a5af4-eb51-4dea-bdb3-0c15a08bda37.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY0YTY5MTc0LTE1MGFjIg"
expires: Fri, 26 Apr 2024 02:04:34 GMT
x-request-id: qgfB9WV3yRTlynA0Ti4dI
cf-cache-status: HIT
age: 542720
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=E7CTOvW47hc3Gr4MJJ2UvAOufF0A%2B6NK1AcEV%2FDBRXqI4LkhxRYstSgbjL1pvT1krOvRNX92jv30h%2BWATUz119gjj2sKckH59OK2p%2FJwNLigNGD6zDVyhahcxdBXnAfiqQ843mDuWiM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d15193fe556ab-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/053b99a1-01ea-4804-a7c9-73b576014d8d.png@avif | 172.67.181.254 | 200 OK | 5.0 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/053b99a1-01ea-4804-a7c9-73b576014d8d.png@avif IP172.67.181.254:443
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
Hashcce0ec99160820b86c077a88187fa91f 12108bdd77b8c9f8e08c7bf4cf3ef8157ffc5d11 ad053a9ca2b8b80ef433770219991084f8ed9864709141820f6c787c5b0eee25
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/053b99a1-01ea-4804-a7c9-73b576014d8d.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:54 GMT
content-type: image/avif
content-length: 5009
cache-control: public, max-age=31536000
content-disposition: inline; filename="053b99a1-01ea-4804-a7c9-73b576014d8d.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1NTRiN2UzLTczOTk1Ig"
expires: Fri, 26 Apr 2024 02:04:34 GMT
x-request-id: 1ysPCtt6VsQ_Jgs6b2uu7
cf-cache-status: HIT
age: 542720
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AnKqFBX3jKwCugG69S0iNgcbrKR2RHLAsu9MrK3dfYwHncdycxhICmYj1mVeV7DuupyuhW9EU%2BJVsqhDoxXCAIS8F35KKiU5H5wDDGwn8bbF17hk%2BbZbj%2F3gIW3Q1rlt%2B2%2FsmG4cFkQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d15194fe856ab-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/9ea6777e-3796-45f5-bd3d-2bfdfa8686df.jpg@avif | 172.67.181.254 | 200 OK | 7.0 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/9ea6777e-3796-45f5-bd3d-2bfdfa8686df.jpg@avif IP172.67.181.254:443
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
Hash1136ff6e8be98efd8093d5f9e71d9e8f e0d7dbc0b88a68054f53c9f30d9655f4645c230d ad403972bec7983706da78ec7ef60e587a536c13881c8f5442510cb917c9bf10
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/9ea6777e-3796-45f5-bd3d-2bfdfa8686df.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:54 GMT
content-type: image/avif
content-length: 7011
cache-control: public, max-age=31536000
content-disposition: inline; filename="9ea6777e-3796-45f5-bd3d-2bfdfa8686df.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY0ZjcyOTE2LTRiMGQ0Ig"
expires: Fri, 26 Apr 2024 02:04:34 GMT
x-request-id: 8QueHvu8ZaLxLmkGt3m4a
cf-cache-status: HIT
age: 542720
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kp5IrNzpZuXYXt23h1A9XQ7cRJ8KxuyMoKQDY%2FHrM01c5KWwRBryDAVPsof%2Bz7fj25jlP9cXu%2FAaRYMoSkshcWNVlvyHqo9ilQKixxKuHsyrVP8T0ikAzAOWBWxOQ1I%2ByflhbdCRkwA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d15194ff356ab-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/191d39df-ec9d-4ea9-8900-dc97c6fc815f.jpg@avif | 172.67.181.254 | 200 OK | 8.9 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/191d39df-ec9d-4ea9-8900-dc97c6fc815f.jpg@avif IP172.67.181.254:443
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
Hashcebc85480bbad513494cd33e7f631c54 c9eb1638c917111370d3a6f34fffe3c044cd93ba 9e9294be36b0de37fe3747da3b0e8c1c3416c04dba0ee6ed2609f91437f0692d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/191d39df-ec9d-4ea9-8900-dc97c6fc815f.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:54 GMT
content-type: image/avif
content-length: 8884
cache-control: public, max-age=31536000
content-disposition: inline; filename="191d39df-ec9d-4ea9-8900-dc97c6fc815f.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1Nzk4ZWM0LTFlNmJlIg"
expires: Fri, 26 Apr 2024 02:04:34 GMT
x-request-id: NoJjLpOJJNfV-YwLuOGhh
cf-cache-status: HIT
age: 542720
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=krTYfPO%2B%2BYTMgfrpEi9qdyiFCB70aT8K4bsSUbSCviw0c69Mf4VP9Yg3%2BiBcytjRbzOv0AM9zm8T5r1g7sqHM6BaIaqeHDgbdjbb0DCxsp8XkaJoqJFzYxffK5fcQoipbuYRoCHLLLo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d15194ff656ab-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/e6ed2350-c4b2-4381-a2ac-4afd2f3ee629.png@avif | 172.67.181.254 | 200 OK | 5.7 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/e6ed2350-c4b2-4381-a2ac-4afd2f3ee629.png@avif IP172.67.181.254:443
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
Hash903334cff0f79689502c412407e705ad 8f19638c502193eba0dfe677a023bd19187d5fdd 6431f7869f2cb04d11e7870cdfc4fc19a82e2e7a2f4c5c9f6df070b524479f2a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/e6ed2350-c4b2-4381-a2ac-4afd2f3ee629.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:54 GMT
content-type: image/avif
content-length: 5732
cache-control: public, max-age=31536000
content-disposition: inline; filename="e6ed2350-c4b2-4381-a2ac-4afd2f3ee629.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY0NjVkMzBkLTczYjc0Ig"
expires: Fri, 26 Apr 2024 02:04:34 GMT
x-request-id: 5OUhewBQEiXtFnXhrbzEQ
cf-cache-status: HIT
age: 542720
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cCAYxyqb28pMQvIV1IgxHr3%2Br4TQzxnCeV2FKgOzinpytwfWWJTb%2BO3E2Z0Xs%2BHUQC%2BkNrih8LlRavaTugprMQ0Xi4GKxTndyy8kGSRsJhZ1sVL8c250VOdabwviAUfSNp45E9D7u%2BY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d15195ffa56ab-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/mrslotty/ffad4374-cb1d-43b4-adc8-f99b9c98fcaf.png@avif | 172.67.181.254 | 200 OK | 8.2 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/mrslotty/ffad4374-cb1d-43b4-adc8-f99b9c98fcaf.png@avif IP172.67.181.254:443
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
Hash965fa2bc5e6e2e060025ed775f9f03c8 dcdc051c23a3e9a5bce754478c141b6e85bf8540 303a7afa1aa17a42288ecc54dd0af1611d787fa37d46126e99cea6b3d9c04d31
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/mrslotty/ffad4374-cb1d-43b4-adc8-f99b9c98fcaf.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:54 GMT
content-type: image/avif
content-length: 8191
cache-control: public, max-age=31536000
content-disposition: inline; filename="ffad4374-cb1d-43b4-adc8-f99b9c98fcaf.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1N2MyYzhkLTQ2MGFjIg"
expires: Tue, 30 Apr 2024 10:26:57 GMT
x-request-id: ACGPA_1B5TZU5aWG0ygb1
cf-cache-status: HIT
age: 166977
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yVz88dF9tPwACVnRwOjgmtPkDskWJxIPJUQaUo8c6JzqYTEXD2m93Ios8JitLkDMhOtyIG%2Bn0R08%2BXGVvWdQXHezkCsnQeXAZhXF9%2BdFT457%2FCIF4RP3rg0G6g70pJV6Uyg3iRfF5A8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d15195ff956ab-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/e0259d80-3efc-4984-a940-cb2699cf0f7b.png@avif | 172.67.181.254 | 200 OK | 5.2 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/e0259d80-3efc-4984-a940-cb2699cf0f7b.png@avif IP172.67.181.254:443
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
Hash534975188fa623c1ee7d3253cd094663 c0ad70351d3513dfbe2e4c9a2498235305236019 b3ddd7d9390594a66fd092d8c88a66c9f9d6d37896a48b528fdf31311648b98a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/e0259d80-3efc-4984-a940-cb2699cf0f7b.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:54 GMT
content-type: image/avif
content-length: 5226
cache-control: public, max-age=31536000
content-disposition: inline; filename="e0259d80-3efc-4984-a940-cb2699cf0f7b.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1NjlmNWVmLTNiOWY0Ig"
expires: Fri, 26 Apr 2024 02:04:34 GMT
x-request-id: cTT0yMU_REadyRpiu_KGN
cf-cache-status: HIT
age: 542720
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fLtGH%2BFYySb8jIDyiVnG5Z7XF3pGXYmuy1eirBI%2F7lgWr67aavw6X3FevbOVm0tSosyzkH4sp65CFjfCmPw52q%2FpLRYgHgoxhbHwB2z44SlCjBrSATGVo%2BocM3evIlljFr5GOL3AvKk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d1519580156ab-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/1a7392f3-3602-4c01-8639-cdefc6a96bd6.jpg@avif | 172.67.181.254 | 200 OK | 5.9 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/1a7392f3-3602-4c01-8639-cdefc6a96bd6.jpg@avif IP172.67.181.254:443
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
Hash122b27c0b5262a36412f93dbb00b0de5 d87ba70d7ba7edf47890d0d297201efe86b32560 80830d38df9a5b1f2e3e7d68158e74da75fc218975d858bd5b81b96f990b1482
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/1a7392f3-3602-4c01-8639-cdefc6a96bd6.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:54 GMT
content-type: image/avif
content-length: 5866
cache-control: public, max-age=31536000
content-disposition: inline; filename="1a7392f3-3602-4c01-8639-cdefc6a96bd6.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY0MjZiNWMwLTIxNDYxIg"
expires: Fri, 26 Apr 2024 02:04:34 GMT
x-request-id: SsKS4tM7r846gvp-CdTKv
cf-cache-status: HIT
age: 542720
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7EIRTDdPOXGcPgsoes5bfEd1h5n0knF2pp2e91un7y3yijL71Gi8bjvjYvYYbnqLsO5FM1G7uPZgcFyBM6ThLALq5gwPXKMyafbR2ZsRDKUsk2qpNOlyeTR1Rji9XL5UVyVyYwRuk4s%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d1519681756ab-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/8f42eed8-7759-4107-bc42-6f6e8aaf620f.png@avif | 172.67.181.254 | 200 OK | 7.8 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/8f42eed8-7759-4107-bc42-6f6e8aaf620f.png@avif IP172.67.181.254:443
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
Hash5dffc23dda7a0ac7282470d502a4ec21 f5c8199d10009251822a1a746adf97683e1ce88a 27685c219a84d8a82b163f213f4ae984e1b61f1464d2c13c0fbdb274ad702134
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/8f42eed8-7759-4107-bc42-6f6e8aaf620f.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:54 GMT
content-type: image/avif
content-length: 7822
cache-control: public, max-age=31536000
content-disposition: inline; filename="8f42eed8-7759-4107-bc42-6f6e8aaf620f.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjYzZjM1MTMwLTRkY2U0Ig"
expires: Fri, 26 Apr 2024 02:04:34 GMT
x-request-id: iIGoay181IchYO7HeYkth
cf-cache-status: HIT
age: 542720
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CLDkxES1tKfi8wOXBt7%2F9MXCa0Wf72iYlDlxvPz5pA%2Bnkf8o63L8j4IUD%2BRL6oMTLHA2BE0m62YmIwPiXCGCdjdR%2F0E39LvWJceC5dVNVERLffYA8UyF9I%2BOgCxwAvxfM1nv2%2FGXjyQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d1519681856ab-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/57460.093f52cba.js | 154.197.121.128 | 200 OK | 7.6 kB |
URL GET HTTP/21win-cdn.com/js/57460.093f52cba.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typegzip compressed data, from Unix Hashe81eff81d9285a20d028caeb5202f184 7d7b73c91820c416f11b256aaed1819b96c02741 0f40710647220c406d0fb8d8320624382eca7ad5d60ae369146c45e15ea012ed
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/57460.093f52cba.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:53 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-1b6"
expires: Sun, 23 Apr 2034 08:49:53 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1826018
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d15161bddb524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/a96daefa-98c9-480f-b73c-cb1df79aaf04.png@avif | 172.67.181.254 | 200 OK | 5.6 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/a96daefa-98c9-480f-b73c-cb1df79aaf04.png@avif IP172.67.181.254:443
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
Hash0425d7b51bb20a04c58cd636fc771149 2ae2d218e75c0bfd63129a956b058adb7419db27 2860051b96522c23cc7d6cbb668b3a95246ed4d2124612ba4fe92dcb00aea267
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/a96daefa-98c9-480f-b73c-cb1df79aaf04.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:54 GMT
content-type: image/avif
content-length: 5632
cache-control: public, max-age=31536000
content-disposition: inline; filename="a96daefa-98c9-480f-b73c-cb1df79aaf04.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY0MjZiMTU3LTcxMDQ3Ig"
expires: Fri, 26 Apr 2024 02:04:34 GMT
x-request-id: IFL8wnXrFM__MsFeQSdWB
cf-cache-status: HIT
age: 542720
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=O2LONwh2kIHj6eQgpy9DStaJs96FqExtZvAvTfSodXKxz39mAJSGCpxf%2Fc%2BUcaPwiqupMg60t5xT6IAEgXQpbTl%2FcytiPxPoUXrEK%2BIdmr9Gb7njPz1pFqpZ%2Bh5JUJEGfj%2ByoA%2FjX2Y%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d1519580b56ab-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/hacksaw.5f0e80ecd.svg | 154.197.121.128 | 200 OK | 7.6 kB |
URL GET HTTP/21win-cdn.com/img/hacksaw.5f0e80ecd.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typegzip compressed data, from Unix Hash245dfed665e5165d7b360d4dfbb30581 d2fcf24e08cbc152777f17035bc6f5151e5f7e87 dc224fa3be2459e3223a5c2509aaf29d5bb39df6fd36a79152713c715e97def5
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/hacksaw.5f0e80ecd.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:53 GMT
content-type: image/svg+xml
last-modified: Thu, 25 Apr 2024 07:09:59 GMT
etag: W/"662a01c7-349"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Thu, 25 Apr 2024 12:49:53 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d1517cdedb524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/mrslotty/3570f391-99ef-4e57-9ae5-c12a42b6e98e.png@avif | 172.67.181.254 | 200 OK | 5.9 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/mrslotty/3570f391-99ef-4e57-9ae5-c12a42b6e98e.png@avif IP172.67.181.254:443
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
Hash7279b460c2c3e6897dd82c41cfffd757 85daacf8f09fadca09c4d8ba11ab198978f2192f 70375edd591015991ebab6f221adfb5f6ca4a8a9814a56f52d339ba6fd991b9d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/mrslotty/3570f391-99ef-4e57-9ae5-c12a42b6e98e.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:54 GMT
content-type: image/avif
content-length: 5888
cache-control: public, max-age=31536000
content-disposition: inline; filename="3570f391-99ef-4e57-9ae5-c12a42b6e98e.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY2MDk5YjU0LTQ2YWExIg"
expires: Thu, 11 Apr 2024 08:34:37 GMT
x-request-id: -QGkhguJ1c43_hJ04T3hV
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dP7KNsdttM2rCkkME6W0KlJrmDvA4ILbb4rK2Wkmt6p4kdJCzwQMDQ%2FSuvkJshHPJaoE5oeBrJ543Lylof3Iu0uUiegcomQNVPhaBfB%2FvclMwXaggNVxB5daItS5IdKi6kNduAqjKlQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d1518af0656ab-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/spinomenal/b766d86a-eade-487b-98e3-7c58464e62de.png@avif | 172.67.181.254 | 200 OK | 9.3 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/spinomenal/b766d86a-eade-487b-98e3-7c58464e62de.png@avif IP172.67.181.254:443
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
Hash19ea6dc62a4b1d3b87a9940660698dd1 8c3052c6f52d60b40824437d282619e91034db7a 37fdf454398cc9c71d94e939cd12dc958e9380d776cc895395d52fca7ff78308
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/spinomenal/b766d86a-eade-487b-98e3-7c58464e62de.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:54 GMT
content-type: image/avif
content-length: 9300
cache-control: public, max-age=31536000
content-disposition: inline; filename="b766d86a-eade-487b-98e3-7c58464e62de.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY0MTJlYmFlLTMwYjZmIg"
expires: Thu, 11 Apr 2024 08:34:37 GMT
x-request-id: DSnRSuGxNXWGRKbRyfGob
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5J%2Fq4nzUmMmA3guQJMGp0H%2FsmHMPhH7wnambhy1ABwL3h9l2Dz8OfGX76mrrdqBVfj3qhNDIr2h5A%2FaqBOI5knTuUQCryM%2BvqkJPYNdFJifLJCcKgrUj5SJ1mE5BO8%2B80AP0h07ZXs8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d1518bf1a56ab-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/a2d833f8-b8d6-4fb7-8063-08501557df20.png@avif | 172.67.181.254 | 200 OK | 7.7 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/a2d833f8-b8d6-4fb7-8063-08501557df20.png@avif IP172.67.181.254:443
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
Hasha301711d2f250aac2cf9a7b842d5639e f64334b263231df3e7505d31d155e4277e8337db c44c30f8bb76dda1f98ed40d6aa5eb9e0b906618ba0ef88033c315b926d51668
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/a2d833f8-b8d6-4fb7-8063-08501557df20.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:54 GMT
content-type: image/avif
content-length: 7665
cache-control: public, max-age=31536000
content-disposition: inline; filename="a2d833f8-b8d6-4fb7-8063-08501557df20.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1ZmQ1ZTBlLTRmM2ViIg"
expires: Thu, 11 Apr 2024 08:34:37 GMT
x-request-id: IBHqLuZM_TiUsggrj8i_P
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2F8Bp3Y6QeMje7iVd46loA2QRC%2BrK04gam%2FtYpV7BeQ7O250%2FkFeVD38kZaSqC6S4ZxoRwZfQjwdOb%2FDMgAGhB4Rm6mhhCsQGJBoIQ6D05j0dfkgsXxLG39RKgn8ku4FTq3oXVGTdARI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d1518af1356ab-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/a6bce22c-f7ed-4ce4-9414-3a9c284f6175.jpg@avif | 172.67.181.254 | 200 OK | 8.0 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/a6bce22c-f7ed-4ce4-9414-3a9c284f6175.jpg@avif IP172.67.181.254:443
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
Hash5c0f019b7d2474cb160b5fbedfecf4f2 7a746b5e34d2001898dd636bba1c30ebe531fdff 5619d0886bad7318d829374a6a01b4325c9d6262e6a26670ca413259ed6dce6e
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/a6bce22c-f7ed-4ce4-9414-3a9c284f6175.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:54 GMT
content-type: image/avif
content-length: 8016
cache-control: public, max-age=31536000
content-disposition: inline; filename="a6bce22c-f7ed-4ce4-9414-3a9c284f6175.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY2MGE2MTVkLTRkNDcyIg"
expires: Thu, 11 Apr 2024 08:34:37 GMT
x-request-id: MYWC2Pm9gpQADGH4OeNaI
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ck5eJQQZdDiGCLvBLN4o%2FRHUk6l4cyWKSa8TAToaP7r5%2FCBfS%2BnsR741iA56vYlXVb7oOqnU1IHv3liL9hy7xHPWelerPkib%2FnbKZErn8ikz33hsFqdzURKdCWaaJ9fFDiXP3mXJVAQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d1518bf2856ab-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/endorphina/e616b239-a47e-43b9-a050-50c3662fbce4.png@avif | 172.67.181.254 | 200 OK | 7.7 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/endorphina/e616b239-a47e-43b9-a050-50c3662fbce4.png@avif IP172.67.181.254:443
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
Hash2575d269a08f870a79f69eda71b93d5c 0423437f25eacb10ab31baa05a81f5fc8eb9496d 4768d4250c6b267c70448e8153b36a1d1e25f7c84d4544c27d13852422b51dd6
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/endorphina/e616b239-a47e-43b9-a050-50c3662fbce4.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:54 GMT
content-type: image/avif
content-length: 7678
cache-control: public, max-age=31536000
content-disposition: inline; filename="e616b239-a47e-43b9-a050-50c3662fbce4.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1YjhlMTg3LTZkMmQyIg"
expires: Thu, 11 Apr 2024 08:34:37 GMT
x-request-id: uZ5AA9Vr_q8ke5ty_74l2
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4RABlXBzFMv%2BdbQfAQOeCHQJrHWd9VAaQ8yKr%2Fm0moLJ6curzphOcdzbso5ARbzRFCVJY7ZPzBVePCbpr%2F68OwRIN0M5quvyzzWVbSBg2HxtRtLyb53hMt9%2BzEdJf2uHh4Tha%2BzmPQM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d1518df5a56ab-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/fbcbd07e-2fbd-4b00-9edd-96eaae801b22.png@avif | 172.67.181.254 | 200 OK | 8.3 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/fbcbd07e-2fbd-4b00-9edd-96eaae801b22.png@avif IP172.67.181.254:443
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
Hash9867f5ddac7eff5f2fd88dfdec8fd493 6ea9a242437fe23c61e09a00030ae3eee78d3cd1 2a35868035bda3ac30307b7226b56456bb7bab2d244b808e07d3384cd18ba1e1
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/fbcbd07e-2fbd-4b00-9edd-96eaae801b22.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:54 GMT
content-type: image/avif
content-length: 8337
cache-control: public, max-age=31536000
content-disposition: inline; filename="fbcbd07e-2fbd-4b00-9edd-96eaae801b22.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1ZTFkNjFmLTdjN2M4Ig"
expires: Thu, 11 Apr 2024 08:34:37 GMT
x-request-id: 5VTNJ9Z4o3ig4Jxp6vwoI
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rsXeHwNkkbCIkxUM1GT1taSP0hrWfwNPnE06NvH%2Boq1dpFM269fNE9iMWOnAXqEaGIveO5TzKC3p7B%2Bgx47h253nw0Wkuwg0k%2BpP4IJBkPx8j88pK47IjS%2FZ4nCGKTRJsDp9A9RydZY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d1518df5d56ab-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/d0e532f1-4415-468d-aa3c-dbc88f46f22f.jpg@avif | 172.67.181.254 | 200 OK | 8.5 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/d0e532f1-4415-468d-aa3c-dbc88f46f22f.jpg@avif IP172.67.181.254:443
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
Hashc11c2d14d41a0b2a51d3f53a6da4c24e 45ce1e0bd439d9e86de2439208f4ae916a458edf 4dd61a323da69ec08bf6847c82a55afccc0a01586ef111c3f19b8c8a6e24bbe0
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/d0e532f1-4415-468d-aa3c-dbc88f46f22f.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:54 GMT
content-type: image/avif
content-length: 8463
cache-control: public, max-age=31536000
content-disposition: inline; filename="d0e532f1-4415-468d-aa3c-dbc88f46f22f.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY2MDQxNGFiLTFmODcyIg"
expires: Thu, 11 Apr 2024 08:34:37 GMT
x-request-id: RJIyPBnOYHaf-dKyUe0Z0
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=10iAbbkEKhUPaLe7HpFzPCct8CKX9zSeIWEM5qqop0JOl28bHSQondl11STb784dzLc2fHBJKbmIL56AfBzm4vV10hGlRAboLuIiM1Vnm7vg5G3uDCUKHMDs%2FVUjIXw375cRqUNTT8Q%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d1518cf3e56ab-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/css/index.fd224ee8e.css | 154.197.121.128 | 200 OK | 8.0 kB |
URL GET HTTP/21win-cdn.com/css/index.fd224ee8e.css IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typegzip compressed data, from Unix Hash47c64641b370490a41f749b3454dca7f 007566278c3e2f45e8ff54b8081ff2f4ff2faf13 62caa6b3076021141d4f975d8edf4753e045c77355c659cbc4b5f69802203fa3
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /css/index.fd224ee8e.css HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:52 GMT
content-type: text/css
last-modified: Thu, 04 Apr 2024 11:31:45 GMT
etag: W/"660e8fa1-1823"
expires: Sun, 23 Apr 2034 08:49:52 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1798619
set-cookie: __cf_bm=fIjFzHF7HO52bB4qbWHWAHGvawvaRiqpF6ID5akxJRI-1714034992-1.0.1.1-tZPB8ow6bYOlriRvs4WDTC9miUF0x5NtMsWUz8Lh6i3C95QiY6VPXonhYynpaIBcc6p9Nbky3JD3x6Fsf_Fa.w; path=/; expires=Thu, 25-Apr-24 09:19:52 GMT; domain=.1win-cdn.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d150c5b0db524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/bgaming.ae3573ff9.svg | 154.197.121.128 | 200 OK | 9.9 kB |
URL GET HTTP/21win-cdn.com/img/bgaming.ae3573ff9.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typegzip compressed data, from Unix Hash02b4858488260e8dcb95cc81902a9f0a 37f5f68e55d152cf442052c45a95bb695f3bf1ef f1adc7ea882fa664a5ad49c1e9f4be636000767b3c70ca54ea4ccc74d79246b2
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/bgaming.ae3573ff9.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:53 GMT
content-type: image/svg+xml
last-modified: Thu, 25 Apr 2024 07:09:59 GMT
etag: W/"662a01c7-f9d"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1105
expires: Thu, 25 Apr 2024 12:49:53 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d15180e31b524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/e778e77f-e65e-4551-a1b6-1e67aea3ff81.png@avif | 172.67.181.254 | 200 OK | 7.7 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/e778e77f-e65e-4551-a1b6-1e67aea3ff81.png@avif IP172.67.181.254:443
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
Hash4d53131980714ca754de982bcbed231a 7469a00f40e7356610d061a590fcb5b47d2c73d4 2f6f837e2558e630ec4a0940b3233f01857d8bcbda500c259d387a1b83cafcf5
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/e778e77f-e65e-4551-a1b6-1e67aea3ff81.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:54 GMT
content-type: image/avif
content-length: 7722
cache-control: public, max-age=31536000
content-disposition: inline; filename="e778e77f-e65e-4551-a1b6-1e67aea3ff81.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY0M2ZmMDk1LTQ5MTdlIg"
expires: Thu, 18 Apr 2024 08:28:21 GMT
x-request-id: UC_Vx7Yd7zYwr7k4m6Uml
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FPlFvoKOAm8h50jkP6iNgM1pmDmh08tN3DaDIRRwRf5O5BENCecTVCFVLfuUeV%2Bk2GEBgMavyn79R0eI6EC91sVBY9Ajw2U%2BfKCeLhdj%2F%2BIxFutZoYng%2FeuewmlMTOeizmESev%2BjCuU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d15193fe356ab-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/c57c414f-2dc6-4eee-872e-015548d9d27a.png@avif | 172.67.181.254 | 200 OK | 4.9 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/c57c414f-2dc6-4eee-872e-015548d9d27a.png@avif IP172.67.181.254:443
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
Hashdb701571c4425d8274de1b27d7e6cb09 36d108c41cdc990ba72798d8dfffd6409665d960 e46f417166303199e2093a8f1a54d6a48196c846296d6fd2dd1cc89ee56f925a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/c57c414f-2dc6-4eee-872e-015548d9d27a.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:54 GMT
content-type: image/avif
content-length: 4856
cache-control: public, max-age=31536000
content-disposition: inline; filename="c57c414f-2dc6-4eee-872e-015548d9d27a.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjYzZTYwYTBjLTc4ZjQ4Ig"
x-request-id: mUs58U3sys15n_Tbqadbr
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kQQJNrbjg1SFUvWavQZGn5ef8KUxjHZSIr8k2xdxYeofUkZ58QixHFFT%2BJRcoeAy%2FdjO1nPrBbKEk6X7kbUZX01Q0qhzfZ0r4UHRa3CqKUwAsbS%2BkhqzJVcEY4%2BnP9cS%2FBjI2kgnyxk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d15194ff056ab-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/54c53066-cb7d-4c67-9543-5c569e72da3a.png@avif | 172.67.181.254 | 200 OK | 8.1 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/54c53066-cb7d-4c67-9543-5c569e72da3a.png@avif IP172.67.181.254:443
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
Hash1fb7b22dea4d87652fa4ac4287bf1fc5 8297697d23e2bb407e6a0e1670f2b9aebe0aafe6 28f0cd1eb976d9e92d9797ceda17dc7331f5c5ada0c0574ec0ea5425e0fe31fe
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/54c53066-cb7d-4c67-9543-5c569e72da3a.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:54 GMT
content-type: image/avif
content-length: 8116
cache-control: public, max-age=31536000
content-disposition: inline; filename="54c53066-cb7d-4c67-9543-5c569e72da3a.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY0NDdkYzQzLTFlZjgxIg"
x-request-id: eo3BFjknDInMLfcYMm_c-
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qB75MkbYVBDLiB7tlFezdccwNvwEpzuTQPseWFTWsyf11pt5fHvTz1qMmFXI7SNDQbLbYaHICxV62RWexC40Hv5TnhIWGaTChJb%2FtKeHc%2Bs3gnTVq120TYhL6ne%2FFrPsqwTO%2FCnxXas%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d15192fbd56ab-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/fazi.19d7f4b72.svg | 154.197.121.128 | 200 OK | 22 kB |
URL GET HTTP/21win-cdn.com/img/fazi.19d7f4b72.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typegzip compressed data, from Unix Hashe3e7a8e318b717112f04db51d982a928 8aa2cbcbaff0a1d80c18f6abe00eb2e334998b86 71a3adb9d0b3aca592427b6c0dad8c798260e32eb4c8af8a627d79adc161dc3a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/fazi.19d7f4b72.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:54 GMT
content-type: image/svg+xml
last-modified: Wed, 24 Apr 2024 16:22:14 GMT
etag: W/"662931b6-285"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6029
expires: Thu, 25 Apr 2024 12:49:54 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d151a491cb524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/nolimit%20city.5b7440267.svg | 154.197.121.128 | 200 OK | 87 kB |
URL GET HTTP/21win-cdn.com/img/nolimit%20city.5b7440267.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typegzip compressed data, from Unix Hashc8d269757b8d7e16b0aa9da95a1785e3 57ddebbef509ba0470c7b5fb5bb2d03a56b9acb7 5b7d255926e43ba90d45414a1ce1152c7b1790cdd023135325c16459e1dcd413
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/nolimit%20city.5b7440267.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:54 GMT
content-type: image/svg+xml
last-modified: Wed, 24 Apr 2024 16:22:14 GMT
etag: W/"662931b6-693"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6029
expires: Thu, 25 Apr 2024 12:49:54 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d151ab99cb524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/max%20win%20gaming.00fa88483.svg | 154.197.121.128 | 200 OK | 91 kB |
URL GET HTTP/21win-cdn.com/img/max%20win%20gaming.00fa88483.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typegzip compressed data, from Unix Hash51961e5f0f36068a9b87120887a9e856 6c32d62590af306d42dada32cbef07479cf806e0 1b42a5db15adbbdf1992ad1f0a6f32fe85829c53ba680ca7ff554905751750aa
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/max%20win%20gaming.00fa88483.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:54 GMT
content-type: image/svg+xml
last-modified: Wed, 24 Apr 2024 16:22:14 GMT
etag: W/"662931b6-2fb"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6029
expires: Thu, 25 Apr 2024 12:49:54 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d151ab999b524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/genii.367222bbe.svg | 154.197.121.128 | 200 OK | 75 kB |
URL GET HTTP/21win-cdn.com/img/genii.367222bbe.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typegzip compressed data, from Unix Hashb7cf867c740b14b6e5c5de6bdf98497a 2fd3024cbf483153c88e47748e16ad81b93e8568 4b3751b965af8b099ead1babc20d5956178f1ca8821ee2b332de04c9525661d3
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/genii.367222bbe.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:54 GMT
content-type: image/svg+xml
last-modified: Wed, 24 Apr 2024 16:22:14 GMT
etag: W/"662931b6-ecd"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6029
expires: Thu, 25 Apr 2024 12:49:54 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d151a9979b524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/barbara%20bang.790acb7dc.svg | 154.197.121.128 | 200 OK | 17 kB |
URL GET HTTP/21win-cdn.com/img/barbara%20bang.790acb7dc.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typegzip compressed data, from Unix Hash73d1395ba7c9e83e053609a1bc1f5c9b cab728685026cf8356e6d1f57d4edfd2ece8ec0e 5e44a5e388ced835d2b5b011adc4f888fb7bd7b286d594d9c456cfcf6455bc97
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/barbara%20bang.790acb7dc.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:54 GMT
content-type: image/svg+xml
last-modified: Wed, 24 Apr 2024 16:22:14 GMT
etag: W/"662931b6-68da"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6029
expires: Thu, 25 Apr 2024 12:49:54 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d15198846b524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/apollo%20play.610da8846.svg | 154.197.121.128 | 200 OK | 2.8 kB |
URL GET HTTP/21win-cdn.com/img/apollo%20play.610da8846.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typegzip compressed data, from Unix Hash6d8c72301fb9d7cf8faf61069114ea17 04890424bf933f7f34b4da92eeaab4271f5957f5 9069d2c2e4adf13316fc9c745b590e28cc0fe9bee10257522c2bf18697ff14d6
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/apollo%20play.610da8846.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:54 GMT
content-type: image/svg+xml
last-modified: Wed, 24 Apr 2024 16:22:14 GMT
etag: W/"662931b6-158b"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6029
expires: Thu, 25 Apr 2024 12:49:54 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d15197840b524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/7mojos%20live.cb6749a25.svg | 154.197.121.128 | 200 OK | 227 kB |
URL GET HTTP/21win-cdn.com/img/7mojos%20live.cb6749a25.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Size227 kB (226742 bytes) Hash2315a2e96ccd54eb1b1ac0d3b9d16de5 f2d08c437722cb9a75951cd79eb57292b0d1850d 30b42602fc33884dbc376e193ffd63f760c8752743e06f326225c630498cf027
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/7mojos%20live.cb6749a25.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:54 GMT
content-type: image/svg+xml
last-modified: Wed, 24 Apr 2024 16:22:14 GMT
etag: W/"662931b6-19ef"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6029
expires: Thu, 25 Apr 2024 12:49:54 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d15196832b524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/agt.893343a61.svg | 154.197.121.128 | 200 OK | 7.2 kB |
URL GET HTTP/21win-cdn.com/img/agt.893343a61.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typegzip compressed data, from Unix Hash68dca6d9320b81216e5f549aacfb1f84 5fed3649b83634e35fcebbfd8dd0047c550cad43 5d19441c30ac356d5510a488edb84dd969cae01911a2760b71b47056fa391edc
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/agt.893343a61.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:54 GMT
content-type: image/svg+xml
last-modified: Thu, 25 Apr 2024 07:09:59 GMT
etag: W/"662a01c7-4be"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1106
expires: Thu, 25 Apr 2024 12:49:54 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d15197836b524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/yggdrasil.a6bc350dc.svg | 154.197.121.128 | 200 OK | 2.8 kB |
URL GET HTTP/21win-cdn.com/img/yggdrasil.a6bc350dc.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hash3f81e1990f953503141f68ec529d53ae f165d18bd893cc53aee2b4d98f40728ed0deee63 821d6515ad76109df4f090b0b301e69b4943b4e73b272c1cda324ac049c007b8
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/yggdrasil.a6bc350dc.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:54 GMT
content-type: image/svg+xml
last-modified: Wed, 24 Apr 2024 16:22:15 GMT
etag: W/"662931b7-1697"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6029
expires: Thu, 25 Apr 2024 12:49:54 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d151beaa4b524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/netent.95417a961.svg | 154.197.121.128 | 200 OK | 4.0 kB |
URL GET HTTP/21win-cdn.com/img/netent.95417a961.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typegzip compressed data, from Unix Hashef628cff99a215b727d9621d46309f3a 9c5f43095a1a96d6c315cc90aa054725ef98abb6 6f55e74df336e7acfd39979467d064a019a68c0093a36819c41e7de8a02fc2e2
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/netent.95417a961.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:54 GMT
content-type: image/svg+xml
last-modified: Wed, 24 Apr 2024 16:22:14 GMT
etag: W/"662931b6-3f7"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6029
expires: Thu, 25 Apr 2024 12:49:54 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d151ab99bb524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/gaming%20corps.5c3f3647c.svg | 154.197.121.128 | 200 OK | 1.0 kB |
URL GET HTTP/21win-cdn.com/img/gaming%20corps.5c3f3647c.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hash1d7c6fb59a690d8f474b3016e0884f65 9ccb548deaf6eb408f23b1c2197faa3b95cf7047 582eaa076dd0569d645d983ec9536265d3170f97a691de817d067cebdf5b5b02
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/gaming%20corps.5c3f3647c.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:54 GMT
content-type: image/svg+xml
last-modified: Wed, 24 Apr 2024 16:22:14 GMT
etag: W/"662931b6-790"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6029
expires: Thu, 25 Apr 2024 12:49:54 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d151a9971b524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/onetouch.b026a50c5.svg | 154.197.121.128 | 200 OK | 8.8 kB |
URL GET HTTP/21win-cdn.com/img/onetouch.b026a50c5.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typegzip compressed data, from Unix Hash2fb011709d65f8aa9c30b2048d16eb59 c6bf3c93b339f1a78358285444e79266b04e03c2 cc5345bad49d8e0de5a9ca81a0ce987c19c22ea72aca9afeda99f1b010576ed7
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/onetouch.b026a50c5.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:54 GMT
content-type: image/svg+xml
last-modified: Wed, 24 Apr 2024 16:22:14 GMT
etag: W/"662931b6-95a"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6029
expires: Thu, 25 Apr 2024 12:49:54 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d151ae9bab524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/gamomat.593230062.svg | 154.197.121.128 | 200 OK | 6.7 kB |
URL GET HTTP/21win-cdn.com/img/gamomat.593230062.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typegzip compressed data, from Unix Hash4c11e855a78668f1d888b0e3a0a358f3 1cb6bcc38f12aaeeb68aee24117c4350f7a24492 5368d3c1a7ed5bc052d2f124d39a3d95207181af37fb2559723cb47da93ef0ab
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/gamomat.593230062.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:54 GMT
content-type: image/svg+xml
last-modified: Wed, 24 Apr 2024 16:22:14 GMT
etag: W/"662931b6-283"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6029
expires: Thu, 25 Apr 2024 12:49:54 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d151a9976b524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| static-adm.1win-cdn.com/banner-files/9yYmJ2Tur3tt3XYtW2oVI8DGGkHjXl6mIxs4CN1HVley9FHORmApqK--Ba_jqSnNCnVpU7quGzIx6y3udjY5UnKYhEgasG11otA1.png | 172.67.181.254 | 200 OK | 8.3 kB |
URL GET HTTP/2static-adm.1win-cdn.com/banner-files/9yYmJ2Tur3tt3XYtW2oVI8DGGkHjXl6mIxs4CN1HVley9FHORmApqK--Ba_jqSnNCnVpU7quGzIx6y3udjY5UnKYhEgasG11otA1.png IP172.67.181.254:443
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typePNG image data, 1508 x 488, 8-bit colormap, non-interlaced Hashb7de3691fd1c1a6d6b09078011ffea54 b779cc6b081d228b5982d908fa4121bf89564bcb 8727bf47f35343854ef0783ad29be93c5ee9a73df60956ed43e3c60164bea567
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /banner-files/9yYmJ2Tur3tt3XYtW2oVI8DGGkHjXl6mIxs4CN1HVley9FHORmApqK--Ba_jqSnNCnVpU7quGzIx6y3udjY5UnKYhEgasG11otA1.png HTTP/1.1
Host: static-adm.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:50:12 GMT
content-type: image/png
content-length: 8313
last-modified: Tue, 13 Feb 2024 22:31:22 GMT
etag: "65cbedba-2079"
cache-control: max-age=14400
cf-cache-status: HIT
age: 4723
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hnpMx1dT%2FfUILrlcJhixYy0ahrzb03BhysefCUYo0PGvEbhKC8xNm0IrKkP2sVz%2FYOpRtvzLldqZHai4Y9RTe3ZFEoEF0vV2UVZDMDnbjJS3AQxUwPDjJ0yTOOISRDym2ugcL2f3C0wauA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d1589689e56ab-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/cq9.5d5072e17.svg | 154.197.121.128 | 200 OK | 234 kB |
URL GET HTTP/21win-cdn.com/img/cq9.5d5072e17.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typegzip compressed data, from Unix Size234 kB (233831 bytes) Hash817651bb77c6b813498be5abf9b9d11e 00355e5932b3982397e29fb63706711a559b5543 c47c509a8013ba256062242193169bce1ef5ba6e6d41e9cfc0646024c3b177ba
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/cq9.5d5072e17.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:54 GMT
content-type: image/svg+xml
last-modified: Wed, 24 Apr 2024 16:22:14 GMT
etag: W/"662931b6-120b"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6029
expires: Thu, 25 Apr 2024 12:49:54 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d1519c89db524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/thunderkick.6962312e1.svg | 154.197.121.128 | 200 OK | 841 B |
URL GET HTTP/21win-cdn.com/img/thunderkick.6962312e1.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hashee06089b308c5065a8e92a32b7b38686 2e83ac75ceb109c245525a733cfb3efc97cc42bd 24c651706b7981a60f137cc5b44b8d28dd81116565ffbdaef6687c8b41e4da21
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/thunderkick.6962312e1.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:54 GMT
content-type: image/svg+xml
last-modified: Wed, 24 Apr 2024 16:22:15 GMT
etag: W/"662931b7-349"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6029
expires: Thu, 25 Apr 2024 12:49:54 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d151bba84b524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/pragmatic.2e7a96b71.svg | 154.197.121.128 | 200 OK | 2.4 kB |
URL GET HTTP/21win-cdn.com/img/pragmatic.2e7a96b71.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hash0318d08339acfa9fb15b1f56bb22b145 caa87d78a9c14af0beeb66733294652e6b1627b8 24fe7388e4f3fc5ddea45e6369a02683ca4ecbe85d5e18c8f67d47a69709cea9
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/pragmatic.2e7a96b71.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:54 GMT
content-type: image/svg+xml
last-modified: Thu, 25 Apr 2024 07:09:59 GMT
etag: W/"662a01c7-953"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1106
expires: Thu, 25 Apr 2024 12:49:54 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d151b29fdb524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/revolver.25aaacada.svg | 154.197.121.128 | 200 OK | 3.9 kB |
URL GET HTTP/21win-cdn.com/img/revolver.25aaacada.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hash49db2026a7b56b5525113dde1df88e5f 145eaf3e89aaa41bc641b6cfd321d900f74065d6 6f0a14e96df44350c7101bb3382f02983f1eb98fced9d4309cf99b2210a96adc
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/revolver.25aaacada.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:54 GMT
content-type: image/svg+xml
last-modified: Wed, 24 Apr 2024 16:22:14 GMT
etag: W/"662931b6-f28"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6029
expires: Thu, 25 Apr 2024 12:49:54 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d151b5a23b524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| www.googletagmanager.com/gtag/destination?id=DC-12688802&l=dataLayer&cx=c | 142.250.74.168 | 200 OK | 200 kB |
URL GET HTTP/3www.googletagmanager.com/gtag/destination?id=DC-12688802&l=dataLayer&cx=c IP142.250.74.168:443
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com Fingerprint1E:33:2E:4B:C3:51:05:B7:73:DC:21:BF:3E:02:B3:16:D8:0B:AB:BB ValidityMon, 18 Mar 2024 19:37:14 GMT - Mon, 10 Jun 2024 19:37:13 GMT
File typeJavaScript source, ASCII text, with very long lines (1763) Size200 kB (199560 bytes) Hash9d8bbc11628492b2691c7fd10c5b4abd e281f9523f4b03939862d9eaae8014861c20a7ad 1c9135d11d8b010da1f5a77ae70ccdc6624863845d48efb3efff47d368ecfb96
GET /gtag/destination?id=DC-12688802&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 25 Apr 2024 08:49:54 GMT
expires: Thu, 25 Apr 2024 08:49:54 GMT
cache-control: private, max-age=900
last-modified: Thu, 25 Apr 2024 06:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 72848
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| 1win-cdn.com/img/500_i18_img.77110d4f9-1320.webp | 154.197.121.128 | 200 OK | 25 kB |
URL GET HTTP/21win-cdn.com/img/500_i18_img.77110d4f9-1320.webp IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeRIFF (little-endian) data, Web/P image Hash1f85b44a5305e8928fcae8922301d92a 7ecc0724a7560af7c4debc83014bab875eba685b 660ffadc474a5738fb2d93662e90e32d80dad0baa670e737854347ef8e4b904d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/500_i18_img.77110d4f9-1320.webp HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:53 GMT
content-type: image/webp
content-length: 25292
last-modified: Thu, 25 Apr 2024 08:10:16 GMT
etag: "662a0fe8-62cc"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Thu, 25 Apr 2024 12:49:53 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d15159b54b524-OSL
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/48430.9af74daeb.js | 154.197.121.128 | 200 OK | 1.2 kB |
URL GET HTTP/21win-cdn.com/js/48430.9af74daeb.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (1192), with no line terminators Hash13ee598a8e47be5a3df2543dc3171f75 630992d944c63ecf139694eb2e3e5ac0047bd23d 602ae541f8651417c75bee8a5666440303481bf090e791bad62894339350c339
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/48430.9af74daeb.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:53 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-496"
expires: Sun, 23 Apr 2034 08:49:53 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1826020
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d15128899b524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/gameart.7beff0d18.svg | 154.197.121.128 | 200 OK | 2.6 kB |
URL GET HTTP/21win-cdn.com/img/gameart.7beff0d18.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hash0316280cc350cb02b448e29142cbc493 16182a01de1fe9f3918bdfff51002844776c1b08 be85aab3a3bd01ae6471157366d278a01d650882cccaa670c8d5472eda92a073
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/gameart.7beff0d18.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:54 GMT
content-type: image/svg+xml
last-modified: Wed, 24 Apr 2024 16:22:14 GMT
etag: W/"662931b6-a30"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6029
expires: Thu, 25 Apr 2024 12:49:54 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d151a6945b524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1wtsso.life/img/icons/favicon-16x16-darkmode.png | 190.115.24.78 | 200 OK | 344 B |
URL GET HTTP/21wtsso.life/img/icons/favicon-16x16-darkmode.png IP190.115.24.78:443
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerLet's Encrypt Subject1wtsso.life FingerprintED:11:A9:B8:48:3F:E0:84:9D:82:E4:25:9F:C9:0D:03:D8:E4:CC:C0 ValidityFri, 19 Apr 2024 07:02:26 GMT - Thu, 18 Jul 2024 07:02:25 GMT
File typePNG image data, 16 x 16, 8-bit colormap, non-interlaced Hash55101f46ace081073c98f0d75229ae94 384e813b0f35437de99eb269c7d5c76479e20886 e380e9db272a2b59fabadab58a1d0a0ba51fbba121eec2920d4ab7b239b85a5f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/icons/favicon-16x16-darkmode.png HTTP/1.1
Host: 1wtsso.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register
Cookie: __ddg1_=cWD3UqJL96uidBXJXWUT; sub_ids=sub1=wdu161j31kq648r03084k716; visit_domain=1wtsso.life; core-sticky=http://10.233.108.84:80
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: ddos-guard
date: Tue, 16 Apr 2024 21:08:19 GMT
content-type: image/png
content-length: 344
last-modified: Tue, 16 Apr 2024 10:46:25 GMT
etag: "661e5701-158"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: ALLOW-FROM ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan, ALLOW-FROM 1win-partner.com ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan
accept-ranges: bytes
age: 733293
ddg-cache-status: HIT,HIT
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/elbet.701d0b0cd.svg | 154.197.121.128 | 200 OK | 11 kB |
URL GET HTTP/21win-cdn.com/img/elbet.701d0b0cd.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hashbd34c45017a4b3fe3d0813abbe16f113 2177a96200b95aa21ece71bfcbeadd200904c279 2ac83316161088868fcb56ac9812110d94b73567efab5e25b7387089d1ba7624
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/elbet.701d0b0cd.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:54 GMT
content-type: image/svg+xml
last-modified: Wed, 24 Apr 2024 16:22:14 GMT
etag: W/"662931b6-2a4d"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6029
expires: Thu, 25 Apr 2024 12:49:54 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d151a08dab524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/playbro.9ed310f23.svg | 154.197.121.128 | 200 OK | 4.8 kB |
URL GET HTTP/21win-cdn.com/img/playbro.9ed310f23.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hash221b773f0eb73aa28f7617e628f7fc2f 67e3b29f4a951351da5183dd7d6e083fbc991322 4ad7ef6a7e11897fa2b2830921fe86a3d878866c81c87d159f90732be0d30e9d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/playbro.9ed310f23.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:53 GMT
content-type: image/svg+xml
last-modified: Wed, 24 Apr 2024 16:22:14 GMT
etag: W/"662931b6-12e7"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6028
expires: Thu, 25 Apr 2024 12:49:53 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d1517cdecb524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/endorphina.20b721ba6.svg | 154.197.121.128 | 200 OK | 7.1 kB |
URL GET HTTP/21win-cdn.com/img/endorphina.20b721ba6.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hasha89aae2f962bcb01ecb8e3ddd113b797 706e09d5fa8312ec4cd3c7ca606ad19edca158d9 3a3f4f70b1c092a12634c8a8fbf3409fa001ee6d9a1eed7f0a3a5cfe5866dd6a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/endorphina.20b721ba6.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:53 GMT
content-type: image/svg+xml
last-modified: Thu, 25 Apr 2024 08:10:16 GMT
etag: W/"662a0fe8-1bc9"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Thu, 25 Apr 2024 12:49:53 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d15173d0db524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/salsa.8d18d113d.svg | 154.197.121.128 | 200 OK | 4.5 kB |
URL GET HTTP/21win-cdn.com/img/salsa.8d18d113d.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hash8ddc56d0a9c2b1ae996c3521eddfae36 db430c81bcb0d7090c4067b858c8d48f0ba5d320 08bcd575204796b49e6590b14d0aef61c53647132f039606f45957b971c37844
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/salsa.8d18d113d.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:54 GMT
content-type: image/svg+xml
last-modified: Wed, 24 Apr 2024 16:22:14 GMT
etag: W/"662931b6-1187"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6029
expires: Thu, 25 Apr 2024 12:49:54 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d151b7a42b524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/91635.a2db5f817.js | 154.197.121.128 | 200 OK | 748 B |
URL GET HTTP/21win-cdn.com/js/91635.a2db5f817.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (766), with no line terminators Hash74c5864ef446bbb00f9e7e1b39eff8f9 04696352def160b6c3536b2b11c4351f02f49780 348cacf24053c417315aaf1dd971cf88c758964beeb37725c7f683b90bb5e7d2
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/91635.a2db5f817.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:53 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-2ec"
expires: Sun, 23 Apr 2034 08:49:53 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1826020
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d15128894b524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/1win-normal.34748aac6.svg | 154.197.121.128 | 200 OK | 4.6 kB |
URL GET HTTP/21win-cdn.com/img/1win-normal.34748aac6.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hash6a657a7851fa92f791304f1cdb123e9a ae2def67a366ffe67578bf82e3c47b4f1966e784 8443e4838f78a5ad2efa628846e3337e1cec32b94cfce323eb25f2e97989a02f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/1win-normal.34748aac6.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:53 GMT
content-type: image/svg+xml
last-modified: Thu, 25 Apr 2024 07:09:59 GMT
etag: W/"662a01c7-1221"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1109
expires: Thu, 25 Apr 2024 12:49:53 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d15130919b524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/cashback.12a565952.svg | 154.197.121.128 | 200 OK | 2.1 kB |
URL GET HTTP/21win-cdn.com/img/cashback.12a565952.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hashdec65694aea7fe3f90d83fe595dc7ecf 563946a4b82ac2f2f0207a2695103e1daf34ad43 8a583efa9fc057f298b82a2f153fd082a240f8bf5feb8cb394e0a76d19c507c4
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/cashback.12a565952.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:53 GMT
content-type: image/svg+xml
last-modified: Thu, 25 Apr 2024 08:10:17 GMT
etag: W/"662a0fe9-851"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Thu, 25 Apr 2024 12:49:53 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d15153af5b524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/rubyplay.b4553f39e.svg | 154.197.121.128 | 200 OK | 7.6 kB |
URL GET HTTP/21win-cdn.com/img/rubyplay.b4553f39e.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hash3858ea5c6be5319073b0453eac475c1b 72be49666df66401b531cfe9658ae2b64f897b0b fb96a6365440b705da9c72c59a869499f4872ed922243f9d248536974a860980
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/rubyplay.b4553f39e.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:53 GMT
content-type: image/svg+xml
last-modified: Wed, 24 Apr 2024 16:22:14 GMT
etag: W/"662931b6-1d85"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6028
expires: Thu, 25 Apr 2024 12:49:53 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d15176d71b524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/c971b3cb-1bf8-4fc0-8970-fb258a3a0ac3.jpg@avif | 172.67.181.254 | 200 OK | 7.2 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/c971b3cb-1bf8-4fc0-8970-fb258a3a0ac3.jpg@avif IP172.67.181.254:443
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
Hash5a258a62a127acb8b8ad56770591d501 8452fa24937409b089d5a07b73ec4392b84c1a7e d039ac11879d3e157fe0dc5f8f4df871574a12c1d2cb1e8ed8586993f5684959
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/c971b3cb-1bf8-4fc0-8970-fb258a3a0ac3.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:54 GMT
content-type: image/avif
content-length: 7154
cache-control: public, max-age=31536000
content-disposition: inline; filename="c971b3cb-1bf8-4fc0-8970-fb258a3a0ac3.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY0NTExYzUwLTJjYTViIg"
expires: Thu, 11 Apr 2024 08:34:37 GMT
x-request-id: th0si--mGv2mjaolKBx3e
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=O%2BGamenQ3rxqn9COub3zDR1H9Ft698LZ98EgJ5OKgpCcBCmZ%2B%2BDsknX%2FlTHbsIaBaScojH9QRAnvgYrJ1teDyCLxOMLmhZjDqK6Ekbsi%2F4Zf%2FrUefAVnecs7H7I%2B9KuGjnBcHhnh5PQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d15189ef956ab-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/smartsoft.d8a4b520d.svg | 154.197.121.128 | 200 OK | 299 kB |
URL GET HTTP/21win-cdn.com/img/smartsoft.d8a4b520d.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Size299 kB (298969 bytes) Hash6bec0d360a5db76d67f9da29d3d4d206 614068b8909c0fdf885888290e5c0d62cff35951 df436f88f7f3b8bca45c6f8717853ca32849bb220297851fca614a4d574e6eda
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/smartsoft.d8a4b520d.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:54 GMT
content-type: image/svg+xml
last-modified: Thu, 25 Apr 2024 08:10:16 GMT
etag: W/"662a0fe8-48fd9"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1106
expires: Thu, 25 Apr 2024 12:49:54 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d151b8a49b524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/css/46062.b7312b43a.css | 154.197.121.128 | 200 OK | 25 kB |
URL GET HTTP/21win-cdn.com/css/46062.b7312b43a.css IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeASCII text, with very long lines (24651) Hashef78ee2f7694abf2e5097a99eab40ae4 a4a010cb3b6a8e51e676e639e79511644cfefb24 c2386a9c750f421152b452a552874b3644f887aeded7d3967f982dead82ed790
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /css/46062.b7312b43a.css HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:52 GMT
content-type: text/css
last-modified: Tue, 23 Apr 2024 13:01:30 GMT
etag: W/"6627b12a-604c"
expires: Sun, 23 Apr 2034 08:49:52 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 152485
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d15118f98b524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/index.4bd0dc579.js | 154.197.121.128 | 200 OK | 189 kB |
URL GET HTTP/21win-cdn.com/js/index.4bd0dc579.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
Size189 kB (188906 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/index.4bd0dc579.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:52 GMT
content-type: application/javascript; charset=utf-8
last-modified: Thu, 25 Apr 2024 08:10:16 GMT
etag: W/"662a0fe8-2e1ea"
expires: Sun, 23 Apr 2034 08:49:52 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1538
set-cookie: __cf_bm=9a0FlzUSBxOf2CCKPOpaS7P8EvxKm6i6ogWW2c7o0fA-1714034992-1.0.1.1-epgqaahdgYFdcI0XHiOZkMBkYESp8FA4A269DdyDTf6TdwjefZJxluJ5wJHW5a9UB2s15CgCcJ_xNkzii_d77Q; path=/; expires=Thu, 25-Apr-24 09:19:52 GMT; domain=.1win-cdn.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d150c5b08b524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/slotmill.c42ddd447.svg | 154.197.121.128 | 200 OK | 13 kB |
URL GET HTTP/21win-cdn.com/img/slotmill.c42ddd447.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hash39d48e4b982998cd10417bd09dcc0afc 541c60c508d7777db2cd0e49c18cf32219532dd8 3e18df680be6da9246c3675408ec0e7e107891281a863ab9b6377832b44ee48f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/slotmill.c42ddd447.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:54 GMT
content-type: image/svg+xml
last-modified: Wed, 24 Apr 2024 16:22:15 GMT
etag: W/"662931b7-3313"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6029
expires: Thu, 25 Apr 2024 12:49:54 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d151b8a48b524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/softswiss/046c1ad8-2d45-45d3-b7ca-e339ffc44393.png@png | 0.0.0.0 | | 0 B |
URL GET imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/softswiss/046c1ad8-2d45-45d3-b7ca-e339ffc44393.png@png IP0.0.0.0:0
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/softswiss/046c1ad8-2d45-45d3-b7ca-e339ffc44393.png@png HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
|
|
| 1win-cdn.com/css/36775.1ad325918.css | 154.197.121.128 | 200 OK | 17 kB |
URL GET HTTP/21win-cdn.com/css/36775.1ad325918.css IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeASCII text, with very long lines (17189) Hasha162edb527bb9e6d038f1855f671f64e 87889c36f27ba672071917da093d77cf102552c1 6218cf0b4ffbe30eaf4c29aea6f45f94ecdea335fd358ba80d9badd6eedfcce3
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /css/36775.1ad325918.css HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:52 GMT
content-type: text/css
last-modified: Mon, 08 Apr 2024 09:34:39 GMT
etag: W/"6613ba2f-4326"
expires: Sun, 23 Apr 2034 08:49:52 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1464542
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d1511bfc2b524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/62692.9dadb7398.js | 154.197.121.128 | 200 OK | 847 B |
URL GET HTTP/21win-cdn.com/js/62692.9dadb7398.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (881), with no line terminators Hash2396c8bca3aec16d12512850881beeaa f5e1ff1163ce9250fb0aae5e5ae0f7b53fa92bf1 dec438624d1ac734c43c52b607f839c13cef99ab7bd4f172d32c97e81630ff18
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/62692.9dadb7398.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:53 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-34f"
expires: Sun, 23 Apr 2034 08:49:53 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1826020
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d15128893b524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/ce984aa3-1980-464a-a49f-9d1c7c928a57.png@avif | 172.67.181.254 | 200 OK | 7.3 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/ce984aa3-1980-464a-a49f-9d1c7c928a57.png@avif IP172.67.181.254:443
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
Hash011b64c005adbc5b3454b79a1adf1693 6f19e774c39048f45441c4499c0b08b749829585 7d8852ad393034eb0a80f299bd81707ab3dae09826438ceafec2831d7858546c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/ce984aa3-1980-464a-a49f-9d1c7c928a57.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:54 GMT
content-type: image/avif
content-length: 7332
cache-control: public, max-age=31536000
content-disposition: inline; filename="ce984aa3-1980-464a-a49f-9d1c7c928a57.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1NzFjY2JjLTYwOTVlIg"
expires: Fri, 26 Apr 2024 02:04:34 GMT
x-request-id: uLO72IEecOKi0QDsMjxl9
cf-cache-status: HIT
age: 542720
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=K4jmRiTzOrGasm%2Fun2ypllK%2B3clovYaw82iVZSxtEpLJQxpXUAv7hJ32gCw2XNAXrSCpzKpL8Zb52LpW5qNu1IUaHKhScHU%2FoiFwHItp2xhhmnzlnInauhJuPlBO5ys2hyKdeL%2BXmb0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d15193fd656ab-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/9726.f171d96f4.js | 154.197.121.128 | 200 OK | 550 B |
URL GET HTTP/21win-cdn.com/js/9726.f171d96f4.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (584), with no line terminators Hashb0269d262b577b24e386d44e3a8a2515 0ae665ce9e9245ac8b29561292e7a208395ea49c 2182a2a1459e2e595fcf4081f7f3a428470038bbd21438c840af61d014ac55b2
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/9726.f171d96f4.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:54 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-226"
expires: Sun, 23 Apr 2034 08:49:54 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1817453
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d151ddc61b524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1wtsso.life/common/title?path=casino&lang=en | 190.115.24.78 | 200 OK | 29 B |
URL GET HTTP/21wtsso.life/common/title?path=casino&lang=en IP190.115.24.78:443
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerLet's Encrypt Subject1wtsso.life FingerprintED:11:A9:B8:48:3F:E0:84:9D:82:E4:25:9F:C9:0D:03:D8:E4:CC:C0 ValidityFri, 19 Apr 2024 07:02:26 GMT - Thu, 18 Jul 2024 07:02:25 GMT
File typetroff or preprocessor input, ASCII text, with no line terminators Hash55d138477f5d21b2864ed51b2aa3b446 f493c01dcf90c45f2334b9ca47839ce0a014222b 456ce42d8f0a396a6549e0fc1e00649162a0391884d40a887f013a53f681f37b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /common/title?path=casino&lang=en HTTP/1.1
Host: 1wtsso.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/casino/list?&open=register
Cookie: __ddg1_=cWD3UqJL96uidBXJXWUT; sub_ids=sub1=wdu161j31kq648r03084k716; visit_domain=1wtsso.life; core-sticky=http://10.233.108.84:80; 1w_lang=en; 1w_locale=1; AMP_494cccfe21=JTdCJTIyZGV2aWNlSWQlMjIlM0ElMjJkMTg1MDk0Yi00ZDRmLTRiNzUtODJkMy1mNzVmNWJhNmJlZGYlMjIlMkMlMjJzZXNzaW9uSWQlMjIlM0ExNzE0MDM0OTkyNTkzJTJDJTIyb3B0T3V0JTIyJTNBZmFsc2UlMkMlMjJsYXN0RXZlbnRUaW1lJTIyJTNBMTcxNDAzNDk5MjYzMSUyQyUyMmxhc3RFdmVudElkJTIyJTNBMCU3RA==; AMP_MKTG_494cccfe21=JTdCJTdE
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: ddos-guard
date: Thu, 25 Apr 2024 08:49:53 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=3600, stale-while-revalidate=300
etag: W/"25-bM/5z02X/xOkKbh8eZCiJpcKcd0"
vary: Origin, Accept-Encoding
x-frame-options: ALLOW-FROM ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan, ALLOW-FROM 1win-partner.com ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/caleta.b1dc71f69.svg | 154.197.121.128 | 200 OK | 1.3 kB |
URL GET HTTP/21win-cdn.com/img/caleta.b1dc71f69.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hashbbba19a0f7e2c3b02a8ca7d7c833eb63 5dd340d9cc4c395174865b155829f3054fb29275 96061a9a0bc3a990d16e91b8c52ca6436dfde7223b3e9741bee8a772f4559ccd
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/caleta.b1dc71f69.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:54 GMT
content-type: image/svg+xml
last-modified: Wed, 24 Apr 2024 16:22:14 GMT
etag: W/"662931b6-518"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6029
expires: Thu, 25 Apr 2024 12:49:54 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d1519a87eb524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/68578.08cd62539.js | 154.197.121.128 | 200 OK | 2.1 kB |
URL GET HTTP/21win-cdn.com/js/68578.08cd62539.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (2199), with no line terminators Hash443c37149beb03a5e14b47aff568a1a6 9d1f8f2aefe39f7fcd8b9e4f61e364b51057878f 4f00e6bfc5f4c65e7e63f563c27a8340f008d77c7935b0f6ecefa4b6e50cabfe
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/68578.08cd62539.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:53 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-833"
expires: Sun, 23 Apr 2034 08:49:53 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1817453
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d15150acfb524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/betgames.f9572e26f.svg | 154.197.121.128 | 200 OK | 3.1 kB |
URL GET HTTP/21win-cdn.com/img/betgames.f9572e26f.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hash22c1b0dd1e37b9c443eda963fe76d96e 7cdb9b3ec3c095dd657c2bc18489b00fc8f5f7fd 058002db89099b878d2fceffc78b9bdc47a5c5e990ebab7af3d1a9bac806a4f6
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/betgames.f9572e26f.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:54 GMT
content-type: image/svg+xml
last-modified: Thu, 25 Apr 2024 07:09:59 GMT
etag: W/"662a01c7-beb"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1106
expires: Thu, 25 Apr 2024 12:49:54 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d1519884db524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/goldenrace.4bb50c89d.svg | 154.197.121.128 | 200 OK | 2.2 kB |
URL GET HTTP/21win-cdn.com/img/goldenrace.4bb50c89d.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hash273a325a862af8a6f05811ac5a7c7f29 936efb3df57c80b5ee35a1ebed295fe90ec13145 0e9220c87c66f8eec886bcb17e5beb3242f287ea3099ff14d81e49c41d2c4d32
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/goldenrace.4bb50c89d.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:54 GMT
content-type: image/svg+xml
last-modified: Wed, 24 Apr 2024 16:22:14 GMT
etag: W/"662931b6-88a"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6029
expires: Thu, 25 Apr 2024 12:49:54 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d151aa97cb524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/softswiss/a773aeab-9c68-488c-98bf-d6cda9e2a316.png@png | 0.0.0.0 | | 0 B |
URL GET imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/softswiss/a773aeab-9c68-488c-98bf-d6cda9e2a316.png@png IP0.0.0.0:0
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/softswiss/a773aeab-9c68-488c-98bf-d6cda9e2a316.png@png HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
|
|
| 1win-cdn.com/img/turbo%20games.0a45ae56b.svg | 154.197.121.128 | 200 OK | 1.0 kB |
URL GET HTTP/21win-cdn.com/img/turbo%20games.0a45ae56b.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hasha3d3ed5aaed2f3fd7a089aa6b6e00aea d366f4c84c203fd116575a62676b89bcd97c5816 8c7289cbe7f24989aef5f3b52bf00d1178c03b134a718bdbf54d7ffa7d8426ed
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/turbo%20games.0a45ae56b.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:53 GMT
content-type: image/svg+xml
last-modified: Thu, 25 Apr 2024 07:09:59 GMT
etag: W/"662a01c7-416"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1105
expires: Thu, 25 Apr 2024 12:49:53 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d15181e41b524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/e5e6ff35-98dc-4923-abf3-6f2fe59515fe.png@avif | 172.67.181.254 | 200 OK | 8.1 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/e5e6ff35-98dc-4923-abf3-6f2fe59515fe.png@avif IP172.67.181.254:443
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
Hash7e8efe46dde9cda3cd4a173d23aa609e e285ec6cabd58a1f137a323c2795da808c5c65e8 3256461de8e961771cf7d1d55f8a438667b73a8363f69c460026643981a2c1cb
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/e5e6ff35-98dc-4923-abf3-6f2fe59515fe.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:54 GMT
content-type: image/avif
content-length: 8148
cache-control: public, max-age=31536000
content-disposition: inline; filename="e5e6ff35-98dc-4923-abf3-6f2fe59515fe.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY0ZTM1M2QzLTJjM2QyIg"
expires: Mon, 29 Apr 2024 11:00:27 GMT
x-request-id: agK_DcwTt9HNC0n9ThMdZ
cf-cache-status: HIT
age: 251366
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ihk6Z7a%2F%2FN%2FFBDJvhuEMtueef2WueNpNDG9KBUmlmUsBC0M5r%2BLdNXBhXX4PXBbj4RH95pUkmoxeXGN3GCZ%2BTKKYTGgqHGpH5ORjS56o6JibbjPGcpwNCyIJYWDDKpSLKtc51Kwp%2B0I%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d1518cf3556ab-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/belatra.1e7508387.svg | 154.197.121.128 | 200 OK | 5.1 kB |
URL GET HTTP/21win-cdn.com/img/belatra.1e7508387.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hash3a3db4a05ec45ff249ff2330cc6131d9 d4e82a85d11863ae6e91cf542676f8ed0dc5a130 356a6b1e0c2826d245756e52b8505d57e4cc1d2059957fe6fa4b4c37ce6754ff
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/belatra.1e7508387.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:54 GMT
content-type: image/svg+xml
last-modified: Wed, 24 Apr 2024 16:22:14 GMT
etag: W/"662931b6-13fa"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6029
expires: Thu, 25 Apr 2024 12:49:54 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d15198848b524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/66512.d3b9afb82.js | 154.197.121.128 | 200 OK | 759 B |
URL GET HTTP/21win-cdn.com/js/66512.d3b9afb82.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (777), with no line terminators Hashcb6fca85eef64397cba0320543b40d92 8832706404854e9b78dda970c87d17a0629016bd 7bf26beea8948e6afad264491eb02a264a252fb30c6a620c178a27b2a1477a65
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/66512.d3b9afb82.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:53 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-2f7"
expires: Sun, 23 Apr 2034 08:49:53 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1817454
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d1513394cb524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win.direct/v4/socket.io/?Language=en&xorigin=1wtsso.life&EIO=4&transport=websocket | 134.122.54.186 | 101 Switching Protocols | 0 B |
URL GET HTTP/1.11win.direct/v4/socket.io/?Language=en&xorigin=1wtsso.life&EIO=4&transport=websocket IP134.122.54.186:443 ASN#14061 DIGITALOCEAN-ASN
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerLet's Encrypt Subject*.1win.direct Fingerprint52:A8:ED:F5:F8:3D:CF:F0:55:C1:2A:96:EA:32:49:27:6C:D8:26:27 ValiditySun, 17 Mar 2024 06:46:18 GMT - Sat, 15 Jun 2024 06:46:17 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /v4/socket.io/?Language=en&xorigin=1wtsso.life&EIO=4&transport=websocket HTTP/1.1
Host: 1win.direct
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://1wtsso.life
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: aI58uhZbacN4Nq/60vJlbQ==
DNT: 1
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Sec-Websocket-Accept: BWY62b9pj8PCPr8sYifshSO8NNY=
Sec-Websocket-Extensions: permessage-deflate
Set-Cookie: core-sticky=c6a048f545bf1872; Path=/; HttpOnly
Upgrade: websocket
|
|
| 1win-cdn.com/js/18860.d3e8c1777.js | 154.197.121.128 | 200 OK | 28 kB |
URL GET HTTP/21win-cdn.com/js/18860.d3e8c1777.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeJavaScript source, ASCII text, with very long lines (27990), with no line terminators Hash4b143001b05330bb316fe6b48531dbb6 ffa1e8fc89a58cf47350481057028603fe7fff91 d2384a77cb70880903f3d1b81d47cdaf69af5bfb006fd23fb938c512ee2f486e
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/18860.d3e8c1777.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:52 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 15 Apr 2024 14:08:41 GMT
etag: W/"661d34e9-6d56"
expires: Sun, 23 Apr 2034 08:49:52 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 839966
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d150e5cd3b524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/netgame.8e28ed366.svg | 154.197.121.128 | 200 OK | 2.9 kB |
URL GET HTTP/21win-cdn.com/img/netgame.8e28ed366.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hashf7a27f15353cbc6d80464cb321e6f7cd 8e9d03da3c5f00a3a228b545cb8759e837059323 c7829189320f0892562d94639b839e69ab98bc4148e5827a634127bcc2ba9740
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/netgame.8e28ed366.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:53 GMT
content-type: image/svg+xml
last-modified: Wed, 24 Apr 2024 16:22:14 GMT
etag: W/"662931b6-b65"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1105
expires: Thu, 25 Apr 2024 12:49:53 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d1515db9eb524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/thunderspin.2d11ae63d.svg | 154.197.121.128 | 200 OK | 2.5 kB |
URL GET HTTP/21win-cdn.com/img/thunderspin.2d11ae63d.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hash604f41c295f537f07943cfe15d6f15f2 ab1b0075af6b7a8c6aa80eaa1ffbec9931a09369 9a89dee21e4f99f3d08e324ca4d4c6b1c08f3acc53bbc9027d57757359734198
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/thunderspin.2d11ae63d.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:54 GMT
content-type: image/svg+xml
last-modified: Wed, 24 Apr 2024 16:22:15 GMT
etag: W/"662931b7-9d8"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6029
expires: Thu, 25 Apr 2024 12:49:54 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d151bca88b524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/37061.4706f0db4.js | 154.197.121.128 | 200 OK | 25 kB |
URL GET HTTP/21win-cdn.com/js/37061.4706f0db4.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeJavaScript source, ASCII text, with very long lines (24692), with no line terminators Hashfea412cd3a087cd0adfdfe6b1bea44ff 456a1a717440c0724e385a28530602b16d0a6d79 3afba0d7cf4300653b9f75bbbdc8f22807f566ede08dffe32a887844f6174a47
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/37061.4706f0db4.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:52 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-6074"
expires: Sun, 23 Apr 2034 08:49:52 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1826021
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d15118f92b524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/icons-pack-casino.fd47961dc.js | 154.197.121.128 | 200 OK | 91 kB |
URL GET HTTP/21win-cdn.com/js/icons-pack-casino.fd47961dc.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Hashcaf103b3719cd36e18dd18439deac2fe b2e498d23c374abbc8ccd46f2ca03cb2bb2f41a3 4b280d2612a827e6604aef233c91cfd79b359a47065c728a350d0646c5c8a68c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/icons-pack-casino.fd47961dc.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:54 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-164f9"
expires: Sun, 23 Apr 2034 08:49:54 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1826019
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d1519681bb524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/4theplayer.f89265cdd.svg | 154.197.121.128 | 200 OK | 4.2 kB |
URL GET HTTP/21win-cdn.com/img/4theplayer.f89265cdd.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hash5cb7cf2507e642be8dd905487dc5ab67 68ad93bac5948542dade50964d8384eb9bff3573 f5bc2b7e50f7ecad4b80ce6102973c2cba12fdbd502b64505788c6f82ba08b66
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/4theplayer.f89265cdd.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:54 GMT
content-type: image/svg+xml
last-modified: Wed, 24 Apr 2024 16:22:14 GMT
etag: W/"662931b6-1067"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6029
expires: Thu, 25 Apr 2024 12:49:54 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d15196831b524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/big%20time%20gaming.e2bd46001.svg | 154.197.121.128 | 200 OK | 5.6 kB |
URL GET HTTP/21win-cdn.com/img/big%20time%20gaming.e2bd46001.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hash736482b909f3d90f4b87845b06343f95 05501f25bbd97642449a87b6113fbb3a2cf36f41 68f08269f37245370fb3122fa2c76f755644e1a9cce3e1abb1cda283aff2de62
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/big%20time%20gaming.e2bd46001.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:54 GMT
content-type: image/svg+xml
last-modified: Wed, 24 Apr 2024 16:22:14 GMT
etag: W/"662931b6-15e9"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6029
expires: Thu, 25 Apr 2024 12:49:54 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d15198859b524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/liw.134f23084.svg | 154.197.121.128 | 200 OK | 7.8 kB |
URL GET HTTP/21win-cdn.com/img/liw.134f23084.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hash264daa943330a145d35b4c46632ff260 9eb716994914e9640f1a2965a0cef6eeb6c2eba0 f0224d25386512226df690d731c56ff27c141f6c608684d2c3d67fa9e26594de
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/liw.134f23084.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:54 GMT
content-type: image/svg+xml
last-modified: Wed, 24 Apr 2024 16:22:14 GMT
etag: W/"662931b6-1e9e"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6029
expires: Thu, 25 Apr 2024 12:49:54 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d151ab98eb524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/wazdan.1cf2cebcc.svg | 154.197.121.128 | 200 OK | 2.0 kB |
URL GET HTTP/21win-cdn.com/img/wazdan.1cf2cebcc.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hashf19410782a9e906c5987a9ec3dec0a8e 9df4dc8c8b7defde41a5caea964099dd1c882245 728bdcd00db7137c2e314ddf1f2dbe368b5a66d31ff5ccf0ca8e8ba83e3da5c9
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/wazdan.1cf2cebcc.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:54 GMT
content-type: image/svg+xml
last-modified: Wed, 24 Apr 2024 16:22:15 GMT
etag: W/"662931b7-7bd"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6029
expires: Thu, 25 Apr 2024 12:49:54 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d151beaa0b524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/8726.6a357273b.js | 154.197.121.128 | 200 OK | 664 B |
URL GET HTTP/21win-cdn.com/js/8726.6a357273b.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (682), with no line terminators Hash2e216c1b879ec285c8c32567174c9af4 e1e1af06fe2299d4a230eb5467395ef6bf3354cc 2e286b2372f85cadaa903f3189b912a18def9e9c561f6b4121af91682164cca2
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/8726.6a357273b.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:53 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-298"
expires: Sun, 23 Apr 2034 08:49:53 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1826020
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d15133959b524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/fugaso.1a40d61ad.svg | 154.197.121.128 | 200 OK | 2.4 kB |
URL GET HTTP/21win-cdn.com/img/fugaso.1a40d61ad.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hashfbe83afa72fe7a858d1fcd467a7e3acb 5dc85aabeac449d7287662a7b6ffe2936e447b84 21f646343e711bc51884ff1699ff6dc11de867dd10a58fee0ad946c197d46cc0
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/fugaso.1a40d61ad.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:54 GMT
content-type: image/svg+xml
last-modified: Thu, 25 Apr 2024 07:09:59 GMT
etag: W/"662a01c7-951"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1106
expires: Thu, 25 Apr 2024 12:49:54 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d151a4923b524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/flags/no.svg | 154.197.121.128 | 200 OK | 326 B |
URL GET HTTP/21win-cdn.com/img/flags/no.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hash8b888b132836f9bf2c915bb3904c6dd3 e356289b851fdef19c9e0b2af31acbf95d77b0f8 da80fbdaeba2338f9ff3e93db2f1653c03c3dffa0cf376eed372edc98e308f0b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/flags/no.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:54 GMT
content-type: image/svg+xml
last-modified: Wed, 24 Apr 2024 16:22:15 GMT
etag: W/"662931b7-146"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 3189
expires: Thu, 25 Apr 2024 12:49:54 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d151dcc59b524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/70244.bdd6dc12c.js | 154.197.121.128 | 200 OK | 48 kB |
URL GET HTTP/21win-cdn.com/js/70244.bdd6dc12c.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/70244.bdd6dc12c.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:52 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 24 Apr 2024 12:10:29 GMT
etag: W/"6628f6b5-ba12"
expires: Sun, 23 Apr 2034 08:49:52 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 55691
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d1511fffab524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/20420.30b3c996e.js | 154.197.121.128 | 200 OK | 573 B |
URL GET HTTP/21win-cdn.com/js/20420.30b3c996e.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (591), with no line terminators Hash41330d1d45db0c752d96abc28dbb0644 3e716caf3e130d706d19fff163b8fda8b91574eb fbcbcecc2dd56e59b3e7ae495a64eafdbee9d493cd3b86ba0ebe14f75e031dc0
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/20420.30b3c996e.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:54 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-23d"
expires: Sun, 23 Apr 2034 08:49:54 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1826019
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d15198850b524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/quickspin.d9067a98a.svg | 154.197.121.128 | 200 OK | 2.4 kB |
URL GET HTTP/21win-cdn.com/img/quickspin.d9067a98a.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hash2981087d9047df84f1f173886d7f2353 27ee3db1546e61fb1042fe15065f39266f85bcc8 5dcab82097da033050612cbf50989d6cc9d2fe6823af9c8ea82affdc504e5a3d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/quickspin.d9067a98a.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:54 GMT
content-type: image/svg+xml
last-modified: Wed, 24 Apr 2024 16:22:14 GMT
etag: W/"662931b6-954"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1538
expires: Thu, 25 Apr 2024 12:49:54 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d151b4a0ab524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/endorphina/3a74cb93-c140-47e2-b2a7-6c79fe6141a1.png@png | 0.0.0.0 | | 0 B |
URL GET imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/endorphina/3a74cb93-c140-47e2-b2a7-6c79fe6141a1.png@png IP0.0.0.0:0
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/endorphina/3a74cb93-c140-47e2-b2a7-6c79fe6141a1.png@png HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/bfgames/c_f62e3a405aef5f1d40fc145c65eaf21c.jpg@png | 0.0.0.0 | | 0 B |
URL GET imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/bfgames/c_f62e3a405aef5f1d40fc145c65eaf21c.jpg@png IP0.0.0.0:0
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/bfgames/c_f62e3a405aef5f1d40fc145c65eaf21c.jpg@png HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
|
|
| 1win-cdn.com/img/betsolutions.5d0a153ca.svg | 154.197.121.128 | 200 OK | 1.6 kB |
URL GET HTTP/21win-cdn.com/img/betsolutions.5d0a153ca.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hash066b7782f9f8acb732cd85f2df1344ac 7bb3c193cb5dd835fec3e3ce7ed032be4200afc9 95ee3f610ca3eb081f9fd0b7c61dc40ea0e5f470b0ba72dee69c1a06a9198e35
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/betsolutions.5d0a153ca.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:54 GMT
content-type: image/svg+xml
last-modified: Wed, 24 Apr 2024 16:22:14 GMT
etag: W/"662931b6-61d"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6029
expires: Thu, 25 Apr 2024 12:49:54 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d15198853b524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/pg%20soft.fdb9d6567.svg | 154.197.121.128 | 200 OK | 1.4 kB |
URL GET HTTP/21win-cdn.com/img/pg%20soft.fdb9d6567.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hash71eb5806fcdd473839d2654d03c3fd5e 76a63507f2c2a26ffc343182aaa5d3278197ab88 dcf4ddaaf54ac6541b02df2c9198fe4743b219ec65ec8caa67b999e6a07335dd
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/pg%20soft.fdb9d6567.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:54 GMT
content-type: image/svg+xml
last-modified: Thu, 25 Apr 2024 07:09:59 GMT
etag: W/"662a01c7-5a0"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Thu, 25 Apr 2024 12:49:54 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d151af9c8b524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/35004.b02e79125.js | 154.197.121.128 | 200 OK | 23 kB |
URL GET HTTP/21win-cdn.com/js/35004.b02e79125.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeJavaScript source, ASCII text, with very long lines (23340), with no line terminators Hash440799cf0cd0e366ced388bd521b581c a3a9b113dd83cebcc40b06d91e844e1fa28a249f f861a31438a3a102068b510126db9703e696203c7aa027312910ea94c9772ddd
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/35004.b02e79125.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:53 GMT
content-type: application/javascript; charset=utf-8
last-modified: Tue, 23 Apr 2024 11:53:44 GMT
etag: W/"6627a148-5b2c"
expires: Sun, 23 Apr 2034 08:49:53 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d1511fff7b524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/86359.48c462178.js | 154.197.121.128 | 200 OK | 634 B |
URL GET HTTP/21win-cdn.com/js/86359.48c462178.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (654), with no line terminators Hash33a83c5ac34b557d3037a52c8dead1fe 6bd3202d3720d8c86a84a63f1975b5d53d044ef9 7eb34e53490cdfe14b7d40ae44b2bf4e92d10e204114c1bf5352f6a66c587b8b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/86359.48c462178.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:53 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-27a"
expires: Sun, 23 Apr 2034 08:49:53 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1826020
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d15128897b524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/gamzix.c753c377b.svg | 154.197.121.128 | 200 OK | 3.9 kB |
URL GET HTTP/21win-cdn.com/img/gamzix.c753c377b.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hashc9bdfac4b8a9fec4171e1e4eaada52d9 e0ecf83a680f3cb4750ca30306d444bf25e8a890 a9f4f158614d42eb732421ef41983f0cbfe1f29e95101bd315d0b3d238f1d21d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/gamzix.c753c377b.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:53 GMT
content-type: image/svg+xml
last-modified: Wed, 24 Apr 2024 16:22:14 GMT
etag: W/"662931b6-f3b"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6028
expires: Thu, 25 Apr 2024 12:49:53 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d15166c3ab524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/css/23008.4d99d3b0f.css | 154.197.121.128 | 200 OK | 7.9 kB |
URL GET HTTP/21win-cdn.com/css/23008.4d99d3b0f.css IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeASCII text, with very long lines (7893), with no line terminators Hash15bb28e48dc53cfa017cf27ce0ce58f6 d263b0f93918f1e2d74d130c0b029517e5e16d1c efaccc84713561e47443683e81b2093d89b226007a2a448762fcf0e7cc3e72a4
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /css/23008.4d99d3b0f.css HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:52 GMT
content-type: text/css
last-modified: Wed, 24 Apr 2024 12:10:29 GMT
etag: W/"6628f6b5-1ecc"
expires: Sun, 23 Apr 2034 08:49:52 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 69908
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d1511afa9b524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/spribe.7ce760055.svg | 154.197.121.128 | 200 OK | 1.7 kB |
URL GET HTTP/21win-cdn.com/img/spribe.7ce760055.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hash33a9e45726e8faebc5b2e6d77375cd5e cfb38d5cee2ec3a48d5bfa1a3b9c3806557dcb6f 1645b2d498bc98d5a05875f6d2d3681236d254cc2f8837965c925e511db72df1
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/spribe.7ce760055.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:54 GMT
content-type: image/svg+xml
last-modified: Wed, 24 Apr 2024 16:22:15 GMT
etag: W/"662931b7-6a8"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6029
expires: Thu, 25 Apr 2024 12:49:54 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d151baa69b524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/spinmatic.f74cf69af.svg | 154.197.121.128 | 200 OK | 2.2 kB |
URL GET HTTP/21win-cdn.com/img/spinmatic.f74cf69af.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hash12c6733c47b71d93b36447dcb999d080 f6440015ef35215d9009b4f08340145df1f7d9e1 fb365d3e4d36a26db4aae3e00690d0b35f5289b5e80c371ed687b7239be22f07
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/spinmatic.f74cf69af.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:54 GMT
content-type: image/svg+xml
last-modified: Wed, 24 Apr 2024 16:22:15 GMT
etag: W/"662931b7-86d"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6029
expires: Thu, 25 Apr 2024 12:49:54 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d151b9a56b524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/mascot%20gaming.21cafbe70.svg | 154.197.121.128 | 200 OK | 5.2 kB |
URL GET HTTP/21win-cdn.com/img/mascot%20gaming.21cafbe70.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hash692c90ac31385db12fe64a48ec01b77a e9249716fcbdc6e0b75b798d0f37ed6942a045da d0b041e1a396908bda558a5d224edb3cd80787d88910beb2fdb2dc4e5186045a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/mascot%20gaming.21cafbe70.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:53 GMT
content-type: image/svg+xml
last-modified: Thu, 25 Apr 2024 08:10:16 GMT
etag: W/"662a0fe8-144f"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1105
expires: Thu, 25 Apr 2024 12:49:53 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d15155b20b524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/c2abecf2-042a-41d3-8527-5bb9e886caab.jpg@avif | 172.67.181.254 | 200 OK | 8.3 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/c2abecf2-042a-41d3-8527-5bb9e886caab.jpg@avif IP172.67.181.254:443
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
Hashcd452335ce2868ead18d8e2082e43350 c673f2ea78d3dbf3bba5ec7944c1ff953222dae0 bda165800d495d883bd2880f0767090a408ad945fb193bb725546743e0dacccd
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/c2abecf2-042a-41d3-8527-5bb9e886caab.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:54 GMT
content-type: image/avif
content-length: 8273
cache-control: public, max-age=31536000
content-disposition: inline; filename="c2abecf2-042a-41d3-8527-5bb9e886caab.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY0MmQ3MDhjLTFmNjUyIg"
expires: Fri, 26 Apr 2024 02:04:34 GMT
x-request-id: DRek7syqKLtU-wVID_cdA
cf-cache-status: HIT
age: 542720
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yyA6pT6k4aBzqrISgk2xXievduJx8lSew6FGXE4%2BQGPTaZxZgAg5E%2Fi1Bds%2FHIzYMi0v3wf6QCEZJzjBCeOTpbkpRBZRpPIQGE2aYqmVbqsfqmNR61pKekGkoC0Jr66D%2FKaVTUjqCsI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d15191fb156ab-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/leap.f4cfad944.svg | 154.197.121.128 | 200 OK | 2.5 kB |
URL GET HTTP/21win-cdn.com/img/leap.f4cfad944.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hash9129fc106fce1317a16bb3acbd708de8 64dead6ad9646ce68218ae82cf9d369811d3b88d 993824f1fe4aa4c5c4132998d9b0a11fb719a92494f86e32d015a980473a59af
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/leap.f4cfad944.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:54 GMT
content-type: image/svg+xml
last-modified: Wed, 24 Apr 2024 16:22:14 GMT
etag: W/"662931b6-99d"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6029
expires: Thu, 25 Apr 2024 12:49:54 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d151aa98bb524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/42672.1d05742a3.js | 154.197.121.128 | 200 OK | 884 B |
URL GET HTTP/21win-cdn.com/js/42672.1d05742a3.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (910), with no line terminators Hash84e9ef241ba6d064f080cf809baa8f8b aa88381b3389d9ac5129099cac848b9068c5841f 0ee1a9bf53639249a9ff2b09acb4903f1bd7d4318e25612c0c88b1389af9125f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/42672.1d05742a3.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:54 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-374"
expires: Sun, 23 Apr 2034 08:49:54 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1824425
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d151ddc5fb524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/truelab.ec113fba7.svg | 154.197.121.128 | 200 OK | 2.0 kB |
URL GET HTTP/21win-cdn.com/img/truelab.ec113fba7.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hashedd84be1aaadcb0b503864bea380f168 af4583fc1079d7d5e07cc6ca22b56f9eeaab7418 d73eced8792c2507b075c7a7a313f1e228700fda1108d4ab44d707b36b241e06
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/truelab.ec113fba7.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:53 GMT
content-type: image/svg+xml
last-modified: Wed, 24 Apr 2024 16:22:15 GMT
etag: W/"662931b7-7b0"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6028
expires: Thu, 25 Apr 2024 12:49:53 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d15183e68b524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/superlotto.0b2069aeb.svg | 154.197.121.128 | 200 OK | 7.0 kB |
URL GET HTTP/21win-cdn.com/img/superlotto.0b2069aeb.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hash128046b1d7f6f312cc287763f0c22336 4d2984a448e97d8b6e5b34a4c9fd08dfceb6f4a1 8531767fbaba9dae9a2f659ba50799bef2f9f0c207105bd1010f5e0a12b84f89
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/superlotto.0b2069aeb.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:54 GMT
content-type: image/svg+xml
last-modified: Wed, 24 Apr 2024 16:22:15 GMT
etag: W/"662931b7-1b55"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6029
expires: Thu, 25 Apr 2024 12:49:54 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d151baa6cb524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/playtech.cecac3222.svg | 154.197.121.128 | 200 OK | 2.6 kB |
URL GET HTTP/21win-cdn.com/img/playtech.cecac3222.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hash54cb545ad750e3e670cc7cfaed81c2d4 f808d9b539d13d64c4b405da4dca9b0db732b87e 2bcda89b73c859c34d62c330205d603cb247ae31b00e987f3c3bfaaa3ba2a64e
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/playtech.cecac3222.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:53 GMT
content-type: image/svg+xml
last-modified: Thu, 25 Apr 2024 08:10:16 GMT
etag: W/"662a0fe8-a00"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1105
expires: Thu, 25 Apr 2024 12:49:53 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d15180e2ab524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/swintt.7c851d380.svg | 154.197.121.128 | 200 OK | 427 B |
URL GET HTTP/21win-cdn.com/img/swintt.7c851d380.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hash90e9054f87471fee18244fbfaa5c2434 e4f14ab709714096c57f1e9941c4f28aacdae8f0 b0bec97d4b607d5aafa8a013b13b9cd75579c41d514ddba2caa53070867e95ef
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/swintt.7c851d380.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:53 GMT
content-type: image/svg+xml
last-modified: Wed, 24 Apr 2024 16:22:15 GMT
etag: W/"662931b7-1ab"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6028
expires: Thu, 25 Apr 2024 12:49:53 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d15182e4fb524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/7mojos%20slots.c8ad63b4f.svg | 154.197.121.128 | 200 OK | 9.0 kB |
URL GET HTTP/21win-cdn.com/img/7mojos%20slots.c8ad63b4f.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hashee7f334d83ac78ee94aa7cb499a7d252 acaf3f1ec2dd643c920f036bceed9922c4398d9a eef20c5785f1ea1445bc5d54982011d999ae577a2d354eb7035465336ad1555b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/7mojos%20slots.c8ad63b4f.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:54 GMT
content-type: image/svg+xml
last-modified: Wed, 24 Apr 2024 16:22:14 GMT
etag: W/"662931b6-233d"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6029
expires: Thu, 25 Apr 2024 12:49:54 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d15197835b524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/upgaming.242b9e921.svg | 154.197.121.128 | 200 OK | 4.8 kB |
URL GET HTTP/21win-cdn.com/img/upgaming.242b9e921.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hashaeb4cc1caa82c4f55b3598ea0c7003fd 8c1eec585578ba1c3803b2d6b724d67cb8e3de25 236f3b8b8aad7f6ad5e23aa1eaf555fb7420d9dd6eb1df70e7957b1707554982
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/upgaming.242b9e921.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:54 GMT
content-type: image/svg+xml
last-modified: Wed, 24 Apr 2024 16:22:15 GMT
etag: W/"662931b7-129c"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6029
expires: Thu, 25 Apr 2024 12:49:54 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d151bca8cb524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/pwa_android_en.b229a444a-690.png | 154.197.121.128 | 200 OK | 33 kB |
URL GET HTTP/21win-cdn.com/img/pwa_android_en.b229a444a-690.png IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typePNG image data, 690 x 450, 8-bit colormap, non-interlaced Hash43e03a24e305838eac0629c5cbf85550 85c71568d1008a17b928ac548987911daf187020 368a53c990be07280c5f3d3a726f0365f24befd9da404e98c139d88d8b5bf10b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/pwa_android_en.b229a444a-690.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:53 GMT
content-type: image/png
content-length: 33278
cf-bgj: imgq:100,h2pri
cf-polished: origSize=37637
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "662a01c7-9305"
last-modified: Thu, 25 Apr 2024 07:09:59 GMT
cf-cache-status: HIT
age: 1538
expires: Thu, 25 Apr 2024 12:49:53 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d1513798cb524-OSL
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/3%20oaks%20gaming.a6d146d58.svg | 154.197.121.128 | 200 OK | 2.7 kB |
URL GET HTTP/21win-cdn.com/img/3%20oaks%20gaming.a6d146d58.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hash443b070227be618d0513c134be5b65f2 cea77f63f79f4a2406af9f75e29078e40c69f9e3 99766510c4cf78a018e87ef969b90f738755e653efa66e1b5f2f9e6ab7d41ed8
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/3%20oaks%20gaming.a6d146d58.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:54 GMT
content-type: image/svg+xml
last-modified: Wed, 24 Apr 2024 16:22:14 GMT
etag: W/"662931b6-aa2"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6029
expires: Thu, 25 Apr 2024 12:49:54 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d1519682fb524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/fantasma.8f4e2392c.svg | 154.197.121.128 | 200 OK | 3.4 kB |
URL GET HTTP/21win-cdn.com/img/fantasma.8f4e2392c.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hash2b6e488681e5af743e430cce2f0c2187 5a3102291017d617e6346a59664b1ec7eece4423 f34079a7f0c56e9ef5af475418998e11aa38c64bf4900827c830263eb9e8ac11
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/fantasma.8f4e2392c.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:54 GMT
content-type: image/svg+xml
last-modified: Thu, 25 Apr 2024 07:09:59 GMT
etag: W/"662a01c7-d34"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Thu, 25 Apr 2024 12:49:54 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d151a390db524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/font/SFNSText-cyrillic.211c5c35c.woff2 | 154.197.121.128 | 200 OK | 22 kB |
URL GET HTTP/21win-cdn.com/font/SFNSText-cyrillic.211c5c35c.woff2 IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 21916, version 1.0 Hash6396986c711f0dfc793140885fb00d41 6199282046b142fd34d950a274769b56cc85c87c 5d30f3756e0a53b580ebd92d46e748a7f51331f4637b6eb594f2b7a79f64245b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /font/SFNSText-cyrillic.211c5c35c.woff2 HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1wtsso.life
DNT: 1
Connection: keep-alive
Referer: https://1win-cdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:54 GMT
content-type: application/octet-stream
content-length: 21916
last-modified: Mon, 15 Apr 2024 11:50:03 GMT
etag: "661d146b-559c"
expires: Sun, 23 Apr 2034 08:49:54 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 593412
accept-ranges: bytes
set-cookie: __cf_bm=Bs.pAEP4NHjSX7fJUs2X7lP5FOaDFKnqkEginFkp87E-1714034994-1.0.1.1-i1twHWi0aLxZL81NN4LzQBDKDOZYX_jif31JzavtsyLa_FehaN1dwcYgzegCADrv8addsIRiKk3PhZlO79jeUw; path=/; expires=Thu, 25-Apr-24 09:19:54 GMT; domain=.1win-cdn.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d151c3bd5b4fa-OSL
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/softswiss/2540c6b5-b697-4ddc-9ed5-aa5dbac69801.png@png | 0.0.0.0 | | 0 B |
URL GET imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/softswiss/2540c6b5-b697-4ddc-9ed5-aa5dbac69801.png@png IP0.0.0.0:0
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/softswiss/2540c6b5-b697-4ddc-9ed5-aa5dbac69801.png@png HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
|
|
| 1win-cdn.com/img/bombay%20live.ab678ab94.svg | 154.197.121.128 | 200 OK | 1.5 kB |
URL GET HTTP/21win-cdn.com/img/bombay%20live.ab678ab94.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hash291aed0c4eee33d7354cb7440283934c ed96adcc70c1f20adad6a9b7a4fa494c45a0d66e e74a67564e0b43deb9d4a6cf97c232567d7dc8111c457c32360d695c21692291
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/bombay%20live.ab678ab94.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:54 GMT
content-type: image/svg+xml
last-modified: Wed, 24 Apr 2024 16:22:14 GMT
etag: W/"662931b6-5b4"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6029
expires: Thu, 25 Apr 2024 12:49:54 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d15199863b524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/60609.5ed8b9fec.js | 154.197.121.128 | 200 OK | 623 B |
URL GET HTTP/21win-cdn.com/js/60609.5ed8b9fec.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (649), with no line terminators Hash9188b65f1f1e4829d2d3b88925767e57 c21f94f423f48725cd29d800b45852c170e935dd 4d4c8a7df6aba520d0ee270fab5f306f29a0a564d060eb49d04d29eb18dcfd98
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/60609.5ed8b9fec.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:54 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-26f"
expires: Sun, 23 Apr 2034 08:49:54 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1824425
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d151ddc62b524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| d16q5vvir3f28d.cloudfront.net/raffle-20240411/headerLink.png | 143.204.42.156 | 200 OK | 3.9 kB |
URL GET HTTP/2d16q5vvir3f28d.cloudfront.net/raffle-20240411/headerLink.png IP143.204.42.156:443
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerAmazon Subject*.cloudfront.net FingerprintFA:21:45:DC:4D:94:03:A3:09:77:51:78:4A:21:F2:C5:6D:94:BE:52 ValidityTue, 10 Oct 2023 00:00:00 GMT - Thu, 19 Sep 2024 23:59:59 GMT
File typePNG image data, 124 x 48, 8-bit colormap, non-interlaced Hash3219393f1efd01cf2db20820dff57cf2 ebdbcf916084a0d5a70680021d269680e9f41d41 8bb1195fc7bb92abd77f1a9bb21ce32e20e509d25d3aef4c412b50c8fae6ec06
GET /raffle-20240411/headerLink.png HTTP/1.1
Host: d16q5vvir3f28d.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: image/png
content-length: 3884
date: Wed, 24 Apr 2024 16:11:44 GMT
last-modified: Thu, 11 Apr 2024 12:20:45 GMT
etag: "3219393f1efd01cf2db20820dff57cf2"
x-amz-server-side-encryption: AES256
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 142be88a35733307a5e7de05da0a20b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: Gf07gLfD8E7g4ReBoSbixv2B43IT13_gH9kRmsz5f8WfLMt2MCFUWg==
age: 59891
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/relax.1a68769f8.svg | 154.197.121.128 | 200 OK | 1.4 kB |
URL GET HTTP/21win-cdn.com/img/relax.1a68769f8.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hashd29d9c49a3e8be4842246e8b658651b1 71129bcf41f71edffe3fb4db0b4ff2faf37bd536 67d8edefc6b96e711c297519bc268d93c477cebc6a6cd0f912bb1567ee2a71eb
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/relax.1a68769f8.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:54 GMT
content-type: image/svg+xml
last-modified: Thu, 25 Apr 2024 08:10:16 GMT
etag: W/"662a0fe8-57f"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Thu, 25 Apr 2024 12:49:54 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d151b5a17b524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/skywind.9cd4f870b.svg | 154.197.121.128 | 200 OK | 1.5 kB |
URL GET HTTP/21win-cdn.com/img/skywind.9cd4f870b.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hash6133bd0ec680372c4b1478cca75bd999 852e07d884235f5b480657590f2cba1ce4d53d7f 6e09ca60ae8119229bdebf17f96b69ea481296cf4da7dbd9c2d27ee8111d30f0
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/skywind.9cd4f870b.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:54 GMT
content-type: image/svg+xml
last-modified: Thu, 25 Apr 2024 07:09:59 GMT
etag: W/"662a01c7-5e3"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1106
expires: Thu, 25 Apr 2024 12:49:54 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d151b7a46b524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/betsoft.cc500155f.svg | 154.197.121.128 | 200 OK | 4.7 kB |
URL GET HTTP/21win-cdn.com/img/betsoft.cc500155f.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hashfa91200f1738243c9a1bf9ebf853c238 43a438416c285aaf55c7f2edb2676616ffa0c838 9235396681ab2e82a2b5ce89e4f2e711f69cde3f6fb83af4050e110c4a55d3c9
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/betsoft.cc500155f.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:54 GMT
content-type: image/svg+xml
last-modified: Wed, 24 Apr 2024 16:22:14 GMT
etag: W/"662931b6-1286"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6029
expires: Thu, 25 Apr 2024 12:49:54 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d15198851b524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| www.googletagmanager.com/gtag/js?id=AW-16482547739&l=dataLayer&cx=c | 142.250.74.168 | 200 OK | 249 kB |
URL GET HTTP/3www.googletagmanager.com/gtag/js?id=AW-16482547739&l=dataLayer&cx=c IP142.250.74.168:443
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com Fingerprint1E:33:2E:4B:C3:51:05:B7:73:DC:21:BF:3E:02:B3:16:D8:0B:AB:BB ValidityMon, 18 Mar 2024 19:37:14 GMT - Mon, 10 Jun 2024 19:37:13 GMT
File typeJavaScript source, ASCII text, with very long lines (4179) Size249 kB (248730 bytes) Hash78fa81083267a9de43d6388f7512623e 1c0a707644b796581b2c7172428119e5b625dc31 7cc25a236a4b0c00d2081b28c33a9ca9f698a8821275a5a8babb008177fbd87e
GET /gtag/js?id=AW-16482547739&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 25 Apr 2024 08:49:54 GMT
expires: Thu, 25 Apr 2024 08:49:54 GMT
cache-control: private, max-age=900
last-modified: Thu, 25 Apr 2024 06:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 86573
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| 1win-cdn.com/js/90511.4bc374431.js | 154.197.121.128 | 200 OK | 637 B |
URL GET HTTP/21win-cdn.com/js/90511.4bc374431.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (655), with no line terminators Hasha148eff943a30bc50c489b0cf73349ca 757f5c140878aca4fd1e3c8936e54f6abe59f95f ce9597252bbb61b1a89d84ac59a501e64985510009e7521964cdbf9933e32c09
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/90511.4bc374431.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:53 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-27d"
expires: Sun, 23 Apr 2034 08:49:53 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1825840
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d1513293fb524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/72949.472bec630.js | 154.197.121.128 | 200 OK | 878 B |
URL GET HTTP/21win-cdn.com/js/72949.472bec630.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (896), with no line terminators Hash2a8b1ec825923193cce2fdbf0877c80e 2b45f42fcceb6299adea8c36486860ee858e8750 b11c64f65e44dafabbcfe220e5985c08d995e5e0450f96d29d1ec245acda1cc7
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/72949.472bec630.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:53 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-36e"
expires: Sun, 23 Apr 2034 08:49:53 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1817453
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d1514eaabb524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| www.googletagmanager.com/gtag/js?id=G-548949LWLW&l=dataLayer&cx=c | 142.250.74.168 | 200 OK | 258 kB |
URL GET HTTP/3www.googletagmanager.com/gtag/js?id=G-548949LWLW&l=dataLayer&cx=c IP142.250.74.168:443
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com Fingerprint1E:33:2E:4B:C3:51:05:B7:73:DC:21:BF:3E:02:B3:16:D8:0B:AB:BB ValidityMon, 18 Mar 2024 19:37:14 GMT - Mon, 10 Jun 2024 19:37:13 GMT
File typeJavaScript source, ASCII text, with very long lines (5945) Size258 kB (258491 bytes) Hash0876f0980bcc5dd49a764fdcb27d117a afd5ffc88d8ef5c0a408329f2adec72cd03f5caf 7a4cc4377725a1b3fae5c8eb469976c716d147c237e5a656ce3d57437eadf92a
GET /gtag/js?id=G-548949LWLW&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 25 Apr 2024 08:49:54 GMT
expires: Thu, 25 Apr 2024 08:49:54 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 90491
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| 1win-cdn.com/js/chunk-common.68e957887.js | 154.197.121.128 | 200 OK | 203 kB |
URL GET HTTP/21win-cdn.com/js/chunk-common.68e957887.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
Size203 kB (203043 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/chunk-common.68e957887.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:52 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 24 Apr 2024 12:10:29 GMT
etag: W/"6628f6b5-31923"
expires: Sun, 23 Apr 2034 08:49:52 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 73435
set-cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ; path=/; expires=Thu, 25-Apr-24 09:19:52 GMT; domain=.1win-cdn.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d150c5b0cb524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/platipus.dd3b50ce6.svg | 154.197.121.128 | 200 OK | 3.7 kB |
URL GET HTTP/21win-cdn.com/img/platipus.dd3b50ce6.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hash47208726d4dd191a03af9229fc538eb2 0ef7c3f6b3788794db7709213ecaee1b7558a5c2 b27442adef75a0afbde2ad9cacddd4d871e0a302390e6e860c59d627013b32f2
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/platipus.dd3b50ce6.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:54 GMT
content-type: image/svg+xml
last-modified: Wed, 24 Apr 2024 16:22:14 GMT
etag: W/"662931b6-e84"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6029
expires: Thu, 25 Apr 2024 12:49:54 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d151af9d0b524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/games%20inc.64fb099a0.svg | 154.197.121.128 | 200 OK | 695 B |
URL GET HTTP/21win-cdn.com/img/games%20inc.64fb099a0.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hash3d90ca2a78e19006ff1926510ed316d4 0becc591fcf773fa9e56396884dfd0f963a46e73 e7d7da9c1e3909de31009cba4f854e960403196039b489c7e42d4d6ad3acec0c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/games%20inc.64fb099a0.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:54 GMT
content-type: image/svg+xml
last-modified: Wed, 24 Apr 2024 16:22:14 GMT
etag: W/"662931b6-2b7"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6029
expires: Thu, 25 Apr 2024 12:49:54 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d151a7953b524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-548949LWLW&cid=1848950178.1714034995>m=45je44o0v894728184z8894400803za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3lPl2l1&npa=1&z=1105149716 | 142.250.74.163 | 200 OK | 42 B |
URL GET HTTP/2www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-548949LWLW&cid=1848950178.1714034995>m=45je44o0v894728184z8894400803za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3lPl2l1&npa=1&z=1105149716 IP142.250.74.163:443
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject*.google.no Fingerprint4E:BD:F9:72:97:67:A2:4B:EE:E4:B0:03:CD:C8:F3:30:53:27:53:1D ValidityMon, 18 Mar 2024 20:50:06 GMT - Mon, 10 Jun 2024 20:50:05 GMT
File typeGIF image data, version 89a, 1 x 1 Hashd89746888da2d9510b64a9f031eaecd5 d5fceb6532643d0d84ffe09c40c481ecdf59e15a ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-548949LWLW&cid=1848950178.1714034995>m=45je44o0v894728184z8894400803za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3lPl2l1&npa=1&z=1105149716 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 25 Apr 2024 08:49:55 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| region1.analytics.google.com/g/collect?v=2&tid=G-548949LWLW>m=45je44o0v894728184z8894400803za200&_p=1714034992866&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=1848950178.1714034995&ul=en-us&sr=1280x1024&pscdl=noapi&dp=%2Fcasino%2Flist&sid=1714034995&sct=1&seg=0&dl=https%3A%2F%2F1wtsso.life%2Fcasino%2Flist%3F%26open%3Dregister&dt=1win&_s=2&tfd=9101 | 216.239.32.36 | 204 No Content | 0 B |
URL POST HTTP/3region1.analytics.google.com/g/collect?v=2&tid=G-548949LWLW>m=45je44o0v894728184z8894400803za200&_p=1714034992866&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=1848950178.1714034995&ul=en-us&sr=1280x1024&pscdl=noapi&dp=%2Fcasino%2Flist&sid=1714034995&sct=1&seg=0&dl=https%3A%2F%2F1wtsso.life%2Fcasino%2Flist%3F%26open%3Dregister&dt=1win&_s=2&tfd=9101 IP216.239.32.36:443
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com Fingerprint1E:33:2E:4B:C3:51:05:B7:73:DC:21:BF:3E:02:B3:16:D8:0B:AB:BB ValidityMon, 18 Mar 2024 19:37:14 GMT - Mon, 10 Jun 2024 19:37:13 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-548949LWLW>m=45je44o0v894728184z8894400803za200&_p=1714034992866&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=1848950178.1714034995&ul=en-us&sr=1280x1024&pscdl=noapi&dp=%2Fcasino%2Flist&sid=1714034995&sct=1&seg=0&dl=https%3A%2F%2F1wtsso.life%2Fcasino%2Flist%3F%26open%3Dregister&dt=1win&_s=2&tfd=9101 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 296
Origin: https://1wtsso.life
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/3 204 No Content
access-control-allow-origin: https://1wtsso.life
date: Thu, 25 Apr 2024 08:50:00 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| 1win-cdn.com/img/present-with-light.bd57fb068-151.png | 154.197.121.128 | 200 OK | 5.6 kB |
URL GET HTTP/21win-cdn.com/img/present-with-light.bd57fb068-151.png IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typePNG image data, 151 x 161, 8-bit colormap, non-interlaced Hasha804ad67f4add53f8c251c2ebc80469d 4108aeab2f7a7c3720885edeb445e6131a383a49 06cee660e5b0dfa3ec59c1a1e03e4ab3da6cb22d1e49c9c51f9cf84ed925e304
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/present-with-light.bd57fb068-151.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:53 GMT
content-type: image/png
content-length: 5600
cf-bgj: imgq:100,h2pri
cf-polished: origSize=6732
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "662a01c7-1a4c"
last-modified: Thu, 25 Apr 2024 07:09:59 GMT
cf-cache-status: HIT
age: 1109
expires: Thu, 25 Apr 2024 12:49:53 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d15128896b524-OSL
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/evolution.acb5f3085.svg | 154.197.121.128 | 200 OK | 2.5 kB |
URL GET HTTP/21win-cdn.com/img/evolution.acb5f3085.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hasha27852d0f8f77af9c6a274605b932984 415500832c34ac475d87411fa799dead414701b4 c162d16756ed886b03e4195178b00ea6d54baa3e71ce40f0dd46f3ebb3643e39
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/evolution.acb5f3085.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:54 GMT
content-type: image/svg+xml
last-modified: Wed, 24 Apr 2024 16:22:14 GMT
etag: W/"662931b6-9da"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1106
expires: Thu, 25 Apr 2024 12:49:54 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d151a28f7b524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/igrosoft.69f8e3ca4.svg | 154.197.121.128 | 200 OK | 1.3 kB |
URL GET HTTP/21win-cdn.com/img/igrosoft.69f8e3ca4.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hashc193a82075a3318b6b01f6652548e025 008409af9a242969c8c0205fc8052d17b61410b3 71151a1f7c348dc26ab089351320dfd6cf0ccfe3c0019c475e0917c0f9b353f8
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/igrosoft.69f8e3ca4.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:54 GMT
content-type: image/svg+xml
last-modified: Wed, 24 Apr 2024 16:22:14 GMT
etag: W/"662931b6-500"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6029
expires: Thu, 25 Apr 2024 12:49:54 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d151aa980b524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/jetx.64787fc5c.svg | 154.197.121.128 | 200 OK | 13 kB |
URL GET HTTP/21win-cdn.com/img/jetx.64787fc5c.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hash0046061bb77d38094cc0f71b7371d406 1fd7894d0117251f1eeec1a343b85532d7864a05 bac9b1ac206602f5369235b21d6373b9b6f7980ff55c4e851d8a40f00db4d0fa
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/jetx.64787fc5c.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:53 GMT
content-type: image/svg+xml
last-modified: Thu, 25 Apr 2024 07:09:59 GMT
etag: W/"662a01c7-33f5"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1109
expires: Thu, 25 Apr 2024 12:49:53 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d15130920b524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/100hp%20gaming.8352a77d8.svg | 154.197.121.128 | 200 OK | 2.4 kB |
URL GET HTTP/21win-cdn.com/img/100hp%20gaming.8352a77d8.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hash4ed7fa45e0933ca6d981ea7fdd5e86ad 9da697d8f40394da2cc17c0c82e73cb1130023d3 619d6f72aec387dbde0c96adf91a96436c6c496d67a67841a4058fda6283210d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/100hp%20gaming.8352a77d8.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:54 GMT
content-type: image/svg+xml
last-modified: Thu, 25 Apr 2024 08:10:16 GMT
etag: W/"662a0fe8-935"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1106
expires: Thu, 25 Apr 2024 12:49:54 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d15196826b524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/boomerang.413a98511.svg | 154.197.121.128 | 200 OK | 36 kB |
URL GET HTTP/21win-cdn.com/img/boomerang.413a98511.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hashd37b7a09c29c7e0179175433f4b9cff7 9c24e32b7e570cd294ee7400d7b6b96348a6a8f9 e9eaf42baf55a608a7663e6f63812bd1faf020d3d75d6c12ddec5ea4b945e53a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/boomerang.413a98511.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:54 GMT
content-type: image/svg+xml
last-modified: Wed, 24 Apr 2024 16:22:14 GMT
etag: W/"662931b6-8c38"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6029
expires: Thu, 25 Apr 2024 12:49:54 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d1519986cb524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/retrogames.bb592a878.svg | 154.197.121.128 | 200 OK | 7.3 kB |
URL GET HTTP/21win-cdn.com/img/retrogames.bb592a878.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hash58c68473b3dd3ae2f45e31560e366dbf 577748dead61e9aff6756db3bade90442cde170f e4305fe1e258b0357e17b29825d8fcf96aa9e60f453118e4a69066eb2c955207
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/retrogames.bb592a878.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:54 GMT
content-type: image/svg+xml
last-modified: Wed, 24 Apr 2024 16:22:14 GMT
etag: W/"662931b6-1cb4"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6029
expires: Thu, 25 Apr 2024 12:49:54 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d151b5a1fb524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/e72d3aa7-8742-414d-bf8e-4cc530caa4bc.png@avif | 172.67.181.254 | 200 OK | 8.6 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/e72d3aa7-8742-414d-bf8e-4cc530caa4bc.png@avif IP172.67.181.254:443
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
Hasha07eff44863b0b15d204ae6076197e9d aff153ae78420c1ed8f8e54ee20e33eb1a87215b 15355eeb2da0fe84c05dcaf0a0367dfaeb2769fe50bec1533556a17d92606895
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/e72d3aa7-8742-414d-bf8e-4cc530caa4bc.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:54 GMT
content-type: image/avif
content-length: 8634
cache-control: public, max-age=31536000
content-disposition: inline; filename="e72d3aa7-8742-414d-bf8e-4cc530caa4bc.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY0YzEwYjczLTRlNmQzIg"
expires: Fri, 26 Apr 2024 02:04:34 GMT
x-request-id: A5yhxvFsXxKqumP7Uy6eU
cf-cache-status: HIT
age: 542720
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mM3cTCDX8SrOrPYF%2BGUlDM03i9wYGDOSQ7wPVBq5yqGaivOsvODSjvOW71vtPJ1nLSLTIdfEqj7HyWRL0ZiBbgosT%2FPjWf4fWg1PVjT7qw%2BcnkpuZWxFfXjwYEGh6Cap5DkEO%2F2Es1M%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d15193fe156ab-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/apparat.f7a706d8e.svg | 154.197.121.128 | 200 OK | 387 B |
URL GET HTTP/21win-cdn.com/img/apparat.f7a706d8e.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hashc263fae5892b9bdd3fa5e761a8aeb723 4646d9080fe51e04962c1f2dabf13119c6d71a41 2a333baf6e1f1e4d92fa73faae466563009d96e860c1423519b890b68153b70d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/apparat.f7a706d8e.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:53 GMT
content-type: image/svg+xml
last-modified: Wed, 24 Apr 2024 16:22:14 GMT
etag: W/"662931b6-183"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Thu, 25 Apr 2024 12:49:53 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d15183e59b524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/gamebeat.5649e97f9.svg | 154.197.121.128 | 200 OK | 1.1 kB |
URL GET HTTP/21win-cdn.com/img/gamebeat.5649e97f9.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hashf47237dc478a7b0d1ed4d2687cc13396 66ce5afa1722b78b22858e1ae057290f36a13c81 af0e90737145635ae2a9807d550dfc2bd2746cbc50f74b828a3aa4c0e9a8ca19
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/gamebeat.5649e97f9.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:54 GMT
content-type: image/svg+xml
last-modified: Wed, 24 Apr 2024 16:22:14 GMT
etag: W/"662931b6-472"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 3841
expires: Thu, 25 Apr 2024 12:49:54 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d151a7948b524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/kalamba.6e06f7faa.svg | 154.197.121.128 | 200 OK | 2.7 kB |
URL GET HTTP/21win-cdn.com/img/kalamba.6e06f7faa.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hash7c40c808f85699562366c94d8075727c daba803ead149eec52b19b82e57afa940922e3c1 8b130bc8c17d44e469cdaabdb68bf8bd4fd819a3763227a6c5601b28a637b8d1
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/kalamba.6e06f7faa.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:54 GMT
content-type: image/svg+xml
last-modified: Wed, 24 Apr 2024 16:22:14 GMT
etag: W/"662931b6-a9c"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6029
expires: Thu, 25 Apr 2024 12:49:54 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d151aa98ab524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/oryx.ddc50c514.svg | 154.197.121.128 | 200 OK | 1.4 kB |
URL GET HTTP/21win-cdn.com/img/oryx.ddc50c514.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hashbe6fe09456c38389975b47be1d6e664c aa63088e5bb8604d301bf747e760f3fbb47cca9d f8822aadbf4cdec8d633d4b6e8e4928dde87a143cf57d6d9f018ffe50809f1b7
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/oryx.ddc50c514.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:54 GMT
content-type: image/svg+xml
last-modified: Wed, 24 Apr 2024 16:22:14 GMT
etag: W/"662931b6-557"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6029
expires: Thu, 25 Apr 2024 12:49:54 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d151ae9c3b524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/500_i18_bg.d251a9b83-1508.png | 0.0.0.0 | | 0 B |
URL GET 1win-cdn.com/img/500_i18_bg.d251a9b83-1508.png IP0.0.0.0:0
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/500_i18_bg.d251a9b83-1508.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
|
|
| 1win-cdn.com/img/spadegaming.8dc1e9a8e.svg | 154.197.121.128 | 200 OK | 3.8 kB |
URL GET HTTP/21win-cdn.com/img/spadegaming.8dc1e9a8e.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hash747a1c4577c4f0216b3c2312e11b1950 c38313a9fb030d29f16ed7bbc1dab939a874aff5 e6e69bc9af907311e8e0d47d368dc74a985349748dc05803b4717e4aa8a3f6c1
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/spadegaming.8dc1e9a8e.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:54 GMT
content-type: image/svg+xml
last-modified: Wed, 24 Apr 2024 16:22:15 GMT
etag: W/"662931b7-edd"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6029
expires: Thu, 25 Apr 2024 12:49:54 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d151b8a50b524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/chunk-vendors.ef8cd9e39.js | 154.197.121.128 | 200 OK | 245 kB |
URL GET HTTP/21win-cdn.com/js/chunk-vendors.ef8cd9e39.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeJavaScript source, ASCII text, with very long lines (36138) Size245 kB (245106 bytes) Hashbc2a26b61a58ca3c03a19def2c29c60b 104082f390d8f86950cdf90075073d1d4748f265 12563d1de05804c6bc437ce39ed56a532f374a49c67e3be6f0f75b2875ce083e
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/chunk-vendors.ef8cd9e39.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:52 GMT
content-type: application/javascript; charset=utf-8
last-modified: Tue, 23 Apr 2024 11:53:44 GMT
etag: W/"6627a148-3bd72"
expires: Sun, 23 Apr 2034 08:49:52 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 160557
set-cookie: __cf_bm=MV2SC8bSY2Rrv1X_YjFKq3loz9eYBv7eqLaOyEUpZzY-1714034992-1.0.1.1-9mrf2_CwIRRYVusACYomXQ77AzNjt51vRMehj_CJDLL5iShe2mFtBXoQksXoyCe1KBg42J2K.cKg3RtxllT7lw; path=/; expires=Thu, 25-Apr-24 09:19:52 GMT; domain=.1win-cdn.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d150c5b07b524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| static-adm.1win-cdn.com/banner-files/JLftVVw1t0_EwybR7D7jcrvlyHh-frCp7wv7hA9MW7TXgazEy_9-I20U4ydlNhKnhDyIqrXqYPcm9wWmxxgC42pAhEQrtuGxMDuN.png | 172.67.181.254 | 200 OK | 230 kB |
URL GET HTTP/2static-adm.1win-cdn.com/banner-files/JLftVVw1t0_EwybR7D7jcrvlyHh-frCp7wv7hA9MW7TXgazEy_9-I20U4ydlNhKnhDyIqrXqYPcm9wWmxxgC42pAhEQrtuGxMDuN.png IP172.67.181.254:443
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typePNG image data, 1508 x 488, 8-bit colormap, non-interlaced Size230 kB (230270 bytes) Hashc45a5f023592d6b869a1a41216399dc9 280d32d02ad142bfaa08ae0bdf4e7812d2336b9e eb3288d5ba136f10c1e3ecd675b8201eed039099f751b3df152781cdffd78aeb
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /banner-files/JLftVVw1t0_EwybR7D7jcrvlyHh-frCp7wv7hA9MW7TXgazEy_9-I20U4ydlNhKnhDyIqrXqYPcm9wWmxxgC42pAhEQrtuGxMDuN.png HTTP/1.1
Host: static-adm.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:50:12 GMT
content-type: image/png
content-length: 230270
last-modified: Tue, 13 Feb 2024 22:31:26 GMT
etag: "65cbedbe-3837e"
cache-control: max-age=14400
cf-cache-status: HIT
age: 4723
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4w%2BPlSh8nBaxEAzm1rB7F2RcjIMVoxWAlo5ZyNbABlF5Bt2YtQ3mQeZqIswVZT69UKD4fovn1xWxnd7a2H36Dw5sfjAfY5YI2QT52d3TBdOuO4LOZQpFk7t6XYeheMy%2FtjJb6PastieXog%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d1589689c56ab-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/92620.12a1088ad.js | 154.197.121.128 | 200 OK | 423 kB |
URL GET HTTP/21win-cdn.com/js/92620.12a1088ad.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
Size423 kB (422700 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/92620.12a1088ad.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:52 GMT
content-type: application/javascript; charset=utf-8
last-modified: Thu, 25 Apr 2024 08:10:17 GMT
etag: W/"662a0fe9-6732c"
expires: Sun, 23 Apr 2034 08:49:52 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1538
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d150e6ce6b524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/bfgames/669e5916-bed1-42b2-87c5-47099f065894.jpg@avif | 172.67.181.254 | 200 OK | 8.6 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/bfgames/669e5916-bed1-42b2-87c5-47099f065894.jpg@avif IP172.67.181.254:443
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
Hash32c03f3facce0f09ebf0a22352150345 659b52666db936b57c2f58dca5f9e4e2ab6b2cd0 48551a1c87eb70ef82d984b8bb547c33c1756c1afefc60e46ac6e0018141ee5f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/bfgames/669e5916-bed1-42b2-87c5-47099f065894.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:54 GMT
content-type: image/avif
content-length: 8553
cache-control: public, max-age=31536000
content-disposition: inline; filename="669e5916-bed1-42b2-87c5-47099f065894.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1OWU5OTg3LTI1YzZiIg"
expires: Fri, 26 Apr 2024 02:04:34 GMT
x-request-id: hfyC_8YE9TgNSof_Lj91S
cf-cache-status: HIT
age: 542720
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kVu%2BduzaKbYeEjqorvg9awfqjgl79ktJ9LL3NQM90Sc2k1jx1Hs%2FepzeCE%2BW0xy635xeQQHuajNJdKHgAMCFmO0BMjfyYbZ4qiWMS%2Ffx8ar9BL0GanAqU0Uwb480ES1FwSdK3%2FPbUm4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d15191fb356ab-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/electric%20elephant%20.dd56c804d.svg | 154.197.121.128 | 200 OK | 5.2 kB |
URL GET HTTP/21win-cdn.com/img/electric%20elephant%20.dd56c804d.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hashee4b076249d3d52c42ca2f59e03cae25 d072a4002835fbd0279757a42bed97a398e7adf7 9eeb2fb4664558d20a84cd82fb347d73ef91975eb4a5c5ee274b16f3ebd9c495
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/electric%20elephant%20.dd56c804d.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:54 GMT
content-type: image/svg+xml
last-modified: Wed, 24 Apr 2024 16:22:14 GMT
etag: W/"662931b6-143b"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6029
expires: Thu, 25 Apr 2024 12:49:54 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d151a08e0b524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/playson.2ff1c7d85.svg | 154.197.121.128 | 200 OK | 2.8 kB |
URL GET HTTP/21win-cdn.com/img/playson.2ff1c7d85.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hash241ae7d1512148f38162202a1838bcf7 7937917d26b57052c052b0cce94f5d1697c8caa7 a6bbee3377db6138a13bd0bd2bc21f778d1f5744a38653efe4acb48d8078367e
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/playson.2ff1c7d85.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:54 GMT
content-type: image/svg+xml
last-modified: Wed, 24 Apr 2024 16:22:14 GMT
etag: W/"662931b6-ae5"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6029
expires: Thu, 25 Apr 2024 12:49:54 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d151af9d7b524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1wtsso.life/affiliate:link_visit?visit_domain=1wtsso.life&sub_ids=sub1%3Dwdu161j31kq648r03084k716 | 190.115.24.78 | 200 OK | 37 B |
URL GET HTTP/21wtsso.life/affiliate:link_visit?visit_domain=1wtsso.life&sub_ids=sub1%3Dwdu161j31kq648r03084k716 IP190.115.24.78:443
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerLet's Encrypt Subject1wtsso.life FingerprintED:11:A9:B8:48:3F:E0:84:9D:82:E4:25:9F:C9:0D:03:D8:E4:CC:C0 ValidityFri, 19 Apr 2024 07:02:26 GMT - Thu, 18 Jul 2024 07:02:25 GMT
File typetroff or preprocessor input, ASCII text, with no line terminators Hash2f6af1a09e6d352c1603fe2326189744 baed183cee7c7fd534e8519a683c9f398e696329 7dbce63a298c62ef7fd9b97b1512bcfc0fb402338670dbd194362e0ffac42458
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /affiliate:link_visit?visit_domain=1wtsso.life&sub_ids=sub1%3Dwdu161j31kq648r03084k716 HTTP/1.1
Host: 1wtsso.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1wtsso.life/casino/list?&open=register
DNT: 1
Connection: keep-alive
Cookie: __ddg1_=cWD3UqJL96uidBXJXWUT; sub_ids=sub1=wdu161j31kq648r03084k716; visit_domain=1wtsso.life
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: ddos-guard
date: Thu, 25 Apr 2024 08:49:52 GMT
content-type: application/json; charset=utf-8
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Authorization, X-Origin
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin: undefined
access-control-expose-headers: Authorization
access-control-max-age: 7200
etag: W/"25-Zj67mG54TfZ031q1ea2QwFUXWX4"
set-cookie: core-sticky=http://10.233.108.84:80; Path=/; HttpOnly
x-powered-by: Express
x-frame-options: ALLOW-FROM ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan, ALLOW-FROM 1win-partner.com ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/relax/f9d339fd-0dd6-4b11-adf4-5f5c540fe36a.png@avif | 172.67.181.254 | 200 OK | 11 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/relax/f9d339fd-0dd6-4b11-adf4-5f5c540fe36a.png@avif IP172.67.181.254:443
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
Hash61924246d56484ffad55aeb87e1dcd6e 33080e53b253c9aee0e555cc90d27d672cbb0af5 7b9676f33b0a9881c10f741c3996bf110f74b73f63257bebf598320c3620507d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/relax/f9d339fd-0dd6-4b11-adf4-5f5c540fe36a.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:54 GMT
content-type: image/avif
content-length: 10825
cache-control: public, max-age=31536000
content-disposition: inline; filename="f9d339fd-0dd6-4b11-adf4-5f5c540fe36a.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1ZDc2NjM0LTMwOWYzIg"
expires: Mon, 29 Apr 2024 11:00:28 GMT
x-request-id: fzZRbRmjp8SPlU0gWi_8D
cf-cache-status: HIT
age: 251366
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=k%2FhM%2BAAdc94HWkGfmqx3sqppkNIv8CMEgcbNNgpgeT%2FdyezsJxGS632MTDa%2B6WJuMN82T1U6Qo42Eb2LjRoBHIOJUJwPG5vmC0igYxpfATZPKPA%2BdUJYGB6siGQoG2M7gv%2FhjZPNM68%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d15191f9756ab-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/ct%20interactive.74b20dbc3.svg | 154.197.121.128 | 200 OK | 2.2 kB |
URL GET HTTP/21win-cdn.com/img/ct%20interactive.74b20dbc3.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hashe709608dd45ff01d7f75d21bc3534e1e d45bc1ea2a957ab8113ecf7da9564be00207c6d4 d3909007c8efcbb7e2d3fdabe0dde74063c3efcd76d989f83f6d128b89494b2f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/ct%20interactive.74b20dbc3.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:54 GMT
content-type: image/svg+xml
last-modified: Wed, 24 Apr 2024 16:22:14 GMT
etag: W/"662931b6-889"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6029
expires: Thu, 25 Apr 2024 12:49:54 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d1519c8aab524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/90206.b11811fa2.js | 154.197.121.128 | 200 OK | 12 kB |
URL GET HTTP/21win-cdn.com/js/90206.b11811fa2.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/90206.b11811fa2.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:52 GMT
content-type: application/javascript; charset=utf-8
last-modified: Thu, 18 Apr 2024 14:14:56 GMT
etag: W/"66212ae0-2d08"
expires: Sun, 23 Apr 2034 08:49:52 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 584723
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d15118f93b524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/speed-and-cash.dffacd6c5.svg | 154.197.121.128 | 200 OK | 24 kB |
URL GET HTTP/21win-cdn.com/img/speed-and-cash.dffacd6c5.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hash3c62bcde419e822cfa55d45a05fa112d 77631a7cbc25e1d4567b72cc5b8c4acb43c7eb38 feb59050cb394075bb3efee348121151a8a214d673e69b1a3b8021e85a46c5f0
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/speed-and-cash.dffacd6c5.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:53 GMT
content-type: image/svg+xml
last-modified: Thu, 25 Apr 2024 07:09:59 GMT
etag: W/"662a01c7-5bb7"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1109
expires: Thu, 25 Apr 2024 12:49:53 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d1513091db524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/endorphina/e616b239-a47e-43b9-a050-50c3662fbce4.png@png | 0.0.0.0 | | 0 B |
URL GET imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/endorphina/e616b239-a47e-43b9-a050-50c3662fbce4.png@png IP0.0.0.0:0
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/endorphina/e616b239-a47e-43b9-a050-50c3662fbce4.png@png HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/infingames/43097ed5-2830-494a-b011-fe3f59895a87.png@png | 0.0.0.0 | | 0 B |
URL GET imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/infingames/43097ed5-2830-494a-b011-fe3f59895a87.png@png IP0.0.0.0:0
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/infingames/43097ed5-2830-494a-b011-fe3f59895a87.png@png HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/infingames/f6079dcf-04df-4bfd-bb7c-8d454bdcb21b.png@png | 0.0.0.0 | | 0 B |
URL GET imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/infingames/f6079dcf-04df-4bfd-bb7c-8d454bdcb21b.png@png IP0.0.0.0:0
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/infingames/f6079dcf-04df-4bfd-bb7c-8d454bdcb21b.png@png HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
|
|
| 1win-cdn.com/js/46062.b39aa8847.js | 154.197.121.128 | 200 OK | 11 kB |
URL GET HTTP/21win-cdn.com/js/46062.b39aa8847.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeJavaScript source, ASCII text, with very long lines (10738), with no line terminators Hash1dc262995a12f4883898b635f8ed170b b8ae8f042d81042916a2f94cce079ec31e9564c9 d3c85dea04706f2c4aeef806e96cd683d536c8105e4981b9fd00b2c90a09ef89
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/46062.b39aa8847.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:52 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 24 Apr 2024 12:10:29 GMT
etag: W/"6628f6b5-29f2"
expires: Sun, 23 Apr 2034 08:49:52 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 72200
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d15119fa3b524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/1x2%20multiplayer.00302c7de.svg | 154.197.121.128 | 200 OK | 2.6 kB |
URL GET HTTP/21win-cdn.com/img/1x2%20multiplayer.00302c7de.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hash113eb6d7137f5f70e8e824f5487e85bd 3d4d5852693e551b81b3d8106608e11bdb3a5080 72f4e464420bdd29f86767f770246a82e37d7d54e601f3f460fdcaf351339a0b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/1x2%20multiplayer.00302c7de.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:54 GMT
content-type: image/svg+xml
last-modified: Wed, 24 Apr 2024 16:22:14 GMT
etag: W/"662931b6-9fb"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6029
expires: Thu, 25 Apr 2024 12:49:54 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d1519682bb524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/reelplay.06dc7f4c0.svg | 154.197.121.128 | 200 OK | 25 kB |
URL GET HTTP/21win-cdn.com/img/reelplay.06dc7f4c0.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hashb322085b94eec118c20d5acba9ea8465 616f9440231bd629e6d2b6aea1d1baac51386151 542c8ac685d4bf37c20fe8c1b758db347c1300495f467ee0cf4d335239c42b26
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/reelplay.06dc7f4c0.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:54 GMT
content-type: image/svg+xml
last-modified: Wed, 24 Apr 2024 16:22:14 GMT
etag: W/"662931b6-60b9"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6029
expires: Thu, 25 Apr 2024 12:49:54 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d151b4a0db524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/38209.ce0dbb534.js | 154.197.121.128 | 200 OK | 1.3 kB |
URL GET HTTP/21win-cdn.com/js/38209.ce0dbb534.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (1359), with no line terminators Hash8cac0a300131504f4cdf9de98e24c2bc c76c49c15203750221970fefea15fe0352bb9978 a213d9451b50ae86bd8e75883092b22dedfcdc6ae2e26f5dd9c7de3d8957c16d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/38209.ce0dbb534.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:53 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-51f"
expires: Sun, 23 Apr 2034 08:49:53 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1826020
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d15128895b524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/red%20tiger.157f419e2.svg | 154.197.121.128 | 200 OK | 15 kB |
URL GET HTTP/21win-cdn.com/img/red%20tiger.157f419e2.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hashf0a8d4ae6c95b6d6b2b0bbbaa62aad9d 9ea188283d324f5c87a802c14ec3386167e7e2a8 4572ee67d26acf1ccb35decf47651e67464a7dc0a438d79c721b9ba739f14d2e
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/red%20tiger.157f419e2.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:54 GMT
content-type: image/svg+xml
last-modified: Wed, 24 Apr 2024 16:22:14 GMT
etag: W/"662931b6-3990"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6029
expires: Thu, 25 Apr 2024 12:49:54 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d151b4a0cb524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/softswiss/40223bea-129c-45a9-afed-277cad8ba9a1.png@png | 172.67.181.254 | 200 OK | 65 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/softswiss/40223bea-129c-45a9-afed-277cad8ba9a1.png@png IP172.67.181.254:443
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typePNG image data, 420 x 306, 8-bit colormap, non-interlaced Hashc0a5e709e0c20dd65994c0e77445f9d5 4024bd250ef4580ab9c10d21735341e9e18354b1 185f8297aa4d6f32ee73e7e82bfb6617dbfbcdbde4a5a5be84170cd0a8e7ea06
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/softswiss/40223bea-129c-45a9-afed-277cad8ba9a1.png@png HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:53 GMT
content-type: image/png
content-length: 64610
cache-control: public, max-age=31536000
content-disposition: inline; filename="40223bea-129c-45a9-afed-277cad8ba9a1.png"
content-security-policy: script-src 'none'
etag: "YivgRLogmnYHS1cXPJjS1dpZXN4A7BZ3bWbLSqbfqjQ/RIjY0MDA5OTI1LTMwMWYwIg"
expires: Thu, 25 Apr 2024 10:21:21 GMT
x-request-id: cFunccdlEirfzM8eLABC4
cf-cache-status: HIT
age: 599312
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=j%2FFfvxq1zK4RStfHEFWd2P4CdWONVke228Kbz1qn6eoZKgs5haa9h6JJBRvJ4CNvcJD%2B6vC2xmQ3er7sKsJnw%2FV2vdO4pxHN3zvgKUmbn8DTxEHXtWzoWkiHRxQpLrMTuwUvIhhVK8s%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d1515cb8d56ab-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/infingames/fbcbd07e-2fbd-4b00-9edd-96eaae801b22.png@png | 0.0.0.0 | | 0 B |
URL GET imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/infingames/fbcbd07e-2fbd-4b00-9edd-96eaae801b22.png@png IP0.0.0.0:0
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/infingames/fbcbd07e-2fbd-4b00-9edd-96eaae801b22.png@png HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
|
|
| 1win-cdn.com/img/bf%20games.7559aed26.svg | 154.197.121.128 | 200 OK | 5.0 kB |
URL GET HTTP/21win-cdn.com/img/bf%20games.7559aed26.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hashb94bb2811096b861bfbf8fbcd4de9149 17418a385bb399e79588ba1f6d3ee661c40197c5 c1f44795037017c6bfdb6b4e563a6c9323468cc8df433cfd871784dcf55472f1
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/bf%20games.7559aed26.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:53 GMT
content-type: image/svg+xml
last-modified: Wed, 24 Apr 2024 16:22:14 GMT
etag: W/"662931b6-1382"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Thu, 25 Apr 2024 12:49:53 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d1517cdebb524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/d0e1db1c-4e12-4cff-b46f-97008a7f3999.jpg@avif | 172.67.181.254 | 200 OK | 7.2 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/d0e1db1c-4e12-4cff-b46f-97008a7f3999.jpg@avif IP172.67.181.254:443
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
Hashebe4def5d33d170e5f1277a37b692a48 d5063351041a4a90fde233c4e5a0987c6a62ec67 7acce8340633b7a79a7076ee240a9b80a114b1c573570d375a8e593528410b7a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/d0e1db1c-4e12-4cff-b46f-97008a7f3999.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:54 GMT
content-type: image/avif
content-length: 7248
cache-control: public, max-age=31536000
content-disposition: inline; filename="d0e1db1c-4e12-4cff-b46f-97008a7f3999.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1MDliYjgyLTFlMGVhIg"
expires: Tue, 23 Apr 2024 07:56:18 GMT
x-request-id: u4v3uIwUmZvM6YV3azyiz
cf-cache-status: HIT
age: 161084
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=saMspyZWPCEEcARfMoUpuM47QIxd3iQOE8RgGM6DcEt3PxTpE%2B%2FUABKHkplJNYn7WJbYBoUi9m57Bbgc90Hm3ywWu%2FdPnJLt3odO9vB91mUCxTHlD0XDp1t8h0kxStB7taIHWR8vEo4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d1519681956ab-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/33700.8f8589382.js | 154.197.121.128 | 200 OK | 992 B |
URL GET HTTP/21win-cdn.com/js/33700.8f8589382.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (1010), with no line terminators Hash7a56ca20c70147de869fb6f869c24757 8ba632a6c326ca6152d0c51a202527013eeb42f4 543572cbc25b63dbaf723d527cdb47a50c56655698f3eae1708b30e881429640
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/33700.8f8589382.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:53 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-3e0"
expires: Sun, 23 Apr 2034 08:49:53 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1826020
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d1512c8e5b524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/tvbet.fea6d0222.svg | 154.197.121.128 | 200 OK | 9.4 kB |
URL GET HTTP/21win-cdn.com/img/tvbet.fea6d0222.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hashdaf98e0c0d45cb1db158d09bd07e4959 2c28a0c557fb1cf89267d49d2d5ff2a958f896c9 e3f1319aa5c6feb25f6b42156eda20d784b7a7fa6ed97488292a7f5e23b44ab4
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/tvbet.fea6d0222.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:54 GMT
content-type: image/svg+xml
last-modified: Wed, 24 Apr 2024 16:22:15 GMT
etag: W/"662931b7-24ca"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1106
expires: Thu, 25 Apr 2024 12:49:54 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d151bca8ab524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/edict.ca67383de.svg | 154.197.121.128 | 200 OK | 13 kB |
URL GET HTTP/21win-cdn.com/img/edict.ca67383de.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hash7794e14088c92dc44e186b65dfd0782b f81ec0b93e38339b2e2f8f94d2f7c568b8943fff c7f35f1baf838b1d2df12f6f0c9ec002d9fc4f57fcee414b74fad3cabb71864a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/edict.ca67383de.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:54 GMT
content-type: image/svg+xml
last-modified: Wed, 24 Apr 2024 16:22:14 GMT
etag: W/"662931b6-3206"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6029
expires: Thu, 25 Apr 2024 12:49:54 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d1519e8bfb524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/46665.703cfe1de.js | 154.197.121.128 | 200 OK | 1.0 kB |
URL GET HTTP/21win-cdn.com/js/46665.703cfe1de.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (1042), with no line terminators Hash530c1fc3208b67ba84edf563465386ad d2ae074df39f95da703f5a582a2dadec59962e2c 82df31a277f44a4f8045b7081e23b00003dcadb0f695354354559aaff26a392a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/46665.703cfe1de.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:53 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-3fe"
expires: Sun, 23 Apr 2034 08:49:53 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1826018
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d15166c39b524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/aviator-game-logo.2fb50dc03.svg | 154.197.121.128 | 200 OK | 3.1 kB |
URL GET HTTP/21win-cdn.com/img/aviator-game-logo.2fb50dc03.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hashced188fd368f5c8439ebd4398c9c9315 3b04cd5dfecda2e4b27b203dba4a6cef1b7890ea 82811dea95287317cc83610df97a7bc61db4783bd43ef75c8131c497f7868ef6
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/aviator-game-logo.2fb50dc03.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:53 GMT
content-type: image/svg+xml
last-modified: Thu, 25 Apr 2024 07:09:59 GMT
etag: W/"662a01c7-bfa"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1109
expires: Thu, 25 Apr 2024 12:49:53 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d1513091fb524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/57652.297e4ecc2.js | 154.197.121.128 | 200 OK | 647 B |
URL GET HTTP/21win-cdn.com/js/57652.297e4ecc2.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (667), with no line terminators Hash53d580c5f29a2a838b6595fa6ff0f0a3 ab60adb7207a806d271778effe677ed01dc144b0 d09039f573818646e722fef48f6f9d999dc7382548877a5699e9b45be29ec6dc
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/57652.297e4ecc2.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:53 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-287"
expires: Sun, 23 Apr 2034 08:49:53 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1826020
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d15131937b524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/mancala%20gaming.441ae5f23.svg | 154.197.121.128 | 200 OK | 3.2 kB |
URL GET HTTP/21win-cdn.com/img/mancala%20gaming.441ae5f23.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hashfecafa12f578f5ced554ed31aba5c852 7e1f6f044c0508f11d1c5a58a41c3d1423bd7069 77c790b43104ff72a4363c886ef16e2716f2de4bd9b8a870b1228aec39924fe7
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/mancala%20gaming.441ae5f23.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:53 GMT
content-type: image/svg+xml
last-modified: Wed, 24 Apr 2024 16:22:14 GMT
etag: W/"662931b6-c90"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1105
expires: Thu, 25 Apr 2024 12:49:53 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d1515bb5eb524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/cool%20games.019d15340.svg | 154.197.121.128 | 200 OK | 3.6 kB |
URL GET HTTP/21win-cdn.com/img/cool%20games.019d15340.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hashc3efa9849696becabebca718837f0827 96c9a9ae1bcc9e9b7ca05f52c14a1dc0cd986653 ee6d141e322862aa269184cbe47e86f7e8882b13966a905121857502eaa1a8fa
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/cool%20games.019d15340.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:54 GMT
content-type: image/svg+xml
last-modified: Wed, 24 Apr 2024 16:22:14 GMT
etag: W/"662931b6-e13"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6029
expires: Thu, 25 Apr 2024 12:49:54 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d1519b897b524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/91217.fc8dbcaea.js | 154.197.121.128 | 200 OK | 828 B |
URL GET HTTP/21win-cdn.com/js/91217.fc8dbcaea.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (846), with no line terminators Hash873b0a1f00b7e367ac6843a8b9e80deb b9333e21da514f326abf81822702b8897c39fb48 647917f9f3afebc3e96f7512bdfa2faf4e3b02948b908fedc205a18a5aa4c76c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/91217.fc8dbcaea.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:53 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-33c"
expires: Sun, 23 Apr 2034 08:49:53 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1826020
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d1512888cb524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/1spin4win.bb21057a4.svg | 154.197.121.128 | 200 OK | 1.2 kB |
URL GET HTTP/21win-cdn.com/img/1spin4win.bb21057a4.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hashc7e582dcd4acb7d74e4065abbe28183e d04183d1e1dc6665f54a667c7977b6c6a3672791 671ef5f707012d29c043164d157ca7028d371107dca629046657198f1f0173c8
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/1spin4win.bb21057a4.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:53 GMT
content-type: image/svg+xml
last-modified: Wed, 24 Apr 2024 16:22:14 GMT
etag: W/"662931b6-4da"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6028
expires: Thu, 25 Apr 2024 12:49:53 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d15176d74b524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/amusnet%20interactive.428b45c71.svg | 154.197.121.128 | 200 OK | 672 B |
URL GET HTTP/21win-cdn.com/img/amusnet%20interactive.428b45c71.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hashdd800d25fd1fc6956949e43d9997d38d d2e3ced7d4ad91488dc8dde871b6651a01153f4a 8a010ef18c9d5777be9dbf363882bb9eadb3ded464fa63f0dd133e10a1bfef1b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/amusnet%20interactive.428b45c71.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:54 GMT
content-type: image/svg+xml
last-modified: Wed, 24 Apr 2024 16:22:14 GMT
etag: W/"662931b6-2a0"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6029
expires: Thu, 25 Apr 2024 12:49:54 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d1519783cb524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/carRaffleDesktopHeaderTicket.1a4740acc.svg | 154.197.121.128 | 200 OK | 1.0 kB |
URL GET HTTP/21win-cdn.com/img/carRaffleDesktopHeaderTicket.1a4740acc.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hash923ec09a017c369d475682b8b60fe652 f2a4cf5f06644b65bb3df522652a41a2b09c2aa9 7dd1302808a915df5f6af1480cd4fc562a8ad77550aa3ec0a32d5663d8d6afc6
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/carRaffleDesktopHeaderTicket.1a4740acc.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:53 GMT
content-type: image/svg+xml
last-modified: Wed, 24 Apr 2024 16:22:14 GMT
etag: W/"662931b6-3ff"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6028
expires: Thu, 25 Apr 2024 12:49:53 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d15151ad7b524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/flags/en.svg | 154.197.121.128 | 200 OK | 2.2 kB |
URL GET HTTP/21win-cdn.com/img/flags/en.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hash79e4258317717cae7d54221d403e28d4 85a14a9c6aa03cf4c9ec9e942a06e5987cb61d0a 0b0d98ecb898886bc24f0a6859a7a76034f960374c9914370e69d3ac7467a697
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/flags/en.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:53 GMT
content-type: image/svg+xml
last-modified: Wed, 24 Apr 2024 16:22:15 GMT
etag: W/"662931b7-8ae"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 3840
expires: Thu, 25 Apr 2024 12:49:53 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d1512c8e8b524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| region1.analytics.google.com/g/collect?v=2&tid=G-548949LWLW>m=45je44o0v894728184z8894400803za200&_p=1714034992866&_gaz=1&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=1848950178.1714034995&ul=en-us&sr=1280x1024&pscdl=noapi&_s=1&dp=%2Fcasino%2Flist&sid=1714034995&sct=1&seg=0&dl=https%3A%2F%2F1wtsso.life%2Fcasino%2Flist%3F%26open%3Dregister&dt=1win&en=page_view&_fv=1&_nsi=1&_ss=1&ep.page_url=https%3A%2F%2F1wtsso.life%2Fcasino%2Flist%3F%26open%3Dregister&up.UserID=&up.platform_language=en&up.device_type=desktop&up.platform=web&up.os=other&tfd=4092 | 216.239.32.36 | 204 No Content | 0 B |
URL POST HTTP/2region1.analytics.google.com/g/collect?v=2&tid=G-548949LWLW>m=45je44o0v894728184z8894400803za200&_p=1714034992866&_gaz=1&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=1848950178.1714034995&ul=en-us&sr=1280x1024&pscdl=noapi&_s=1&dp=%2Fcasino%2Flist&sid=1714034995&sct=1&seg=0&dl=https%3A%2F%2F1wtsso.life%2Fcasino%2Flist%3F%26open%3Dregister&dt=1win&en=page_view&_fv=1&_nsi=1&_ss=1&ep.page_url=https%3A%2F%2F1wtsso.life%2Fcasino%2Flist%3F%26open%3Dregister&up.UserID=&up.platform_language=en&up.device_type=desktop&up.platform=web&up.os=other&tfd=4092 IP216.239.32.36:443
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com Fingerprint1E:33:2E:4B:C3:51:05:B7:73:DC:21:BF:3E:02:B3:16:D8:0B:AB:BB ValidityMon, 18 Mar 2024 19:37:14 GMT - Mon, 10 Jun 2024 19:37:13 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-548949LWLW>m=45je44o0v894728184z8894400803za200&_p=1714034992866&_gaz=1&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=1848950178.1714034995&ul=en-us&sr=1280x1024&pscdl=noapi&_s=1&dp=%2Fcasino%2Flist&sid=1714034995&sct=1&seg=0&dl=https%3A%2F%2F1wtsso.life%2Fcasino%2Flist%3F%26open%3Dregister&dt=1win&en=page_view&_fv=1&_nsi=1&_ss=1&ep.page_url=https%3A%2F%2F1wtsso.life%2Fcasino%2Flist%3F%26open%3Dregister&up.UserID=&up.platform_language=en&up.device_type=desktop&up.platform=web&up.os=other&tfd=4092 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1wtsso.life
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: https://1wtsso.life
date: Thu, 25 Apr 2024 08:49:55 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| 1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register | 190.115.24.78 | 200 OK | 430 kB |
URL User Request GET HTTP/21wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register IP190.115.24.78:443
CertificateIssuerLet's Encrypt Subject1wtsso.life FingerprintED:11:A9:B8:48:3F:E0:84:9D:82:E4:25:9F:C9:0D:03:D8:E4:CC:C0 ValidityFri, 19 Apr 2024 07:02:26 GMT - Thu, 18 Jul 2024 07:02:25 GMT
Size430 kB (429576 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /casino/list?sub1=wdu161j31kq648r03084k716&open=register HTTP/1.1
Host: 1wtsso.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: ddos-guard
date: Thu, 25 Apr 2024 08:49:51 GMT
content-type: text/html; charset=utf-8
x-request-id: wVXSQxhYc0y0N8dY
vary: Origin
access-control-allow-origin: *
x-match-domain: 1wtsso.life
set-cookie: __ddg1_=cWD3UqJL96uidBXJXWUT; Domain=.1wtsso.life; HttpOnly; Path=/; Expires=Fri, 25-Apr-2025 08:49:51 GMT
sub_ids=sub1=wdu161j31kq648r03084k716; path=/; expires=Sun, 26 May 2024 08:49:51 GMT
x-frame-options: ALLOW-FROM ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan, ALLOW-FROM 1win-partner.com ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/ezugi.a9c66babd.svg | 154.197.121.128 | 200 OK | 1.4 kB |
URL GET HTTP/21win-cdn.com/img/ezugi.a9c66babd.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hash329b99ccd51d8cd3e1a5c8a1b83a84eb ad907259ddfcffb089829ad24a4411ff1cd4b1c0 96e851dca3bca1d7d99061ec91cab28bd2c037ce8732e80a4ed601e86c0e67c4
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/ezugi.a9c66babd.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:54 GMT
content-type: image/svg+xml
last-modified: Wed, 24 Apr 2024 16:22:14 GMT
etag: W/"662931b6-59f"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6029
expires: Thu, 25 Apr 2024 12:49:54 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d151a2905b524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/1x2gaming.00302c7de.svg | 154.197.121.128 | 200 OK | 2.6 kB |
URL GET HTTP/21win-cdn.com/img/1x2gaming.00302c7de.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hash113eb6d7137f5f70e8e824f5487e85bd 3d4d5852693e551b81b3d8106608e11bdb3a5080 72f4e464420bdd29f86767f770246a82e37d7d54e601f3f460fdcaf351339a0b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/1x2gaming.00302c7de.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:54 GMT
content-type: image/svg+xml
last-modified: Wed, 24 Apr 2024 16:22:14 GMT
etag: W/"662931b6-9fb"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6029
expires: Thu, 25 Apr 2024 12:49:54 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d1519682cb524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/1279.7681fe15f.js | 154.197.121.128 | 200 OK | 911 B |
URL GET HTTP/21win-cdn.com/js/1279.7681fe15f.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (929), with no line terminators Hash3a0fd7772f5d3cd77c17b49876743f78 3eb84478f6c0ac3009e81576caf8fa6ddf4e2c5a 5d5a4e691e8df7115cff0e7b2b76131b7b633ce30509dc61fdf36c9ab36989a6
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/1279.7681fe15f.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:53 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-38f"
expires: Sun, 23 Apr 2034 08:49:53 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1826020
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d1513495db524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1wdrwn.life/casino/list?open=register&sub1=wdu161j31kq648r03084k716 | 190.115.24.78 | 301 Moved Permanently | 430 kB |
URL User Request GET HTTP/21wdrwn.life/casino/list?open=register&sub1=wdu161j31kq648r03084k716 IP190.115.24.78:443
CertificateIssuerLet's Encrypt Subject1wdrwn.life Fingerprint88:A7:96:37:94:4E:90:6A:CE:B6:8B:BF:4D:33:B0:E2:44:E5:57:45 ValidityWed, 10 Apr 2024 20:15:27 GMT - Tue, 09 Jul 2024 20:15:26 GMT
Size430 kB (429576 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /casino/list?open=register&sub1=wdu161j31kq648r03084k716 HTTP/1.1
Host: 1wdrwn.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 301 Moved Permanently
server: ddos-guard
set-cookie: __ddg1_=kqfcTh2wDPF7MpMw41ex; Domain=.1wdrwn.life; HttpOnly; Path=/; Expires=Fri, 25-Apr-2025 08:49:51 GMT
date: Thu, 25 Apr 2024 08:49:51 GMT
content-type: text/html
location: https://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register
x-frame-options: ALLOW-FROM ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan, ALLOW-FROM 1win-partner.com ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan
content-encoding: br
vary: Accept-Encoding
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/boldplay.70a46bd71.svg | 154.197.121.128 | 200 OK | 4.7 kB |
URL GET HTTP/21win-cdn.com/img/boldplay.70a46bd71.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hashb9145dace81bbcbef7d60609e72c9c63 c182aef9dae96fe22563e38cf8ad0bd5cfb9f588 8efe8d59068c4a443da7fca222bf01d3a94a01db7c7ace4463c434ff0aa93235
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/boldplay.70a46bd71.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:54 GMT
content-type: image/svg+xml
last-modified: Wed, 24 Apr 2024 16:22:14 GMT
etag: W/"662931b6-123c"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6029
expires: Thu, 25 Apr 2024 12:49:54 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d15199860b524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/sa%20gaming.396c34ca4.svg | 154.197.121.128 | 200 OK | 2.4 kB |
URL GET HTTP/21win-cdn.com/img/sa%20gaming.396c34ca4.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hasheec27b0a30619e016eae50d11f9a53b9 ff3da2add15102d508e5f361ba5fef6c01bafcc4 d980864e2bbbbf04843596ec55869200f0fb749ae5113b85b17d377bc8acbab8
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/sa%20gaming.396c34ca4.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:54 GMT
content-type: image/svg+xml
last-modified: Wed, 24 Apr 2024 16:22:14 GMT
etag: W/"662931b6-948"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6029
expires: Thu, 25 Apr 2024 12:49:54 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d151b7a3eb524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| www.google.com/recaptcha/api.js | 142.250.74.164 | 200 OK | 850 B |
URL GET HTTP/2www.google.com/recaptcha/api.js IP142.250.74.164:443
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subjectwww.google.com FingerprintCD:48:2A:0C:60:1D:37:5A:D4:D5:A9:F7:DE:A0:2B:5E:2F:29:76:73 ValidityMon, 18 Mar 2024 20:38:49 GMT - Mon, 10 Jun 2024 20:38:48 GMT
File typeJavaScript source, ASCII text, with very long lines (850), with no line terminators Hashee87fd4035a91d937ff13613982b4170 e897502e3a58c6be2b64da98474f0d405787f5f7 7649b605b4f35666df5cbcbb03597306d9215f53f61c2a097f085fa39af9859f
GET /recaptcha/api.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
expires: Thu, 25 Apr 2024 08:49:54 GMT
date: Thu, 25 Apr 2024 08:49:54 GMT
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/24644.ff7d12e57.js | 154.197.121.128 | 200 OK | 581 B |
URL GET HTTP/21win-cdn.com/js/24644.ff7d12e57.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (607), with no line terminators Hashfeddc8a4c035a2c630a2ea463c915a47 1e8a0b66df3553d16f631fd69021d7f401829d1d ad191c0ab92670b11a9de0f2eabf242cb7172027e9e7535b163efb40bc560318
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/24644.ff7d12e57.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:54 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-245"
expires: Sun, 23 Apr 2034 08:49:54 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1824425
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d151dcc54b524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/endorphina/16b695c0-a55e-4b62-a358-7f28a054f5c3.png@avif | 172.67.181.254 | 200 OK | 8.1 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/endorphina/16b695c0-a55e-4b62-a358-7f28a054f5c3.png@avif IP172.67.181.254:443
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
Hash0e5690478eedfa1df868b3925ae7765f 2b5c93c92cd6c824f2b78e3eca5acdcd0848c5a7 efc476f654991ceb6e2ec648f67789fe3f5a56c2e85dcabae86175ee1a1f06d0
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/endorphina/16b695c0-a55e-4b62-a358-7f28a054f5c3.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:54 GMT
content-type: image/avif
content-length: 8133
cache-control: public, max-age=31536000
content-disposition: inline; filename="16b695c0-a55e-4b62-a358-7f28a054f5c3.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1NmY0YzBmLTViZWY2Ig"
expires: Thu, 11 Apr 2024 08:34:37 GMT
x-request-id: 68cv6bszgtuANOtVcNYdw
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MAI6MHQKmLgQRoeIDYzAOoNrC6sHbBLcmVUq0MyQJ5X1XWdlkIfguB6d4GoBg2NYzjFIyPIHgSwoowfgx29As6HBx6tR7FW00%2BvycrpHvSLPCDJLctGxeAn4PB%2BGbJCwVd%2Fnt8smzNM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d1518ef6656ab-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/atmosfera.32402e33f.svg | 154.197.121.128 | 200 OK | 9.0 kB |
URL GET HTTP/21win-cdn.com/img/atmosfera.32402e33f.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hash3ba4610ae40c2d70390afaa7cba36721 01eeff20113a096675d71c018a7f109c8e53da28 815ee6469c0e9ab67b094e7e529109be7cd887973cfa0d784ac1638e9e5b5637
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/atmosfera.32402e33f.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:54 GMT
content-type: image/svg+xml
last-modified: Wed, 24 Apr 2024 16:22:14 GMT
etag: W/"662931b6-230d"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6029
expires: Thu, 25 Apr 2024 12:49:54 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d15198844b524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/evoplay.cfa676ca9.svg | 154.197.121.128 | 200 OK | 2.6 kB |
URL GET HTTP/21win-cdn.com/img/evoplay.cfa676ca9.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hash7b4d8b1998ceae4f1e4defe0e5b322a9 b60d4fa2033a28349d7920647907368835ab514d ba06d2a9476e9302fb1576b656f6c522ada52d31d30e9461649e874207ca18bb
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/evoplay.cfa676ca9.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:54 GMT
content-type: image/svg+xml
last-modified: Thu, 25 Apr 2024 07:09:59 GMT
etag: W/"662a01c7-a24"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1106
expires: Thu, 25 Apr 2024 12:49:54 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d151a28feb524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/onlyplay.1c7a3c455.svg | 154.197.121.128 | 200 OK | 1.7 kB |
URL GET HTTP/21win-cdn.com/img/onlyplay.1c7a3c455.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hashc3e69f9fed9cc0cf56f269a871ebf7b8 24c64655556df116228009b2d0e64950404e45a2 c983a2f37ed5b2c73940d48dc81e885d6fa8136a5e0f3399e426e427dd7ff5ff
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/onlyplay.1c7a3c455.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:54 GMT
content-type: image/svg+xml
last-modified: Thu, 25 Apr 2024 07:09:59 GMT
etag: W/"662a01c7-6ad"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1106
expires: Thu, 25 Apr 2024 12:49:54 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d151ae9bcb524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/silverback.297288e25.svg | 154.197.121.128 | 200 OK | 42 kB |
URL GET HTTP/21win-cdn.com/img/silverback.297288e25.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hash2910b9f6ba7f900a0246432d2777b217 86b09b58a3eb69c70f175e577cfefd4efe1dfa0c b5274849cf17745568ee5854a736f1ca11cf874511dc6554884c6083155fdde2
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/silverback.297288e25.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:54 GMT
content-type: image/svg+xml
last-modified: Wed, 24 Apr 2024 16:22:14 GMT
etag: W/"662931b6-a2dd"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6029
expires: Thu, 25 Apr 2024 12:49:54 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d151b7a45b524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| www.gstatic.com/recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/recaptcha__en.js | 142.250.74.35 | 200 OK | 518 kB |
URL GET HTTP/2www.gstatic.com/recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/recaptcha__en.js IP142.250.74.35:443
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com FingerprintF5:5C:D9:68:C6:5F:A3:33:5A:73:C3:79:B6:83:FE:44:2E:A4:83:74 ValidityMon, 18 Mar 2024 20:34:25 GMT - Mon, 10 Jun 2024 20:34:24 GMT
File typeJavaScript source, ASCII text, with very long lines (631) Size518 kB (517649 bytes) Hashe2e79d6b927169d9e0e57e3baecc0993 1299473950b2999ba0b7f39bd5e4a60eafd1819d 231336ed913a5ebd4445b85486e053caf2b81cab91318241375f3f7a245b6c6b
GET /recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1wtsso.life
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 205803
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 24 Apr 2024 20:51:00 GMT
expires: Thu, 24 Apr 2025 20:51:00 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 22 Apr 2024 21:03:35 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 43135
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/1win%20games.9b8574150.svg | 154.197.121.128 | 200 OK | 1.6 kB |
URL GET HTTP/21win-cdn.com/img/1win%20games.9b8574150.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hash50dad4fc2924bcfbb1745e9351fc32bd e71c68d2d20f197e3d4645e4d791436496b4528d 98974ebbc36d921b989f19beb197990dec088ab52912315b8a7854f4a8a871a2
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/1win%20games.9b8574150.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:54 GMT
content-type: image/svg+xml
last-modified: Thu, 25 Apr 2024 08:10:16 GMT
etag: W/"662a0fe8-643"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1106
expires: Thu, 25 Apr 2024 12:49:54 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d1519682ab524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/a773aeab-9c68-488c-98bf-d6cda9e2a316.png@avif | 172.67.181.254 | 200 OK | 7.9 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/a773aeab-9c68-488c-98bf-d6cda9e2a316.png@avif IP172.67.181.254:443
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
Hashb4d78e17ea57669c293099c4ca1681ed eabde16663f6c7cbf3ad0785405c3807bff5ab2b 5349ade40ee59d8b8c6bd560ab2f6eb4cd287e36e273629be9f8b726f4039fe5
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/a773aeab-9c68-488c-98bf-d6cda9e2a316.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:54 GMT
content-type: image/avif
content-length: 7872
cache-control: public, max-age=31536000
content-disposition: inline; filename="a773aeab-9c68-488c-98bf-d6cda9e2a316.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1MGQ4MWM3LTU1ZGM5Ig"
expires: Fri, 26 Apr 2024 02:04:34 GMT
x-request-id: ICxmbH5dvAiXAhpl2dFIy
cf-cache-status: HIT
age: 542720
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=K%2BXhxBV0IXxVjhxzP2nEStTeLa4RgPAe8A4PdadJaBgkLfIWLhDN9NX4XUiDMgsXdZulM2cFzZAyWTiOIpY8JU%2BbIeaZ3X1OQD%2Bp%2FAAHgm9LX4WJWTuupp%2BfgPEVaDWTIx0dKqfSzC0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d15190f8e56ab-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/78449.1776bac9f.js | 154.197.121.128 | 200 OK | 786 B |
URL GET HTTP/21win-cdn.com/js/78449.1776bac9f.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (804), with no line terminators Hash3997e692861614602ae0ad581192673b 274ba9d8795299558fc25f0bdceb6997a27b8a4d 70920957cad5b0eb4747ccfa5e2cbde79c7f88bd7e3077e5715924c1c4368716
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/78449.1776bac9f.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:54 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-312"
expires: Sun, 23 Apr 2034 08:49:54 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1826019
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d15197838b524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/36775.f174d94d5.js | 154.197.121.128 | 200 OK | 7.8 kB |
URL GET HTTP/21win-cdn.com/js/36775.f174d94d5.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (7992), with no line terminators Hash3fc2add4778f17303b7475f7ad3db5f1 3bf9839bd0f907bd2a36a46a91800bbdb3b33a65 c999c9060eb1b531dc59b6cf64112acc0bcf286437c6bdc127a0a541956cc36d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/36775.f174d94d5.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:52 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 24 Apr 2024 12:10:29 GMT
etag: W/"6628f6b5-1e4e"
expires: Sun, 23 Apr 2034 08:49:52 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 72200
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d1511cfd6b524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/fundist/d0e532f1-4415-468d-aa3c-dbc88f46f22f.jpg@png | 172.67.181.254 | 200 OK | 0 B |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/fundist/d0e532f1-4415-468d-aa3c-dbc88f46f22f.jpg@png IP172.67.181.254:443
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/fundist/d0e532f1-4415-468d-aa3c-dbc88f46f22f.jpg@png HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:53 GMT
content-type: image/png
content-length: 256677
cache-control: public, max-age=31536000
content-disposition: inline; filename="d0e532f1-4415-468d-aa3c-dbc88f46f22f.png"
content-security-policy: script-src 'none'
etag: "YivgRLogmnYHS1cXPJjS1dpZXN4A7BZ3bWbLSqbfqjQ/RIjY2MDQxNGFiLTFmODcyIg"
expires: Tue, 23 Apr 2024 09:47:48 GMT
x-request-id: N5uMJGPO8hhp8IDw0DzAz
cf-cache-status: HIT
age: 156356
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3Nk1Qy6zi2MKysuS%2BTLtzGt2TA9Vm1h8a6x6g%2FiG%2BV9%2BAxAw4f6j0Pjnj7ygrwP5U5ypMFJH2LQt3H6p1s9K%2B9hdoXPx%2BDYCyYGzpQ2tI3VxZXuOVDHipamUAvOl7tGIwBfI5TnO2gk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d1516fcf756ab-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/aviatrix.b5fd712c8.svg | 154.197.121.128 | 200 OK | 14 kB |
URL GET HTTP/21win-cdn.com/img/aviatrix.b5fd712c8.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hashc92109aa9c320cc21b175481d4219bac 624606f9179e2fe695a087e64df63ec4cedf912b 8892810b3c337925e0e2a61199d9fee94a589789225f916bc9aa6d0b6c76b438
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/aviatrix.b5fd712c8.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:54 GMT
content-type: image/svg+xml
last-modified: Thu, 25 Apr 2024 07:09:59 GMT
etag: W/"662a01c7-34fe"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1106
expires: Thu, 25 Apr 2024 12:49:54 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d15198845b524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/bet2tech.41863da88.svg | 154.197.121.128 | 200 OK | 1.8 kB |
URL GET HTTP/21win-cdn.com/img/bet2tech.41863da88.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hash37036b9327cf2f08f10c828a969255cc 110c9e121e3f79982f785db63213d01a94faf4b0 13efe39819f6ca0b2ae3ceba64c239738536fee39cd1d6a4a142079050975f2a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/bet2tech.41863da88.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:54 GMT
content-type: image/svg+xml
last-modified: Wed, 24 Apr 2024 16:22:14 GMT
etag: W/"662931b6-71f"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6029
expires: Thu, 25 Apr 2024 12:49:54 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d1519884cb524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/cyberslots.988fdd12e.svg | 154.197.121.128 | 200 OK | 2.3 kB |
URL GET HTTP/21win-cdn.com/img/cyberslots.988fdd12e.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hashaeeace00abaabb5ae6a47e900873f09b d6e4385ea3efcfbfba30b6f0a58ea08ec9a11a95 0c1fdd20cf809c07733b67a12eb0f3cdc88a57ebcbb2ba293a717b4b9b3865ab
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/cyberslots.988fdd12e.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:54 GMT
content-type: image/svg+xml
last-modified: Wed, 24 Apr 2024 16:22:14 GMT
etag: W/"662931b6-901"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6029
expires: Thu, 25 Apr 2024 12:49:54 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d1519d8b0b524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/worldmatch.9f3d40aa7.svg | 154.197.121.128 | 200 OK | 522 B |
URL GET HTTP/21win-cdn.com/img/worldmatch.9f3d40aa7.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hashc3aab966ecda4dadceb7b556b4205478 e8e501768b244593d7e5a59b6a7cf77e3b0d4581 ba1ec219d7a5dafe4c7ce5aa35171278f90b26d55c3ce4b1fd2474ce69487bf1
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/worldmatch.9f3d40aa7.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:54 GMT
content-type: image/svg+xml
last-modified: Wed, 24 Apr 2024 16:22:15 GMT
etag: W/"662931b7-20a"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6029
expires: Thu, 25 Apr 2024 12:49:54 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d151beaa2b524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/23008.feb67f1a1.js | 154.197.121.128 | 200 OK | 6.2 kB |
URL GET HTTP/21win-cdn.com/js/23008.feb67f1a1.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (6332), with no line terminators Hash8e528f0e53a8e22e71a58d90ce158354 33d59d207f8a85df040005cd7f6bad526f5dcdce 466120c304cc1a252c3dfa73eba1e2c3aa722abd83562c89990ed4626ac8d17f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/23008.feb67f1a1.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:52 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 24 Apr 2024 12:10:29 GMT
etag: W/"6628f6b5-1848"
expires: Sun, 23 Apr 2034 08:49:52 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 69908
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d1511bfb8b524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| static-adm.1win-cdn.com/banner-files/JLftVVw1t0_EwybR7D7jcrvlyHh-frCp7wv7hA9MW7TXgazEy_9-I20U4ydlNhKnhDyIqrXqYPcm9wWmxxgC42pAhEQrtuGxMDuN.png | 0.0.0.0 | | 0 B |
URL GET static-adm.1win-cdn.com/banner-files/JLftVVw1t0_EwybR7D7jcrvlyHh-frCp7wv7hA9MW7TXgazEy_9-I20U4ydlNhKnhDyIqrXqYPcm9wWmxxgC42pAhEQrtuGxMDuN.png IP0.0.0.0:0
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /banner-files/JLftVVw1t0_EwybR7D7jcrvlyHh-frCp7wv7hA9MW7TXgazEy_9-I20U4ydlNhKnhDyIqrXqYPcm9wWmxxgC42pAhEQrtuGxMDuN.png HTTP/1.1
Host: static-adm.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
|
|
| 1win-cdn.com/js/55799.274042d04.js | 154.197.121.128 | 200 OK | 963 B |
URL GET HTTP/21win-cdn.com/js/55799.274042d04.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (997), with no line terminators Hash59ff26620b4cc4390d3a1b9cef65fb9b 15b8840eca02d8e7c9c14f0724f3b85dc293c393 d705c5eabbb0529901637c67ca2726629160462ac3478eca3079c97d12dab565
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/55799.274042d04.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:53 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-3c3"
expires: Sun, 23 Apr 2034 08:49:53 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1817453
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d1514eaa5b524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/2540c6b5-b697-4ddc-9ed5-aa5dbac69801.png@avif | 172.67.181.254 | 200 OK | 6.7 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/2540c6b5-b697-4ddc-9ed5-aa5dbac69801.png@avif IP172.67.181.254:443
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
Hashb3f2c9d8fad9590c4306452f6a3d5351 e52f72ddf95325d98298bdf2652ae183e66c90b3 ccbcb4a8db94c566311666e7f9da33eb11d985688211cb2380375e99ef11f991
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/2540c6b5-b697-4ddc-9ed5-aa5dbac69801.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:54 GMT
content-type: image/avif
content-length: 6731
cache-control: public, max-age=31536000
content-disposition: inline; filename="2540c6b5-b697-4ddc-9ed5-aa5dbac69801.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1YTkxZDM0LTcyODdmIg"
expires: Thu, 18 Apr 2024 08:28:21 GMT
x-request-id: Dbe9odYiDhXBlNKtQ2eXo
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VU%2FP2r6n4msIu1nX7SNA%2FVCxifz7gszWTGLnYIZKTiCDSDFBNVX0hS0YFj8PYOx2tC%2Fim5fxF%2BCiFsmvYZ7Yz30KfhpZtLC%2FyhPe%2FUdUWXdw1OOslEXXE5fyCMyriEYVRMvj6thc6PA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d1518ff7856ab-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/habanero.92654c79c.svg | 154.197.121.128 | 200 OK | 3.6 kB |
URL GET HTTP/21win-cdn.com/img/habanero.92654c79c.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hash9d25ca67fcccda561c314873654994a8 0e5592059d8c6114a25d0affd4af7e50e44d36af e43f0e0abd0ae12393dc2b91c459fdcf045669e63be099f9cb44cd37904bd761
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/habanero.92654c79c.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:54 GMT
content-type: image/svg+xml
last-modified: Wed, 24 Apr 2024 16:22:14 GMT
etag: W/"662931b6-de9"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6029
expires: Thu, 25 Apr 2024 12:49:54 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d151aa97eb524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/spearhead.27c37f3dd.svg | 154.197.121.128 | 200 OK | 1.2 kB |
URL GET HTTP/21win-cdn.com/img/spearhead.27c37f3dd.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wtsso.life/casino/list?sub1=wdu161j31kq648r03084k716&open=register CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hashb7d0037b4b499acbf11a3a7d22d9f7e8 b4a122e841ea28158af2f35adaf0b802713ffda3 aaa2c2f064d9c7709062169ce8ef64c7e6158b89d6700351c1be538cb0bdc0fe
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/spearhead.27c37f3dd.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wtsso.life/
Cookie: __cf_bm=uzwbJPcOE_d3.TuG2IVenAx4TikfcF3mCC2RlrjK9mY-1714034992-1.0.1.1-DSPv1D1aeSD3e3WkYZ.8lX5q5FxDwQjVtcxE2C1.ZtQPpXg7FxBkvI0O_H0I7h5gFjjGsu7.2K57eSOBXPaIjQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 08:49:54 GMT
content-type: image/svg+xml
last-modified: Wed, 24 Apr 2024 16:22:15 GMT
etag: W/"662931b7-4aa"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6029
expires: Thu, 25 Apr 2024 12:49:54 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d151b8a53b524-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|