| 1win-cdn.com/font/SFNSDisplay-latin.50a4eaff3.woff2 | 154.197.121.128 | 200 OK | 33 kB |
URL GET HTTP/21win-cdn.com/font/SFNSDisplay-latin.50a4eaff3.woff2 IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 33064, version 1.0 Hashde175cbf569bb3ccf1f761c845cbd896 8d93663b858bae157ba5fc40e1400177104d71bd df3772666587111462634070c47969ad9687bbf80d0694bb2e6c33be39434d68
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /font/SFNSDisplay-latin.50a4eaff3.woff2 HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1wrwn.com/
Origin: https://1wrwn.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:21 GMT
content-type: application/octet-stream
content-length: 33064
last-modified: Thu, 18 Apr 2024 09:06:16 GMT
etag: "6620e288-8128"
expires: Sun, 16 Apr 2034 10:05:21 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: MISS
accept-ranges: bytes
set-cookie: __cf_bm=GY8ZRY.NEOFGHoUyVj2VHX0WV0gU.iuyR_9DXzRweD0-1713434721-1.0.1.1-RCeKHeLbMJSzeTUx0hr3ikI16y0LPHwnNUN7iL_SLBmfCikkpZLPwxJ.JlLjrraNRZ3L75a9KA0gCwL0MtBcmA; path=/; expires=Thu, 18-Apr-24 10:35:21 GMT; domain=.1win-cdn.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d6022a4d56c7-OSL
X-Firefox-Spdy: h2
|
|
| | 190.115.24.78 | 200 OK | 178 kB |
URL User Request GET HTTP/2IP190.115.24.78:443
CertificateIssuerLet's Encrypt Subject1wrwn.com FingerprintD0:D4:98:08:C0:51:A2:A9:99:D1:71:8C:5F:59:90:FE:F6:91:A5:1E ValidityWed, 17 Apr 2024 19:47:10 GMT - Tue, 16 Jul 2024 19:47:09 GMT
File typegzip compressed data, from Unix Size178 kB (177542 bytes) Hash6300470c6253bf9872c7760788e9fb8f 8af7dba4e0e31c029ee3a2d2771511cdd9613fe9 d3e4bd8bed901620cd80aa4a8f0cc4ffb65a6b674c86e5aca0050655b63d0ba3
GET / HTTP/1.1
Host: 1wrwn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg1_=MKlro9cGwMg37YuuxgAz; Domain=.1wrwn.com; HttpOnly; Path=/; Expires=Fri, 18-Apr-2025 10:05:21 GMT
date: Thu, 18 Apr 2024 10:05:21 GMT
content-type: text/html; charset=utf-8
x-request-id: EN6U2dj0nH7zVFLU
vary: Origin
access-control-allow-origin: *
x-match-domain: 1wrwn.com
x-frame-options: ALLOW-FROM ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan, ALLOW-FROM 1win-partner.com ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/11420.38ac09d66.js | 154.197.121.128 | 200 OK | 33 kB |
URL GET HTTP/21win-cdn.com/js/11420.38ac09d66.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typegzip compressed data, from Unix Hash2a3cac21e7e2f23a7c4ac0c5bf461b4e c98b0f08699b430bf3e0a96714d031a66cd9fa9e a2c27b86270248fe9cb7e24b2735f1627f4f8fe1fdf9343009f3a1ce384f2de3
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/11420.38ac09d66.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:22 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 15 Apr 2024 14:08:41 GMT
etag: W/"661d34e9-1eec2"
expires: Sun, 16 Apr 2034 10:05:22 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 239696
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d605a8841bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/css/63502.4eb6af9c6.css | 154.197.121.128 | 200 OK | 11 kB |
URL GET HTTP/21win-cdn.com/css/63502.4eb6af9c6.css IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typegzip compressed data, from Unix Hashea4b7eb93e0a84247b52e771dd7c53ce 24a0be38c4af74bc3755677b44407476ddde6ca4 2fe2c1bdc63c82a172fb5ac01ae09b77a16d68774f35c6bbb8a75b7a67577352
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /css/63502.4eb6af9c6.css HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:22 GMT
content-type: text/css
last-modified: Thu, 18 Apr 2024 09:06:17 GMT
etag: W/"6620e289-7908"
expires: Sun, 16 Apr 2034 10:05:22 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 3222
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d605a8861bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/desktop.89f624ddd.js | 154.197.121.128 | 200 OK | 41 kB |
URL GET HTTP/21win-cdn.com/js/desktop.89f624ddd.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typegzip compressed data, from Unix Hashc554a847e9a9832e47933f23db5bd31d 10a37f69eede1bfbfc2c3c4fddfdfab6d72466a9 90bdd467197d2d11728241d917536f6a9c3f59fad31456a0c1b9b1ac995a32a5
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/desktop.89f624ddd.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:22 GMT
content-type: application/javascript; charset=utf-8
last-modified: Thu, 18 Apr 2024 09:06:17 GMT
etag: W/"6620e289-2176e"
expires: Sun, 16 Apr 2034 10:05:22 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 2384
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d60508101bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/css/desktop.ec875fd7a.css | 154.197.121.128 | 200 OK | 24 kB |
URL GET HTTP/21win-cdn.com/css/desktop.ec875fd7a.css IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typegzip compressed data, from Unix Hash3938b454afe38005ed7b585105a82eb6 37b80d9b5e34e4e5976723ee8c50302e0e85a1d4 6d7852e9dfc19dd55cf61b3d7593e51723d0e63ddb2c87c833aaf59893df34dd
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /css/desktop.ec875fd7a.css HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:22 GMT
content-type: text/css
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-124af"
expires: Sun, 16 Apr 2034 10:05:22 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1225756
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d60518151bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/index.b3245b50a.js | 154.197.121.128 | 200 OK | 71 kB |
URL GET HTTP/21win-cdn.com/js/index.b3245b50a.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (65502), with no line terminators Hash0abe1cdaabd9dceb4118f3f220080189 733162dc8ebb7af03dc2ee2ccbc6a313dae70e46 7add27ae60fa991568555e2fb335934e94b7009ce6c597c46f091dbe4d88d0dc
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/index.b3245b50a.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:21 GMT
content-type: application/javascript; charset=utf-8
last-modified: Thu, 18 Apr 2024 09:06:17 GMT
etag: W/"6620e289-2d400"
expires: Sun, 16 Apr 2034 10:05:21 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 3222
set-cookie: __cf_bm=PNlCZhkK6SlHYdkrjuYxatE_dLq4CqXgVlU4c5ADNyE-1713434721-1.0.1.1-.pM9ubb3jAvJHWUvghpGkoMfWEjaTScHlexOhIr7VidSSuSpr9ZxaWXaVPno0dioW_KxRIdkan1PVa1gMYJdWQ; path=/; expires=Thu, 18-Apr-24 10:35:21 GMT; domain=.1win-cdn.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d6023d6e1bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| www.googletagmanager.com/gtm.js?id=GTM-KGKQDC7 | 142.250.74.40 | 200 OK | 105 kB |
URL GET HTTP/2www.googletagmanager.com/gtm.js?id=GTM-KGKQDC7 IP142.250.74.40:443
CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com FingerprintBF:40:8C:8B:CB:69:1E:3F:E2:3B:B7:8A:8E:C0:D6:98:5F:81:FA:2D ValidityMon, 04 Mar 2024 06:35:45 GMT - Mon, 27 May 2024 06:35:44 GMT
File typeJavaScript source, ASCII text, with very long lines (50345) Size105 kB (104782 bytes) Hashcfd11d50958209b1a4fd6a342a7fa097 9232abcad142334eada98b4356824f83c86f7047 3132081822d78b8d4d56b5f3aae3a25b4e7f7ca24e5ffd8fadb3086e84642938
GET /gtm.js?id=GTM-KGKQDC7 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 18 Apr 2024 10:05:22 GMT
expires: Thu, 18 Apr 2024 10:05:22 GMT
cache-control: private, max-age=900
last-modified: Thu, 18 Apr 2024 09:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 104782
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/present-with-light.bd57fb068-151.png | 154.197.121.128 | 200 OK | 5.6 kB |
URL GET HTTP/21win-cdn.com/img/present-with-light.bd57fb068-151.png IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typePNG image data, 151 x 161, 8-bit colormap, non-interlaced Hasha804ad67f4add53f8c251c2ebc80469d 4108aeab2f7a7c3720885edeb445e6131a383a49 06cee660e5b0dfa3ec59c1a1e03e4ab3da6cb22d1e49c9c51f9cf84ed925e304
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/present-with-light.bd57fb068-151.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:23 GMT
content-type: image/png
content-length: 5600
cf-bgj: imgq:100,h2pri
cf-polished: origSize=6732
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "661fde64-1a4c"
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
cf-cache-status: HIT
age: 5141
expires: Thu, 18 Apr 2024 14:05:23 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d60b2d0a1bfe-OSL
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/86359.48c462178.js | 154.197.121.128 | 200 OK | 65 kB |
URL GET HTTP/21win-cdn.com/js/86359.48c462178.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typegzip compressed data, from Unix Hash78ee85e00c27252d01bd3e27e1f6c105 57bc13c9d080821337ec5b9ca293d965e4b5b10c dccef302b097e08e284610f77b413dbbc6d48f1e15d13c2c6e060d182709a66e
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/86359.48c462178.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:23 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-27a"
expires: Sun, 16 Apr 2034 10:05:23 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1225750
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d60b2d0b1bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/28852.501b5fba6.js | 154.197.121.128 | 200 OK | 52 kB |
URL GET HTTP/21win-cdn.com/js/28852.501b5fba6.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typegzip compressed data, from Unix Hashb6dc66c319ab1065416735c079628d0f 162bb54995b6afe8f8721d06cfd631261e1ae3c2 05ebb0a372a928b29d5b8b197287f63fcf1f685828f0a332a9aa6ead295e2d08
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/28852.501b5fba6.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:23 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-38a"
expires: Sun, 16 Apr 2034 10:05:23 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1225750
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d60b3d171bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/home-poker-banner-bg.daea5f5cb-600.png | 154.197.121.128 | 200 OK | 20 kB |
URL GET HTTP/21win-cdn.com/img/home-poker-banner-bg.daea5f5cb-600.png IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typePNG image data, 600 x 295, 8-bit colormap, non-interlaced Hashb924bd42443557a1ef9d41f043ddf175 a9db601e2941557cba7e3e688390aa43e8411e2e 8103c7873a41f0c2d28c5738b5bfb26bf324123930e0f49f7cf83964211b1def
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/home-poker-banner-bg.daea5f5cb-600.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:23 GMT
content-type: image/png
content-length: 19467
cf-bgj: imgq:100,h2pri
cf-polished: origSize=21524
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "6620e289-5414"
last-modified: Thu, 18 Apr 2024 09:06:17 GMT
cf-cache-status: HIT
expires: Thu, 18 Apr 2024 14:05:23 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d60c0dc91bfe-OSL
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/10400.3cf244941.js | 154.197.121.128 | 200 OK | 9.4 kB |
URL GET HTTP/21win-cdn.com/js/10400.3cf244941.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typegzip compressed data, from Unix Hashd986e12c9df62a6e16e8e22035fe73e7 56f426c7969b5789fa1b78665eca3d688d884323 5af5cd5c17f2d2fbf9b4f3792ed71b2dd99aa32c47ffcb212d0037ea60210f64
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/10400.3cf244941.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:22 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 15 Apr 2024 14:08:41 GMT
etag: W/"661d34e9-27f3"
expires: Sun, 16 Apr 2034 10:05:22 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 239695
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d60a6c651bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/96971.36e8462a3.js | 154.197.121.128 | 200 OK | 17 kB |
URL GET HTTP/21win-cdn.com/js/96971.36e8462a3.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typegzip compressed data, from Unix Hasha49891246b6e80c75e225c31ab030869 1e22a8d06cff1b5926c1017afab56bbc6dd12207 99e1d581b9dc2d65ce84c1fd7f51e1e314f0f9a9e340310bd1a8d97058c1e4c5
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/96971.36e8462a3.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:22 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 15 Apr 2024 14:08:41 GMT
etag: W/"661d34e9-5f51"
expires: Sun, 16 Apr 2034 10:05:22 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 239695
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d60a7c7a1bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/90206.e6b56ddaa.js | 154.197.121.128 | 200 OK | 42 kB |
URL GET HTTP/21win-cdn.com/js/90206.e6b56ddaa.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typegzip compressed data, from Unix Hasha5d28a3ac73924c38642af35ce35b5a2 ed241d57432502375c308fd4ef9fa5beb839e011 bfdfa33ab29d787c2c3800a593beaf6474bb0172c556044bfdd88c5719224180
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/90206.e6b56ddaa.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:22 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 15 Apr 2024 14:08:41 GMT
etag: W/"661d34e9-2d08"
expires: Sun, 16 Apr 2034 10:05:22 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 239695
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d60a5c501bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/sprite-tvbet@2.888adc8ee-256.webp | 154.197.121.128 | 200 OK | 354 kB |
URL GET HTTP/21win-cdn.com/img/sprite-tvbet@2.888adc8ee-256.webp IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeRIFF (little-endian) data, Web/P image Size354 kB (353842 bytes) Hash8df817e5ef0af5dc8279d3f20cae9bc3 12c85bcc74a48053c92f3f75ce3c14e1a19e46d3 61a0f98511e6c60430ab044d1f80e1c9eff83f577064d465cc5f893ba3ce0fee
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/sprite-tvbet@2.888adc8ee-256.webp HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:23 GMT
content-type: image/webp
content-length: 353842
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: "661fde64-56632"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1206
expires: Thu, 18 Apr 2024 14:05:23 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d60d1ee91bfe-OSL
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/91635.a2db5f817.js | 154.197.121.128 | 200 OK | 16 kB |
URL GET HTTP/21win-cdn.com/js/91635.a2db5f817.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typegzip compressed data, from Unix Hash59920c372185c9d38ec339800c0537fb 248a78b2738e378d4492337698e51b4f6bcc91e2 211b24eaf4eb068594d04770a592163a3cd2a7982b5e7eb8ce8d66afb08179a8
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/91635.a2db5f817.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:23 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-2ec"
expires: Sun, 16 Apr 2034 10:05:23 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1225750
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d60b2d001bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/58183.7ca670498.js | 154.197.121.128 | 200 OK | 35 kB |
URL GET HTTP/21win-cdn.com/js/58183.7ca670498.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typegzip compressed data, from Unix Hash6ff801141b170c8600264ddc9cf5928f 58426c86033c6a25c1ff30bcc463044c950a7a6b 8485545b4c281543a1de58bafaaaeed9fed940bb01536aac55b992c2d53d772a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/58183.7ca670498.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:22 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-15645"
expires: Sun, 16 Apr 2034 10:05:22 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1225751
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d60a4c491bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/56476.aa39174a9.js | 154.197.121.128 | 200 OK | 467 kB |
URL GET HTTP/21win-cdn.com/js/56476.aa39174a9.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typegzip compressed data, from Unix Size467 kB (467130 bytes) Hash6a8e21638782c01324cf9d47ac353640 0337564c494e6b0fe1c326aaca3c4124b17f9c95 394a369c304c7e25c7b016a10aac7a0249c0363e9059bbe4033b6722e825052c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/56476.aa39174a9.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:22 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 15 Apr 2024 14:08:41 GMT
etag: W/"661d34e9-24db"
expires: Sun, 16 Apr 2034 10:05:22 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 239695
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d60a4c451bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/62692.9dadb7398.js | 154.197.121.128 | 200 OK | 362 kB |
URL GET HTTP/21win-cdn.com/js/62692.9dadb7398.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typegzip compressed data, from Unix Size362 kB (361950 bytes) Hash9a5b4f0b1861e91ff52adba378b01dd4 28fb8210771c4a25aac512fd0c62511e97ba7e25 29007facc8a8a8503157264ee5012434db88b77a29ffb393a1fac055e86c5695
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/62692.9dadb7398.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:23 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-34f"
expires: Sun, 16 Apr 2034 10:05:23 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1225750
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d60b2cff1bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/58258.98332d90c.js | 154.197.121.128 | 200 OK | 19 kB |
URL GET HTTP/21win-cdn.com/js/58258.98332d90c.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typegzip compressed data, from Unix Hash6229d5a7616968c98de199aca37cbd94 b741cf157378f501558b7ad7fdbcc579f8ddb577 fa456138093b42375a42ba0bcd3f066cf276be3a8e7badd586f83f191ccfc31c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/58258.98332d90c.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:23 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-a8c"
expires: Sun, 16 Apr 2034 10:05:23 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1225750
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d60c6e1d1bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/sprite-roulette@2.255074856-256.webp | 154.197.121.128 | 200 OK | 720 kB |
URL GET HTTP/21win-cdn.com/img/sprite-roulette@2.255074856-256.webp IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeRIFF (little-endian) data, Web/P image Size720 kB (719644 bytes) Hash344d71695bd0f387fedd84fba6ace2c1 1d37e2d66ab1098072febc0a0dc3769d44090048 7775854f4b641fa2c9f954c79de9d4bd51ffea8b9bc74d8e01768718cc438003
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/sprite-roulette@2.255074856-256.webp HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:23 GMT
content-type: image/webp
content-length: 719644
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: "661fde64-afb1c"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1206
expires: Thu, 18 Apr 2024 14:05:23 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d60d2ef81bfe-OSL
X-Firefox-Spdy: h2
|
|
| eu.posthog.com/static/array.js | 143.204.55.52 | 200 OK | 44 kB |
URL GET HTTP/2eu.posthog.com/static/array.js IP143.204.55.52:443
CertificateIssuerAmazon Subjecteu.posthog.com FingerprintCD:80:CA:06:24:DE:05:6B:0F:F1:7A:73:7B:98:D6:12:09:83:32:4F ValidityWed, 09 Aug 2023 00:00:00 GMT - Sat, 07 Sep 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Hasha5e451dbde5d303539c741728ff1a27e 97518c1a5b6a71b00a973e91a2cb32925d6b6d92 688219c18055687df9ad76c907c7f6245355726722081fe0dadae906bff34009
GET /static/array.js HTTP/1.1
Host: eu.posthog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/javascript
last-modified: Wed, 17 Apr 2024 22:41:55 GMT
x-amz-server-side-encryption: AES256
x-amz-version-id: wGpl9699qdxeuOg53sUZILZKBB96yMpN
server: AmazonS3
content-encoding: br
date: Thu, 18 Apr 2024 10:05:00 GMT
etag: W/"a5e451dbde5d303539c741728ff1a27e"
x-cache: Hit from cloudfront
via: 1.1 8e6dce34fd223e0c9d89fd938d1784a2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: rPnlMbyjhx8bSX125LZho0OYr9qM3P8NPCiqUOJl8pCDvpQHB9U0Hw==
age: 23
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/home-poker-banner-bg.a77f0d650-600.webp | 154.197.121.128 | 200 OK | 12 kB |
URL GET HTTP/21win-cdn.com/img/home-poker-banner-bg.a77f0d650-600.webp IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeRIFF (little-endian) data, Web/P image Hash45df6c11399190f031e9db37f9f4e785 a8a641e38f707a584b72a5ad5c010e7bbcd7920c 121521ac13372efb3f1ab4c324432d8660fbea196e96df7916ce7457699705a3
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/home-poker-banner-bg.a77f0d650-600.webp HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:23 GMT
content-type: image/webp
content-length: 12264
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: "661fde64-2fe8"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1206
expires: Thu, 18 Apr 2024 14:05:23 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d60ddf821bfe-OSL
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/pwa_android_en.b229a444a-690.png | 154.197.121.128 | 200 OK | 33 kB |
URL GET HTTP/21win-cdn.com/img/pwa_android_en.b229a444a-690.png IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typePNG image data, 690 x 450, 8-bit colormap, non-interlaced Hash43e03a24e305838eac0629c5cbf85550 85c71568d1008a17b928ac548987911daf187020 368a53c990be07280c5f3d3a726f0365f24befd9da404e98c139d88d8b5bf10b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/pwa_android_en.b229a444a-690.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:23 GMT
content-type: image/png
content-length: 33278
cf-bgj: imgq:100,h2pri
cf-polished: origSize=37637
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "6620e288-9305"
last-modified: Thu, 18 Apr 2024 09:06:16 GMT
cf-cache-status: HIT
expires: Thu, 18 Apr 2024 14:05:23 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d60ddf841bfe-OSL
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/banner_desktop_main_1x/plain/https://1win-cdn.com/img/bonus.8be9e8f98-362.png@avif | 188.114.96.1 | 200 OK | 5.3 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/banner_desktop_main_1x/plain/https://1win-cdn.com/img/bonus.8be9e8f98-362.png@avif IP188.114.96.1:443
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
Hash2644fa31ed595bed0cb922c0c7539272 de9318bf140b0f2ea79f367170734ff434917747 8b139975393524fcf487dbb870a640733d99cfb4352c679c7449baf2ca2babcd
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/banner_desktop_main_1x/plain/https://1win-cdn.com/img/bonus.8be9e8f98-362.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:23 GMT
content-type: image/avif
content-length: 5298
cache-control: public, max-age=31536000
content-disposition: inline; filename="bonus.8be9e8f98-362.avif"
content-security-policy: script-src 'none'
etag: "afr-jhlkuoDx_XrwjiuFbkzj6HdVsjvDmAeQvV8BbYs/RIjY2MWNmNWE0LWMyMGQi"
expires: Mon, 22 Apr 2024 10:47:34 GMT
x-request-id: idTv66N593vyFzuVNO_I5
cf-cache-status: HIT
age: 256669
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=q9KQ9i%2FJqzDClZ5mnO4NTm1%2F3vWyB0I9x8vRKu0pFJbKD%2BUvLJIBzKzPWAmInvIpQqP%2Fms9PlvX%2B%2FVgon1Tc8rxY9dO%2FcpM7IDtukbNWjQ%2Bp7DwJqUS6NmE%2B5ZA%2BaBfwukDCTv5Smv4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d60ede7056ba-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/pwa_ios_en.f08ddb1e6-690.png | 154.197.121.128 | 200 OK | 35 kB |
URL GET HTTP/21win-cdn.com/img/pwa_ios_en.f08ddb1e6-690.png IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typePNG image data, 690 x 450, 8-bit colormap, non-interlaced Hash232d05b165c6b0fc9695db490aa71f47 f04ccc74ebd190747114ceeb882d51db8e9268c6 9f1c5e7317322a12fab89e9a96b3c4dcb22381d5751128217b168e3477e5e207
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/pwa_ios_en.f08ddb1e6-690.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:23 GMT
content-type: image/png
content-length: 34925
cf-bgj: imgq:100,h2pri
cf-polished: origSize=39066
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "6620e288-989a"
last-modified: Thu, 18 Apr 2024 09:06:16 GMT
cf-cache-status: HIT
expires: Thu, 18 Apr 2024 14:05:23 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d60eb88c1bfe-OSL
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/betraja.5cf6f15c0-75.png | 154.197.121.128 | 200 OK | 1.1 kB |
URL GET HTTP/21win-cdn.com/img/betraja.5cf6f15c0-75.png IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typePNG image data, 75 x 75, 8-bit colormap, non-interlaced Hash2840e342f235c6d7d76db654ff6a0edd 8f81dc2954a1e234394d7b284e02742730f25f37 2ad89292fa4c717acf6c24a9fa1f4c795f1e63f7e03bd4800c73f989c595a950
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/betraja.5cf6f15c0-75.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:23 GMT
content-type: image/png
content-length: 1054
cf-bgj: imgq:100,h2pri
cf-polished: origSize=1174
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "661fde62-496"
last-modified: Wed, 17 Apr 2024 14:36:18 GMT
cf-cache-status: HIT
age: 5500
expires: Thu, 18 Apr 2024 14:05:23 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d60fd98e1bfe-OSL
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/casino-mentor.f6b6387ac-172.png | 154.197.121.128 | 200 OK | 1.9 kB |
URL GET HTTP/21win-cdn.com/img/casino-mentor.f6b6387ac-172.png IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typePNG image data, 172 x 50, 8-bit colormap, non-interlaced Hash3ec6ec7d9016e953c300249c2af5704f e7b2ec568a2118a744cdd1fabe6fa8959c637532 135d5b6cdac55c8f3598b1d5d04bcf737608501709df2567d270fd30ba02b25a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/casino-mentor.f6b6387ac-172.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:23 GMT
content-type: image/png
content-length: 1857
cf-bgj: imgq:100,h2pri
cf-polished: origSize=1976
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "661fde63-7b8"
last-modified: Wed, 17 Apr 2024 14:36:19 GMT
cf-cache-status: HIT
age: 5500
expires: Thu, 18 Apr 2024 14:05:23 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d61029cd1bfe-OSL
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/cricket-betting-guru.cfe7d4265-500.png | 154.197.121.128 | 200 OK | 8.1 kB |
URL GET HTTP/21win-cdn.com/img/cricket-betting-guru.cfe7d4265-500.png IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typePNG image data, 500 x 500, 8-bit colormap, non-interlaced Hash953b3b7e0c94ed3c3af678f19b076c5a 993c897eadbd5f11f4fa712cda067ea633c8e68f d996933d2daf078f08f1460583730af70894c8e2317c273661c10aa3affc5acd
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/cricket-betting-guru.cfe7d4265-500.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:23 GMT
content-type: image/png
content-length: 8067
cf-bgj: imgq:100,h2pri
cf-polished: origSize=9249
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "661fde64-2421"
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
cf-cache-status: HIT
age: 5500
expires: Thu, 18 Apr 2024 14:05:23 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d61039d81bfe-OSL
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/best-bitcoin-casino.9c1716b1a-50.png | 154.197.121.128 | 200 OK | 972 B |
URL GET HTTP/21win-cdn.com/img/best-bitcoin-casino.9c1716b1a-50.png IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typePNG image data, 50 x 50, 8-bit colormap, non-interlaced Hashd75b75efec83a2230764a8fed9d1dd3e ee4318789396290da2017d433fe622b9a005aff2 24397ec04f26d6b7c9465094a088ab89e4a4216accd5cb45e8563f694dd3fcd5
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/best-bitcoin-casino.9c1716b1a-50.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:23 GMT
content-type: image/png
content-length: 972
cf-bgj: imgq:100,h2pri
cf-polished: origSize=1035
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "661fde62-40b"
last-modified: Wed, 17 Apr 2024 14:36:18 GMT
cf-cache-status: HIT
age: 5500
expires: Thu, 18 Apr 2024 14:05:23 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d61039d71bfe-OSL
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/500_i18_bg.0e037ee17-1320.webp | 154.197.121.128 | 200 OK | 40 kB |
URL GET HTTP/21win-cdn.com/img/500_i18_bg.0e037ee17-1320.webp IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 1320x427, Scaling: [none]x[none], YUV color, decoders should clamp Hash14de8fd7c8de24bb9f6f89ddd3c2d480 9635193c712dafa2c58339dee09588880a96a980 633593c73a175eabb2a5716a04aa84b1b49fc8e4ac4687b07509db36350076b7
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/500_i18_bg.0e037ee17-1320.webp HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:23 GMT
content-type: image/webp
content-length: 39614
last-modified: Thu, 18 Apr 2024 09:06:16 GMT
etag: "6620e288-9abe"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Thu, 18 Apr 2024 14:05:23 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d61049e41bfe-OSL
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/atp.e87cf2801.svg | 154.197.121.128 | 200 OK | 95 kB |
URL GET HTTP/21win-cdn.com/img/atp.e87cf2801.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typegzip compressed data, from Unix Hashbdd81c7ad8648420e8c00de37c7fef9f e896d2a52f5fb6cefd453f50adb20bd5f1ab2d31 79c11d46e4cdb64c56354ca7b29ad8b2d93732090882ad4675180fd365046ad5
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/atp.e87cf2801.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:23 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:18 GMT
etag: W/"661fde62-2f1a"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5500
expires: Thu, 18 Apr 2024 14:05:23 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d60fd98a1bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| www.googletagmanager.com/gtag/js?id=AW-16482547739&l=dataLayer&cx=c | 142.250.74.40 | 200 OK | 86 kB |
URL GET HTTP/3www.googletagmanager.com/gtag/js?id=AW-16482547739&l=dataLayer&cx=c IP142.250.74.40:443
CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com FingerprintBF:40:8C:8B:CB:69:1E:3F:E2:3B:B7:8A:8E:C0:D6:98:5F:81:FA:2D ValidityMon, 04 Mar 2024 06:35:45 GMT - Mon, 27 May 2024 06:35:44 GMT
File typeJavaScript source, ASCII text, with very long lines (4179) Hashc4c98fcfc7b629a5fc0ae642de98453a 3591cd5108cf07e054d34ab211a98d97202f8b71 c47fcb2a3f89454fbc211733c1747992538ef0f65510a0fc57caa2483079cf61
GET /gtag/js?id=AW-16482547739&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 18 Apr 2024 10:05:23 GMT
expires: Thu, 18 Apr 2024 10:05:23 GMT
cache-control: private, max-age=900
last-modified: Thu, 18 Apr 2024 09:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 85751
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| 1win-cdn.com/img/500_i18_img.77110d4f9-1320.webp | 154.197.121.128 | 200 OK | 25 kB |
URL GET HTTP/21win-cdn.com/img/500_i18_img.77110d4f9-1320.webp IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeRIFF (little-endian) data, Web/P image Hash1f85b44a5305e8928fcae8922301d92a 7ecc0724a7560af7c4debc83014bab875eba685b 660ffadc474a5738fb2d93662e90e32d80dad0baa670e737854347ef8e4b904d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/500_i18_img.77110d4f9-1320.webp HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:23 GMT
content-type: image/webp
content-length: 25292
last-modified: Thu, 18 Apr 2024 09:06:17 GMT
etag: "6620e289-62cc"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Thu, 18 Apr 2024 14:05:23 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d61049e71bfe-OSL
X-Firefox-Spdy: h2
|
|
| www.googletagmanager.com/gtag/destination?id=DC-12688802&l=dataLayer&cx=c | 142.250.74.40 | 200 OK | 72 kB |
URL GET HTTP/3www.googletagmanager.com/gtag/destination?id=DC-12688802&l=dataLayer&cx=c IP142.250.74.40:443
CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com FingerprintBF:40:8C:8B:CB:69:1E:3F:E2:3B:B7:8A:8E:C0:D6:98:5F:81:FA:2D ValidityMon, 04 Mar 2024 06:35:45 GMT - Mon, 27 May 2024 06:35:44 GMT
File typeJavaScript source, ASCII text, with very long lines (2165) Hashbb8d6cea81c7f71676196cb71a5adb5e ba0bef73bc8c7e33514becffcb93e53bb91a8935 906cd5a5c1367ad967ac387336c1fda4cb0bb1f313f4f3925990ec20da205ae2
GET /gtag/destination?id=DC-12688802&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 18 Apr 2024 10:05:23 GMT
expires: Thu, 18 Apr 2024 10:05:23 GMT
cache-control: private, max-age=900
last-modified: Thu, 18 Apr 2024 09:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 72281
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| 1win-cdn.com/img/lucky-jet.f927485da.svg | 154.197.121.128 | 200 OK | 8.0 kB |
URL GET HTTP/21win-cdn.com/img/lucky-jet.f927485da.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typegzip compressed data, from Unix Hashf62335384c1e4b23fece46ecf363a7fa 7fc6ce0a3465f8370af1802604c6f54cdca43473 482f55059c169c2f8707e606c393c1956adf4ad4e22d8c6776001a2bfc86da50
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/lucky-jet.f927485da.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:23 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: W/"661fde64-f8d"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5022
expires: Thu, 18 Apr 2024 14:05:23 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d60b8d501bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/spinomenal/61ea6817-a009-4c14-94a8-2d97fb8082c3.png@avif | 188.114.96.1 | 200 OK | 6.1 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/spinomenal/61ea6817-a009-4c14-94a8-2d97fb8082c3.png@avif IP188.114.96.1:443
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
Hash172757f78e8e2026f280f94f4d032035 17cea3940511dbbbb5077e78e28ddadef3090931 f0480a63411ce5b83d0c87ea580863a1a6908dc635db4309719cf9119d3df28f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/spinomenal/61ea6817-a009-4c14-94a8-2d97fb8082c3.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:24 GMT
content-type: image/avif
content-length: 6121
cache-control: public, max-age=31536000
content-disposition: inline; filename="61ea6817-a009-4c14-94a8-2d97fb8082c3.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1ODk1MmJlLTZhY2Q4Ig"
expires: Wed, 24 Apr 2024 20:17:42 GMT
x-request-id: 6wlhy8CqiNIlKW3HNigYq
cf-cache-status: HIT
age: 49662
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gg5VE4NND6d1mSnfwZGs0eJeaF9VdQmTkkMyHCxpYzU%2FmV5zXXU0GteGPeJpMxFDUQ9MWmJABEnz09p%2B9GqwCsIPtrGFeC%2BjLK5Hat7zTNzvpEr99BqM6hYd3vrihTX1PN5rgWVvbes%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d61159ad56ba-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/1play/0c8b561e-d1d5-4e08-903f-f0b53d280c7c.jpg@avif | 188.114.96.1 | 200 OK | 5.6 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/1play/0c8b561e-d1d5-4e08-903f-f0b53d280c7c.jpg@avif IP188.114.96.1:443
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
Hashbaf3f199ffdfb682bbcd9d3837e517c0 3803d7a122952937942ab92c0724af229c4f2dfe 2e33b0efc808c5c2e8e2741821e0b3aa7f595fd7c5d14b51a5b0b75c5fd87058
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/1play/0c8b561e-d1d5-4e08-903f-f0b53d280c7c.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:24 GMT
content-type: image/avif
content-length: 5627
cache-control: public, max-age=31536000
content-disposition: inline; filename="0c8b561e-d1d5-4e08-903f-f0b53d280c7c.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1YjM4MThkLTE2MjkwIg"
expires: Thu, 25 Apr 2024 08:46:33 GMT
x-request-id: 5K4g--Pyiqr6b2Ea_4rTn
cf-cache-status: HIT
age: 4731
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Rkd2g2mz4TniYWnovzhbUI7rbqW5cEvTpKvjeQtx7M%2FSGooBU5K3hh5X2FGyIZtznyJ2APuGKKXmsbTAxlQcGd6kZEoe4rRPRMwhTPSbBx3K2EhUTUvpFYPV5yST038LCUraGhMHMog%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d61159af56ba-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/1290.b71054ef1.js | 154.197.121.128 | 200 OK | 11 kB |
URL GET HTTP/21win-cdn.com/js/1290.b71054ef1.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typegzip compressed data, from Unix Hashea5a160a46b9edb89a421f57cc968306 7aa44e1126c16df21e9c3332df05c6a18ac36512 58afd917efdf7e1bba09393b2d8da0a9cececb6b3d818294071ab836cf61188e
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/1290.b71054ef1.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:22 GMT
content-type: application/javascript; charset=utf-8
last-modified: Tue, 09 Apr 2024 10:12:46 GMT
etag: W/"6615149e-20fb"
expires: Sun, 16 Apr 2034 10:05:22 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 775984
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d60a6c6c1bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/habanero.92654c79c.svg | 154.197.121.128 | 200 OK | 14 kB |
URL GET HTTP/21win-cdn.com/img/habanero.92654c79c.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typegzip compressed data, from Unix Hashc304a35282859cc1e3a67a1115de1c81 2f712a00aa6ef69a64915cad8bba0e0386172d1b 2d67f0860ae714fca72bec269ca19e2fc560e93067423619e381e2225bf38ea2
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/habanero.92654c79c.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:24 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: W/"661fde64-de9"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5023
expires: Thu, 18 Apr 2024 14:05:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d6133cb81bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/spinomenal/816dc231-c8b7-4ffb-bae9-d78caff7e923.jpg@avif | 188.114.96.1 | 200 OK | 7.4 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/spinomenal/816dc231-c8b7-4ffb-bae9-d78caff7e923.jpg@avif IP188.114.96.1:443
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
Hash7d78a951d170034c2ce027bf5ea6c69f 56ffbce11b718eceeb70ad7ac12f28f44f3c8b93 8edab6a41bf81d3abcef43bc57b4c446cd3c493af6eb231409f7b0ecaaf56dfd
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/spinomenal/816dc231-c8b7-4ffb-bae9-d78caff7e923.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:24 GMT
content-type: image/avif
content-length: 7441
cache-control: public, max-age=31536000
content-disposition: inline; filename="816dc231-c8b7-4ffb-bae9-d78caff7e923.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1YjNhOTQ4LTI4YTY3Ig"
expires: Mon, 22 Apr 2024 18:56:38 GMT
x-request-id: kRpnqKOPXudhGZD4vHPWX
cf-cache-status: HIT
age: 227326
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IdUhjb0EWnKavEFwt8E2otZfF9kzDyBW1EMNP%2BiDErEa6iVfncuYlH9ZpqXNjiAJ%2Fap53iqeTFwCADPMXRalV1khQtMEl%2ByIAoSjMTMLtsG257BoxIYKW1RYsVT0bfevdDWYZGTL%2BFk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d614ceda56ba-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/playbro.9ed310f23.svg | 154.197.121.128 | 200 OK | 8.1 kB |
URL GET HTTP/21win-cdn.com/img/playbro.9ed310f23.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typegzip compressed data, from Unix Hash540e1f4998e1a31a90854c743a7f26d8 8b891d66f1eb9e0c50961f6d3586f165a2afff85 3330eab2c64b511967690e4fc4f2a0a12904d6e3bae252a1b32e06f6b67ab254
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/playbro.9ed310f23.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:24 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: W/"661fde64-12e7"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Thu, 18 Apr 2024 14:05:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d613ad1d1bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/bgaming.ae3573ff9.svg | 154.197.121.128 | 200 OK | 11 kB |
URL GET HTTP/21win-cdn.com/img/bgaming.ae3573ff9.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typegzip compressed data, from Unix Hashccaed7d99204091151e67f6a8ab7a1f4 12d303451c0ea2136057f9339c6cb64e819d4289 4c6393761cbadabf39b71393d49922d7cc9612e9f66f16be75fa70a9e7c53aa1
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/bgaming.ae3573ff9.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:24 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:18 GMT
etag: W/"661fde62-f9d"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5023
expires: Thu, 18 Apr 2024 14:05:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d6127bfe1bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/hacksaw.5f0e80ecd.svg | 154.197.121.128 | 200 OK | 9.2 kB |
URL GET HTTP/21win-cdn.com/img/hacksaw.5f0e80ecd.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typegzip compressed data, from Unix Hash378b1d623d77b2927a38cf8df24df7f1 37c110a177bc4e485e585cc565b1187e9c702fdb 561a25e7b72288b30ef150bb23f71be050623749207bd327f2f99f8dab2bd365
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/hacksaw.5f0e80ecd.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:24 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: W/"661fde64-349"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1206
expires: Thu, 18 Apr 2024 14:05:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d6133cba1bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/agt.893343a61.svg | 154.197.121.128 | 200 OK | 31 kB |
URL GET HTTP/21win-cdn.com/img/agt.893343a61.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typegzip compressed data, from Unix Hashb7e6caaa3c184b6ff1ff4cb27bce3ce2 01fb63b48923e159029791e480ec11847272eb1d 0cb490c16dbf0419dac2d11811ad1ad9b754e587d216bb4fb2c6e9c82b13c88c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/agt.893343a61.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:24 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:18 GMT
etag: W/"661fde62-4be"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5023
expires: Thu, 18 Apr 2024 14:05:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d611fb6e1bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/20420.30b3c996e.js | 154.197.121.128 | 200 OK | 13 kB |
URL GET HTTP/21win-cdn.com/js/20420.30b3c996e.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typegzip compressed data, from Unix Hash3ae0f89fec49f8fbffa3fd163a6c74e9 ba31cf24a92b171bddcdcecb014c6cf4c7189378 aee881ce1385817982d3eb907eacf164f273b39854c0af8d3350dcccd83de164
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/20420.30b3c996e.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:24 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-23d"
expires: Sun, 16 Apr 2034 10:05:24 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1225749
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d6125be61bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/bet2tech.41863da88.svg | 154.197.121.128 | 200 OK | 10 kB |
URL GET HTTP/21win-cdn.com/img/bet2tech.41863da88.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typegzip compressed data, from Unix Hash48e339c494f25cc5ebdfc8386eb450e9 3f31b1064f619d9b2757e65841e6896a9aa8acd5 161e3f44bd0df106ab00903d05e39de3e4e745b809cfaa72536c1092924a5e37
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/bet2tech.41863da88.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:24 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:18 GMT
etag: W/"661fde62-71f"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Thu, 18 Apr 2024 14:05:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d6125bd11bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/e5e6ff35-98dc-4923-abf3-6f2fe59515fe.png@avif | 188.114.96.1 | 200 OK | 8.1 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/e5e6ff35-98dc-4923-abf3-6f2fe59515fe.png@avif IP188.114.96.1:443
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
Hash7e8efe46dde9cda3cd4a173d23aa609e e285ec6cabd58a1f137a323c2795da808c5c65e8 3256461de8e961771cf7d1d55f8a438667b73a8363f69c460026643981a2c1cb
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/e5e6ff35-98dc-4923-abf3-6f2fe59515fe.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:24 GMT
content-type: image/avif
content-length: 8148
cache-control: public, max-age=31536000
content-disposition: inline; filename="e5e6ff35-98dc-4923-abf3-6f2fe59515fe.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY0ZTM1M2QzLTJjM2QyIg"
expires: Mon, 22 Apr 2024 10:08:54 GMT
x-request-id: agK_DcwTt9HNC0n9ThMdZ
cf-cache-status: HIT
age: 258990
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CeCEebLQ7TXT9%2BTghDl5u3dBIIL1E2kNKDWFtpnsPoDUH3ceyULH1ZD0dIUZFWWxwMXfkEhOk4nrcvMcRyaDOc%2BuQf%2BawKAgqyL548GykrgG%2B25xuunjsDIL3XOnFo1xAGyFqdkecUM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d614cee856ba-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/d0e532f1-4415-468d-aa3c-dbc88f46f22f.jpg@avif | 188.114.96.1 | 200 OK | 8.5 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/d0e532f1-4415-468d-aa3c-dbc88f46f22f.jpg@avif IP188.114.96.1:443
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
Hashc11c2d14d41a0b2a51d3f53a6da4c24e 45ce1e0bd439d9e86de2439208f4ae916a458edf 4dd61a323da69ec08bf6847c82a55afccc0a01586ef111c3f19b8c8a6e24bbe0
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/d0e532f1-4415-468d-aa3c-dbc88f46f22f.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:24 GMT
content-type: image/avif
content-length: 8463
cache-control: public, max-age=31536000
content-disposition: inline; filename="d0e532f1-4415-468d-aa3c-dbc88f46f22f.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY2MDQxNGFiLTFmODcyIg"
expires: Thu, 25 Apr 2024 08:46:33 GMT
x-request-id: RJIyPBnOYHaf-dKyUe0Z0
cf-cache-status: HIT
age: 4731
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1nadREW70PwoeqiIgZkklGGAT3GTC8Z32fugruP26CKryfDWQet5A6RLXbhK23QBltWqw6KRleKXQDvUV%2FaINftXKIw0Fb2vVpFNnaio6S%2FUlR%2BqmGcqX3SmPILHWUK25rxyq9WiLo4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d614ceec56ba-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/goldenrace.4bb50c89d.svg | 154.197.121.128 | 200 OK | 10 kB |
URL GET HTTP/21win-cdn.com/img/goldenrace.4bb50c89d.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typegzip compressed data, from Unix Hasheb81e912c5119a5697a102416f099687 da16b75e72e9f57f1bd1ef2b7203107d91749e53 242a5ccb3ff834954b102632e27838fdc0e0e7d7a2934de478083109b815b820
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/goldenrace.4bb50c89d.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:24 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: W/"661fde64-88a"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Thu, 18 Apr 2024 14:05:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d6133cb31bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/fugaso.1a40d61ad.svg | 154.197.121.128 | 200 OK | 10 kB |
URL GET HTTP/21win-cdn.com/img/fugaso.1a40d61ad.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typegzip compressed data, from Unix Hashae16b736338aab1d823594cf53fd8e1b d332499577a2f95f2a707a6cb67e8ca21c1f04ce 083ac046af84eae3d6929ec6f34e2b52ce93b96ff6b7468e15c6b127eb3d73df
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/fugaso.1a40d61ad.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:24 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: W/"661fde64-951"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5023
expires: Thu, 18 Apr 2024 14:05:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d612fc721bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/aaf2d443-c77f-48d2-b319-c986f21359b9.png@avif | 188.114.96.1 | 200 OK | 11 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/aaf2d443-c77f-48d2-b319-c986f21359b9.png@avif IP188.114.96.1:443
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
Hash69589818044ff973aa67c696e7e394fd 0f03ad92c7eb38789b111436be2e733faad871a4 11b7536dae29bf130716d915551940bb971627b613ef1ea7e1e351a0411bc534
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/aaf2d443-c77f-48d2-b319-c986f21359b9.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:24 GMT
content-type: image/avif
content-length: 10793
cache-control: public, max-age=31536000
content-disposition: inline; filename="aaf2d443-c77f-48d2-b319-c986f21359b9.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY0MDljNTQ5LTRmZWNiIg"
expires: Thu, 25 Apr 2024 08:46:34 GMT
x-request-id: KuHp8WNfoKJiMDUD-Mcd3
cf-cache-status: HIT
age: 4730
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=A8h1SSzPsVWz1foOXbwsK5vyXwPISZNApM4jKBceTW1u2SENDs%2FitI5C4ZJ%2B%2B1xEVOW%2B4IO0kfb86uwUuMkO3e%2BDedtVHqa994LVyGkx2qBjx2KEh%2Bo%2BgekItLQR3TXuWBWxCembGis%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d615e87e56ba-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/57460.093f52cba.js | 154.197.121.128 | 200 OK | 8.4 kB |
URL GET HTTP/21win-cdn.com/js/57460.093f52cba.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typegzip compressed data, from Unix Hash333f593aee89304401a6509b3e452fa1 2a36167cd8dd2657048693910cd7f156b95fb5b5 8ef69d2bbcba12eefdd2af897cb04c721827eb903d8deda4b33a2ea4f134b7c8
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/57460.093f52cba.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:24 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-1b6"
expires: Sun, 16 Apr 2034 10:05:24 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1225749
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d611db451bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/carRaffleDesktopHeaderTicket.1a4740acc.svg | 154.197.121.128 | 200 OK | 8.1 kB |
URL GET HTTP/21win-cdn.com/img/carRaffleDesktopHeaderTicket.1a4740acc.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typegzip compressed data, from Unix Hashf764c199424bb861305e221bd8e3d6e0 22c5dd87ca934aa3c10b296a90406e94c660cb05 2df667631e37b19499bd72961d63b0f3a2d2ab0b0f5f076ac2aa249a1f04525e
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/carRaffleDesktopHeaderTicket.1a4740acc.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:23 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 09:06:17 GMT
etag: W/"6620e289-3ff"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Thu, 18 Apr 2024 14:05:23 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d61039da1bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1wrwn.com/firebase/8.1.1/firebase-messaging.js | 190.115.24.78 | 200 OK | 22 kB |
URL GET HTTP/21wrwn.com/firebase/8.1.1/firebase-messaging.js IP190.115.24.78:443
CertificateIssuerLet's Encrypt Subject1wrwn.com FingerprintD0:D4:98:08:C0:51:A2:A9:99:D1:71:8C:5F:59:90:FE:F6:91:A5:1E ValidityWed, 17 Apr 2024 19:47:10 GMT - Tue, 16 Jul 2024 19:47:09 GMT
File typeJavaScript source, ASCII text, with very long lines (40719) Hash450e8b32262706d42cfdd438c49208f5 31c7e4aac1d1303c1e83a0b591abc3501e278668 58a372bb9d424111a2e73c427edb10db91c0f05e8f323f046d20f5cf8fd6f30f
GET /firebase/8.1.1/firebase-messaging.js HTTP/1.1
Host: 1wrwn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __ddg1_=MKlro9cGwMg37YuuxgAz; visit_domain=1wrwn.com; core-sticky=http://10.233.81.203:80; ph_phc_g0UTdOPocaIsKP6mrNYRhKJrTmq7XwcuBgfYvKmPnj6_posthog=%7B%22distinct_id%22%3A%22018ef0aa-fffa-72d2-90c2-4614282bf162%22%2C%22%24sesid%22%3A%5B1713434722462%2C%22018ef0ab-009e-7530-a698-34f74676cd97%22%2C1713434722462%5D%7D; 1w_lang=en; 1w_locale=1; AMP_494cccfe21=JTdCJTIyZGV2aWNlSWQlMjIlM0ElMjIxZDUzZjE2NS1mNTRlLTQ1ZDMtYjE5NC02ZWFmOTYxY2RkZDAlMjIlMkMlMjJzZXNzaW9uSWQlMjIlM0ExNzEzNDM0NzIyNDIwJTJDJTIyb3B0T3V0JTIyJTNBZmFsc2UlMkMlMjJsYXN0RXZlbnRUaW1lJTIyJTNBMTcxMzQzNDcyMjQ2OSUyQyUyMmxhc3RFdmVudElkJTIyJTNBMCU3RA==; AMP_MKTG_494cccfe21=JTdCJTdE
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: ddos-guard
date: Thu, 18 Apr 2024 10:05:23 GMT
content-type: application/javascript
last-modified: Thu, 18 Apr 2024 09:06:17 GMT
etag: W/"6620e289-9f25"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: ALLOW-FROM ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan, ALLOW-FROM 1win-partner.com ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan
content-encoding: br
vary: Accept-Encoding
age: 3
ddg-cache-status: MISS,MISS
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/bookmaker-rating-en.e5dcc84dd.svg | 154.197.121.128 | 200 OK | 31 kB |
URL GET HTTP/21win-cdn.com/img/bookmaker-rating-en.e5dcc84dd.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typegzip compressed data, from Unix Hashb39f1211e5ad4391b32b1ae389adeb78 7debd8dac7a056355680ed7208a24d1a4fc715e9 652cd1087edb863776691886a5cdb2020b70e9e4231631ffccc91408f43dddc3
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/bookmaker-rating-en.e5dcc84dd.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:23 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:19 GMT
etag: W/"661fde63-4ab4"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 2354
expires: Thu, 18 Apr 2024 14:05:23 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d60fd98d1bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/46665.703cfe1de.js | 154.197.121.128 | 200 OK | 10 kB |
URL GET HTTP/21win-cdn.com/js/46665.703cfe1de.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typegzip compressed data, from Unix Hash857c8345699960e9ef01a9b46b02fc94 f0d4e62a3091a0fb3df4a28fd0ae94bb246375a0 e7087e7f09d06253010e9352f1555f2767028055e164810bcd3e16ec81a5d774
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/46665.703cfe1de.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:24 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-3fe"
expires: Sun, 16 Apr 2034 10:05:24 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1225749
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d611db521bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/1spin4win.bb21057a4.svg | 154.197.121.128 | 200 OK | 11 kB |
URL GET HTTP/21win-cdn.com/img/1spin4win.bb21057a4.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typegzip compressed data, from Unix Hash39211f4a6f6a58d2e3c2785231189873 57c504303a446f49206e7032ace34ac0a18763ec d2df376250e7b77501c7fe6f6b3f4f24ca342cffe187b0bb09c14a84ccdea7b5
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/1spin4win.bb21057a4.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:24 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 09:06:17 GMT
etag: W/"6620e289-4da"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Thu, 18 Apr 2024 14:05:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d611cb2f1bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/3%20oaks%20gaming.a6d146d58.svg | 154.197.121.128 | 200 OK | 12 kB |
URL GET HTTP/21win-cdn.com/img/3%20oaks%20gaming.a6d146d58.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typegzip compressed data, from Unix Hash02606543a1675cf258827ef85b233f0b 8e331de63c0aeaf548638b14e266daa168ca352f 74eb9f44456832c8fa42ae78ca81f1b4b0e1a4db8126d68ac9af3dfdd26d8fa6
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/3%20oaks%20gaming.a6d146d58.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:24 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:18 GMT
etag: W/"661fde62-aa2"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1206
expires: Thu, 18 Apr 2024 14:05:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d611db421bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/fifa.604717ea7.svg | 154.197.121.128 | 200 OK | 11 kB |
URL GET HTTP/21win-cdn.com/img/fifa.604717ea7.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typegzip compressed data, from Unix Hash29ea461056bea3412784d2ec7b315bb9 518fca01b47225ee481bb6d3f8178fdbceac9606 985135944e0c5bc6c79e34c8bb3a17d3c5425f3cb71f8af9827668715aa4e6ea
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/fifa.604717ea7.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:23 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 09:06:17 GMT
etag: W/"6620e289-39c"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Thu, 18 Apr 2024 14:05:23 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d60fd98c1bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/leap.f4cfad944.svg | 154.197.121.128 | 200 OK | 24 kB |
URL GET HTTP/21win-cdn.com/img/leap.f4cfad944.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typegzip compressed data, from Unix Hash09567720e16570dc0af5026e41959e6c 3335d89a6b32d1c12d611aa7759e9c5eb2910670 9738e6fbd41a912984a2f83aaa4abe6ce43aab69dc8ef4798078ef255223236f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/leap.f4cfad944.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:24 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: W/"661fde64-99d"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Thu, 18 Apr 2024 14:05:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d6135cd41bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/pragmatic/3223fafb-6b1b-46ba-bb4e-d667854eb8e8.png@avif | 188.114.96.1 | 200 OK | 8.2 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/pragmatic/3223fafb-6b1b-46ba-bb4e-d667854eb8e8.png@avif IP188.114.96.1:443
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
Hash2bb5dde390003652a0eb9ebe2ec82506 a380f9976a7e050fb4d5d16645fb739f1c012635 8a7bde50fbfc69782f930b7983c89539fa483d076ec7bfd327cbf615987bed3b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/pragmatic/3223fafb-6b1b-46ba-bb4e-d667854eb8e8.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:24 GMT
content-type: image/avif
content-length: 8197
cache-control: public, max-age=31536000
content-disposition: inline; filename="3223fafb-6b1b-46ba-bb4e-d667854eb8e8.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1NGIzZjM1LTMwNzIxIg"
expires: Thu, 25 Apr 2024 08:46:34 GMT
x-request-id: QMJdvaCksJ0h6mJwC6n0J
cf-cache-status: HIT
age: 4730
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RYmqlrnZHUx0nG5W1HS1b3nBh47o0%2F6SJsa7eRDManvvAQKHV5qxRD539RSF6eYKItVvVBG9fmR9mhGYa%2FH84zj248uDwWqF%2Bw81nZHOTcgQkJjnTg8cQBU81bh%2FUBEWID28CRGEbeM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d615e89a56ba-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/uefa.093dd4fef.svg | 154.197.121.128 | 200 OK | 10 kB |
URL GET HTTP/21win-cdn.com/img/uefa.093dd4fef.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typegzip compressed data, from Unix Hash222658f9aadde45a0b64d2767f799302 8a29216eecd09772c4e3a3f52096d7aa9ea432c7 b865079890dbe7128beb2b54710b0f094e47eb3574ee6648d34046ccb3d48351
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/uefa.093dd4fef.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:23 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: W/"661fde64-782"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5500
expires: Thu, 18 Apr 2024 14:05:23 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d60fd9811bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/pragmatic/c_d25464ae840baf966d3d1019c718c0fc.png@avif | 188.114.96.1 | 200 OK | 6.4 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/pragmatic/c_d25464ae840baf966d3d1019c718c0fc.png@avif IP188.114.96.1:443
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
Hash4e7067f0087797bc8a2752288c82d468 7a97f30b9cf7b7c0167847006aefcd3411e4c414 626952781c5dcc08fb5dc238ced257f7bcc86ed4e656e61c829199ab4f023e62
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/pragmatic/c_d25464ae840baf966d3d1019c718c0fc.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:24 GMT
content-type: image/avif
content-length: 6364
cache-control: public, max-age=31536000
content-disposition: inline; filename="c_d25464ae840baf966d3d1019c718c0fc.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjYyOGUyMTVlLTRiYWM1Ig"
expires: Thu, 25 Apr 2024 08:46:34 GMT
x-request-id: Y6cy0Xwg6dY5io0XtPfyk
cf-cache-status: HIT
age: 4730
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LDEE0BxcCcEmOq8cnJTLWNY2uJn3AmwuropL38NVIp89Mv8t%2BnB%2BKRKjSdtXNzBF0900hBipG9i68dpfLEuOrQf2ye6Vp3CG3wi7Z5JTXdolaWUWfpVsWNUYjS1KKO1x311rEHxfqtY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d615e89b56ba-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| d16q5vvir3f28d.cloudfront.net/raffle-20240411/headerLink.png | 143.204.42.78 | 200 OK | 3.9 kB |
URL GET HTTP/2d16q5vvir3f28d.cloudfront.net/raffle-20240411/headerLink.png IP143.204.42.78:443
CertificateIssuerAmazon Subject*.cloudfront.net FingerprintFA:21:45:DC:4D:94:03:A3:09:77:51:78:4A:21:F2:C5:6D:94:BE:52 ValidityTue, 10 Oct 2023 00:00:00 GMT - Thu, 19 Sep 2024 23:59:59 GMT
File typePNG image data, 124 x 48, 8-bit colormap, non-interlaced Hash3219393f1efd01cf2db20820dff57cf2 ebdbcf916084a0d5a70680021d269680e9f41d41 8bb1195fc7bb92abd77f1a9bb21ce32e20e509d25d3aef4c412b50c8fae6ec06
GET /raffle-20240411/headerLink.png HTTP/1.1
Host: d16q5vvir3f28d.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: image/png
content-length: 3884
last-modified: Thu, 11 Apr 2024 12:20:45 GMT
x-amz-server-side-encryption: AES256
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
date: Wed, 17 Apr 2024 18:17:51 GMT
etag: "3219393f1efd01cf2db20820dff57cf2"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 8e6dce34fd223e0c9d89fd938d1784a2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: wrZTgs0nP_WgeYrX0dV38Yj6eKfcJ431H_83ZXgx4WVocDSlgMkbrQ==
age: 56854
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/bf%20games.7559aed26.svg | 154.197.121.128 | 200 OK | 4.7 kB |
URL GET HTTP/21win-cdn.com/img/bf%20games.7559aed26.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typegzip compressed data, from Unix Hash702e736ef6bef7839343e16967236b7d f120319d8222f05f8ee93f539a70867af21ab7bf 89e57626a12f39b68f0ac8c4d048e73d3f8259a7657987830336a0a152d0559c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/bf%20games.7559aed26.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:24 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:18 GMT
etag: W/"661fde62-1382"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 3342
expires: Thu, 18 Apr 2024 14:05:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d6127bf91bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/common/banners/all-v2?lang=en&type=desktop&bannersType=main&localeId=1 | 154.197.121.128 | 200 OK | 8.0 kB |
URL GET HTTP/21win-cdn.com/common/banners/all-v2?lang=en&type=desktop&bannersType=main&localeId=1 IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeUnicode text, UTF-8 text, with very long lines (10345) Hash876e33a6ddf78565f961cfaa24ac20e1 266068c2cb0591ab672cd8d0aeb53e13f3bcebe9 6e77a575cb5f6dd09a0031c421767ae87af3e5f33f49c189d46af91e92956c16
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /common/banners/all-v2?lang=en&type=desktop&bannersType=main&localeId=1 HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1wrwn.com
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:23 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=3600, stale-while-revalidate=300
etag: W/"21ce-wm0kJUuRnQV5hIz8GnyJyj8sQkQ"
vary: Origin
x-frame-options: DENY
cf-cache-status: DYNAMIC
set-cookie: __cf_bm=dLmfuKkTARB16mEETvChU9tFqslV1YvjV0HjZdnrUAs-1713434723-1.0.1.1-uKGK_lGMZU6mjxRZ.zsxPjuXDVKzhL22_xbW4K0vOTahdJ8yH1PBGMuLAmyuTg7gIkD.hm3AED3lbamggydcwg; path=/; expires=Thu, 18-Apr-24 10:35:23 GMT; domain=.1win-cdn.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 8763d60e5d0b56c7-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/superlotto.0b2069aeb.svg | 154.197.121.128 | 200 OK | 2.6 kB |
URL GET HTTP/21win-cdn.com/img/superlotto.0b2069aeb.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typegzip compressed data, from Unix Hash963edc59f603c3d32cc8c927c435849b 13715779c67cff9e8004da0f82980c6caf090db7 fb399ec1c3d10d6d05527fe9d9f63626ff98af0783921718f06c9401964a9678
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/superlotto.0b2069aeb.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:24 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: W/"661fde64-1b55"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Thu, 18 Apr 2024 14:05:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d6143da31bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/liw.134f23084.svg | 154.197.121.128 | 200 OK | 10 kB |
URL GET HTTP/21win-cdn.com/img/liw.134f23084.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typegzip compressed data, from Unix Hash4e486ba9eeb009f607216fda00bfcfda cb0bec3f63cfc96879276035a28d809ebb3ca7ef 772721dcfa27759937b9b110f63fcccb9df0a7af38b47f51338a861b6edc8830
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/liw.134f23084.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:24 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: W/"661fde64-1e9e"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Thu, 18 Apr 2024 14:05:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d6135cd81bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/playson.2ff1c7d85.svg | 154.197.121.128 | 200 OK | 1.2 kB |
URL GET HTTP/21win-cdn.com/img/playson.2ff1c7d85.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hashedfa7bcb892aefebf9225b244aec358e d7b84d71f736a3130f3da1b6c7601bef7e2d9989 3f9ace101c3892b4d5b61f7ccdb9f2b8723a961d26b48195617e403b0981e593
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/playson.2ff1c7d85.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:24 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: W/"661fde64-ae5"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Thu, 18 Apr 2024 14:05:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d613ad211bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/betsolutions.5d0a153ca.svg | 154.197.121.128 | 200 OK | 7.9 kB |
URL GET HTTP/21win-cdn.com/img/betsolutions.5d0a153ca.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typegzip compressed data, from Unix Hashd505b5ee45eb7a693b874c9a1ccde78a ac9781e51a2b243f876ff00607925326e420ac6f d2d16e7e13b3fa2a7c194a39929df3431d1aed5b884ac72b66e03fac2e4f8a0f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/betsolutions.5d0a153ca.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:24 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:18 GMT
etag: W/"661fde62-61d"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Thu, 18 Apr 2024 14:05:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d6126bf11bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/games%20inc.64fb099a0.svg | 154.197.121.128 | 200 OK | 5.3 kB |
URL GET HTTP/21win-cdn.com/img/games%20inc.64fb099a0.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typegzip compressed data, from Unix Hashb4f70c5ff4e57ef150ea42d0637948c0 16e672990b08f85255646ad5515ab0c5d6e0066a b1c462c21e3457ecf890ca2e7546259eab58c4a5eabfa8b3036e11280d94a7c7
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/games%20inc.64fb099a0.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:24 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: W/"661fde64-2b7"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Thu, 18 Apr 2024 14:05:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d6132c9d1bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/playtech.cecac3222.svg | 154.197.121.128 | 200 OK | 9.5 kB |
URL GET HTTP/21win-cdn.com/img/playtech.cecac3222.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typegzip compressed data, from Unix Hashbd31b38b94f2ea2ae9f6b8c818ecb907 eaded8a8d704de8bcdf3a74946ba2883a2b814cc d00c1b1b2bb0ae14a8bf42ea4bae6484d8a44bd8e883f700f6e1c7ce5de70a8f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/playtech.cecac3222.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:24 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: W/"661fde64-a00"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5023
expires: Thu, 18 Apr 2024 14:05:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d613ad251bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/kalamba.6e06f7faa.svg | 154.197.121.128 | 200 OK | 15 kB |
URL GET HTTP/21win-cdn.com/img/kalamba.6e06f7faa.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typegzip compressed data, from Unix Hash0acaa49a8d716f208110456ac7943af5 46fc20a8302c80080bfcb7bce4561216d46f6ba0 d6189a7dd26532d951db46a554440e7b84d922965e6de8510552a1596e83abee
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/kalamba.6e06f7faa.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:24 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: W/"661fde64-a9c"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Thu, 18 Apr 2024 14:05:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d6135cd01bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/bonus.75b0226c8-1320.webp | 154.197.121.128 | 200 OK | 48 kB |
URL GET HTTP/21win-cdn.com/img/bonus.75b0226c8-1320.webp IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 1320x427, Scaling: [none]x[none], YUV color, decoders should clamp Hash8c760c7064f0128ae142377fd17b2a06 edfcaffb6cd42075bfecedd2153fd44764d69df7 32161eece0cfdf13f56657eae013b7c465da15413d352eb0eca7ad536808750c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/bonus.75b0226c8-1320.webp HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:42 GMT
content-type: image/webp
content-length: 47824
last-modified: Thu, 18 Apr 2024 09:06:16 GMT
etag: "6620e288-bad0"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Thu, 18 Apr 2024 14:05:42 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d6837aa91bfe-OSL
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/bonus_hover_1.eb9b2d69a-1320.webp | 154.197.121.128 | 200 OK | 48 kB |
URL GET HTTP/21win-cdn.com/img/bonus_hover_1.eb9b2d69a-1320.webp IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 1320x427, Scaling: [none]x[none], YUV color, decoders should clamp Hash5495ba7e07dc7a05a6008b8585bca92b f8dadc060dcf17862805f72d7815c9b9b119375e 570d0b7b7b49c540125d6b4636dcd2284e0c18a2c015ea56035b21ae91e400c7
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/bonus_hover_1.eb9b2d69a-1320.webp HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:42 GMT
content-type: image/webp
content-length: 47816
last-modified: Thu, 18 Apr 2024 09:06:16 GMT
etag: "6620e288-bac8"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Thu, 18 Apr 2024 14:05:42 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d6837aa51bfe-OSL
X-Firefox-Spdy: h2
|
|
| region1.analytics.google.com/g/collect?v=2&tid=G-548949LWLW>m=45je44f0v894728184z8894400803za200&_p=1713434722904&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=386763772.1713434725&ul=en-us&sr=1280x1024&pscdl=noapi&_s=3&dp=%2F&sid=1713434724&sct=1&seg=0&dl=https%3A%2F%2F1wrwn.com%2F&dt=1win&en=slider_banner_view&ep.page_url=https%3A%2F%2F1wrwn.com%2F&ep.device_type=desktop&ep.platform=web&ep.os=other&ep.domain=1wrwn.com&tfd=26425 | 216.239.34.36 | | 0 B |
URL region1.analytics.google.com/g/collect?v=2&tid=G-548949LWLW>m=45je44f0v894728184z8894400803za200&_p=1713434722904&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=386763772.1713434725&ul=en-us&sr=1280x1024&pscdl=noapi&_s=3&dp=%2F&sid=1713434724&sct=1&seg=0&dl=https%3A%2F%2F1wrwn.com%2F&dt=1win&en=slider_banner_view&ep.page_url=https%3A%2F%2F1wrwn.com%2F&ep.device_type=desktop&ep.platform=web&ep.os=other&ep.domain=1wrwn.com&tfd=26425 IP216.239.34.36:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-548949LWLW>m=45je44f0v894728184z8894400803za200&_p=1713434722904&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=386763772.1713434725&ul=en-us&sr=1280x1024&pscdl=noapi&_s=3&dp=%2F&sid=1713434724&sct=1&seg=0&dl=https%3A%2F%2F1wrwn.com%2F&dt=1win&en=slider_banner_view&ep.page_url=https%3A%2F%2F1wrwn.com%2F&ep.device_type=desktop&ep.platform=web&ep.os=other&ep.domain=1wrwn.com&tfd=26425 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1wrwn.com
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/3 204 No Content
access-control-allow-origin: https://1wrwn.com
date: Thu, 18 Apr 2024 10:05:47 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| static-adm.1win-cdn.com/banner-files/rfxwTrFuErqIl7deps1GMl2_3P3hUMQ9ZQ6j0SjNGb4z3btiNIHOLzPcQ9VHcIZJAhrLgY5FBKI4NnumZAPbeN6GQ1YgUWEpkLM2.png | 172.67.181.254 | | 343 kB |
URL static-adm.1win-cdn.com/banner-files/rfxwTrFuErqIl7deps1GMl2_3P3hUMQ9ZQ6j0SjNGb4z3btiNIHOLzPcQ9VHcIZJAhrLgY5FBKI4NnumZAPbeN6GQ1YgUWEpkLM2.png IP172.67.181.254:0
File typePNG image data, 1508 x 484, 8-bit/color RGBA, non-interlaced Size343 kB (342614 bytes) Hash0fb32faf4a0bab08c2c43bc2b8fdc7d3 8d602f523f52894cb61ca15a6cee68a338c5b2df 27edfbfd0e130fbd615b00c70e3622a291ff52aa7cd208cd07b67890657023e5
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /banner-files/rfxwTrFuErqIl7deps1GMl2_3P3hUMQ9ZQ6j0SjNGb4z3btiNIHOLzPcQ9VHcIZJAhrLgY5FBKI4NnumZAPbeN6GQ1YgUWEpkLM2.png HTTP/1.1
Host: static-adm.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:50 GMT
content-type: image/png
content-length: 342614
last-modified: Tue, 13 Feb 2024 22:31:52 GMT
etag: "65cbedd8-53a56"
cache-control: max-age=14400
cf-cache-status: HIT
age: 2031
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5ES2gfrUskVDCEoe9cpPAbmFNkV8024akrzf6zk54ag%2BijFxCryif%2B%2BvjzhyQZ9Vk5aTPaGCYsJ7JWsaFqGIPnMNMpcY1IDfVQfz6NoK9H8ttbPFYz%2BNt0wciCf%2FHvm8aKaTHrVEWVSYgA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d6b9481f569b-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| static-adm.1win-cdn.com/banner-files/46gFMSTQIPqJxLalK5SGf1Qu3vBY1sRPesH8oR3qqpg9WVTmHGsLr4EVG50m6vA-Yhk3QAH7z8q80aD30ApLYjvPhvJBl8FvX1ER.png | 172.67.181.254 | | 688 kB |
URL static-adm.1win-cdn.com/banner-files/46gFMSTQIPqJxLalK5SGf1Qu3vBY1sRPesH8oR3qqpg9WVTmHGsLr4EVG50m6vA-Yhk3QAH7z8q80aD30ApLYjvPhvJBl8FvX1ER.png IP172.67.181.254:0
File typePNG image data, 1508 x 484, 8-bit/color RGB, non-interlaced Size688 kB (687886 bytes) Hash77ba95ad8ddaa7f3daa66a219bb6cfa2 ec691214380c50d53169cf50a5df33224ddfea98 6ead41def293f3004e67e4101523c17c691a41b7b42fbdf58dfb1687101628bd
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /banner-files/46gFMSTQIPqJxLalK5SGf1Qu3vBY1sRPesH8oR3qqpg9WVTmHGsLr4EVG50m6vA-Yhk3QAH7z8q80aD30ApLYjvPhvJBl8FvX1ER.png HTTP/1.1
Host: static-adm.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:50 GMT
content-type: image/png
content-length: 687886
last-modified: Tue, 13 Feb 2024 22:30:34 GMT
etag: "65cbed8a-a7f0e"
cache-control: max-age=14400
cf-cache-status: HIT
age: 2031
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GNV1oQD9fog9PHvmOaT2vsZMQWidqoftrhhpu0%2F5EzKkJhtx30tsdYqv8fSjZoaN7VItWB2eOk5H9v8GZPFWi7YjwryyNKKu2ix3rnsXl%2FqwKeqsTWrB3sX%2BJfoMx%2BcPMEohsa%2FOx%2B1JkA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d6b94812569b-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/amatic.1ad22f1f0.svg | 154.197.121.128 | 200 OK | 1.0 kB |
URL GET HTTP/21win-cdn.com/img/amatic.1ad22f1f0.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hashbeaad3ec246cc02d25e05017a1e1739a 391c594a7f9ff5db52bfbd1c41e6577e6ac49dc7 184333dfcbe0cc2997b77991da69552dd91fe8d480186f8a8b76187e11e00a84
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/amatic.1ad22f1f0.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:24 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 09:06:17 GMT
etag: W/"6620e289-400"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 525
expires: Thu, 18 Apr 2024 14:05:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d6120b821bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/spinmatic.f74cf69af.svg | 154.197.121.128 | 200 OK | 2.2 kB |
URL GET HTTP/21win-cdn.com/img/spinmatic.f74cf69af.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hash12c6733c47b71d93b36447dcb999d080 f6440015ef35215d9009b4f08340145df1f7d9e1 fb365d3e4d36a26db4aae3e00690d0b35f5289b5e80c371ed687b7239be22f07
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/spinmatic.f74cf69af.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:24 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 09:06:17 GMT
etag: W/"6620e289-86d"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Thu, 18 Apr 2024 14:05:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d6143da01bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-548949LWLW&cid=386763772.1713434725>m=45je44f0v894728184z8894400803za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3lPl2l1&npa=1&z=889710451 | 142.250.74.163 | 200 OK | 42 B |
URL GET HTTP/2www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-548949LWLW&cid=386763772.1713434725>m=45je44f0v894728184z8894400803za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3lPl2l1&npa=1&z=889710451 IP142.250.74.163:443
CertificateIssuerGoogle Trust Services LLC Subject*.google.no Fingerprint0E:DD:25:54:7B:C3:7F:EC:27:35:B1:EC:15:C4:B7:D2:09:71:3B:68 ValidityMon, 04 Mar 2024 07:26:33 GMT - Mon, 27 May 2024 07:26:32 GMT
File typeGIF image data, version 89a, 1 x 1 Hashd89746888da2d9510b64a9f031eaecd5 d5fceb6532643d0d84ffe09c40c481ecdf59e15a ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-548949LWLW&cid=386763772.1713434725>m=45je44f0v894728184z8894400803za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3lPl2l1&npa=1&z=889710451 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 18 Apr 2024 10:05:25 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/91217.fc8dbcaea.js | 154.197.121.128 | 200 OK | 828 B |
URL GET HTTP/21win-cdn.com/js/91217.fc8dbcaea.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (846), with no line terminators Hash873b0a1f00b7e367ac6843a8b9e80deb b9333e21da514f326abf81822702b8897c39fb48 647917f9f3afebc3e96f7512bdfa2faf4e3b02948b908fedc205a18a5aa4c76c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/91217.fc8dbcaea.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:23 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-33c"
expires: Sun, 16 Apr 2034 10:05:23 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1225750
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d60b2cfb1bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/smartsoft.d8a4b520d.svg | 154.197.121.128 | 200 OK | 299 kB |
URL GET HTTP/21win-cdn.com/img/smartsoft.d8a4b520d.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Size299 kB (298969 bytes) Hash6bec0d360a5db76d67f9da29d3d4d206 614068b8909c0fdf885888290e5c0d62cff35951 df436f88f7f3b8bca45c6f8717853ca32849bb220297851fca614a4d574e6eda
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/smartsoft.d8a4b520d.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:24 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: W/"661fde64-48fd9"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5023
expires: Thu, 18 Apr 2024 14:05:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d6140d791bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/thunderspin.2d11ae63d.svg | 154.197.121.128 | 200 OK | 2.5 kB |
URL GET HTTP/21win-cdn.com/img/thunderspin.2d11ae63d.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hash604f41c295f537f07943cfe15d6f15f2 ab1b0075af6b7a8c6aa80eaa1ffbec9931a09369 9a89dee21e4f99f3d08e324ca4d4c6b1c08f3acc53bbc9027d57757359734198
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/thunderspin.2d11ae63d.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:24 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: W/"661fde64-9d8"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Thu, 18 Apr 2024 14:05:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d6144db11bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/upgaming.242b9e921.svg | 154.197.121.128 | 200 OK | 4.8 kB |
URL GET HTTP/21win-cdn.com/img/upgaming.242b9e921.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hashaeb4cc1caa82c4f55b3598ea0c7003fd 8c1eec585578ba1c3803b2d6b724d67cb8e3de25 236f3b8b8aad7f6ad5e23aa1eaf555fb7420d9dd6eb1df70e7957b1707554982
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/upgaming.242b9e921.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:24 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: W/"661fde64-129c"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Thu, 18 Apr 2024 14:05:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d6145dd01bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/ada717cd-e63b-40b2-adbf-c1009964d6f0.png@avif | 188.114.96.1 | 200 OK | 7.8 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/ada717cd-e63b-40b2-adbf-c1009964d6f0.png@avif IP188.114.96.1:443
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
Hash6a86c5bb3ff2902051c8a5b9212df604 4c871b9b1b0da3cb252977e3177d302cad6230fd 131c4194037afc4e0e990751d6b75b478eef845d855d2d20bc2722612ddf671c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/ada717cd-e63b-40b2-adbf-c1009964d6f0.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:24 GMT
content-type: image/avif
content-length: 7785
cache-control: public, max-age=31536000
content-disposition: inline; filename="ada717cd-e63b-40b2-adbf-c1009964d6f0.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY2MWNlZTJkLTZiYjFhIg"
expires: Mon, 22 Apr 2024 09:31:24 GMT
x-request-id: wdVogJG6lGKG5dXt_-vLW
cf-cache-status: HIT
age: 261240
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GpRykkPuFlDrvRxzcD4jmcSLsfDydqiKYdxj%2FvWA8fgeaujcyVqbN3h6IoasnQhmQNFU4GP5NVT5UB60N%2Bg3HAk0UTQ2%2FZ9%2B2K9O82XBVOlt%2BH4JWX9gqO23fcjPFZzT59Axk3uhxNg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d614cee556ba-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/evolution.acb5f3085.svg | 154.197.121.128 | 200 OK | 2.5 kB |
URL GET HTTP/21win-cdn.com/img/evolution.acb5f3085.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hasha27852d0f8f77af9c6a274605b932984 415500832c34ac475d87411fa799dead414701b4 c162d16756ed886b03e4195178b00ea6d54baa3e71ce40f0dd46f3ebb3643e39
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/evolution.acb5f3085.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:24 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: W/"661fde64-9da"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5023
expires: Thu, 18 Apr 2024 14:05:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d612ec5a1bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/wazdan.1cf2cebcc.svg | 154.197.121.128 | 200 OK | 2.0 kB |
URL GET HTTP/21win-cdn.com/img/wazdan.1cf2cebcc.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hashf19410782a9e906c5987a9ec3dec0a8e 9df4dc8c8b7defde41a5caea964099dd1c882245 728bdcd00db7137c2e314ddf1f2dbe368b5a66d31ff5ccf0ca8e8ba83e3da5c9
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/wazdan.1cf2cebcc.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:24 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: W/"661fde64-7bd"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 525
expires: Thu, 18 Apr 2024 14:05:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d6146de61bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1wrwn.com/common/title?path=bets&lang=en | 190.115.24.78 | 200 OK | 29 B |
URL GET HTTP/21wrwn.com/common/title?path=bets&lang=en IP190.115.24.78:443
CertificateIssuerLet's Encrypt Subject1wrwn.com FingerprintD0:D4:98:08:C0:51:A2:A9:99:D1:71:8C:5F:59:90:FE:F6:91:A5:1E ValidityWed, 17 Apr 2024 19:47:10 GMT - Tue, 16 Jul 2024 19:47:09 GMT
File typetroff or preprocessor input, ASCII text, with no line terminators Hash55d138477f5d21b2864ed51b2aa3b446 f493c01dcf90c45f2334b9ca47839ce0a014222b 456ce42d8f0a396a6549e0fc1e00649162a0391884d40a887f013a53f681f37b
GET /common/title?path=bets&lang=en HTTP/1.1
Host: 1wrwn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __ddg1_=MKlro9cGwMg37YuuxgAz; visit_domain=1wrwn.com; core-sticky=http://10.233.81.203:80; ph_phc_g0UTdOPocaIsKP6mrNYRhKJrTmq7XwcuBgfYvKmPnj6_posthog=%7B%22distinct_id%22%3A%22018ef0aa-fffa-72d2-90c2-4614282bf162%22%2C%22%24sesid%22%3A%5B1713434722462%2C%22018ef0ab-009e-7530-a698-34f74676cd97%22%2C1713434722462%5D%7D; 1w_lang=en; 1w_locale=1; AMP_494cccfe21=JTdCJTIyZGV2aWNlSWQlMjIlM0ElMjIxZDUzZjE2NS1mNTRlLTQ1ZDMtYjE5NC02ZWFmOTYxY2RkZDAlMjIlMkMlMjJzZXNzaW9uSWQlMjIlM0ExNzEzNDM0NzIyNDIwJTJDJTIyb3B0T3V0JTIyJTNBZmFsc2UlMkMlMjJsYXN0RXZlbnRUaW1lJTIyJTNBMTcxMzQzNDcyMjQ2OSUyQyUyMmxhc3RFdmVudElkJTIyJTNBMCU3RA==; AMP_MKTG_494cccfe21=JTdCJTdE
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: ddos-guard
date: Thu, 18 Apr 2024 10:05:23 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=3600, stale-while-revalidate=300
etag: W/"25-bM/5z02X/xOkKbh8eZCiJpcKcd0"
vary: Origin, Accept-Encoding
x-frame-options: ALLOW-FROM ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan, ALLOW-FROM 1win-partner.com ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| eu.i.posthog.com/decide/?v=3&ip=1&_=1713434723967&ver=1.126.0&compression=base64 | 52.57.233.141 | 200 OK | 505 B |
URL POST HTTP/2eu.i.posthog.com/decide/?v=3&ip=1&_=1713434723967&ver=1.126.0&compression=base64 IP52.57.233.141:443
CertificateIssuerAmazon Subject*.i.posthog.com Fingerprint99:50:CA:BE:B2:E7:9E:AF:21:C7:6D:3B:C5:C1:A5:C0:01:1F:66:67 ValidityMon, 15 Jan 2024 00:00:00 GMT - Wed, 12 Feb 2025 23:59:59 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (549), with no line terminators Hashf6979cb8cba62aa7b6e613bd7f7a1d88 fbc60ed9ec74a637c060acdbe79cc56311520dc8 9f8fba1211d92ea0d3de72c4871b9990bf6a85465bfbd8eb4a13854096ed35a9
POST /decide/?v=3&ip=1&_=1713434723967&ver=1.126.0&compression=base64 HTTP/1.1
Host: eu.i.posthog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 275
Origin: https://1wrwn.com
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:24 GMT
content-type: application/json
access-control-allow-origin: https://1wrwn.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: X-Requested-With,Content-Type
x-content-type-options: nosniff
referrer-policy: same-origin
cross-origin-opener-policy: same-origin
server: envoy
x-envoy-upstream-service-time: 32
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/swintt.7c851d380.svg | 154.197.121.128 | 200 OK | 427 B |
URL GET HTTP/21win-cdn.com/img/swintt.7c851d380.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hash90e9054f87471fee18244fbfaa5c2434 e4f14ab709714096c57f1e9941c4f28aacdae8f0 b0bec97d4b607d5aafa8a013b13b9cd75579c41d514ddba2caa53070867e95ef
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/swintt.7c851d380.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:24 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 09:06:17 GMT
etag: W/"6620e289-1ab"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Thu, 18 Apr 2024 14:05:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d6143da51bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/a6bce22c-f7ed-4ce4-9414-3a9c284f6175.jpg@avif | 188.114.96.1 | 200 OK | 8.0 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/a6bce22c-f7ed-4ce4-9414-3a9c284f6175.jpg@avif IP188.114.96.1:443
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
Hash5c0f019b7d2474cb160b5fbedfecf4f2 7a746b5e34d2001898dd636bba1c30ebe531fdff 5619d0886bad7318d829374a6a01b4325c9d6262e6a26670ca413259ed6dce6e
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/a6bce22c-f7ed-4ce4-9414-3a9c284f6175.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:24 GMT
content-type: image/avif
content-length: 8016
cache-control: public, max-age=31536000
content-disposition: inline; filename="a6bce22c-f7ed-4ce4-9414-3a9c284f6175.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY2MGE2MTVkLTRkNDcyIg"
expires: Thu, 25 Apr 2024 08:46:33 GMT
x-request-id: MYWC2Pm9gpQADGH4OeNaI
cf-cache-status: HIT
age: 4731
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NTWvrI1Vpvh6yqJSZEawh8raG%2BnxR0wPhZrREu59HwY0%2BuGMJ8Pb0%2BpPBJ9n4mpIZ5UV3W%2FSYHHL8cfCmxhm1zCFt16mkyzvpqwLgvFwpQZO2jwLcvsyXDHk7vcb%2FgfFUvSFDupy5dg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d614cee656ba-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/6f680e79-feec-4211-9534-21a166c91202.jpg@avif | 188.114.96.1 | 200 OK | 4.7 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/6f680e79-feec-4211-9534-21a166c91202.jpg@avif IP188.114.96.1:443
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
Hash4e85a0bde3faf39a0eb79d1afbf94a3c bfda6edfa14599e73e5a8096ae707b7355fb9d2f fea08e33454d5f3e26915f9862ba5acc30108166648fa38500e19f7cb1324473
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/6f680e79-feec-4211-9534-21a166c91202.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:24 GMT
content-type: image/avif
content-length: 4683
cache-control: public, max-age=31536000
content-disposition: inline; filename="6f680e79-feec-4211-9534-21a166c91202.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1YzM2MzcyLTFhNTFhIg"
expires: Mon, 22 Apr 2024 10:47:35 GMT
x-request-id: Wl4iSFCKcUeoYO-SAogvI
cf-cache-status: HIT
age: 256669
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bG3B1NPvAPP%2FaD2cZrMcSS0wddmDUpBnsZzGANVJdsPBTGScWHPWamEV4odUzShXeJLuY1gfXskW%2BNTySu4ElP0m8GVwNb1LzPrjzrbQmA51629%2F8ES22FjjRxdRAzrqdyyyMqcuY6c%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d615e88b56ba-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1wrwn.com/img/icons/favicon-16x16-darkmode.png | 190.115.24.78 | 200 OK | 344 B |
URL GET HTTP/21wrwn.com/img/icons/favicon-16x16-darkmode.png IP190.115.24.78:443
CertificateIssuerLet's Encrypt Subject1wrwn.com FingerprintD0:D4:98:08:C0:51:A2:A9:99:D1:71:8C:5F:59:90:FE:F6:91:A5:1E ValidityWed, 17 Apr 2024 19:47:10 GMT - Tue, 16 Jul 2024 19:47:09 GMT
File typePNG image data, 16 x 16, 8-bit colormap, non-interlaced Hash55101f46ace081073c98f0d75229ae94 384e813b0f35437de99eb269c7d5c76479e20886 e380e9db272a2b59fabadab58a1d0a0ba51fbba121eec2920d4ab7b239b85a5f
GET /img/icons/favicon-16x16-darkmode.png HTTP/1.1
Host: 1wrwn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __ddg1_=MKlro9cGwMg37YuuxgAz; visit_domain=1wrwn.com; core-sticky=http://10.233.81.203:80
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: ddos-guard
date: Thu, 18 Apr 2024 10:05:22 GMT
content-type: image/png
content-length: 344
last-modified: Thu, 18 Apr 2024 09:06:17 GMT
etag: "6620e289-158"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: ALLOW-FROM ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan, ALLOW-FROM 1win-partner.com ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan
accept-ranges: bytes
age: 0
ddg-cache-status: MISS,MISS
X-Firefox-Spdy: h2
|
|
| www.googletagmanager.com/gtag/js?id=G-548949LWLW&l=dataLayer&cx=c | 142.250.74.40 | 200 OK | 257 kB |
URL GET HTTP/3www.googletagmanager.com/gtag/js?id=G-548949LWLW&l=dataLayer&cx=c IP142.250.74.40:443
CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com FingerprintBF:40:8C:8B:CB:69:1E:3F:E2:3B:B7:8A:8E:C0:D6:98:5F:81:FA:2D ValidityMon, 04 Mar 2024 06:35:45 GMT - Mon, 27 May 2024 06:35:44 GMT
File typeJavaScript source, ASCII text, with very long lines (5955) Size257 kB (257140 bytes) Hash2ebe999ec1f52590c95f8fa21b883eb8 cd83bdf58ebec95b57b7fabec6180d20e9cc15ef 819415f06af4141d0556877af96f77a393f1a621efd4990a24dd3913dc8e19d0
GET /gtag/js?id=G-548949LWLW&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 18 Apr 2024 10:05:23 GMT
expires: Thu, 18 Apr 2024 10:05:23 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 90052
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| 1win-cdn.com/img/cool%20games.019d15340.svg | 154.197.121.128 | 200 OK | 3.6 kB |
URL GET HTTP/21win-cdn.com/img/cool%20games.019d15340.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hashc3efa9849696becabebca718837f0827 96c9a9ae1bcc9e9b7ca05f52c14a1dc0cd986653 ee6d141e322862aa269184cbe47e86f7e8882b13966a905121857502eaa1a8fa
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/cool%20games.019d15340.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:24 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 09:06:17 GMT
etag: W/"6620e289-e13"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Thu, 18 Apr 2024 14:05:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d612ac2a1bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/spadegaming.8dc1e9a8e.svg | 154.197.121.128 | 200 OK | 3.8 kB |
URL GET HTTP/21win-cdn.com/img/spadegaming.8dc1e9a8e.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hash747a1c4577c4f0216b3c2312e11b1950 c38313a9fb030d29f16ed7bbc1dab939a874aff5 e6e69bc9af907311e8e0d47d368dc74a985349748dc05803b4717e4aa8a3f6c1
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/spadegaming.8dc1e9a8e.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:24 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: W/"661fde64-edd"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Thu, 18 Apr 2024 14:05:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d6143d981bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/mrslotty/3570f391-99ef-4e57-9ae5-c12a42b6e98e.png@avif | 188.114.96.1 | 200 OK | 5.9 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/mrslotty/3570f391-99ef-4e57-9ae5-c12a42b6e98e.png@avif IP188.114.96.1:443
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
Hash7279b460c2c3e6897dd82c41cfffd757 85daacf8f09fadca09c4d8ba11ab198978f2192f 70375edd591015991ebab6f221adfb5f6ca4a8a9814a56f52d339ba6fd991b9d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/mrslotty/3570f391-99ef-4e57-9ae5-c12a42b6e98e.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:24 GMT
content-type: image/avif
content-length: 5888
cache-control: public, max-age=31536000
content-disposition: inline; filename="3570f391-99ef-4e57-9ae5-c12a42b6e98e.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY2MDk5YjU0LTQ2YWExIg"
expires: Thu, 25 Apr 2024 08:46:33 GMT
x-request-id: -QGkhguJ1c43_hJ04T3hV
cf-cache-status: HIT
age: 4731
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zYY8QlCza3Crr%2Fyt773iClOd9bc6SLY1K1AVUSvFw3JD02go%2B7LfNcoRB4T1LotxBGbLk6tVB2UXrs2vN3SJcjaQQcyIBV0GhOUPy6y%2BBpp%2FXpQS4s4nTMWroIwcaCebDIpwHxDxO6Y%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d614cedd56ba-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/39061.b6ef077a8.js | 154.197.121.128 | 200 OK | 92 kB |
URL GET HTTP/21win-cdn.com/js/39061.b6ef077a8.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/39061.b6ef077a8.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:22 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 15 Apr 2024 14:08:41 GMT
etag: W/"661d34e9-16929"
expires: Sun, 16 Apr 2034 10:05:22 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 239695
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d60a4c4c1bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/onetouch.b026a50c5.svg | 154.197.121.128 | 200 OK | 2.4 kB |
URL GET HTTP/21win-cdn.com/img/onetouch.b026a50c5.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hashf04cb7d15621db8eda5af2216a4f824f a0aa7231bfbe4ddc48be81716c3b31ba5c1702ec de4ec671f76aa1afb93d074c5ea3b64d3d759cf404a142b359be0d9fccedb84e
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/onetouch.b026a50c5.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:24 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: W/"661fde64-95a"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Thu, 18 Apr 2024 14:05:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d6139d0e1bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/e6dd9f4c-282a-4040-8fcc-256b4d959834.jpg@avif | 188.114.96.1 | 200 OK | 9.3 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/e6dd9f4c-282a-4040-8fcc-256b4d959834.jpg@avif IP188.114.96.1:443
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
Hash0f8864e9375258e414b04c6732d13b3b e5577d640e162a5d812d94c60bf9d8aa2ef0dd46 2f41e33d30919a1521364450bb1e867a1f7851f25f7ec18b0325fc51f123793e
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/e6dd9f4c-282a-4040-8fcc-256b4d959834.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:24 GMT
content-type: image/avif
content-length: 9286
cache-control: public, max-age=31536000
content-disposition: inline; filename="e6dd9f4c-282a-4040-8fcc-256b4d959834.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1NWY0Y2IzLTIzZDY3Ig"
expires: Thu, 25 Apr 2024 08:46:34 GMT
x-request-id: 0c8SVU5jqt9MkpZyg2PbW
cf-cache-status: HIT
age: 4730
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7cLhNHSmp%2FHabGGFn17A3G65whjQXh9dIw0TxcW7dORiBWt1B4IgjEFOUBigQm1mlC8AoJDPE8n3lPJK9RpTVAhx8AhM%2Bi1xY6JcOU4NtEjiAxIBQWMEw3CUywzQjuMDyaEC3evU5WY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d615e89956ba-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/63502.3be0ae454.js | 154.197.121.128 | 200 OK | 422 kB |
URL GET HTTP/21win-cdn.com/js/63502.3be0ae454.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
Size422 kB (421690 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/63502.3be0ae454.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:22 GMT
content-type: application/javascript; charset=utf-8
last-modified: Thu, 18 Apr 2024 09:06:17 GMT
etag: W/"6620e289-66f3a"
expires: Sun, 16 Apr 2034 10:05:22 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 3222
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d605a8871bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1wrwn.com/firebase/8.1.1/firebase-app.js | 190.115.24.78 | 200 OK | 20 kB |
URL GET HTTP/21wrwn.com/firebase/8.1.1/firebase-app.js IP190.115.24.78:443
CertificateIssuerLet's Encrypt Subject1wrwn.com FingerprintD0:D4:98:08:C0:51:A2:A9:99:D1:71:8C:5F:59:90:FE:F6:91:A5:1E ValidityWed, 17 Apr 2024 19:47:10 GMT - Tue, 16 Jul 2024 19:47:09 GMT
File typeJavaScript source, ASCII text, with very long lines (19927) Hash5b9dcee25dd464bbf914b48e05e770c7 3f4e99ad6ce1fb6eb6be51dbd50ffab375eb0533 01a87f9f8138f66274cfedb855c0bfbe1529600a65ed26b0c863533e1e94abce
GET /firebase/8.1.1/firebase-app.js HTTP/1.1
Host: 1wrwn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __ddg1_=MKlro9cGwMg37YuuxgAz; visit_domain=1wrwn.com; core-sticky=http://10.233.81.203:80; ph_phc_g0UTdOPocaIsKP6mrNYRhKJrTmq7XwcuBgfYvKmPnj6_posthog=%7B%22distinct_id%22%3A%22018ef0aa-fffa-72d2-90c2-4614282bf162%22%2C%22%24sesid%22%3A%5B1713434722462%2C%22018ef0ab-009e-7530-a698-34f74676cd97%22%2C1713434722462%5D%7D; 1w_lang=en; 1w_locale=1; AMP_494cccfe21=JTdCJTIyZGV2aWNlSWQlMjIlM0ElMjIxZDUzZjE2NS1mNTRlLTQ1ZDMtYjE5NC02ZWFmOTYxY2RkZDAlMjIlMkMlMjJzZXNzaW9uSWQlMjIlM0ExNzEzNDM0NzIyNDIwJTJDJTIyb3B0T3V0JTIyJTNBZmFsc2UlMkMlMjJsYXN0RXZlbnRUaW1lJTIyJTNBMTcxMzQzNDcyMjQ2OSUyQyUyMmxhc3RFdmVudElkJTIyJTNBMCU3RA==; AMP_MKTG_494cccfe21=JTdCJTdE
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: ddos-guard
date: Thu, 18 Apr 2024 10:05:22 GMT
content-type: application/javascript
last-modified: Thu, 18 Apr 2024 09:06:17 GMT
etag: W/"6620e289-4ded"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: ALLOW-FROM ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan, ALLOW-FROM 1win-partner.com ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan
content-encoding: br
vary: Accept-Encoding
age: 2
ddg-cache-status: MISS,MISS
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/35967.a72ac7974.js | 154.197.121.128 | 200 OK | 958 B |
URL GET HTTP/21win-cdn.com/js/35967.a72ac7974.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (986), with no line terminators Hashf101f5dc77f24d2d3912e2c93bc1edc4 49f1e57d6778aad6b5a46d2cfb37ca3211dc6374 ca67bce590a2a7f3283eb1c50196d936b87658532ef3ac5485ba1459ad1577f8
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/35967.a72ac7974.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:23 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-3be"
expires: Sun, 16 Apr 2034 10:05:23 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 618505
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d60c5e191bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/apparat.f7a706d8e.svg | 154.197.121.128 | 200 OK | 387 B |
URL GET HTTP/21win-cdn.com/img/apparat.f7a706d8e.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hashc263fae5892b9bdd3fa5e761a8aeb723 4646d9080fe51e04962c1f2dabf13119c6d71a41 2a333baf6e1f1e4d92fa73faae466563009d96e860c1423519b890b68153b70d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/apparat.f7a706d8e.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:24 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:18 GMT
etag: W/"661fde62-183"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 525
expires: Thu, 18 Apr 2024 14:05:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d6121b941bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/barbara%20bang.790acb7dc.svg | 154.197.121.128 | 200 OK | 27 kB |
URL GET HTTP/21win-cdn.com/img/barbara%20bang.790acb7dc.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hash287d95b42ce0b42532a5c8caff190779 6d6b4d0d17c558215c719336d124ba53a7118083 739c17db57dc727e751e65cf1d4aed12fb371a1e40060a3b22c92e630219e945
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/barbara%20bang.790acb7dc.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:24 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:18 GMT
etag: W/"661fde62-68da"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 3342
expires: Thu, 18 Apr 2024 14:05:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d6124bc61bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/78449.1776bac9f.js | 154.197.121.128 | 200 OK | 786 B |
URL GET HTTP/21win-cdn.com/js/78449.1776bac9f.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (804), with no line terminators Hash3997e692861614602ae0ad581192673b 274ba9d8795299558fc25f0bdceb6997a27b8a4d 70920957cad5b0eb4747ccfa5e2cbde79c7f88bd7e3077e5715924c1c4368716
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/78449.1776bac9f.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:24 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-312"
expires: Sun, 16 Apr 2034 10:05:24 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1225749
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d6120b811bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/pg%20soft.fdb9d6567.svg | 154.197.121.128 | 200 OK | 1.4 kB |
URL GET HTTP/21win-cdn.com/img/pg%20soft.fdb9d6567.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hash71eb5806fcdd473839d2654d03c3fd5e 76a63507f2c2a26ffc343182aaa5d3278197ab88 dcf4ddaaf54ac6541b02df2c9198fe4743b219ec65ec8caa67b999e6a07335dd
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/pg%20soft.fdb9d6567.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:24 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: W/"661fde64-5a0"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1206
expires: Thu, 18 Apr 2024 14:05:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d6139d151bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/endorphina/e616b239-a47e-43b9-a050-50c3662fbce4.png@avif | 188.114.96.1 | 200 OK | 7.7 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/endorphina/e616b239-a47e-43b9-a050-50c3662fbce4.png@avif IP188.114.96.1:443
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
Hash2575d269a08f870a79f69eda71b93d5c 0423437f25eacb10ab31baa05a81f5fc8eb9496d 4768d4250c6b267c70448e8153b36a1d1e25f7c84d4544c27d13852422b51dd6
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/endorphina/e616b239-a47e-43b9-a050-50c3662fbce4.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:24 GMT
content-type: image/avif
content-length: 7678
cache-control: public, max-age=31536000
content-disposition: inline; filename="e616b239-a47e-43b9-a050-50c3662fbce4.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1YjhlMTg3LTZkMmQyIg"
expires: Thu, 25 Apr 2024 08:46:33 GMT
x-request-id: uZ5AA9Vr_q8ke5ty_74l2
cf-cache-status: HIT
age: 4731
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FeNYMct%2FBSlu2nf4HDxS0zYjr0Ng%2BpKmBtLUjT2WlcEkWOLxjM2T%2FbbRrD%2FTQQy1DBgvIpNVSBmQgTZWpOt3zkqCZ56pKM0ng%2BBobvWBq%2FVCPh%2BajOZMX%2FUgM8Hkvg%2FodOT%2BzwBDaoM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d614df0156ba-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/62825.cf3a1caf6.js | 154.197.121.128 | 200 OK | 736 B |
URL GET HTTP/21win-cdn.com/js/62825.cf3a1caf6.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (768), with no line terminators Hasha56324a88fee02690b8a3ed35e889018 18e9af315ba78b3b7f467894aa838ef2eefee254 dd0ed1a086018d01466171d96d3c7d99fe4a0d88e8d965bd2d08f31dfa541202
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/62825.cf3a1caf6.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:23 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-2e0"
expires: Sun, 16 Apr 2034 10:05:23 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1225750
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d60c9e531bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/genii.367222bbe.svg | 154.197.121.128 | 200 OK | 3.8 kB |
URL GET HTTP/21win-cdn.com/img/genii.367222bbe.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hash237593257bbdb3559e06330cf7e76c54 c3e1a90bb3397fff3428fdd71d2a4d7df74ea164 2b84c2a6e55531b52b615ebaba90cd7bb757fe1399e901927b4aba9f1718b097
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/genii.367222bbe.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:24 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: W/"661fde64-ecd"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Thu, 18 Apr 2024 14:05:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d6132ca71bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/7mojos%20live.cb6749a25.svg | 154.197.121.128 | 200 OK | 6.6 kB |
URL GET HTTP/21win-cdn.com/img/7mojos%20live.cb6749a25.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hash63dcbe9ebaa3f238a8c0152142b06a03 cac36df8800a2f72b9b51f9eeffd74e82be4ae7e c22e31035811334913ddbd32cfc1881c38c08fdd4d4b4c1c5362ecb6ee23a316
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/7mojos%20live.cb6749a25.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:24 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:18 GMT
etag: W/"661fde62-19ef"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Thu, 18 Apr 2024 14:05:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d611eb5c1bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| region1.analytics.google.com/g/collect?v=2&tid=G-548949LWLW>m=45je44f0v894728184z8894400803za200&_p=1713434722904&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=386763772.1713434725&ul=en-us&sr=1280x1024&pscdl=noapi&_s=2&dp=%2F&sid=1713434724&sct=1&seg=0&dl=https%3A%2F%2F1wrwn.com%2F&dt=1win&en=slider_banner_view&ep.page_url=https%3A%2F%2F1wrwn.com%2F&ep.device_type=desktop&ep.platform=web&ep.os=other&ep.domain=1wrwn.com&tfd=8997 | 216.239.34.36 | 204 No Content | 0 B |
URL POST HTTP/3region1.analytics.google.com/g/collect?v=2&tid=G-548949LWLW>m=45je44f0v894728184z8894400803za200&_p=1713434722904&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=386763772.1713434725&ul=en-us&sr=1280x1024&pscdl=noapi&_s=2&dp=%2F&sid=1713434724&sct=1&seg=0&dl=https%3A%2F%2F1wrwn.com%2F&dt=1win&en=slider_banner_view&ep.page_url=https%3A%2F%2F1wrwn.com%2F&ep.device_type=desktop&ep.platform=web&ep.os=other&ep.domain=1wrwn.com&tfd=8997 IP216.239.34.36:443
CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com FingerprintBF:40:8C:8B:CB:69:1E:3F:E2:3B:B7:8A:8E:C0:D6:98:5F:81:FA:2D ValidityMon, 04 Mar 2024 06:35:45 GMT - Mon, 27 May 2024 06:35:44 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-548949LWLW>m=45je44f0v894728184z8894400803za200&_p=1713434722904&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=386763772.1713434725&ul=en-us&sr=1280x1024&pscdl=noapi&_s=2&dp=%2F&sid=1713434724&sct=1&seg=0&dl=https%3A%2F%2F1wrwn.com%2F&dt=1win&en=slider_banner_view&ep.page_url=https%3A%2F%2F1wrwn.com%2F&ep.device_type=desktop&ep.platform=web&ep.os=other&ep.domain=1wrwn.com&tfd=8997 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1wrwn.com
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/3 204 No Content
access-control-allow-origin: https://1wrwn.com
date: Thu, 18 Apr 2024 10:05:30 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| 1win-cdn.com/img/aviatrix.b5fd712c8.svg | 154.197.121.128 | 200 OK | 14 kB |
URL GET HTTP/21win-cdn.com/img/aviatrix.b5fd712c8.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hashc92109aa9c320cc21b175481d4219bac 624606f9179e2fe695a087e64df63ec4cedf912b 8892810b3c337925e0e2a61199d9fee94a589789225f916bc9aa6d0b6c76b438
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/aviatrix.b5fd712c8.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:24 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:18 GMT
etag: W/"661fde62-34fe"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5023
expires: Thu, 18 Apr 2024 14:05:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d6124bc21bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/mascot%20gaming.21cafbe70.svg | 154.197.121.128 | 200 OK | 5.2 kB |
URL GET HTTP/21win-cdn.com/img/mascot%20gaming.21cafbe70.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hash692c90ac31385db12fe64a48ec01b77a e9249716fcbdc6e0b75b798d0f37ed6942a045da d0b041e1a396908bda558a5d224edb3cd80787d88910beb2fdb2dc4e5186045a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/mascot%20gaming.21cafbe70.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:24 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: W/"661fde64-144f"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5023
expires: Thu, 18 Apr 2024 14:05:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d6136ce61bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/sprite-dice-frame@2.8e0d70675-256.png | 154.197.121.128 | 200 OK | 16 kB |
URL GET HTTP/21win-cdn.com/img/sprite-dice-frame@2.8e0d70675-256.png IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typePNG image data, 256 x 256, 8-bit colormap, non-interlaced Hash2018c59c5dccfaec96873d1ce9a60276 46ad94df758fdb9f0a257d99fcf52314cf5df926 b57379b1cd70db0d460ce31140e81eb78d3347ad6f7dd2cf9fe1c624d5e65439
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/sprite-dice-frame@2.8e0d70675-256.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:23 GMT
content-type: image/png
content-length: 15901
cf-bgj: imgq:100,h2pri
cf-polished: origSize=17269
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "661fde64-4375"
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
cf-cache-status: HIT
age: 1206
expires: Thu, 18 Apr 2024 14:05:23 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d60d2efe1bfe-OSL
X-Firefox-Spdy: h2
|
|
| 1wrwn.com/affiliate:link_visit?visit_domain=1wrwn.com&sub_ids=undefined | 190.115.24.78 | 200 OK | 37 B |
URL GET HTTP/21wrwn.com/affiliate:link_visit?visit_domain=1wrwn.com&sub_ids=undefined IP190.115.24.78:443
CertificateIssuerLet's Encrypt Subject1wrwn.com FingerprintD0:D4:98:08:C0:51:A2:A9:99:D1:71:8C:5F:59:90:FE:F6:91:A5:1E ValidityWed, 17 Apr 2024 19:47:10 GMT - Tue, 16 Jul 2024 19:47:09 GMT
File typetroff or preprocessor input, ASCII text, with no line terminators Hash2f6af1a09e6d352c1603fe2326189744 baed183cee7c7fd534e8519a683c9f398e696329 7dbce63a298c62ef7fd9b97b1512bcfc0fb402338670dbd194362e0ffac42458
GET /affiliate:link_visit?visit_domain=1wrwn.com&sub_ids=undefined HTTP/1.1
Host: 1wrwn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1wrwn.com/
DNT: 1
Connection: keep-alive
Cookie: __ddg1_=MKlro9cGwMg37YuuxgAz; visit_domain=1wrwn.com
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: ddos-guard
date: Thu, 18 Apr 2024 10:05:22 GMT
content-type: application/json; charset=utf-8
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Authorization, X-Origin
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin: undefined
access-control-expose-headers: Authorization
access-control-max-age: 7200
etag: W/"25-Zj67mG54TfZ031q1ea2QwFUXWX4"
set-cookie: core-sticky=http://10.233.81.203:80; Path=/; HttpOnly
x-powered-by: Express
x-frame-options: ALLOW-FROM ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan, ALLOW-FROM 1win-partner.com ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/sprite-tvbet-frame@2.52cde99d0-256.png | 154.197.121.128 | 200 OK | 3.9 kB |
URL GET HTTP/21win-cdn.com/img/sprite-tvbet-frame@2.52cde99d0-256.png IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typePNG image data, 256 x 256, 8-bit colormap, non-interlaced Hashbd11730c197227300ae5e1b00b8cc637 c0e28cfb09642e9402f12f9c6677242ef671de33 2868cadf19218572e4970158bb91602551898a040cac6fed88b1d98d77f1b649
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/sprite-tvbet-frame@2.52cde99d0-256.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:23 GMT
content-type: image/png
content-length: 3888
cf-bgj: imgq:100,h2pri
cf-polished: origSize=4458
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "661fde64-116a"
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
cf-cache-status: HIT
age: 1206
expires: Thu, 18 Apr 2024 14:05:23 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d60d1ee21bfe-OSL
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/truelab.ec113fba7.svg | 154.197.121.128 | 200 OK | 2.0 kB |
URL GET HTTP/21win-cdn.com/img/truelab.ec113fba7.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hashedd84be1aaadcb0b503864bea380f168 af4583fc1079d7d5e07cc6ca22b56f9eeaab7418 d73eced8792c2507b075c7a7a313f1e228700fda1108d4ab44d707b36b241e06
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/truelab.ec113fba7.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:24 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: W/"661fde64-7b0"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 525
expires: Thu, 18 Apr 2024 14:05:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d6144db61bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/turbo%20games.0a45ae56b.svg | 154.197.121.128 | 200 OK | 1.0 kB |
URL GET HTTP/21win-cdn.com/img/turbo%20games.0a45ae56b.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hasha3d3ed5aaed2f3fd7a089aa6b6e00aea d366f4c84c203fd116575a62676b89bcd97c5816 8c7289cbe7f24989aef5f3b52bf00d1178c03b134a718bdbf54d7ffa7d8426ed
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/turbo%20games.0a45ae56b.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:24 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: W/"661fde64-416"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5023
expires: Thu, 18 Apr 2024 14:05:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d6144dbe1bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/silverback.297288e25.svg | 154.197.121.128 | 200 OK | 42 kB |
URL GET HTTP/21win-cdn.com/img/silverback.297288e25.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hash2910b9f6ba7f900a0246432d2777b217 86b09b58a3eb69c70f175e577cfefd4efe1dfa0c b5274849cf17745568ee5854a736f1ca11cf874511dc6554884c6083155fdde2
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/silverback.297288e25.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:24 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: W/"661fde64-a2dd"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Thu, 18 Apr 2024 14:05:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d6140d741bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/belatra.1e7508387.svg | 154.197.121.128 | 200 OK | 5.1 kB |
URL GET HTTP/21win-cdn.com/img/belatra.1e7508387.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hash3a3db4a05ec45ff249ff2330cc6131d9 d4e82a85d11863ae6e91cf542676f8ed0dc5a130 356a6b1e0c2826d245756e52b8505d57e4cc1d2059957fe6fa4b4c37ce6754ff
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/belatra.1e7508387.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:24 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:18 GMT
etag: W/"661fde62-13fa"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Thu, 18 Apr 2024 14:05:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d6125bcf1bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/thunderkick.6962312e1.svg | 154.197.121.128 | 200 OK | 841 B |
URL GET HTTP/21win-cdn.com/img/thunderkick.6962312e1.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hashee06089b308c5065a8e92a32b7b38686 2e83ac75ceb109c245525a733cfb3efc97cc42bd 24c651706b7981a60f137cc5b44b8d28dd81116565ffbdaef6687c8b41e4da21
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/thunderkick.6962312e1.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:24 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 09:06:17 GMT
etag: W/"6620e289-349"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 525
expires: Thu, 18 Apr 2024 14:05:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d6144dac1bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/evoplay.cfa676ca9.svg | 154.197.121.128 | 200 OK | 2.6 kB |
URL GET HTTP/21win-cdn.com/img/evoplay.cfa676ca9.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hash7b4d8b1998ceae4f1e4defe0e5b322a9 b60d4fa2033a28349d7920647907368835ab514d ba06d2a9476e9302fb1576b656f6c522ada52d31d30e9461649e874207ca18bb
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/evoplay.cfa676ca9.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:24 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: W/"661fde64-a24"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5023
expires: Thu, 18 Apr 2024 14:05:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d612ec5b1bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/zillion.c0e3dd6f0.svg | 154.197.121.128 | 200 OK | 684 B |
URL GET HTTP/21win-cdn.com/img/zillion.c0e3dd6f0.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hashd9e09ca4e933fc8dabb60c1335cb7cd6 37b3bb2ea200f88ae0f7c681547dfba6fcce1449 fb15bc779be9be33fbb41082ce8c6defe5cbeb6273b2a3cf620e40ef4416c177
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/zillion.c0e3dd6f0.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:24 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: W/"661fde64-2ac"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Thu, 18 Apr 2024 14:05:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d6147e071bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/gaming%20corps.5c3f3647c.svg | 154.197.121.128 | 200 OK | 1.9 kB |
URL GET HTTP/21win-cdn.com/img/gaming%20corps.5c3f3647c.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hashddcf2a0ddef8449807db0b7419c39291 9757b762ac3efb096bd45b869ee4d06565a1e9c2 f03dab28c20b3b25823b4b64bbd27953a463c5e9bd7b5bcfa12930f6793fb1e4
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/gaming%20corps.5c3f3647c.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:24 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: W/"661fde64-790"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Thu, 18 Apr 2024 14:05:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d6132ca41bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/platipus.dd3b50ce6.svg | 154.197.121.128 | 200 OK | 3.7 kB |
URL GET HTTP/21win-cdn.com/img/platipus.dd3b50ce6.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hash47208726d4dd191a03af9229fc538eb2 0ef7c3f6b3788794db7709213ecaee1b7558a5c2 b27442adef75a0afbde2ad9cacddd4d871e0a302390e6e860c59d627013b32f2
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/platipus.dd3b50ce6.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:24 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: W/"661fde64-e84"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 3342
expires: Thu, 18 Apr 2024 14:05:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d6139d191bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| eu.i.posthog.com/e/?ip=1&_=1713434722465&ver=1.126.0&compression=base64 | 52.57.233.141 | 200 OK | 13 B |
URL POST HTTP/2eu.i.posthog.com/e/?ip=1&_=1713434722465&ver=1.126.0&compression=base64 IP52.57.233.141:443
CertificateIssuerAmazon Subject*.i.posthog.com Fingerprint99:50:CA:BE:B2:E7:9E:AF:21:C7:6D:3B:C5:C1:A5:C0:01:1F:66:67 ValidityMon, 15 Jan 2024 00:00:00 GMT - Wed, 12 Feb 2025 23:59:59 GMT
File typetroff or preprocessor input, ASCII text, with no line terminators Hash6890d920ac57c0903201ea84ecff6350 90b353103f5b99d1ec445372ecd1fdb388cc6401 b954598e1c0aca3614d685f546b623b9b09071730f110476c232193304bba1a4
POST /e/?ip=1&_=1713434722465&ver=1.126.0&compression=base64 HTTP/1.1
Host: eu.i.posthog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 1413
Origin: https://1wrwn.com
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:22 GMT
content-type: application/json
access-control-allow-origin: https://1wrwn.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: X-Requested-With,Content-Type
x-content-type-options: nosniff
referrer-policy: same-origin
cross-origin-opener-policy: same-origin
server: envoy
x-envoy-upstream-service-time: 7
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/worldmatch.9f3d40aa7.svg | 154.197.121.128 | 200 OK | 522 B |
URL GET HTTP/21win-cdn.com/img/worldmatch.9f3d40aa7.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hashc3aab966ecda4dadceb7b556b4205478 e8e501768b244593d7e5a59b6a7cf77e3b0d4581 ba1ec219d7a5dafe4c7ce5aa35171278f90b26d55c3ce4b1fd2474ce69487bf1
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/worldmatch.9f3d40aa7.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:24 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: W/"661fde64-20a"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 3342
expires: Thu, 18 Apr 2024 14:05:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d6146dea1bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/font/SFNSText-latin.f09aa5229.woff2 | 154.197.121.128 | 200 OK | 44 kB |
URL GET HTTP/21win-cdn.com/font/SFNSText-latin.f09aa5229.woff2 IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 43512, version 1.0 Hash426f20bb65ea80d35f3f2a999d5d7d1e 85f211a450f26d7f0822d718fc61085a506fa455 06e02d3d2d01bb2c88786b0a2dd2d692f6659c0159ec4754f7db49c12e03b0d6
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /font/SFNSText-latin.f09aa5229.woff2 HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1wrwn.com/
Origin: https://1wrwn.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:21 GMT
content-type: application/octet-stream
content-length: 43512
last-modified: Thu, 18 Apr 2024 09:06:16 GMT
etag: "6620e288-a9f8"
expires: Sun, 16 Apr 2034 10:05:21 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: MISS
accept-ranges: bytes
set-cookie: __cf_bm=Sg5pCEbCDBPSNrgE9x8x9.QbBJfNICTbcmnCPJRMqgw-1713434721-1.0.1.1-J04i4srHb_y2o_thuOyV6I9NFf1csRwX.b5ybexwQ8fqCZOXYI5rkcDjlndveU1Lx1zAl__i9eNj4HszwttM9w; path=/; expires=Thu, 18-Apr-24 10:35:21 GMT; domain=.1win-cdn.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d6023a5656c7-OSL
X-Firefox-Spdy: h2
|
|
| eu.i.posthog.com/decide/?v=3&ip=1&_=1713434722300&ver=1.126.0&compression=base64 | 52.57.233.141 | 200 OK | 505 B |
URL POST HTTP/2eu.i.posthog.com/decide/?v=3&ip=1&_=1713434722300&ver=1.126.0&compression=base64 IP52.57.233.141:443
CertificateIssuerAmazon Subject*.i.posthog.com Fingerprint99:50:CA:BE:B2:E7:9E:AF:21:C7:6D:3B:C5:C1:A5:C0:01:1F:66:67 ValidityMon, 15 Jan 2024 00:00:00 GMT - Wed, 12 Feb 2025 23:59:59 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (549), with no line terminators Hashf6979cb8cba62aa7b6e613bd7f7a1d88 fbc60ed9ec74a637c060acdbe79cc56311520dc8 9f8fba1211d92ea0d3de72c4871b9990bf6a85465bfbd8eb4a13854096ed35a9
POST /decide/?v=3&ip=1&_=1713434722300&ver=1.126.0&compression=base64 HTTP/1.1
Host: eu.i.posthog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 177
Origin: https://1wrwn.com
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:22 GMT
content-type: application/json
access-control-allow-origin: https://1wrwn.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: X-Requested-With,Content-Type
x-content-type-options: nosniff
referrer-policy: same-origin
cross-origin-opener-policy: same-origin
server: envoy
x-envoy-upstream-service-time: 30
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/flags/en.svg | 154.197.121.128 | 200 OK | 2.2 kB |
URL GET HTTP/21win-cdn.com/img/flags/en.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hash79e4258317717cae7d54221d403e28d4 85a14a9c6aa03cf4c9ec9e942a06e5987cb61d0a 0b0d98ecb898886bc24f0a6859a7a76034f960374c9914370e69d3ac7467a697
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/flags/en.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:23 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:18 GMT
etag: W/"661fde62-8ae"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5266
expires: Thu, 18 Apr 2024 14:05:23 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d60b6d3c1bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/8653.ed7806659.js | 154.197.121.128 | 200 OK | 952 B |
URL GET HTTP/21win-cdn.com/js/8653.ed7806659.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (994), with no line terminators Hash1a63c0338e50d3b4dfe4a7cea9098d20 3915a35a401582840fc4139f2a94260a8cc21c12 5876ed8be9f28ec2128149035402d973d5b243d80e470048018ec6df9c3d6439
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/8653.ed7806659.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:23 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-3b8"
expires: Sun, 16 Apr 2034 10:05:23 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1225750
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d60c6e291bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/red%20tiger.157f419e2.svg | 154.197.121.128 | 200 OK | 15 kB |
URL GET HTTP/21win-cdn.com/img/red%20tiger.157f419e2.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hashf0a8d4ae6c95b6d6b2b0bbbaa62aad9d 9ea188283d324f5c87a802c14ec3386167e7e2a8 4572ee67d26acf1ccb35decf47651e67464a7dc0a438d79c721b9ba739f14d2e
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/red%20tiger.157f419e2.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:24 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: W/"661fde64-3990"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 525
expires: Thu, 18 Apr 2024 14:05:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d613ed441bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1wrwn.com/core-js/3.33.3/minified.js | 190.115.24.78 | 200 OK | 244 kB |
URL GET HTTP/21wrwn.com/core-js/3.33.3/minified.js IP190.115.24.78:443
CertificateIssuerLet's Encrypt Subject1wrwn.com FingerprintD0:D4:98:08:C0:51:A2:A9:99:D1:71:8C:5F:59:90:FE:F6:91:A5:1E ValidityWed, 17 Apr 2024 19:47:10 GMT - Tue, 16 Jul 2024 19:47:09 GMT
Size244 kB (244105 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /core-js/3.33.3/minified.js HTTP/1.1
Host: 1wrwn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __ddg1_=MKlro9cGwMg37YuuxgAz
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: ddos-guard
date: Thu, 18 Apr 2024 10:05:21 GMT
content-type: application/javascript
last-modified: Thu, 18 Apr 2024 09:06:17 GMT
etag: W/"6620e289-3b989"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: ALLOW-FROM ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan, ALLOW-FROM 1win-partner.com ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan
content-encoding: br
vary: Accept-Encoding
age: 0
ddg-cache-status: MISS,MISS
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/slotmill.c42ddd447.svg | 154.197.121.128 | 200 OK | 13 kB |
URL GET HTTP/21win-cdn.com/img/slotmill.c42ddd447.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hash39d48e4b982998cd10417bd09dcc0afc 541c60c508d7777db2cd0e49c18cf32219532dd8 3e18df680be6da9246c3675408ec0e7e107891281a863ab9b6377832b44ee48f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/slotmill.c42ddd447.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:24 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: W/"661fde64-3313"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Thu, 18 Apr 2024 14:05:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d6140d781bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/40223bea-129c-45a9-afed-277cad8ba9a1.png@avif | 188.114.96.1 | 200 OK | 5.9 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/40223bea-129c-45a9-afed-277cad8ba9a1.png@avif IP188.114.96.1:443
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
Hash9d19a8ee72d8c48af25fdc64baaa1377 845b03e70fa87c6cd8025abe3c257117e0d88bb6 02a25486cea99e7a7cbc3a72ed94b5466705f26440184d1a2f2f5ebff6695ce3
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/40223bea-129c-45a9-afed-277cad8ba9a1.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:24 GMT
content-type: image/avif
content-length: 5859
cache-control: public, max-age=31536000
content-disposition: inline; filename="40223bea-129c-45a9-afed-277cad8ba9a1.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY0MDA5OTI1LTMwMWYwIg"
expires: Mon, 22 Apr 2024 10:08:54 GMT
x-request-id: wLC7bWAi7BoajwYRueYxn
cf-cache-status: HIT
age: 258990
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XFPi0TTXYsgVro62M0e6IxjKYmC1nDBNuemkgIvMfFkWVIHF9IH5vvls91YOSfoTNbRrkZad6tjOwjI7KJTvFQWzyaqufaAMV%2F3O8%2FyIc9qLLOU2U3pDFWgBGOBfPEaHfbm8waZcDXc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d614cedc56ba-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/jetx.64787fc5c.svg | 154.197.121.128 | 200 OK | 13 kB |
URL GET HTTP/21win-cdn.com/img/jetx.64787fc5c.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hash0046061bb77d38094cc0f71b7371d406 1fd7894d0117251f1eeec1a343b85532d7864a05 bac9b1ac206602f5369235b21d6373b9b6f7980ff55c4e851d8a40f00db4d0fa
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/jetx.64787fc5c.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:23 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: W/"661fde64-33f5"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5022
expires: Thu, 18 Apr 2024 14:05:23 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d60b9d581bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/elbet.701d0b0cd.svg | 154.197.121.128 | 200 OK | 11 kB |
URL GET HTTP/21win-cdn.com/img/elbet.701d0b0cd.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hashbd34c45017a4b3fe3d0813abbe16f113 2177a96200b95aa21ece71bfcbeadd200904c279 2ac83316161088868fcb56ac9812110d94b73567efab5e25b7387089d1ba7624
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/elbet.701d0b0cd.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:24 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: W/"661fde64-2a4d"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Thu, 18 Apr 2024 14:05:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d612cc451bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/49274.4c19402d2.js | 154.197.121.128 | 200 OK | 4.7 kB |
URL GET HTTP/21win-cdn.com/js/49274.4c19402d2.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typetroff or preprocessor input, Unicode text, UTF-8 text, with very long lines (4858), with no line terminators Hash7462fa6cdc8857fa29ff834330aaa2c5 41127c3c4ab12c3a0d82ea05464235166f812264 b5d9424857cecde749df2d30a93b8c4ed272ad4baa5cb4fa456d0a1d55abbe95
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/49274.4c19402d2.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:22 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 15 Apr 2024 14:08:41 GMT
etag: W/"661d34e9-125b"
expires: Sun, 16 Apr 2034 10:05:22 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 239695
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d60a5c511bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/1279.7681fe15f.js | 154.197.121.128 | 200 OK | 911 B |
URL GET HTTP/21win-cdn.com/js/1279.7681fe15f.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (929), with no line terminators Hash3a0fd7772f5d3cd77c17b49876743f78 3eb84478f6c0ac3009e81576caf8fa6ddf4e2c5a 5d5a4e691e8df7115cff0e7b2b76131b7b633ce30509dc61fdf36c9ab36989a6
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/1279.7681fe15f.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:23 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-38f"
expires: Sun, 16 Apr 2034 10:05:23 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1225750
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d60cbe851bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/500_i18_bg.d251a9b83-1508.png | 0.0.0.0 | | 0 B |
URL GET 1win-cdn.com/img/500_i18_bg.d251a9b83-1508.png IP0.0.0.0:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/500_i18_bg.d251a9b83-1508.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/728d6758-6f50-4b1b-8132-2430ff7e0aa6.jpeg@avif | 188.114.96.1 | 200 OK | 7.5 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/728d6758-6f50-4b1b-8132-2430ff7e0aa6.jpeg@avif IP188.114.96.1:443
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
Hash91cb93c7b3bcfdaf5be22dd889c68647 20c0af4b44bfe11283e15f237fa8c762a10d4711 c8a4e944374127623a31b75cec94c6b6d3509cb961f03169774cd8d725b0cb4a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/728d6758-6f50-4b1b-8132-2430ff7e0aa6.jpeg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:24 GMT
content-type: image/avif
content-length: 7460
cache-control: public, max-age=31536000
content-disposition: inline; filename="728d6758-6f50-4b1b-8132-2430ff7e0aa6.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY0NzQ2ZGJmLWRhZDki"
expires: Thu, 25 Apr 2024 08:46:34 GMT
x-request-id: s8oX91cNOIKx4pyy9ZM2Q
cf-cache-status: HIT
age: 4730
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=P7LXmQJ9DDULhj1ec4o5jeZa5O75234U1sGRj93wu1hXatpeKBk7wZVJvQqMqEGymhfJVeGZXd08ZPXXnDH6GIwh6vQEK4ANnFXVyzuGg5XCXKL00vYwLsZpEtGWsKS6%2B8FJFOxOAqc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d615e89656ba-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/chunk-vendors.4518b2e7d.js | 154.197.121.128 | 200 OK | 231 kB |
URL GET HTTP/21win-cdn.com/js/chunk-vendors.4518b2e7d.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeJavaScript source, ASCII text, with very long lines (36138) Size231 kB (230586 bytes) Hashc4b15f512b08aa602a53b6e6d8f7d674 60460221425a34a40643a5ffcc12e92f8cf7aaf3 03aee039311e09271504896f7eba4ef4940489c4ed416e84832ac8926e3c4139
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/chunk-vendors.4518b2e7d.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:21 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 15 Apr 2024 14:08:41 GMT
etag: W/"661d34e9-384ba"
expires: Sun, 16 Apr 2034 10:05:21 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 239695
set-cookie: __cf_bm=zeNBLaf84Vy4WooYmf3Blw299izPSJFx4_fui6lVpoQ-1713434721-1.0.1.1-LdE5e_CO1XuQFGJjv8tB_pxp.MIOWBdnIPEMhzwlEQYamluLR42gAg89FQHC4SQCvmd8jO3RNUpGw.MvNIOWbg; path=/; expires=Thu, 18-Apr-24 10:35:21 GMT; domain=.1win-cdn.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d6022d661bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/css/index.7eff7789c.css | 154.197.121.128 | 200 OK | 6.1 kB |
URL GET HTTP/21win-cdn.com/css/index.7eff7789c.css IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeASCII text, with very long lines (6130), with no line terminators Hash12639803befce09b072e0d9b8fa62f8f e78a7a568fb16b901eee20bf02dd15b0a02e8978 903403fc754dbbb436cc54a1dd1ac75442d82b8f0c7caf839b5a145d149a50f7
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /css/index.7eff7789c.css HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:21 GMT
content-type: text/css
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-17eb"
expires: Sun, 16 Apr 2034 10:05:21 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1225759
set-cookie: __cf_bm=EIKZQa07wD7siTXosqBTCKHfqV5ti_DIKJsJVQH6IMQ-1713434721-1.0.1.1-yVtyKx1ZlcmETyvKumVojHIQGuoKqePdMzMEljqmop16_CQCueoxmHVAwb3F7uNyxnR9fugkBbuBU3_5PM3oOQ; path=/; expires=Thu, 18-Apr-24 10:35:21 GMT; domain=.1win-cdn.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d6023d721bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/bd529428-aaab-4991-a790-150cd6317398.jpg@avif | 188.114.96.1 | 200 OK | 5.0 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/bd529428-aaab-4991-a790-150cd6317398.jpg@avif IP188.114.96.1:443
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
Hash3c7a3851260b12a9627faa9016f3ce1f 9df4442c906d9741c13ef21ed9eefb5f99d044c5 8b330aef0c0829a3f623aacd997fcae862db1c1b712f56cfdde0c267417d4942
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/bd529428-aaab-4991-a790-150cd6317398.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:24 GMT
content-type: image/avif
content-length: 5004
cache-control: public, max-age=31536000
content-disposition: inline; filename="bd529428-aaab-4991-a790-150cd6317398.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY2MDQwNTUwLTEzNTFiIg"
expires: Thu, 25 Apr 2024 08:46:34 GMT
x-request-id: 4cFylK1dZHaCryCGNCwaU
cf-cache-status: HIT
age: 4730
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0YujILqGagsnjINJ4sQNKWmWesYMstVg6%2BHWAxy2SQscRzNTH8hbyHsmfoWRubwTVicFDCjs%2Fl46I5F0aHKUhMBoxZPJfWomqp7klvfveHLnomcoXAGdPxvUEXmDvXZz4Qzq82BCCqU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d615e88656ba-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/chunk-common.9b76324c0.js | 154.197.121.128 | 200 OK | 192 kB |
URL GET HTTP/21win-cdn.com/js/chunk-common.9b76324c0.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
Size192 kB (192525 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/chunk-common.9b76324c0.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:21 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 15 Apr 2024 14:08:41 GMT
etag: W/"661d34e9-2f00d"
expires: Sun, 16 Apr 2034 10:05:21 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 239695
set-cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw; path=/; expires=Thu, 18-Apr-24 10:35:21 GMT; domain=.1win-cdn.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d6023d751bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/edict.ca67383de.svg | 154.197.121.128 | 200 OK | 13 kB |
URL GET HTTP/21win-cdn.com/img/edict.ca67383de.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hash7794e14088c92dc44e186b65dfd0782b f81ec0b93e38339b2e2f8f94d2f7c568b8943fff c7f35f1baf838b1d2df12f6f0c9ec002d9fc4f57fcee414b74fad3cabb71864a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/edict.ca67383de.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:24 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: W/"661fde64-3206"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Thu, 18 Apr 2024 14:05:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d612cc401bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/mancala%20gaming.441ae5f23.svg | 154.197.121.128 | 200 OK | 3.2 kB |
URL GET HTTP/21win-cdn.com/img/mancala%20gaming.441ae5f23.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hashfecafa12f578f5ced554ed31aba5c852 7e1f6f044c0508f11d1c5a58a41c3d1423bd7069 77c790b43104ff72a4363c886ef16e2716f2de4bd9b8a870b1228aec39924fe7
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/mancala%20gaming.441ae5f23.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:24 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: W/"661fde64-c90"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5023
expires: Thu, 18 Apr 2024 14:05:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d6136ce01bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/pragmatic.2e7a96b71.svg | 154.197.121.128 | 200 OK | 2.4 kB |
URL GET HTTP/21win-cdn.com/img/pragmatic.2e7a96b71.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hash0318d08339acfa9fb15b1f56bb22b145 caa87d78a9c14af0beeb66733294652e6b1627b8 24fe7388e4f3fc5ddea45e6369a02683ca4ecbe85d5e18c8f67d47a69709cea9
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/pragmatic.2e7a96b71.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:24 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: W/"661fde64-953"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5142
expires: Thu, 18 Apr 2024 14:05:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d613dd3f1bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/icons-pack-home.d21abec30.js | 154.197.121.128 | 200 OK | 19 kB |
URL GET HTTP/21win-cdn.com/js/icons-pack-home.d21abec30.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeJavaScript source, ASCII text, with very long lines (18922), with no line terminators Hash325c4a59d9bc91d434baa4a7563c38b4 070a43d12a678b20daf2851076340bf4b595d5ff da9eec33115c64c998ab64b58d507a763696e716f0573c9dab499e978e599edf
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/icons-pack-home.d21abec30.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:23 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-49ea"
expires: Sun, 16 Apr 2034 10:05:23 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1225750
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d60bfdc11bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1wrwn.com/img/logo/main/1win-normal.svg | 190.115.24.78 | 200 OK | 4.6 kB |
URL GET HTTP/21wrwn.com/img/logo/main/1win-normal.svg IP190.115.24.78:443
CertificateIssuerLet's Encrypt Subject1wrwn.com FingerprintD0:D4:98:08:C0:51:A2:A9:99:D1:71:8C:5F:59:90:FE:F6:91:A5:1E ValidityWed, 17 Apr 2024 19:47:10 GMT - Tue, 16 Jul 2024 19:47:09 GMT
File typeSVG Scalable Vector Graphics image Hash6a657a7851fa92f791304f1cdb123e9a ae2def67a366ffe67578bf82e3c47b4f1966e784 8443e4838f78a5ad2efa628846e3337e1cec32b94cfce323eb25f2e97989a02f
GET /img/logo/main/1win-normal.svg HTTP/1.1
Host: 1wrwn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __ddg1_=MKlro9cGwMg37YuuxgAz
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: ddos-guard
date: Thu, 18 Apr 2024 10:05:21 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 09:06:17 GMT
etag: W/"6620e289-1221"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
content-encoding: br
vary: Accept-Encoding
age: 0
ddg-cache-status: MISS,MISS
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/nhl.9b1a4945d.svg | 154.197.121.128 | 200 OK | 5.5 kB |
URL GET HTTP/21win-cdn.com/img/nhl.9b1a4945d.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hash776fb511daa35474ef8291916961aab6 58a4d5e39d8d100ef715b74a99bc5920259578f1 4e5efe564f1dfb5226aabc8c88a454033a02f175a7e9c807314a05b9eebc7571
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/nhl.9b1a4945d.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:23 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: W/"661fde64-1584"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5500
expires: Thu, 18 Apr 2024 14:05:23 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d60fd9891bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/fazi.19d7f4b72.svg | 154.197.121.128 | 200 OK | 645 B |
URL GET HTTP/21win-cdn.com/img/fazi.19d7f4b72.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hashc2948d97afb6d8e1cf8e7b50b62a9272 a1607553e252407e35addae9b48c1cedfeebd048 309347ec479f691cb02b9aaac9c06aea9cbefa075c591a35b0651e8928e64792
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/fazi.19d7f4b72.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:24 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: W/"661fde64-285"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 3342
expires: Thu, 18 Apr 2024 14:05:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d612fc6f1bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/4theplayer.f89265cdd.svg | 154.197.121.128 | 200 OK | 4.2 kB |
URL GET HTTP/21win-cdn.com/img/4theplayer.f89265cdd.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hash5cb7cf2507e642be8dd905487dc5ab67 68ad93bac5948542dade50964d8384eb9bff3573 f5bc2b7e50f7ecad4b80ce6102973c2cba12fdbd502b64505788c6f82ba08b66
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/4theplayer.f89265cdd.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:24 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 09:06:17 GMT
etag: W/"6620e289-1067"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Thu, 18 Apr 2024 14:05:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d611db431bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/cyberslots.988fdd12e.svg | 154.197.121.128 | 200 OK | 2.3 kB |
URL GET HTTP/21win-cdn.com/img/cyberslots.988fdd12e.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hashaeeace00abaabb5ae6a47e900873f09b d6e4385ea3efcfbfba30b6f0a58ea08ec9a11a95 0c1fdd20cf809c07733b67a12eb0f3cdc88a57ebcbb2ba293a717b4b9b3865ab
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/cyberslots.988fdd12e.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:24 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: W/"661fde64-901"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Thu, 18 Apr 2024 14:05:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d612bc371bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/max%20win%20gaming.00fa88483.svg | 154.197.121.128 | 200 OK | 763 B |
URL GET HTTP/21win-cdn.com/img/max%20win%20gaming.00fa88483.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hash6887ef2393d55338db36ccf501d3b364 cada230cfe07fd9fda37cfde92abc048879815bf 9a8cda3aaf7794cfa521832e211f826e61a93bbe5c0105671dc790b6bed65732
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/max%20win%20gaming.00fa88483.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:24 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: W/"661fde64-2fb"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Thu, 18 Apr 2024 14:05:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d6136ce81bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/1play/8cd3ae6e-3840-454e-8e42-434cd48af16c.jpg@avif | 188.114.96.1 | 200 OK | 6.3 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/1play/8cd3ae6e-3840-454e-8e42-434cd48af16c.jpg@avif IP188.114.96.1:443
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
Hash049927e2f79d1b3f7c0db06be6378930 bc6a9c76a5027d6e63381bb7cf0ff70068d06792 8488c7746bd184e9f0210a44f098d433e1f94e2bec27d1e26c2b75cf82250b17
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/1play/8cd3ae6e-3840-454e-8e42-434cd48af16c.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:24 GMT
content-type: image/avif
content-length: 6321
cache-control: public, max-age=31536000
content-disposition: inline; filename="8cd3ae6e-3840-454e-8e42-434cd48af16c.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY2MTY2NmI4LTJiMmQxIg"
expires: Wed, 24 Apr 2024 18:12:09 GMT
x-request-id: yrl775GXM9Fh3TxtQq3wr
cf-cache-status: HIT
age: 57195
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ml5I64W%2B44IPi%2Fk8gfGmXSb8yAag8km7Oka730jYkOg6XwsoKYSgwQ3JaHouONVL0q993MZZk7FezRzNCJT5szhKvC3feX4tbZnukBOeM3WSKCp7j1VELMpoV0uBBIH3S%2FAzFMBeUPo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d61159aa56ba-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/atmosfera.32402e33f.svg | 154.197.121.128 | 200 OK | 9.0 kB |
URL GET HTTP/21win-cdn.com/img/atmosfera.32402e33f.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hash3ba4610ae40c2d70390afaa7cba36721 01eeff20113a096675d71c018a7f109c8e53da28 815ee6469c0e9ab67b094e7e529109be7cd887973cfa0d784ac1638e9e5b5637
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/atmosfera.32402e33f.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:24 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:18 GMT
etag: W/"661fde62-230d"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Thu, 18 Apr 2024 14:05:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d6121b981bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/icons-pack-casino.fd47961dc.js | 154.197.121.128 | 200 OK | 91 kB |
URL GET HTTP/21win-cdn.com/js/icons-pack-casino.fd47961dc.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Hashcaf103b3719cd36e18dd18439deac2fe b2e498d23c374abbc8ccd46f2ca03cb2bb2f41a3 4b280d2612a827e6604aef233c91cfd79b359a47065c728a350d0646c5c8a68c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/icons-pack-casino.fd47961dc.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:24 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-164f9"
expires: Sun, 16 Apr 2034 10:05:24 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1225749
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d6118aff1bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/endorphina.20b721ba6.svg | 154.197.121.128 | 200 OK | 7.1 kB |
URL GET HTTP/21win-cdn.com/img/endorphina.20b721ba6.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hasha89aae2f962bcb01ecb8e3ddd113b797 706e09d5fa8312ec4cd3c7ca606ad19edca158d9 3a3f4f70b1c092a12634c8a8fbf3409fa001ee6d9a1eed7f0a3a5cfe5866dd6a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/endorphina.20b721ba6.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:24 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: W/"661fde64-1bc9"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 4962
expires: Thu, 18 Apr 2024 14:05:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d612dc4d1bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/sa%20gaming.396c34ca4.svg | 154.197.121.128 | 200 OK | 2.4 kB |
URL GET HTTP/21win-cdn.com/img/sa%20gaming.396c34ca4.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hasheec27b0a30619e016eae50d11f9a53b9 ff3da2add15102d508e5f361ba5fef6c01bafcc4 d980864e2bbbbf04843596ec55869200f0fb749ae5113b85b17d377bc8acbab8
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/sa%20gaming.396c34ca4.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:24 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: W/"661fde64-948"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Thu, 18 Apr 2024 14:05:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d6140d661bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/cf957920-b419-48fc-9770-c04187b3098d.jpg@avif | 188.114.96.1 | 200 OK | 8.2 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/cf957920-b419-48fc-9770-c04187b3098d.jpg@avif IP188.114.96.1:443
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
Hash4690a4b61d201902c45336db8106dff9 939591a5793aa03ab3071614e332b2b9d25e4c27 26f706b40a0dfebff8f896074f248c0dd60d2ce1372c3d23bf8bc14c862fe976
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/cf957920-b419-48fc-9770-c04187b3098d.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:24 GMT
content-type: image/avif
content-length: 8152
cache-control: public, max-age=31536000
content-disposition: inline; filename="cf957920-b419-48fc-9770-c04187b3098d.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY0MzY5ODg1LTFmOWIzIg"
expires: Thu, 25 Apr 2024 08:46:34 GMT
x-request-id: 9wNFwtaW282-b_zyivNe8
cf-cache-status: HIT
age: 4730
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RdKKfvsc5cMP0MRg9AQPyQxv8lxrGQ%2Fsu9498nzGZhSXEcUuff34ZUPWnDgOx8lTUGKuthSX6PFIFhBqYD%2FWg3hjcWwlsyJZed5Vy5uSXiBuYJAISoRJ3%2B7ecRL%2BECDoDeY8QdmdLb8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d615e89756ba-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/rubyplay.b4553f39e.svg | 154.197.121.128 | 200 OK | 7.6 kB |
URL GET HTTP/21win-cdn.com/img/rubyplay.b4553f39e.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hash3858ea5c6be5319073b0453eac475c1b 72be49666df66401b531cfe9658ae2b64f897b0b fb96a6365440b705da9c72c59a869499f4872ed922243f9d248536974a860980
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/rubyplay.b4553f39e.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:24 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: W/"661fde64-1d85"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 3342
expires: Thu, 18 Apr 2024 14:05:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d6140d631bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/yggdrasil.a6bc350dc.svg | 154.197.121.128 | 200 OK | 5.8 kB |
URL GET HTTP/21win-cdn.com/img/yggdrasil.a6bc350dc.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hash1156d7b0c16ee989276ab38995b5e316 2efca22c943534eec487d1441efc9c1280c0ce62 05a95300234033b2ad7ffbf88873540ae90bfb3b849dc207666d8deed966d24d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/yggdrasil.a6bc350dc.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:24 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: W/"661fde64-1697"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1205
expires: Thu, 18 Apr 2024 14:05:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d6146df21bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/57228a66-bd62-4072-a80c-3bef549a758c.jpg@avif | 188.114.96.1 | 200 OK | 9.4 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/57228a66-bd62-4072-a80c-3bef549a758c.jpg@avif IP188.114.96.1:443
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
Hash7eb2cba4654091d306b65c6fe0a8f631 e1a4eecb3f5db01aa2774cf811e3c2cda95f426b ffd6b30a5e9e4e68ea1f492d19ba67578359d3a390dd90ea295cbc4bd81827d9
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/57228a66-bd62-4072-a80c-3bef549a758c.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:24 GMT
content-type: image/avif
content-length: 9433
cache-control: public, max-age=31536000
content-disposition: inline; filename="57228a66-bd62-4072-a80c-3bef549a758c.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY0MzY4Mzc0LTI1MTcxIg"
expires: Thu, 25 Apr 2024 08:46:34 GMT
x-request-id: h1ybXC_OVncXLs2XUbjAU
cf-cache-status: HIT
age: 4730
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qs2u645TsfmX9qo3U21oo64WwrLrjNBat220NHgDMs%2F%2FM88TgqL%2Fq1Z23AY97SaTF7NFzlsq6Rvqd5HD5jzv47J3appI6kW8YoDdk2TN874pq%2FjQK%2FQfG8qfQhy9YcwvoruGoEGsN0k%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d615f89f56ba-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/apollo%20play.610da8846.svg | 154.197.121.128 | 200 OK | 5.5 kB |
URL GET HTTP/21win-cdn.com/img/apollo%20play.610da8846.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hash50314c7ffb9d11a02d2c58c66e124e29 3ebfb6e02132e3281c64e7866a621fc9ff43678e c6073fd4fbb0239b24f30fc4d2e90e2d34060adb4854b0b3eb34e5c0e363346d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/apollo%20play.610da8846.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:24 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:18 GMT
etag: W/"661fde62-158b"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Thu, 18 Apr 2024 14:05:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d6121b901bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/caleta.b1dc71f69.svg | 154.197.121.128 | 200 OK | 1.3 kB |
URL GET HTTP/21win-cdn.com/img/caleta.b1dc71f69.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hashbbba19a0f7e2c3b02a8ca7d7c833eb63 5dd340d9cc4c395174865b155829f3054fb29275 96061a9a0bc3a990d16e91b8c52ca6436dfde7223b3e9741bee8a772f4559ccd
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/caleta.b1dc71f69.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:24 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:19 GMT
etag: W/"661fde63-518"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Thu, 18 Apr 2024 14:05:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d612ac251bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| eu.i.posthog.com/i/v0/e/?ip=1&_=1713434725618&ver=1.126.0&compression=gzip-js | 52.57.233.141 | 200 OK | 15 B |
URL POST HTTP/2eu.i.posthog.com/i/v0/e/?ip=1&_=1713434725618&ver=1.126.0&compression=gzip-js IP52.57.233.141:443
CertificateIssuerAmazon Subject*.i.posthog.com Fingerprint99:50:CA:BE:B2:E7:9E:AF:21:C7:6D:3B:C5:C1:A5:C0:01:1F:66:67 ValidityMon, 15 Jan 2024 00:00:00 GMT - Wed, 12 Feb 2025 23:59:59 GMT
File typetroff or preprocessor input, ASCII text, with no line terminators Hash0e5f45e1f07c66593d640695360da703 d39b576f5b312e68ec85c6242605e555f728134c 5aad08d4950472abb6eefcabf4a0d86d2ccef9958f394f68c06d81db0e2b7149
POST /i/v0/e/?ip=1&_=1713434725618&ver=1.126.0&compression=gzip-js HTTP/1.1
Host: eu.i.posthog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 879
Origin: https://1wrwn.com
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:25 GMT
content-type: application/json
content-length: 15
vary: origin, access-control-request-method, access-control-request-headers
access-control-allow-origin: https://1wrwn.com
access-control-allow-credentials: true
x-envoy-upstream-service-time: 316
server: envoy
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/18860.d3e8c1777.js | 154.197.121.128 | 200 OK | 28 kB |
URL GET HTTP/21win-cdn.com/js/18860.d3e8c1777.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeJavaScript source, ASCII text, with very long lines (27990), with no line terminators Hash4b143001b05330bb316fe6b48531dbb6 ffa1e8fc89a58cf47350481057028603fe7fff91 d2384a77cb70880903f3d1b81d47cdaf69af5bfb006fd23fb938c512ee2f486e
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/18860.d3e8c1777.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:22 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 15 Apr 2024 14:08:41 GMT
etag: W/"661d34e9-6d56"
expires: Sun, 16 Apr 2034 10:05:22 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 239696
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d605987e1bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/gamzix.c753c377b.svg | 154.197.121.128 | 200 OK | 3.9 kB |
URL GET HTTP/21win-cdn.com/img/gamzix.c753c377b.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hashc9bdfac4b8a9fec4171e1e4eaada52d9 e0ecf83a680f3cb4750ca30306d444bf25e8a890 a9f4f158614d42eb732421ef41983f0cbfe1f29e95101bd315d0b3d238f1d21d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/gamzix.c753c377b.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:24 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 09:06:17 GMT
etag: W/"6620e289-f3b"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 525
expires: Thu, 18 Apr 2024 14:05:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d6132ca61bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/38209.ce0dbb534.js | 154.197.121.128 | 200 OK | 1.3 kB |
URL GET HTTP/21win-cdn.com/js/38209.ce0dbb534.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (1359), with no line terminators Hash8cac0a300131504f4cdf9de98e24c2bc c76c49c15203750221970fefea15fe0352bb9978 a213d9451b50ae86bd8e75883092b22dedfcdc6ae2e26f5dd9c7de3d8957c16d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/38209.ce0dbb534.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:23 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-51f"
expires: Sun, 16 Apr 2034 10:05:23 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1225750
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d60b2d021bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/31310.c605a9b9f.js | 154.197.121.128 | 200 OK | 528 B |
URL GET HTTP/21win-cdn.com/js/31310.c605a9b9f.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (546), with no line terminators Hash819ea0d23f76434d7cf7bdad5c0dc71f 06f5a3c6cd80db3f5850633d2f868f55e7e92447 3fc29ff364ab40aadf6f25a1d6423b9d333cfecf786e3cfcc04175850357eedb
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/31310.c605a9b9f.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:23 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-210"
expires: Sun, 16 Apr 2034 10:05:23 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1225750
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d60b6d3b1bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/icons-pack-payment-full.c748a9e6d.js | 154.197.121.128 | 200 OK | 121 kB |
URL GET HTTP/21win-cdn.com/js/icons-pack-payment-full.c748a9e6d.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size121 kB (121043 bytes) Hash3db61399d0d4c57b17b5a337d59e3f0e 9312e9b832f7c0cc755c7c8b867986babdac8628 876516cc68bca8bef6cc55a91e8f13c040dfd4d63be038326fcc515eb22ad026
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/icons-pack-payment-full.c748a9e6d.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:23 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-1d8d3"
expires: Sun, 16 Apr 2034 10:05:23 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1225750
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d60c9e601bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/font/SFNSDisplay-cyrillic.e423f3776.woff2 | 154.197.121.128 | 200 OK | 17 kB |
URL GET HTTP/21win-cdn.com/font/SFNSDisplay-cyrillic.e423f3776.woff2 IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 16852, version 1.0 Hashc4f31a30bdf4dbced79fb75fc03111cf 14765799051deb933539e19f1ffa26198cabd4c1 cded98e2b95ccbf34690d20e4d466e2457d754f960b819d052d188dae2c9e9fc
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /font/SFNSDisplay-cyrillic.e423f3776.woff2 HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1wrwn.com
DNT: 1
Connection: keep-alive
Referer: https://1win-cdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:23 GMT
content-type: application/octet-stream
content-length: 16852
last-modified: Thu, 18 Apr 2024 09:06:16 GMT
etag: "6620e288-41d4"
expires: Sun, 16 Apr 2034 10:05:23 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: MISS
accept-ranges: bytes
set-cookie: __cf_bm=.DiUxmUBeZdyYVUFKIBAfRV00VnE565FfJDKxnXKsmo-1713434723-1.0.1.1-IA_UjgZZzF1Z1dW85kXAyD4isxDxks_zcqPyhMxRLeyCbh8Dow76Eep4z9hHTpJlVUUeNdYs.ESNLkjlrDDZ1Q; path=/; expires=Thu, 18-Apr-24 10:35:23 GMT; domain=.1win-cdn.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d60ceab256c7-OSL
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/ct%20interactive.74b20dbc3.svg | 154.197.121.128 | 200 OK | 2.2 kB |
URL GET HTTP/21win-cdn.com/img/ct%20interactive.74b20dbc3.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hashe709608dd45ff01d7f75d21bc3534e1e d45bc1ea2a957ab8113ecf7da9564be00207c6d4 d3909007c8efcbb7e2d3fdabe0dde74063c3efcd76d989f83f6d128b89494b2f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/ct%20interactive.74b20dbc3.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:24 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: W/"661fde64-889"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Thu, 18 Apr 2024 14:05:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d612bc341bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/quickspin.d9067a98a.svg | 154.197.121.128 | 200 OK | 2.4 kB |
URL GET HTTP/21win-cdn.com/img/quickspin.d9067a98a.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hash2981087d9047df84f1f173886d7f2353 27ee3db1546e61fb1042fe15065f39266f85bcc8 5dcab82097da033050612cbf50989d6cc9d2fe6823af9c8ea82affdc504e5a3d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/quickspin.d9067a98a.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:24 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: W/"661fde64-954"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 605
expires: Thu, 18 Apr 2024 14:05:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d613dd421bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/pragmatic/2189ff93-376e-4fb5-bcd2-30ed6afb4cbb.png@avif | 188.114.96.1 | 200 OK | 6.0 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/pragmatic/2189ff93-376e-4fb5-bcd2-30ed6afb4cbb.png@avif IP188.114.96.1:443
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
Hash45ccd50f5dfaf7808c6795422417f214 38499698cec05af36aa2bc0e390952e400486003 50255b7836fb64aa3258a941253e4a85e7d77d42a4dd8b8129955c20945d7ebc
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/pragmatic/2189ff93-376e-4fb5-bcd2-30ed6afb4cbb.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:24 GMT
content-type: image/avif
content-length: 5951
cache-control: public, max-age=31536000
content-disposition: inline; filename="2189ff93-376e-4fb5-bcd2-30ed6afb4cbb.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY2MTdiYTBhLTYyM2ZiIg"
expires: Thu, 18 Apr 2024 10:33:24 GMT
x-request-id: 5dOF766PLQIqOPFueIAjz
cf-cache-status: HIT
age: 603120
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0GXWELm%2FnxqRkbMowauaw%2BBjsqyj5yaZDH6I9%2B0iENCxWYoSsbKj4qnhaHZA9G9cEl1h3mk0eWvk6zD%2FoyvacgoqxHvTKShLLo9LT%2FYdMHgH0jeSkRXo9EqnFlepimErHmC9Ork6t8g%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d615e88356ba-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/57652.297e4ecc2.js | 154.197.121.128 | 200 OK | 647 B |
URL GET HTTP/21win-cdn.com/js/57652.297e4ecc2.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (667), with no line terminators Hash53d580c5f29a2a838b6595fa6ff0f0a3 ab60adb7207a806d271778effe677ed01dc144b0 d09039f573818646e722fef48f6f9d999dc7382548877a5699e9b45be29ec6dc
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/57652.297e4ecc2.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:23 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-287"
expires: Sun, 16 Apr 2034 10:05:23 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1225750
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d60bad701bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/betgames.f9572e26f.svg | 154.197.121.128 | 200 OK | 3.1 kB |
URL GET HTTP/21win-cdn.com/img/betgames.f9572e26f.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hash22c1b0dd1e37b9c443eda963fe76d96e 7cdb9b3ec3c095dd657c2bc18489b00fc8f5f7fd 058002db89099b878d2fceffc78b9bdc47a5c5e990ebab7af3d1a9bac806a4f6
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/betgames.f9572e26f.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:24 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:18 GMT
etag: W/"661fde62-beb"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5023
expires: Thu, 18 Apr 2024 14:05:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d6125bd41bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/betsoft.cc500155f.svg | 154.197.121.128 | 200 OK | 4.7 kB |
URL GET HTTP/21win-cdn.com/img/betsoft.cc500155f.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hashfa91200f1738243c9a1bf9ebf853c238 43a438416c285aaf55c7f2edb2676616ffa0c838 9235396681ab2e82a2b5ce89e4f2e711f69cde3f6fb83af4050e110c4a55d3c9
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/betsoft.cc500155f.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:24 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:18 GMT
etag: W/"661fde62-1286"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 3342
expires: Thu, 18 Apr 2024 14:05:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d6126beb1bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/wta.c6d5e2ef3.svg | 154.197.121.128 | 200 OK | 3.3 kB |
URL GET HTTP/21win-cdn.com/img/wta.c6d5e2ef3.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hash040d7f0a9e965031fe2520530582a5d3 015a448fc7cbd8ca0b74360915ee71513921dbc1 fac8ba2fc8936b7a7f9faf5e0f94031ec8ad096c8094f026fc5fb67d5b2bff59
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/wta.c6d5e2ef3.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:23 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: W/"661fde64-d04"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5500
expires: Thu, 18 Apr 2024 14:05:23 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d60fd9861bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/fantasma.8f4e2392c.svg | 154.197.121.128 | 200 OK | 3.4 kB |
URL GET HTTP/21win-cdn.com/img/fantasma.8f4e2392c.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hash2b6e488681e5af743e430cce2f0c2187 5a3102291017d617e6346a59664b1ec7eece4423 f34079a7f0c56e9ef5af475418998e11aa38c64bf4900827c830263eb9e8ac11
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/fantasma.8f4e2392c.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:24 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: W/"661fde64-d34"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Thu, 18 Apr 2024 14:05:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d612ec651bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/salsa.8d18d113d.svg | 154.197.121.128 | 200 OK | 4.5 kB |
URL GET HTTP/21win-cdn.com/img/salsa.8d18d113d.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hash8ddc56d0a9c2b1ae996c3521eddfae36 db430c81bcb0d7090c4067b858c8d48f0ba5d320 08bcd575204796b49e6590b14d0aef61c53647132f039606f45957b971c37844
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/salsa.8d18d113d.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:24 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: W/"661fde64-1187"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Thu, 18 Apr 2024 14:05:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d6140d701bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/37061.4706f0db4.js | 154.197.121.128 | 200 OK | 25 kB |
URL GET HTTP/21win-cdn.com/js/37061.4706f0db4.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeJavaScript source, ASCII text, with very long lines (24692), with no line terminators Hashfea412cd3a087cd0adfdfe6b1bea44ff 456a1a717440c0724e385a28530602b16d0a6d79 3afba0d7cf4300653b9f75bbbdc8f22807f566ede08dffe32a887844f6174a47
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/37061.4706f0db4.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:22 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-6074"
expires: Sun, 16 Apr 2034 10:05:22 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1225751
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d60a3c441bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/1win-normal.34748aac6.svg | 154.197.121.128 | 200 OK | 4.6 kB |
URL GET HTTP/21win-cdn.com/img/1win-normal.34748aac6.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hash6a657a7851fa92f791304f1cdb123e9a ae2def67a366ffe67578bf82e3c47b4f1966e784 8443e4838f78a5ad2efa628846e3337e1cec32b94cfce323eb25f2e97989a02f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/1win-normal.34748aac6.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:23 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:18 GMT
etag: W/"661fde62-1221"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5022
expires: Thu, 18 Apr 2024 14:05:23 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d60b6d3d1bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/free-money-link-image.1ada0c9e1-120.png | 154.197.121.128 | 200 OK | 5.3 kB |
URL GET HTTP/21win-cdn.com/img/free-money-link-image.1ada0c9e1-120.png IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typePNG image data, 120 x 97, 8-bit colormap, non-interlaced Hash911fa68d94dd3f2bc8ceff2671e87bdd 9bca43449cf32e95c62291a802cad6e6c4493025 9d652f09af7a4abeaa6cd6a77f32598dd33e3b7b8a55c032409cd2ecacd11db7
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/free-money-link-image.1ada0c9e1-120.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:23 GMT
content-type: image/png
content-length: 5274
cf-bgj: imgq:100,h2pri
cf-polished: origSize=6354
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "661fde64-18d2"
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
cf-cache-status: HIT
expires: Thu, 18 Apr 2024 14:05:23 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d60cdea01bfe-OSL
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/big%20time%20gaming.e2bd46001.svg | 154.197.121.128 | 200 OK | 5.6 kB |
URL GET HTTP/21win-cdn.com/img/big%20time%20gaming.e2bd46001.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hash736482b909f3d90f4b87845b06343f95 05501f25bbd97642449a87b6113fbb3a2cf36f41 68f08269f37245370fb3122fa2c76f755644e1a9cce3e1abb1cda283aff2de62
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/big%20time%20gaming.e2bd46001.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:24 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:18 GMT
etag: W/"661fde62-15e9"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Thu, 18 Apr 2024 14:05:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d6128c061bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/relax.1a68769f8.svg | 154.197.121.128 | 200 OK | 1.4 kB |
URL GET HTTP/21win-cdn.com/img/relax.1a68769f8.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hashd29d9c49a3e8be4842246e8b658651b1 71129bcf41f71edffe3fb4db0b4ff2faf37bd536 67d8edefc6b96e711c297519bc268d93c477cebc6a6cd0f912bb1567ee2a71eb
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/relax.1a68769f8.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:24 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: W/"661fde64-57f"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 525
expires: Thu, 18 Apr 2024 14:05:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d613ed541bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/a2d833f8-b8d6-4fb7-8063-08501557df20.png@avif | 188.114.96.1 | 200 OK | 7.7 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/a2d833f8-b8d6-4fb7-8063-08501557df20.png@avif IP188.114.96.1:443
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
Hasha301711d2f250aac2cf9a7b842d5639e f64334b263231df3e7505d31d155e4277e8337db c44c30f8bb76dda1f98ed40d6aa5eb9e0b906618ba0ef88033c315b926d51668
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/a2d833f8-b8d6-4fb7-8063-08501557df20.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:24 GMT
content-type: image/avif
content-length: 7665
cache-control: public, max-age=31536000
content-disposition: inline; filename="a2d833f8-b8d6-4fb7-8063-08501557df20.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1ZmQ1ZTBlLTRmM2ViIg"
expires: Thu, 25 Apr 2024 08:46:33 GMT
x-request-id: IBHqLuZM_TiUsggrj8i_P
cf-cache-status: HIT
age: 4731
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=brdqgCFWgM9jnt36JMW9OlNc7ROMfwCVfOIQ6QPUtPV%2BV727HY6OExClH8JuEe63%2F9Ln8rSd1xDf3KdRn7s%2BLUjydXBwhJ20n8U25LMknIDNYOw%2B9pwp3xM%2F2tBHRJOy%2BSyhkGwl2%2B4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d614cee056ba-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/speed-and-cash.dffacd6c5.svg | 154.197.121.128 | 200 OK | 24 kB |
URL GET HTTP/21win-cdn.com/img/speed-and-cash.dffacd6c5.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hash3c62bcde419e822cfa55d45a05fa112d 77631a7cbc25e1d4567b72cc5b8c4acb43c7eb38 feb59050cb394075bb3efee348121151a8a214d673e69b1a3b8021e85a46c5f0
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/speed-and-cash.dffacd6c5.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:23 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: W/"661fde64-5bb7"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5022
expires: Thu, 18 Apr 2024 14:05:23 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d60b8d511bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/8726.6a357273b.js | 154.197.121.128 | 200 OK | 664 B |
URL GET HTTP/21win-cdn.com/js/8726.6a357273b.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (682), with no line terminators Hash2e216c1b879ec285c8c32567174c9af4 e1e1af06fe2299d4a230eb5467395ef6bf3354cc 2e286b2372f85cadaa903f3189b912a18def9e9c561f6b4121af91682164cca2
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/8726.6a357273b.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:23 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-298"
expires: Sun, 16 Apr 2034 10:05:23 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1225750
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d60c3df01bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/fiba.4b405b699.svg | 154.197.121.128 | 200 OK | 1.2 kB |
URL GET HTTP/21win-cdn.com/img/fiba.4b405b699.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hash4aa9ad25fbbca388328ba8098758f0c7 82dc10c520383464da8039c4175e315c182ccf2e c9a23ae008a3f9ef8714a6dfd1ddb0ee0c70c17fe3bb81bf54794c649ebebf29
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/fiba.4b405b699.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:23 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: W/"661fde64-4ce"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5500
expires: Thu, 18 Apr 2024 14:05:23 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d60fd9881bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/bonus_hover_1.a84694805-1979.png | 0.0.0.0 | | 0 B |
URL GET 1win-cdn.com/img/bonus_hover_1.a84694805-1979.png IP0.0.0.0:0
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/bonus_hover_1.a84694805-1979.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
|
|
| 1win-cdn.com/img/sprite-dice@2.6e1ac0ed1-256.webp | 154.197.121.128 | 200 OK | 430 kB |
URL GET HTTP/21win-cdn.com/img/sprite-dice@2.6e1ac0ed1-256.webp IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeRIFF (little-endian) data, Web/P image Size430 kB (429680 bytes) Hashabaa6833958bdc5427e6fa573cbfa70a d43989916cc382e4e3d983933d9cd52a7d1dbeb2 51ba8ea694483e38020360731af53be7cd411671786008119b70b2a320e3bd92
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/sprite-dice@2.6e1ac0ed1-256.webp HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:23 GMT
content-type: image/webp
content-length: 429680
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: "661fde64-68e70"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1206
expires: Thu, 18 Apr 2024 14:05:23 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d60d2eff1bfe-OSL
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/amusnet%20interactive.428b45c71.svg | 154.197.121.128 | 200 OK | 672 B |
URL GET HTTP/21win-cdn.com/img/amusnet%20interactive.428b45c71.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hashdd800d25fd1fc6956949e43d9997d38d d2e3ced7d4ad91488dc8dde871b6651a01153f4a 8a010ef18c9d5777be9dbf363882bb9eadb3ded464fa63f0dd133e10a1bfef1b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/amusnet%20interactive.428b45c71.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:24 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 09:06:17 GMT
etag: W/"6620e289-2a0"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Thu, 18 Apr 2024 14:05:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d6121b8f1bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/electric%20elephant%20.dd56c804d.svg | 154.197.121.128 | 200 OK | 5.2 kB |
URL GET HTTP/21win-cdn.com/img/electric%20elephant%20.dd56c804d.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hashee4b076249d3d52c42ca2f59e03cae25 d072a4002835fbd0279757a42bed97a398e7adf7 9eeb2fb4664558d20a84cd82fb347d73ef91975eb4a5c5ee274b16f3ebd9c495
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/electric%20elephant%20.dd56c804d.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:24 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: W/"661fde64-143b"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Thu, 18 Apr 2024 14:05:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d612cc471bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/aviator-game-logo.2fb50dc03.svg | 154.197.121.128 | 200 OK | 3.1 kB |
URL GET HTTP/21win-cdn.com/img/aviator-game-logo.2fb50dc03.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hashced188fd368f5c8439ebd4398c9c9315 3b04cd5dfecda2e4b27b203dba4a6cef1b7890ea 82811dea95287317cc83610df97a7bc61db4783bd43ef75c8131c497f7868ef6
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/aviator-game-logo.2fb50dc03.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:23 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:18 GMT
etag: W/"661fde62-bfa"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5022
expires: Thu, 18 Apr 2024 14:05:23 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d60b9d541bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/sprite-poker@2.a38733e7a-256.webp | 154.197.121.128 | 200 OK | 361 kB |
URL GET HTTP/21win-cdn.com/img/sprite-poker@2.a38733e7a-256.webp IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeRIFF (little-endian) data, Web/P image Size361 kB (360930 bytes) Hash3da44652926631bc4fc847cfcbad6c71 a5f7955272162e543d5db897e200d00d3af22b22 354fe37cee669fe141e1e1dcb3b5a12df1ff2b9b34be38b4f2e20dd46fdb7d2a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/sprite-poker@2.a38733e7a-256.webp HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:23 GMT
content-type: image/webp
content-length: 360930
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: "661fde64-581e2"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1206
expires: Thu, 18 Apr 2024 14:05:23 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d60d2f051bfe-OSL
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/netent.95417a961.svg | 154.197.121.128 | 200 OK | 1.0 kB |
URL GET HTTP/21win-cdn.com/img/netent.95417a961.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hash24c2a93da817e20deb8796b20655510d e0e0acc2a55fd9623907272dac8f96c8f30360c6 01707112895fbab90532a0afbe23c9ec0402c8f73656fb87e74eca54550a5bcf
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/netent.95417a961.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:24 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 09:06:17 GMT
etag: W/"6620e289-3f7"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Thu, 18 Apr 2024 14:05:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d6138d041bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/66261.5e5d2473b.js | 154.197.121.128 | 200 OK | 53 kB |
URL GET HTTP/21win-cdn.com/js/66261.5e5d2473b.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeJavaScript source, ASCII text, with very long lines (52861), with no line terminators Hashc679e7d1494a1a13d0f8942e543550a6 29145fc1ac33f7c03865c15cda7d2d9b4c7eaab3 3569199e8d582f15cc37b6b9a299dec81547777e4db38d208c1c8d17ecf26e5a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/66261.5e5d2473b.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:22 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 15 Apr 2024 14:08:41 GMT
etag: W/"661d34e9-ce7d"
expires: Sun, 16 Apr 2034 10:05:22 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 239695
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d60a6c681bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/100hp%20gaming.8352a77d8.svg | 154.197.121.128 | 200 OK | 2.4 kB |
URL GET HTTP/21win-cdn.com/img/100hp%20gaming.8352a77d8.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hash4ed7fa45e0933ca6d981ea7fdd5e86ad 9da697d8f40394da2cc17c0c82e73cb1130023d3 619d6f72aec387dbde0c96adf91a96436c6c496d67a67841a4058fda6283210d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/100hp%20gaming.8352a77d8.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:24 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:18 GMT
etag: W/"661fde62-935"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5023
expires: Thu, 18 Apr 2024 14:05:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d611cb251bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/46719.c1d2eb9c5.js | 154.197.121.128 | 200 OK | 527 B |
URL GET HTTP/21win-cdn.com/js/46719.c1d2eb9c5.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (545), with no line terminators Hash8375a4110ec42498df870269f31e79db d974e51c02dbdc175ffa8d4384b385ecce38e581 b63b4ea04779e05a75b5e69f026faa71ee3601834dc416ce230a65ef9171d861
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/46719.c1d2eb9c5.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:24 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-20f"
expires: Sun, 16 Apr 2034 10:05:24 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 608143
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d6118af81bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/1x2gaming.00302c7de.svg | 154.197.121.128 | 200 OK | 2.6 kB |
URL GET HTTP/21win-cdn.com/img/1x2gaming.00302c7de.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hash113eb6d7137f5f70e8e824f5487e85bd 3d4d5852693e551b81b3d8106608e11bdb3a5080 72f4e464420bdd29f86767f770246a82e37d7d54e601f3f460fdcaf351339a0b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/1x2gaming.00302c7de.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:24 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 09:06:17 GMT
etag: W/"6620e289-9fb"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Thu, 18 Apr 2024 14:05:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d611db411bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/spearhead.27c37f3dd.svg | 154.197.121.128 | 200 OK | 1.2 kB |
URL GET HTTP/21win-cdn.com/img/spearhead.27c37f3dd.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hashb7d0037b4b499acbf11a3a7d22d9f7e8 b4a122e841ea28158af2f35adaf0b802713ffda3 aaa2c2f064d9c7709062169ce8ef64c7e6158b89d6700351c1be538cb0bdc0fe
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/spearhead.27c37f3dd.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:24 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 09:06:17 GMT
etag: W/"6620e289-4aa"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Thu, 18 Apr 2024 14:05:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d6143d9a1bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/48430.9af74daeb.js | 154.197.121.128 | 200 OK | 1.2 kB |
URL GET HTTP/21win-cdn.com/js/48430.9af74daeb.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (1192), with no line terminators Hash13ee598a8e47be5a3df2543dc3171f75 630992d944c63ecf139694eb2e3e5ac0047bd23d 602ae541f8651417c75bee8a5666440303481bf090e791bad62894339350c339
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/48430.9af74daeb.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:23 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-496"
expires: Sun, 16 Apr 2034 10:05:23 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1225750
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d60b3d151bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/33700.8f8589382.js | 154.197.121.128 | 200 OK | 992 B |
URL GET HTTP/21win-cdn.com/js/33700.8f8589382.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (1010), with no line terminators Hash7a56ca20c70147de869fb6f869c24757 8ba632a6c326ca6152d0c51a202527013eeb42f4 543572cbc25b63dbaf723d527cdb47a50c56655698f3eae1708b30e881429640
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/33700.8f8589382.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:23 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-3e0"
expires: Sun, 16 Apr 2034 10:05:23 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1225750
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d60b6d3a1bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/41543.9ecf6875c.js | 154.197.121.128 | 200 OK | 695 B |
URL GET HTTP/21win-cdn.com/js/41543.9ecf6875c.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (713), with no line terminators Hash3a416c7a8b544cab2961aa391df25f73 1760b78a71e89b19890fc1e1d457f20fc7931b8f 63858586d9c72226c0522e2b0dbd181ef99b481aebef11049ac603b942c6876b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/41543.9ecf6875c.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:23 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-2b7"
expires: Sun, 16 Apr 2034 10:05:23 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1225750
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d60c7e3c1bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/gameart.7beff0d18.svg | 154.197.121.128 | 200 OK | 2.6 kB |
URL GET HTTP/21win-cdn.com/img/gameart.7beff0d18.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hash0316280cc350cb02b448e29142cbc493 16182a01de1fe9f3918bdfff51002844776c1b08 be85aab3a3bd01ae6471157366d278a01d650882cccaa670c8d5472eda92a073
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/gameart.7beff0d18.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:24 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: W/"661fde64-a30"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Thu, 18 Apr 2024 14:05:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d6131c951bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/reelplay.06dc7f4c0.svg | 154.197.121.128 | 200 OK | 25 kB |
URL GET HTTP/21win-cdn.com/img/reelplay.06dc7f4c0.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hashb322085b94eec118c20d5acba9ea8465 616f9440231bd629e6d2b6aea1d1baac51386151 542c8ac685d4bf37c20fe8c1b758db347c1300495f467ee0cf4d335239c42b26
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/reelplay.06dc7f4c0.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:24 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: W/"661fde64-60b9"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Thu, 18 Apr 2024 14:05:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d613ed501bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/retrogames.bb592a878.svg | 154.197.121.128 | 200 OK | 7.3 kB |
URL GET HTTP/21win-cdn.com/img/retrogames.bb592a878.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hash58c68473b3dd3ae2f45e31560e366dbf 577748dead61e9aff6756db3bade90442cde170f e4305fe1e258b0357e17b29825d8fcf96aa9e60f453118e4a69066eb2c955207
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/retrogames.bb592a878.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:24 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: W/"661fde64-1cb4"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Thu, 18 Apr 2024 14:05:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d613fd551bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/spinomenal.e0cf93b3a.svg | 154.197.121.128 | 200 OK | 2.3 kB |
URL GET HTTP/21win-cdn.com/img/spinomenal.e0cf93b3a.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hashcccb25968af8377b09aaabb6aac79736 84938c2eeb2043bd681550b012601b0b0a2395b0 59b22e2b3007555e659e3a56f1c622f3635e7e0a7f284ce7b9a56dfe5fde9e9d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/spinomenal.e0cf93b3a.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:24 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: W/"661fde64-8d0"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5023
expires: Thu, 18 Apr 2024 14:05:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d6115ac11bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/css/82331.700755d00.css | 154.197.121.128 | 200 OK | 8.6 kB |
URL GET HTTP/21win-cdn.com/css/82331.700755d00.css IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeASCII text, with very long lines (8603), with no line terminators Hash23cb17a3decbee390666bc1375720d8c dda90103078b3f3762e9ef714940cf644a329da2 a5d30f640a28a22ca714bd2a3d7ec4b552350dc33bde8d9893d4563e2491d9ab
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /css/82331.700755d00.css HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:22 GMT
content-type: text/css
last-modified: Tue, 09 Apr 2024 10:12:46 GMT
etag: W/"6615149e-2198"
expires: Sun, 16 Apr 2034 10:05:22 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 771643
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d60a8c7c1bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/sprite-poker-frame@2.50a0c1527-256.png | 154.197.121.128 | 200 OK | 9.4 kB |
URL GET HTTP/21win-cdn.com/img/sprite-poker-frame@2.50a0c1527-256.png IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typePNG image data, 256 x 256, 8-bit colormap, non-interlaced Hashe46f588febb018229e3c2450c4a3d4f0 4904652973205c308ead578918f7ff5a6a27bf0e 855739792866720d46d60d1a9696327132ecb9a4e9420ec40a861c41a6e57e20
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/sprite-poker-frame@2.50a0c1527-256.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:23 GMT
content-type: image/png
content-length: 9422
cf-bgj: imgq:100,h2pri
cf-polished: origSize=10453
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "661fde64-28d5"
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
cf-cache-status: HIT
age: 1206
expires: Thu, 18 Apr 2024 14:05:23 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d60d2f011bfe-OSL
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/ezugi.a9c66babd.svg | 154.197.121.128 | 200 OK | 1.4 kB |
URL GET HTTP/21win-cdn.com/img/ezugi.a9c66babd.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hash329b99ccd51d8cd3e1a5c8a1b83a84eb ad907259ddfcffb089829ad24a4411ff1cd4b1c0 96e851dca3bca1d7d99061ec91cab28bd2c037ce8732e80a4ed601e86c0e67c4
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/ezugi.a9c66babd.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:24 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: W/"661fde64-59f"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Thu, 18 Apr 2024 14:05:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d612ec5d1bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/skywind.9cd4f870b.svg | 154.197.121.128 | 200 OK | 1.5 kB |
URL GET HTTP/21win-cdn.com/img/skywind.9cd4f870b.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hash6133bd0ec680372c4b1478cca75bd999 852e07d884235f5b480657590f2cba1ce4d53d7f 6e09ca60ae8119229bdebf17f96b69ea481296cf4da7dbd9c2d27ee8111d30f0
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/skywind.9cd4f870b.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:24 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: W/"661fde64-5e3"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5023
expires: Thu, 18 Apr 2024 14:05:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d6140d751bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win.direct/v4/socket.io/?Language=en&xorigin=1wrwn.com&EIO=4&transport=websocket | 134.122.54.186 | 101 Switching Protocols | 0 B |
URL GET HTTP/1.11win.direct/v4/socket.io/?Language=en&xorigin=1wrwn.com&EIO=4&transport=websocket IP134.122.54.186:443 ASN#14061 DIGITALOCEAN-ASN
CertificateIssuerLet's Encrypt Subject*.1win.direct Fingerprint52:A8:ED:F5:F8:3D:CF:F0:55:C1:2A:96:EA:32:49:27:6C:D8:26:27 ValiditySun, 17 Mar 2024 06:46:18 GMT - Sat, 15 Jun 2024 06:46:17 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /v4/socket.io/?Language=en&xorigin=1wrwn.com&EIO=4&transport=websocket HTTP/1.1
Host: 1win.direct
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://1wrwn.com
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: +wl9hRKccuxSOBgzF5vw8A==
DNT: 1
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Sec-Websocket-Accept: DYKGLcOSbAcO/EnVIft0dyjylco=
Sec-Websocket-Extensions: permessage-deflate
Set-Cookie: core-sticky=b82e8b50bda0dad; Path=/; HttpOnly
Upgrade: websocket
|
|
| imgproxy.1win-cdn.com/unsafe/banner_desktop_main_1x/plain/https://1win-cdn.com/img/cashback.f5a548e68-399.png@png | 188.114.96.1 | 200 OK | 58 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/banner_desktop_main_1x/plain/https://1win-cdn.com/img/cashback.f5a548e68-399.png@png IP188.114.96.1:443
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typePNG image data, 363 x 429, 8-bit colormap, non-interlaced Hashf5c26decf32eb643468c81ea9dc51585 32f26e84d2cc98f1f932ebba175eb9bb1cb18cfd 05bc5fe29e1b5dd0da7faf912adab322dbf0297cb36d5efdb12d64aff4d98ac7
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/banner_desktop_main_1x/plain/https://1win-cdn.com/img/cashback.f5a548e68-399.png@png HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:23 GMT
content-type: image/png
content-length: 58091
cache-control: public, max-age=31536000
content-disposition: inline; filename="cashback.f5a548e68-399.png"
content-security-policy: script-src 'none'
etag: "bYO6A3TkrGzIprX68BfyOBGJEQnSmCYqqMK6NzP2zdM/RIjY2MWQzNGU5LWNjOTki"
expires: Tue, 23 Apr 2024 10:26:50 GMT
x-request-id: 57KqBaeB6OdomANr1QMBZ
cf-cache-status: HIT
age: 171513
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RQxBGW9agfNFWdbiHWnjFgpC15%2F2%2FW5GFU1IsQEg1gWKl8JzGUvOaQk5MDDdoYDTT3yeNYvWtGnf%2FIMrpdSHZbV%2Bl5%2BYnxt33RrVNX0Ryi39Sw2wqyjs6zUgLbsxuIEvMURjlRBqoN8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d60c0a0356ba-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/boomerang.413a98511.svg | 154.197.121.128 | 200 OK | 36 kB |
URL GET HTTP/21win-cdn.com/img/boomerang.413a98511.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hashd37b7a09c29c7e0179175433f4b9cff7 9c24e32b7e570cd294ee7400d7b6b96348a6a8f9 e9eaf42baf55a608a7663e6f63812bd1faf020d3d75d6c12ddec5ea4b945e53a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/boomerang.413a98511.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:24 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:19 GMT
etag: W/"661fde63-8c38"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Thu, 18 Apr 2024 14:05:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d6129c181bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/c971b3cb-1bf8-4fc0-8970-fb258a3a0ac3.jpg@avif | 188.114.96.1 | 200 OK | 7.2 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/c971b3cb-1bf8-4fc0-8970-fb258a3a0ac3.jpg@avif IP188.114.96.1:443
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
Hash5a258a62a127acb8b8ad56770591d501 8452fa24937409b089d5a07b73ec4392b84c1a7e d039ac11879d3e157fe0dc5f8f4df871574a12c1d2cb1e8ed8586993f5684959
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/c971b3cb-1bf8-4fc0-8970-fb258a3a0ac3.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:24 GMT
content-type: image/avif
content-length: 7154
cache-control: public, max-age=31536000
content-disposition: inline; filename="c971b3cb-1bf8-4fc0-8970-fb258a3a0ac3.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY0NTExYzUwLTJjYTViIg"
expires: Thu, 25 Apr 2024 08:46:33 GMT
x-request-id: th0si--mGv2mjaolKBx3e
cf-cache-status: HIT
age: 4731
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=H5yx%2Bz%2Bb33MKSAnGH3dm3fxXyrtv4%2FJZGi1L%2FK9M99wsi%2FB5Nm8neDPMkJG2l7xWPd2CrdUfORVJFDcU%2FKzPhn7qPdhUfc4311vKuYy5wsKbV9La%2BpjhU0POIVSXt%2FRSqJyamLZDZeI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d614ced556ba-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/pragmatic/096d2c09-0aad-4662-8a89-4d8777978e05.png@avif | 188.114.96.1 | 200 OK | 5.0 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/pragmatic/096d2c09-0aad-4662-8a89-4d8777978e05.png@avif IP188.114.96.1:443
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
Hash4ed163b7295ee97d380351dd868d4216 6987db5ad9f1b684e98e657aacb7dd38706e6a34 f612299c5c7d80db2a40298d6efbcce5aa740cbf02b0bfad807a91a60a11f606
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/pragmatic/096d2c09-0aad-4662-8a89-4d8777978e05.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:24 GMT
content-type: image/avif
content-length: 4967
cache-control: public, max-age=31536000
content-disposition: inline; filename="096d2c09-0aad-4662-8a89-4d8777978e05.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1ZGRmMGJkLTRkZmFlIg"
expires: Thu, 25 Apr 2024 08:46:34 GMT
x-request-id: hbaU3tzNOANOezL0ltdBg
cf-cache-status: HIT
age: 4730
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UYJ0k%2ByxIl6WS9%2FDHcjzZ3EF1a2fqaCoRcybIW2YMnlupF88g6FJ%2BOge%2BxzKkvmJYbaEK20Q4kWnpi1IpceCDaiP7AAC65ZX2pC7ATPEJLyWSYx3plYlexE4cT0hkTtNz4A66pjnX94%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d615e88956ba-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/90511.4bc374431.js | 154.197.121.128 | 200 OK | 637 B |
URL GET HTTP/21win-cdn.com/js/90511.4bc374431.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (655), with no line terminators Hasha148eff943a30bc50c489b0cf73349ca 757f5c140878aca4fd1e3c8936e54f6abe59f95f ce9597252bbb61b1a89d84ac59a501e64985510009e7521964cdbf9933e32c09
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/90511.4bc374431.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:23 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-27d"
expires: Sun, 16 Apr 2034 10:05:23 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1225570
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d60bbd741bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/1win%20games.9b8574150.svg | 154.197.121.128 | 200 OK | 1.6 kB |
URL GET HTTP/21win-cdn.com/img/1win%20games.9b8574150.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hash50dad4fc2924bcfbb1745e9351fc32bd e71c68d2d20f197e3d4645e4d791436496b4528d 98974ebbc36d921b989f19beb197990dec088ab52912315b8a7854f4a8a871a2
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/1win%20games.9b8574150.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:24 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:18 GMT
etag: W/"661fde62-643"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5023
expires: Thu, 18 Apr 2024 14:05:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d6114abe1bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/88971.a170f9f22.js | 154.197.121.128 | 200 OK | 529 B |
URL GET HTTP/21win-cdn.com/js/88971.a170f9f22.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (547), with no line terminators Hash747fc30343cbabbbcd8246b2a4598ccc 9bf22fb112b065a447c3dc013d3e513f7814566d 7970a6d096e6162d9b534b3160178c89ea5aa9c041f6adf5294be76148e09780
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/88971.a170f9f22.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:24 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-211"
expires: Sun, 16 Apr 2034 10:05:24 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1225751
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d611bb1a1bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/revolver.25aaacada.svg | 154.197.121.128 | 200 OK | 3.9 kB |
URL GET HTTP/21win-cdn.com/img/revolver.25aaacada.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hash49db2026a7b56b5525113dde1df88e5f 145eaf3e89aaa41bc641b6cfd321d900f74065d6 6f0a14e96df44350c7101bb3382f02983f1eb98fced9d4309cf99b2210a96adc
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/revolver.25aaacada.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:24 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 09:06:17 GMT
etag: W/"6620e289-f28"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Thu, 18 Apr 2024 14:05:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d613fd5a1bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/spinomenal/b766d86a-eade-487b-98e3-7c58464e62de.png@avif | 188.114.96.1 | 200 OK | 9.3 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/spinomenal/b766d86a-eade-487b-98e3-7c58464e62de.png@avif IP188.114.96.1:443
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
Hash19ea6dc62a4b1d3b87a9940660698dd1 8c3052c6f52d60b40824437d282619e91034db7a 37fdf454398cc9c71d94e939cd12dc958e9380d776cc895395d52fca7ff78308
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/spinomenal/b766d86a-eade-487b-98e3-7c58464e62de.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:24 GMT
content-type: image/avif
content-length: 9300
cache-control: public, max-age=31536000
content-disposition: inline; filename="b766d86a-eade-487b-98e3-7c58464e62de.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY0MTJlYmFlLTMwYjZmIg"
expires: Thu, 25 Apr 2024 08:46:33 GMT
x-request-id: DSnRSuGxNXWGRKbRyfGob
cf-cache-status: HIT
age: 4731
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fZ8cSoo03ZFEf5DuH38Qntcr8Yq2SIc0oXwzfSJL%2FOQ4zyH0Mwetit9AMXFMIf%2Ft%2BJZP7IAomvl6%2F%2BKSbNqbMYDUDU8v%2Fxcev%2BczmyJ5rliCMMspa7LvzpjspVrOZKeuhyrh1piV0Uo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d614cee356ba-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/ufc.0ef6261ee.svg | 154.197.121.128 | 200 OK | 1.3 kB |
URL GET HTTP/21win-cdn.com/img/ufc.0ef6261ee.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hash5e1d7cc60040fd95a490ccc47b6d1e2a 7a5e6176ec8156ab9cdbbe382e92390f05bb388b f993e31c54b287c1ba4d046fb9e9fee3959cbf3a3608c7e8da6cfb4daa1ec083
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/ufc.0ef6261ee.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:23 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: W/"661fde64-527"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5500
expires: Thu, 18 Apr 2024 14:05:23 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d60fd9841bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/boldplay.70a46bd71.svg | 154.197.121.128 | 200 OK | 4.7 kB |
URL GET HTTP/21win-cdn.com/img/boldplay.70a46bd71.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hashb9145dace81bbcbef7d60609e72c9c63 c182aef9dae96fe22563e38cf8ad0bd5cfb9f588 8efe8d59068c4a443da7fca222bf01d3a94a01db7c7ace4463c434ff0aa93235
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/boldplay.70a46bd71.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:24 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:18 GMT
etag: W/"661fde62-123c"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Thu, 18 Apr 2024 14:05:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d6129c111bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/css/66261.79d94ee54.css | 154.197.121.128 | 200 OK | 57 kB |
URL GET HTTP/21win-cdn.com/css/66261.79d94ee54.css IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeASCII text, with very long lines (56987) Hash74b36a39fdcfa633f69a6f8742d9f84a b8fef9fb9d1b503d45e12bf1e7e8aa194fa2f9ed 4b40f851b45527a5e50da8852069bd76b7d9c4c23d5befdc4db89c66ad771033
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /css/66261.79d94ee54.css HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:22 GMT
content-type: text/css
last-modified: Mon, 08 Apr 2024 13:45:49 GMT
etag: W/"6613f50d-de9c"
expires: Sun, 16 Apr 2034 10:05:22 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 849126
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d60a6c671bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/font/SFNSText-cyrillic.211c5c35c.woff2 | 154.197.121.128 | 200 OK | 22 kB |
URL GET HTTP/21win-cdn.com/font/SFNSText-cyrillic.211c5c35c.woff2 IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 21916, version 1.0 Hash6396986c711f0dfc793140885fb00d41 6199282046b142fd34d950a274769b56cc85c87c 5d30f3756e0a53b580ebd92d46e748a7f51331f4637b6eb594f2b7a79f64245b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /font/SFNSText-cyrillic.211c5c35c.woff2 HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1wrwn.com
DNT: 1
Connection: keep-alive
Referer: https://1win-cdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:24 GMT
content-type: application/octet-stream
content-length: 21916
last-modified: Thu, 18 Apr 2024 09:06:16 GMT
etag: "6620e288-559c"
expires: Sun, 16 Apr 2034 10:05:24 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: MISS
accept-ranges: bytes
set-cookie: __cf_bm=XGrm7c8wrR.SYXKSzrcku_.RowxaFY1Bx3vp9KBNZvM-1713434724-1.0.1.1-l0vv0deAHyyd0BS5TdquDnPb4jk8eTtxG.p9o8QzJhZ11ZiM8CavCInVQzXtDJx7UO84dcFgQnIwL6cR90v93w; path=/; expires=Thu, 18-Apr-24 10:35:24 GMT; domain=.1win-cdn.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d6150f6656c7-OSL
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/gamebeat.5649e97f9.svg | 154.197.121.128 | 200 OK | 1.1 kB |
URL GET HTTP/21win-cdn.com/img/gamebeat.5649e97f9.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hashf47237dc478a7b0d1ed4d2687cc13396 66ce5afa1722b78b22858e1ae057290f36a13c81 af0e90737145635ae2a9807d550dfc2bd2746cbc50f74b828a3aa4c0e9a8ca19
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/gamebeat.5649e97f9.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:24 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: W/"661fde64-472"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5023
expires: Thu, 18 Apr 2024 14:05:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d6131c971bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/gamomat.593230062.svg | 154.197.121.128 | 200 OK | 643 B |
URL GET HTTP/21win-cdn.com/img/gamomat.593230062.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hashbfaa3d42e6ab264b9080e74f867e85de 5026f5b14a42af9eaaf3d09468fa27728287cdae 9911098f481a732b6e8ae3ff8ce922ae03f087eba0d8359f1ad1a23b8a71e630
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/gamomat.593230062.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:24 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: W/"661fde64-283"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Thu, 18 Apr 2024 14:05:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d6132ca51bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/tvbet/a6a15f20-ce33-4ddc-9763-e38986fcdb2c.jpg@avif | 188.114.96.1 | 200 OK | 6.6 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/tvbet/a6a15f20-ce33-4ddc-9763-e38986fcdb2c.jpg@avif IP188.114.96.1:443
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
Hashe96a71a5fe56033b87ca3809fb4fab55 22b9068fece941bf32a6e67885ea41fd70233ac6 e7d80eb4af58fe47ec89fadcf5b2e5969f43527c11668ae3f4af541fe61a5853
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/tvbet/a6a15f20-ce33-4ddc-9763-e38986fcdb2c.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:24 GMT
content-type: image/avif
content-length: 6634
cache-control: public, max-age=31536000
content-disposition: inline; filename="a6a15f20-ce33-4ddc-9763-e38986fcdb2c.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY2MGMxZWU2LTNlZDNkIg"
expires: Fri, 19 Apr 2024 08:18:29 GMT
x-request-id: Icb8kkVzIfkPQR92BQCQD
cf-cache-status: HIT
age: 524815
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wDSIvOeAP45YCLmBIwaj50szsKOwG%2BpFE1cd6RuUNqYIgitNNu%2Fo6WES663E2kbuPmd9uv96WAzkMucTSsYvF%2BjMNtA%2BeY7P3JvrPArlsjCpA66JebS68L70Ni%2BOB6qRdaDX1HTZF6k%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d615e89056ba-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/icons-pack-social.9f742da0f.js | 154.197.121.128 | 200 OK | 26 kB |
URL GET HTTP/21win-cdn.com/js/icons-pack-social.9f742da0f.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeJavaScript source, ASCII text, with very long lines (25529), with no line terminators Hasha8fbad4774767cb16ac5333d70cb3187 5aaf5a1861e92b6a6f1f9a5119cad337d3fd59b6 04805c7a629eb82f5a9d003d70c7cc4c7b8a9e9d20c651b6caacd2a76b580e90
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/icons-pack-social.9f742da0f.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:23 GMT
content-type: application/javascript; charset=utf-8
last-modified: Tue, 09 Apr 2024 10:12:46 GMT
etag: W/"6615149e-63b9"
expires: Sun, 16 Apr 2034 10:05:23 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 775985
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d60c7e431bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/oryx.ddc50c514.svg | 154.197.121.128 | 200 OK | 1.4 kB |
URL GET HTTP/21win-cdn.com/img/oryx.ddc50c514.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hashbe6fe09456c38389975b47be1d6e664c aa63088e5bb8604d301bf747e760f3fbb47cca9d f8822aadbf4cdec8d633d4b6e8e4928dde87a143cf57d6d9f018ffe50809f1b7
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/oryx.ddc50c514.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:24 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: W/"661fde64-557"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Thu, 18 Apr 2024 14:05:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d6139d121bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/sprite-roulette-frame@2.76ea5a241-256.png | 154.197.121.128 | 200 OK | 27 kB |
URL GET HTTP/21win-cdn.com/img/sprite-roulette-frame@2.76ea5a241-256.png IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typePNG image data, 256 x 256, 8-bit colormap, non-interlaced Hash9a35699413d56978ea4af6896f0aa16c c22d50770f376a17d5539919541496a1e1e5a626 396126da9646bf2bf8d5a2a9f1e449391db7861540ad243e0ca8c3e0c40fd012
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/sprite-roulette-frame@2.76ea5a241-256.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:23 GMT
content-type: image/png
content-length: 27297
cf-bgj: imgq:100,h2pri
cf-polished: origSize=29770
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "661fde64-744a"
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
cf-cache-status: HIT
age: 1206
expires: Thu, 18 Apr 2024 14:05:23 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d60d2ef71bfe-OSL
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/bombay%20live.ab678ab94.svg | 154.197.121.128 | 200 OK | 1.5 kB |
URL GET HTTP/21win-cdn.com/img/bombay%20live.ab678ab94.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hash291aed0c4eee33d7354cb7440283934c ed96adcc70c1f20adad6a9b7a4fa494c45a0d66e e74a67564e0b43deb9d4a6cf97c232567d7dc8111c457c32360d695c21692291
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/bombay%20live.ab678ab94.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:24 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:18 GMT
etag: W/"661fde62-5b4"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Thu, 18 Apr 2024 14:05:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d6129c141bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/cq9.5d5072e17.svg | 154.197.121.128 | 200 OK | 4.6 kB |
URL GET HTTP/21win-cdn.com/img/cq9.5d5072e17.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hash47469c2cd9d79b1305e3e02f76d0dc24 d63ca4b97bbdd2533e5c1ac86bacd621a4150410 cbdced2050313c54915ec2417995b7de59675fffbbedf861202570a6e4ad5536
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/cq9.5d5072e17.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:24 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: W/"661fde64-120b"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Thu, 18 Apr 2024 14:05:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d612bc2d1bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| region1.analytics.google.com/g/collect?v=2&tid=G-548949LWLW>m=45je44f0v894728184z8894400803za200&_p=1713434722904&_gaz=1&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=386763772.1713434725&ul=en-us&sr=1280x1024&pscdl=noapi&_s=1&dp=%2F&sid=1713434724&sct=1&seg=0&dl=https%3A%2F%2F1wrwn.com%2F&dt=1win&en=page_view&_fv=1&_nsi=1&_ss=1&ep.page_url=https%3A%2F%2F1wrwn.com%2F&up.UserID=&up.platform_language=en&up.device_type=desktop&up.platform=web&up.os=other&tfd=3989 | 216.239.34.36 | 204 No Content | 0 B |
URL POST HTTP/2region1.analytics.google.com/g/collect?v=2&tid=G-548949LWLW>m=45je44f0v894728184z8894400803za200&_p=1713434722904&_gaz=1&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=386763772.1713434725&ul=en-us&sr=1280x1024&pscdl=noapi&_s=1&dp=%2F&sid=1713434724&sct=1&seg=0&dl=https%3A%2F%2F1wrwn.com%2F&dt=1win&en=page_view&_fv=1&_nsi=1&_ss=1&ep.page_url=https%3A%2F%2F1wrwn.com%2F&up.UserID=&up.platform_language=en&up.device_type=desktop&up.platform=web&up.os=other&tfd=3989 IP216.239.34.36:443
CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com FingerprintBF:40:8C:8B:CB:69:1E:3F:E2:3B:B7:8A:8E:C0:D6:98:5F:81:FA:2D ValidityMon, 04 Mar 2024 06:35:45 GMT - Mon, 27 May 2024 06:35:44 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-548949LWLW>m=45je44f0v894728184z8894400803za200&_p=1713434722904&_gaz=1&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=386763772.1713434725&ul=en-us&sr=1280x1024&pscdl=noapi&_s=1&dp=%2F&sid=1713434724&sct=1&seg=0&dl=https%3A%2F%2F1wrwn.com%2F&dt=1win&en=page_view&_fv=1&_nsi=1&_ss=1&ep.page_url=https%3A%2F%2F1wrwn.com%2F&up.UserID=&up.platform_language=en&up.device_type=desktop&up.platform=web&up.os=other&tfd=3989 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1wrwn.com
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: https://1wrwn.com
date: Thu, 18 Apr 2024 10:05:25 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/banner_desktop_main_1x/plain/https://1win-cdn.com/img/bonus.8be9e8f98-362.png@png | 188.114.96.1 | 200 OK | 50 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/banner_desktop_main_1x/plain/https://1win-cdn.com/img/bonus.8be9e8f98-362.png@png IP188.114.96.1:443
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typePNG image data, 362 x 429, 8-bit colormap, non-interlaced Hashb0b99e0a3f5f6fc44052e30eae903c63 822d3283ea4b2e2dba9b7454a3cce37dd7b67d7a e8a9883494dafb98df5bc26bae6e699673f4dcc1ee90aa8b5296f3ff88f66954
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/banner_desktop_main_1x/plain/https://1win-cdn.com/img/bonus.8be9e8f98-362.png@png HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:23 GMT
content-type: image/png
content-length: 49865
cache-control: public, max-age=31536000
content-disposition: inline; filename="bonus.8be9e8f98-362.png"
content-security-policy: script-src 'none'
etag: "bYO6A3TkrGzIprX68BfyOBGJEQnSmCYqqMK6NzP2zdM/RIjY2MTk3MDAyLWMyMGQi"
expires: Sat, 20 Apr 2024 02:21:29 GMT
x-request-id: BYtXBMQfkZLn172W9QshN
cf-cache-status: HIT
age: 459834
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VcmmhOgFDxabGIHs9BSeJMunoecllpx0GHOaeEcmyCAaNu2JvwfH1AYY5SOJ5G4BfT9lQ7WSxiFjpzsGhDwGZ8fTqLUEz0OlU5ogkROTGdG22ZXF9gbrz9kRhew5j9TtIv9if7NIUHU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d60c1a1056ba-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/itf.9b1402c42.svg | 154.197.121.128 | 200 OK | 2.8 kB |
URL GET HTTP/21win-cdn.com/img/itf.9b1402c42.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hash27cca74bc2226d97c21e7f62ff3d1865 737970ba7c15660eb385cd530793056ea1106019 c1ee5d4712434ef1e4d165c360d4931abdf99d8e8fc81bfa8d64ca8cf8f9fe64
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/itf.9b1402c42.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:23 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 09:06:17 GMT
etag: W/"6620e289-af0"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Thu, 18 Apr 2024 14:05:23 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d60fd98b1bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/nolimit%20city.5b7440267.svg | 154.197.121.128 | 200 OK | 1.7 kB |
URL GET HTTP/21win-cdn.com/img/nolimit%20city.5b7440267.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hashb922d7644363785eac0ec67b0a31e5b5 aeb685310c81a6bbde2c3dc8c6e4bfcf59c77336 f5949bda30ca6a410fa6db0e60789cad60c32183d2f52b4888ab292910bd45bc
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/nolimit%20city.5b7440267.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:24 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: W/"661fde64-693"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Thu, 18 Apr 2024 14:05:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d6138d0a1bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/spribe.7ce760055.svg | 154.197.121.128 | 200 OK | 1.7 kB |
URL GET HTTP/21win-cdn.com/img/spribe.7ce760055.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hash33a9e45726e8faebc5b2e6d77375cd5e cfb38d5cee2ec3a48d5bfa1a3b9c3806557dcb6f 1645b2d498bc98d5a05875f6d2d3681236d254cc2f8837965c925e511db72df1
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/spribe.7ce760055.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:24 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: W/"661fde64-6a8"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 737
expires: Thu, 18 Apr 2024 14:05:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d6143da11bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/tvbet.fea6d0222.svg | 154.197.121.128 | 200 OK | 9.4 kB |
URL GET HTTP/21win-cdn.com/img/tvbet.fea6d0222.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hashdaf98e0c0d45cb1db158d09bd07e4959 2c28a0c557fb1cf89267d49d2d5ff2a958f896c9 e3f1319aa5c6feb25f6b42156eda20d784b7a7fa6ed97488292a7f5e23b44ab4
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/tvbet.fea6d0222.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:24 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: W/"661fde64-24ca"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5023
expires: Thu, 18 Apr 2024 14:05:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d6145dc41bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/7mojos%20slots.c8ad63b4f.svg | 154.197.121.128 | 200 OK | 9.0 kB |
URL GET HTTP/21win-cdn.com/img/7mojos%20slots.c8ad63b4f.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hashee7f334d83ac78ee94aa7cb499a7d252 acaf3f1ec2dd643c920f036bceed9922c4398d9a eef20c5785f1ea1445bc5d54982011d999ae577a2d354eb7035465336ad1555b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/7mojos%20slots.c8ad63b4f.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:24 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:18 GMT
etag: W/"661fde62-233d"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Thu, 18 Apr 2024 14:05:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d611eb691bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/flags/ru.svg | 154.197.121.128 | 200 OK | 272 B |
URL GET HTTP/21win-cdn.com/img/flags/ru.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hash1e2eacb55168e45f6bbdbfc284e0b55b 0de213a0e24d44e6224f44df56a5f8abc494a6bb a753be656b537e9622f95996dd87e012d7e9daa74511a6465dea7023782d6dc7
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/flags/ru.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:24 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:18 GMT
etag: W/"661fde62-110"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5142
expires: Thu, 18 Apr 2024 14:05:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d615df4e1bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/igrosoft.69f8e3ca4.svg | 154.197.121.128 | 200 OK | 1.3 kB |
URL GET HTTP/21win-cdn.com/img/igrosoft.69f8e3ca4.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hashc193a82075a3318b6b01f6652548e025 008409af9a242969c8c0205fc8052d17b61410b3 71151a1f7c348dc26ab089351320dfd6cf0ccfe3c0019c475e0917c0f9b353f8
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/igrosoft.69f8e3ca4.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:24 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: W/"661fde64-500"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 525
expires: Thu, 18 Apr 2024 14:05:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d6133cbe1bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/fbcbd07e-2fbd-4b00-9edd-96eaae801b22.png@avif | 188.114.96.1 | 200 OK | 8.3 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/fbcbd07e-2fbd-4b00-9edd-96eaae801b22.png@avif IP188.114.96.1:443
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
Hash9867f5ddac7eff5f2fd88dfdec8fd493 6ea9a242437fe23c61e09a00030ae3eee78d3cd1 2a35868035bda3ac30307b7226b56456bb7bab2d244b808e07d3384cd18ba1e1
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/fbcbd07e-2fbd-4b00-9edd-96eaae801b22.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:24 GMT
content-type: image/avif
content-length: 8337
cache-control: public, max-age=31536000
content-disposition: inline; filename="fbcbd07e-2fbd-4b00-9edd-96eaae801b22.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1ZTFkNjFmLTdjN2M4Ig"
expires: Thu, 25 Apr 2024 08:46:33 GMT
x-request-id: 5VTNJ9Z4o3ig4Jxp6vwoI
cf-cache-status: HIT
age: 4731
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wr9WiPEnpQPXMpYhGT25w%2Bk%2F5tvU6M%2F90YaQisTb4xAKH7OLFjACF64f%2FGOdqoP4xGFjZ0zCwJfPexhefbIW6vCVP%2B4QyUPsySNFR4TmODG8x%2BphEcHoTVW1tda3H6I4gB7TBRM68x0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d614df0856ba-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/banner_desktop_main_1x/plain/https://1win-cdn.com/img/cashback.f5a548e68-399.png@avif | 188.114.96.1 | 200 OK | 6.5 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/banner_desktop_main_1x/plain/https://1win-cdn.com/img/cashback.f5a548e68-399.png@avif IP188.114.96.1:443
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
Hash6eb918cc26ed4d4b3f96d5b031ebdd69 aca2ee56704a569aa16df44cd5420c8bfb31c6f1 3fba98236326ef72ca6967cc5e0f6ccd4f0f8cce5d06df23e1cbd78713ada4e9
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/banner_desktop_main_1x/plain/https://1win-cdn.com/img/cashback.f5a548e68-399.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:23 GMT
content-type: image/avif
content-length: 6537
cache-control: public, max-age=31536000
content-disposition: inline; filename="cashback.f5a548e68-399.avif"
content-security-policy: script-src 'none'
etag: "afr-jhlkuoDx_XrwjiuFbkzj6HdVsjvDmAeQvV8BbYs/RIjY2MWNmNWE0LWNjOTki"
expires: Mon, 22 Apr 2024 10:47:34 GMT
x-request-id: 5kIWlXmfDst0FwkarnHsl
cf-cache-status: HIT
age: 256669
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=U6J%2BwRNRdXRdEqohid9Yrs%2F4ZCyfUg0XQ0xp4UfvhLoBuM3Pr0RUNKaFrcuSYxm5Ir84UzVQEr8e%2B5nzfP83CmrcAKBcOENt8WwFXaT0r6aaPcoROl7FdARVKHZHe5cBrp7aYzHVyYQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d60e5d6f56ba-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/1play/ddab8f2c-09e4-4501-8d94-fa786cd3fc2d.png@avif | 188.114.96.1 | 200 OK | 7.5 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/1play/ddab8f2c-09e4-4501-8d94-fa786cd3fc2d.png@avif IP188.114.96.1:443
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
Hash513f3198a187e1d23253286e6e6c1f00 fc18a35dfde5d07e13da9d42681541942e92bc0b 47c47c9c1baf50edcde06130657e3eb321cedabedaa0c3da51806079548980dc
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/1play/ddab8f2c-09e4-4501-8d94-fa786cd3fc2d.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:24 GMT
content-type: image/avif
content-length: 7494
cache-control: public, max-age=31536000
content-disposition: inline; filename="ddab8f2c-09e4-4501-8d94-fa786cd3fc2d.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1YjM4MWU5LTJhM2VmIg"
expires: Thu, 25 Apr 2024 08:46:33 GMT
x-request-id: 7E-VjHnz0JIzJtzXxZNLZ
cf-cache-status: HIT
age: 4731
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CVXHYpl6xvi3guJC%2F%2BJVMDhlBlSqJSWcNuvJBbZv4Ukf0lJ4wYKOEAerbDpcTncwCWAOEETMsOasX5LI1%2Bl1SB1W%2BOUyUiCib9%2FpgpWUmriVqWUJiuL1RfZSmX0jp2meudnfM5BwrUU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d61159b056ba-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/1x2%20multiplayer.00302c7de.svg | 154.197.121.128 | 200 OK | 2.6 kB |
URL GET HTTP/21win-cdn.com/img/1x2%20multiplayer.00302c7de.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hash113eb6d7137f5f70e8e824f5487e85bd 3d4d5852693e551b81b3d8106608e11bdb3a5080 72f4e464420bdd29f86767f770246a82e37d7d54e601f3f460fdcaf351339a0b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/1x2%20multiplayer.00302c7de.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:24 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:18 GMT
etag: W/"661fde62-9fb"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Thu, 18 Apr 2024 14:05:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d611cb3a1bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/netgame.8e28ed366.svg | 154.197.121.128 | 200 OK | 2.9 kB |
URL GET HTTP/21win-cdn.com/img/netgame.8e28ed366.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hashf7a27f15353cbc6d80464cb321e6f7cd 8e9d03da3c5f00a3a228b545cb8759e837059323 c7829189320f0892562d94639b839e69ab98bc4148e5827a634127bcc2ba9740
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/netgame.8e28ed366.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:24 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: W/"661fde64-b65"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5142
expires: Thu, 18 Apr 2024 14:05:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d6138d071bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/onlyplay.1c7a3c455.svg | 154.197.121.128 | 200 OK | 1.7 kB |
URL GET HTTP/21win-cdn.com/img/onlyplay.1c7a3c455.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint3F:C7:8F:FD:6E:53:38:E3:00:F5:41:B9:AE:6E:0F:5A:4B:2A:DC:64 ValidityTue, 05 Mar 2024 09:32:59 GMT - Mon, 03 Jun 2024 09:32:58 GMT
File typeSVG Scalable Vector Graphics image Hashc3e69f9fed9cc0cf56f269a871ebf7b8 24c64655556df116228009b2d0e64950404e45a2 c983a2f37ed5b2c73940d48dc81e885d6fa8136a5e0f3399e426e427dd7ff5ff
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/onlyplay.1c7a3c455.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wrwn.com/
Cookie: __cf_bm=62xGqvSsJAX7e.Eull_yVcfJdjy4sde3qgpVzzs9V.0-1713434721-1.0.1.1-DYb9Ydr_oXZzdQf17KC1WjYxuN8isxCi6H_l4iWqGHP97jjnkZLYkZdlI1Z7JvWLdETAWaeCw4uOJiLfZLecVw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 10:05:24 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 14:36:20 GMT
etag: W/"661fde64-6ad"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5023
expires: Thu, 18 Apr 2024 14:05:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8763d6139d0f1bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|