| |  190.115.24.78 | 200 OK | 212 kB |
URL User Request GET HTTP/2IP190.115.24.78:443
CertificateIssuerLet's Encrypt Subject1wxei.com FingerprintCA:3F:CE:4F:5D:2D:36:0F:E0:57:FA:FD:DA:AD:4D:90:21:89:F1:42 ValidityWed, 08 May 2024 01:46:30 GMT - Tue, 06 Aug 2024 01:46:29 GMT
File typegzip compressed data, from Unix Size212 kB (211674 bytes) Hash96827d6df873746b55b0c29850b6c17d 9b9ea29ab77586a3468add18cb6ef3ba379d3ed4 e6bb3729762b6d64edcb08789b1c109cee3efd585cb9024f5198dd0908233638
GET / HTTP/1.1
Host: 1wxei.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg1_=5vrZ4YHNusaOFg33JmNC; Domain=.1wxei.com; HttpOnly; Path=/; Expires=Thu, 08-May-2025 16:05:23 GMT
date: Wed, 08 May 2024 16:05:23 GMT
content-type: text/html; charset=utf-8
x-request-id: QWz666YocPmEVOAI
vary: Origin
access-control-allow-origin: *
x-match-domain: 1wxei.com
x-frame-options: ALLOW-FROM ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan, ALLOW-FROM 1win-partner.com ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1wxei.com/img/logo/main/1win-normal.svg | 190.115.24.78 | 200 OK | 1.5 kB |
URL GET HTTP/21wxei.com/img/logo/main/1win-normal.svg IP190.115.24.78:443
CertificateIssuerLet's Encrypt Subject1wxei.com FingerprintCA:3F:CE:4F:5D:2D:36:0F:E0:57:FA:FD:DA:AD:4D:90:21:89:F1:42 ValidityWed, 08 May 2024 01:46:30 GMT - Tue, 06 Aug 2024 01:46:29 GMT
File typeSVG Scalable Vector Graphics image Hash0a5e2aff3499f587617337c0add83e72 c713ec3dbfd744114ba3b9cbf7b9ce3d40fbd8a4 a5cb3d03f299b837679eaa793491a03acc5fc1afdbc7f207b7566646f3bd2ecb
GET /img/logo/main/1win-normal.svg HTTP/1.1
Host: 1wxei.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __ddg1_=5vrZ4YHNusaOFg33JmNC
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: ddos-guard
date: Wed, 08 May 2024 03:51:14 GMT
content-type: image/svg+xml
last-modified: Tue, 07 May 2024 18:33:33 GMT
etag: W/"663a73fd-1221"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
content-encoding: br
vary: Accept-Encoding
age: 44049
content-length: 1474
ddg-cache-status: HIT
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/font/SFNSDisplay-latin.50a4eaff3.woff2 |  154.197.121.128 | 200 OK | 33 kB |
URL GET HTTP/21win-cdn.com/font/SFNSDisplay-latin.50a4eaff3.woff2 IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 33064, version 1.0 Hashde175cbf569bb3ccf1f761c845cbd896 8d93663b858bae157ba5fc40e1400177104d71bd df3772666587111462634070c47969ad9687bbf80d0694bb2e6c33be39434d68
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /font/SFNSDisplay-latin.50a4eaff3.woff2 HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1wxei.com/
Origin: https://1wxei.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:23 GMT
content-type: application/octet-stream
content-length: 33064
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: "663b6aff-8128"
expires: Sat, 06 May 2034 16:05:23 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: MISS
accept-ranges: bytes
set-cookie: __cf_bm=uzpEI0pGj2iUO4cb9ZZcTjuOSx02t2C8jpW_.Ex3eG8-1715184323-1.0.1.1-B9R_SYBCt7dRp76yZtBJy.do1uLJ._hFEz_uF5vIbgw6GGardYMx_tzVQ.mi2pVIgaZ_0l6LdufvC4xB5RXq6Q; path=/; expires=Wed, 08-May-24 16:35:23 GMT; domain=.1win-cdn.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab0e68880b50f-OSL
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/font/SFNSText-latin.f09aa5229.woff2 | 154.197.121.128 | 200 OK | 44 kB |
URL GET HTTP/21win-cdn.com/font/SFNSText-latin.f09aa5229.woff2 IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 43512, version 1.0 Hash426f20bb65ea80d35f3f2a999d5d7d1e 85f211a450f26d7f0822d718fc61085a506fa455 06e02d3d2d01bb2c88786b0a2dd2d692f6659c0159ec4754f7db49c12e03b0d6
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /font/SFNSText-latin.f09aa5229.woff2 HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1wxei.com/
Origin: https://1wxei.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:23 GMT
content-type: application/octet-stream
content-length: 43512
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: "663b6aff-a9f8"
expires: Sat, 06 May 2034 16:05:23 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: MISS
accept-ranges: bytes
set-cookie: __cf_bm=h2Zs_6t7P4TGa8wV_fX1NXMIcNTBRst5VHvRSMIlDAY-1715184323-1.0.1.1-rRf1fujCiXIX56R8RS93pjtxrNYuxTRf8Z610QwDFDMQdFc0veh13WXRq9XLhfJ61ubPjWeCPsJ_QKcIqLqWow; path=/; expires=Wed, 08-May-24 16:35:23 GMT; domain=.1win-cdn.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab0e6a89fb50f-OSL
X-Firefox-Spdy: h2
|
|
| 1wxei.com/affiliate:link_visit?visit_domain=1wxei.com&sub_ids=undefined | 190.115.24.78 | 200 OK | 394 B |
URL GET HTTP/21wxei.com/affiliate:link_visit?visit_domain=1wxei.com&sub_ids=undefined IP190.115.24.78:443
CertificateIssuerLet's Encrypt Subject1wxei.com FingerprintCA:3F:CE:4F:5D:2D:36:0F:E0:57:FA:FD:DA:AD:4D:90:21:89:F1:42 ValidityWed, 08 May 2024 01:46:30 GMT - Tue, 06 Aug 2024 01:46:29 GMT
File typegzip compressed data, from Unix Hash6343828acd97e18ffee68f5a7a85074e b19a97a91fc4c6446ad1ac88c1da25c22db0f673 071bd2ea8f654dfbe84ec1e08076493cddf7f9e059c188c6915a87be6cc71a1a
GET /affiliate:link_visit?visit_domain=1wxei.com&sub_ids=undefined HTTP/1.1
Host: 1wxei.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1wxei.com/
DNT: 1
Connection: keep-alive
Cookie: __ddg1_=5vrZ4YHNusaOFg33JmNC; visit_domain=1wxei.com
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: ddos-guard
date: Wed, 08 May 2024 16:05:24 GMT
content-type: application/json; charset=utf-8
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Authorization, X-Origin
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin: undefined
access-control-expose-headers: Authorization
access-control-max-age: 7200
etag: W/"25-Zj67mG54TfZ031q1ea2QwFUXWX4"
set-cookie: core-sticky=http://10.233.84.5:80; Path=/; HttpOnly
x-powered-by: Express
x-frame-options: ALLOW-FROM ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan, ALLOW-FROM 1win-partner.com ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/chunk-common.4d30f7085.js | 154.197.121.128 | 200 OK | 69 kB |
URL GET HTTP/21win-cdn.com/js/chunk-common.4d30f7085.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hash84ee3c036116d96cb79de3f5a2de31cc 99caf6451fa42c475bab54462337675c45a112a8 c28116562ba20c87acc3c2ad31c571bb41c8df3bcbff2489b1760fa3e532f823
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/chunk-common.4d30f7085.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:23 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-2ec4e"
expires: Sat, 06 May 2034 16:05:23 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 13701
set-cookie: __cf_bm=YDZK20kl8BMaRqHf3tAwAVhm9u8RsN0exZ.XRIUrE.g-1715184323-1.0.1.1-WjNE5sWaF7EKqG6SZHl_BBRpnkWt74uveIBbEjcLjAVzRc5V_L_qLJb1kpbBJlfzqSLYHMkx3stONwtTRnRNTA; path=/; expires=Wed, 08-May-24 16:35:23 GMT; domain=.1win-cdn.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab0e6af94712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/index.7c7c5049f.js | 154.197.121.128 | 200 OK | 86 kB |
URL GET HTTP/21win-cdn.com/js/index.7c7c5049f.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hashdf023d72bf41f92c080be41938f9aa07 db96dac7a2a335767b1fd0d2d689cf2659f4f0c1 9bd651e1636f7d50c0c76f1f88ed1752568900fdef966e7e52b047bec6ca0673
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/index.7c7c5049f.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:23 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-3128e"
expires: Sat, 06 May 2034 16:05:23 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 13701
set-cookie: __cf_bm=d0OZCnSem7nLrpHAxNaQtT66hYuD27O4QbcpV2Nu4Bs-1715184323-1.0.1.1-IrTyFXOmyfgkPlq7.P9bU8mgffdN_W6QHqm.59nCs2Gfpm6JmTprvAmZHilJEzyHfQ3Dv3Bj50t0jy11UO64vA; path=/; expires=Wed, 08-May-24 16:35:23 GMT; domain=.1win-cdn.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab0e6af9a712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/chunk-vendors.84f8d8042.js | 154.197.121.128 | 200 OK | 89 kB |
URL GET HTTP/21win-cdn.com/js/chunk-vendors.84f8d8042.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hash67c4288f76ce06008990679b9e2ac6c9 2062ad02d6422e933f2bb10942107030a1ae1bf9 f997f9bc9297e98d5171722d8924bd49f4238063042cf3de6450fc0467437c41
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/chunk-vendors.84f8d8042.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:23 GMT
content-type: application/javascript; charset=utf-8
last-modified: Thu, 25 Apr 2024 11:30:31 GMT
etag: W/"662a3ed7-3bb32"
expires: Sat, 06 May 2034 16:05:23 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 676376
set-cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ; path=/; expires=Wed, 08-May-24 16:35:23 GMT; domain=.1win-cdn.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab0e6bf9e712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win.direct/v4/socket.io/?Language=en&xorigin=1wxei.com&EIO=4&transport=websocket |  134.122.54.186 | | 0 B |
URL 1win.direct/v4/socket.io/?Language=en&xorigin=1wxei.com&EIO=4&transport=websocket IP134.122.54.186:0 ASN#14061 DIGITALOCEAN-ASN
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /v4/socket.io/?Language=en&xorigin=1wxei.com&EIO=4&transport=websocket HTTP/1.1
Host: 1win.direct
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://1wxei.com
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: qzEuhJMTcbpgtnwssjtpRw==
DNT: 1
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Sec-Websocket-Accept: DAh8sTZFF26YjPmXvlYVmZ/MSdo=
Sec-Websocket-Extensions: permessage-deflate
Set-Cookie: core-sticky=96c6ced66f0d2109; Path=/; HttpOnly
Upgrade: websocket
|
|
| 1wxei.com/firebase/8.1.1/firebase-app.js | 190.115.24.78 | 200 OK | 6.6 kB |
URL GET HTTP/21wxei.com/firebase/8.1.1/firebase-app.js IP190.115.24.78:443
CertificateIssuerLet's Encrypt Subject1wxei.com FingerprintCA:3F:CE:4F:5D:2D:36:0F:E0:57:FA:FD:DA:AD:4D:90:21:89:F1:42 ValidityWed, 08 May 2024 01:46:30 GMT - Tue, 06 Aug 2024 01:46:29 GMT
File typeJavaScript source, ASCII text, with very long lines (19927) Hash5b9dcee25dd464bbf914b48e05e770c7 3f4e99ad6ce1fb6eb6be51dbd50ffab375eb0533 01a87f9f8138f66274cfedb855c0bfbe1529600a65ed26b0c863533e1e94abce
GET /firebase/8.1.1/firebase-app.js HTTP/1.1
Host: 1wxei.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __ddg1_=5vrZ4YHNusaOFg33JmNC; visit_domain=1wxei.com; core-sticky=http://10.233.84.5:80; 1w_lang=en; 1w_locale=1; AMP_494cccfe21=JTdCJTIyZGV2aWNlSWQlMjIlM0ElMjJiMGUxZDlhOS05YzAxLTQ1MWEtYTkxNS00ZjZmZmExZDVjOGElMjIlMkMlMjJzZXNzaW9uSWQlMjIlM0ExNzE1MTg0MzI0MzIzJTJDJTIyb3B0T3V0JTIyJTNBZmFsc2UlMkMlMjJsYXN0RXZlbnRUaW1lJTIyJTNBMTcxNTE4NDMyNDM2NSUyQyUyMmxhc3RFdmVudElkJTIyJTNBMCU3RA==; AMP_MKTG_494cccfe21=JTdCJTdE
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: ddos-guard
date: Wed, 08 May 2024 03:51:15 GMT
content-type: application/javascript
last-modified: Tue, 07 May 2024 18:33:33 GMT
etag: W/"663a73fd-4ded"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: ALLOW-FROM ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan, ALLOW-FROM 1win-partner.com ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan
content-encoding: br
vary: Accept-Encoding
age: 44050
content-length: 6578
ddg-cache-status: HIT
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/745.e45080fd0.js | 154.197.121.128 | 200 OK | 17 kB |
URL GET HTTP/21win-cdn.com/js/745.e45080fd0.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hash6eee959241ece83a32b339fd6541b13a 347faca752bcd564e383eb2945d90c624dcea162 70ad3870c29c703674e8fdbe36a9d629dd4b5dec349ff592fe6433cc27bf6225
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/745.e45080fd0.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:26 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-5eb8"
expires: Sat, 06 May 2034 16:05:26 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 13658
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab0f5fe51712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/37061.57ea53f4c.js | 154.197.121.128 | 200 OK | 10 kB |
URL GET HTTP/21win-cdn.com/js/37061.57ea53f4c.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hash0f3e2cdbd32109ccf30ee07ad7da9934 a0d44f51098639cd8e4a8c381497156a4409edce 575bd31bed450bd0e2000dd3f4a071e8ff3a76f4168f989605aacc3a2ee092d4
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/37061.57ea53f4c.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:25 GMT
content-type: application/javascript; charset=utf-8
last-modified: Fri, 26 Apr 2024 16:49:25 GMT
etag: W/"662bdb15-6074"
expires: Sat, 06 May 2034 16:05:25 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 676313
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab0f54d6c712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/39061.47d3b467c.js | 154.197.121.128 | 200 OK | 26 kB |
URL GET HTTP/21win-cdn.com/js/39061.47d3b467c.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hashcee5d5865a1dd1c8b77b4939f603d0c2 8a59ee0da8fc07a1a7052c54675249560197432e cfcfd1f69ae63ac50dc4d6f43b1550bd3a6ad07119a838f3d2c4192c20f93f60
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/39061.47d3b467c.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:25 GMT
content-type: application/javascript; charset=utf-8
last-modified: Fri, 03 May 2024 08:45:03 GMT
etag: W/"6634a40f-16929"
expires: Sat, 06 May 2034 16:05:25 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 456997
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab0f56d8d712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/css/48357.321450720.css | 154.197.121.128 | 200 OK | 112 kB |
URL GET HTTP/21win-cdn.com/css/48357.321450720.css IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Size112 kB (112228 bytes) Hash284828f5eae814cfc2c51e679fdf2447 6276b27a78e656e0fce9687c0027ac42769b58e9 7240c8b90f49a2ba807c5df907b71a3b10ffde40a043358c8461d58ecd607493
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /css/48357.321450720.css HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:26 GMT
content-type: text/css
last-modified: Fri, 26 Apr 2024 11:07:10 GMT
etag: W/"662b8ade-4c23"
expires: Sat, 06 May 2034 16:05:26 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 686296
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab0f57da8712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/css/58988.a289e8e93.css | 154.197.121.128 | 200 OK | 8.6 kB |
URL GET HTTP/21win-cdn.com/css/58988.a289e8e93.css IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hasheec1e41aadf68417660adf49a4028b00 00abe3b2f00c534a078d966912eab8df380cac83 e7980efb8135f3ea5a30395227e6c625d52f6a403fe22e3f271d9a8d312064c8
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /css/58988.a289e8e93.css HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:26 GMT
content-type: text/css
last-modified: Tue, 07 May 2024 13:17:22 GMT
etag: W/"663a29e2-af48"
expires: Sat, 06 May 2034 16:05:26 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 91793
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab0f5ee44712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/home-poker-banner-bg.daea5f5cb-600.png | 154.197.121.128 | 200 OK | 20 kB |
URL GET HTTP/21win-cdn.com/img/home-poker-banner-bg.daea5f5cb-600.png IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typePNG image data, 600 x 295, 8-bit colormap, non-interlaced Hashb924bd42443557a1ef9d41f043ddf175 a9db601e2941557cba7e3e688390aa43e8411e2e 8103c7873a41f0c2d28c5738b5bfb26bf324123930e0f49f7cf83964211b1def
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/home-poker-banner-bg.daea5f5cb-600.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:26 GMT
content-type: image/png
content-length: 19467
cf-bgj: imgq:100,h2pri
cf-polished: origSize=21524
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "663b6aff-5414"
last-modified: Wed, 08 May 2024 12:07:27 GMT
cf-cache-status: HIT
age: 5622
expires: Wed, 08 May 2024 20:05:26 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab0f80996712a-OSL
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/banner_desktop_main_1x/plain/https://1win-cdn.com/img/cashback.f5a548e68-399.png@png | 188.114.96.1 | 200 OK | 58 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/banner_desktop_main_1x/plain/https://1win-cdn.com/img/cashback.f5a548e68-399.png@png IP188.114.96.1:443
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typePNG image data, 363 x 429, 8-bit colormap, non-interlaced Hashf5c26decf32eb643468c81ea9dc51585 32f26e84d2cc98f1f932ebba175eb9bb1cb18cfd 05bc5fe29e1b5dd0da7faf912adab322dbf0297cb36d5efdb12d64aff4d98ac7
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/banner_desktop_main_1x/plain/https://1win-cdn.com/img/cashback.f5a548e68-399.png@png HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:26 GMT
content-type: image/png
content-length: 58091
cache-control: public, max-age=31536000
content-disposition: inline; filename="cashback.f5a548e68-399.png"
content-security-policy: script-src 'none'
etag: "bYO6A3TkrGzIprX68BfyOBGJEQnSmCYqqMK6NzP2zdM/RIjY2M2E3M2ZkLWNjOTki"
x-request-id: ZvfeYZMdT2-SruKp-rnmq
cf-cache-status: HIT
age: 26528
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qSRCLkAwv%2FIFoiSR2vBXWo3ucQN4%2FA%2Faha3cDy3oPymI1ynVqjm8ApNYgriPVP1vK4grFJaDS%2BTBuZ8l%2BjNvA1nZmNlzyTOzOC3uQfYPkjPncVXoFSroXNVBVe4LERVIEz9nt9rX3zk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab0f8181a569a-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/banner_desktop_main_1x/plain/https://1win-cdn.com/img/bonus.8be9e8f98-362.png@png | 188.114.96.1 | 200 OK | 50 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/banner_desktop_main_1x/plain/https://1win-cdn.com/img/bonus.8be9e8f98-362.png@png IP188.114.96.1:443
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typePNG image data, 362 x 429, 8-bit colormap, non-interlaced Hashb0b99e0a3f5f6fc44052e30eae903c63 822d3283ea4b2e2dba9b7454a3cce37dd7b67d7a e8a9883494dafb98df5bc26bae6e699673f4dcc1ee90aa8b5296f3ff88f66954
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/banner_desktop_main_1x/plain/https://1win-cdn.com/img/bonus.8be9e8f98-362.png@png HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:26 GMT
content-type: image/png
content-length: 49865
cache-control: public, max-age=31536000
content-disposition: inline; filename="bonus.8be9e8f98-362.png"
content-security-policy: script-src 'none'
etag: "bYO6A3TkrGzIprX68BfyOBGJEQnSmCYqqMK6NzP2zdM/RIjY2M2E3M2ZkLWMyMGQi"
x-request-id: 5homX3QX3km0rPlH6mr1e
cf-cache-status: HIT
age: 26528
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DBBbnnVGypA%2FnuMsmrlG%2BQFbOp3I66OBmGYY0gRq5spqE5rvcQvywa1GLvVijaw%2Br6oSwz9Ji9EI4uxPw5NM9Ap5%2B5XddCdwvMRc0DMP77KOWJHXJJWX94%2F03hIJ4iNtN%2FMhB2IPEEk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab0f8282b569a-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/free-money-link-image.1ada0c9e1-120.png | 154.197.121.128 | 200 OK | 5.3 kB |
URL GET HTTP/21win-cdn.com/img/free-money-link-image.1ada0c9e1-120.png IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typePNG image data, 120 x 97, 8-bit colormap, non-interlaced Hash911fa68d94dd3f2bc8ceff2671e87bdd 9bca43449cf32e95c62291a802cad6e6c4493025 9d652f09af7a4abeaa6cd6a77f32598dd33e3b7b8a55c032409cd2ecacd11db7
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/free-money-link-image.1ada0c9e1-120.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:26 GMT
content-type: image/png
content-length: 5274
cf-bgj: imgq:100,h2pri
cf-polished: origSize=6354
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "663b6aff-18d2"
last-modified: Wed, 08 May 2024 12:07:27 GMT
cf-cache-status: HIT
age: 2391
expires: Wed, 08 May 2024 20:05:26 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab0f8eadc712a-OSL
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/icons-pack-home.d21abec30.js | 154.197.121.128 | 200 OK | 10 kB |
URL GET HTTP/21win-cdn.com/js/icons-pack-home.d21abec30.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hash62b484d16b5091e392e8e7444291ebda 96a4359e64bf7d82c40ffbfbd7688e6e8988ba79 fa14aa01958d85505455ba9eddf381083d602600c1eae4a4b3d866a1fb4572a1
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/icons-pack-home.d21abec30.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:26 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-49ea"
expires: Sat, 06 May 2034 16:05:26 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 689559
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab0f80995712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/33700.8f8589382.js | 154.197.121.128 | 200 OK | 356 kB |
URL GET HTTP/21win-cdn.com/js/33700.8f8589382.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Size356 kB (355471 bytes) Hashae658e9a7d92699015aac20827832ef5 c395f6d57ed3a83d15a08b816689795972a465e8 d778a0d5eb4ff9b9a372a9d0676a640c6cf404dbec18e824cba98616a0d84924
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/33700.8f8589382.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:26 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-3e0"
expires: Sat, 06 May 2034 16:05:26 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 685856
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab0f819a2712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/sprite-roulette-frame@2.76ea5a241-256.png | 154.197.121.128 | 200 OK | 27 kB |
URL GET HTTP/21win-cdn.com/img/sprite-roulette-frame@2.76ea5a241-256.png IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typePNG image data, 256 x 256, 8-bit colormap, non-interlaced Hash9a35699413d56978ea4af6896f0aa16c c22d50770f376a17d5539919541496a1e1e5a626 396126da9646bf2bf8d5a2a9f1e449391db7861540ad243e0ca8c3e0c40fd012
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/sprite-roulette-frame@2.76ea5a241-256.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:26 GMT
content-type: image/png
content-length: 27297
cf-bgj: imgq:100,h2pri
cf-polished: origSize=29770
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "663b6aff-744a"
last-modified: Wed, 08 May 2024 12:07:27 GMT
cf-cache-status: HIT
age: 2391
expires: Wed, 08 May 2024 20:05:26 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab0f93b53712a-OSL
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/8726.6a357273b.js | 154.197.121.128 | 200 OK | 728 kB |
URL GET HTTP/21win-cdn.com/js/8726.6a357273b.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Size728 kB (728493 bytes) Hashc2a47feb0df32bb0bd79c83d07eea726 5cfdf9d7aef974d95ca7f4343b4027aa59166372 290e959125d67e46b21ea913401b7ef77058e0e9943472f556972460ef770bd7
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/8726.6a357273b.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:26 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-298"
expires: Sat, 06 May 2034 16:05:26 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 681970
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab0f819ab712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/62825.cf3a1caf6.js | 154.197.121.128 | 200 OK | 17 kB |
URL GET HTTP/21win-cdn.com/js/62825.cf3a1caf6.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hash0355e9b46e7b61a54c67a7a317b7b80a e7e07f55e024c614b8ee00cc711dcc5380ce395e 38bd7621db8d162f54106a2a0343e51c5ee9f6132d9fe1873a81e450949d391b
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/62825.cf3a1caf6.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:26 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-2e0"
expires: Sat, 06 May 2034 16:05:26 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 676314
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab0f87a3b712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/1279.7681fe15f.js | 154.197.121.128 | 200 OK | 16 kB |
URL GET HTTP/21win-cdn.com/js/1279.7681fe15f.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hash1c62ba1cbc8c576c7f0477f6d6a54b6f 082a0a11a9d24368123b4cab205a0a8ef696da0f 6ceb348a269298862f78c530fa9cd91243cb55a6e7a0d54c22cf6a5f62433bf3
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/1279.7681fe15f.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:26 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-38f"
expires: Sat, 06 May 2034 16:05:26 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 689160
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab0f8caab712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/sprite-poker-frame@2.50a0c1527-256.png | 154.197.121.128 | 200 OK | 9.4 kB |
URL GET HTTP/21win-cdn.com/img/sprite-poker-frame@2.50a0c1527-256.png IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typePNG image data, 256 x 256, 8-bit colormap, non-interlaced Hashe46f588febb018229e3c2450c4a3d4f0 4904652973205c308ead578918f7ff5a6a27bf0e 855739792866720d46d60d1a9696327132ecb9a4e9420ec40a861c41a6e57e20
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/sprite-poker-frame@2.50a0c1527-256.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:26 GMT
content-type: image/png
content-length: 9422
cf-bgj: imgq:100,h2pri
cf-polished: origSize=10453
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "663b6aff-28d5"
last-modified: Wed, 08 May 2024 12:07:27 GMT
cf-cache-status: HIT
age: 2391
expires: Wed, 08 May 2024 20:05:26 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab0f95b92712a-OSL
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/sprite-dice@2.6e1ac0ed1-256.webp | 154.197.121.128 | 200 OK | 430 kB |
URL GET HTTP/21win-cdn.com/img/sprite-dice@2.6e1ac0ed1-256.webp IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeRIFF (little-endian) data, Web/P image Size430 kB (429680 bytes) Hashabaa6833958bdc5427e6fa573cbfa70a d43989916cc382e4e3d983933d9cd52a7d1dbeb2 51ba8ea694483e38020360731af53be7cd411671786008119b70b2a320e3bd92
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/sprite-dice@2.6e1ac0ed1-256.webp HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:26 GMT
content-type: image/webp
content-length: 429680
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: "663b6aff-68e70"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 2391
expires: Wed, 08 May 2024 20:05:26 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab0f95b91712a-OSL
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/sprite-poker@2.a38733e7a-256.webp | 154.197.121.128 | 200 OK | 361 kB |
URL GET HTTP/21win-cdn.com/img/sprite-poker@2.a38733e7a-256.webp IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeRIFF (little-endian) data, Web/P image Size361 kB (360930 bytes) Hash3da44652926631bc4fc847cfcbad6c71 a5f7955272162e543d5db897e200d00d3af22b22 354fe37cee669fe141e1e1dcb3b5a12df1ff2b9b34be38b4f2e20dd46fdb7d2a
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/sprite-poker@2.a38733e7a-256.webp HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:26 GMT
content-type: image/webp
content-length: 360930
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: "663b6aff-581e2"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 2391
expires: Wed, 08 May 2024 20:05:26 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab0f9cc42712a-OSL
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/home-poker-banner-bg.a77f0d650-600.webp | 154.197.121.128 | 200 OK | 12 kB |
URL GET HTTP/21win-cdn.com/img/home-poker-banner-bg.a77f0d650-600.webp IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeRIFF (little-endian) data, Web/P image Hash45df6c11399190f031e9db37f9f4e785 a8a641e38f707a584b72a5ad5c010e7bbcd7920c 121521ac13372efb3f1ab4c324432d8660fbea196e96df7916ce7457699705a3
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/home-poker-banner-bg.a77f0d650-600.webp HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:26 GMT
content-type: image/webp
content-length: 12264
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: "663b6aff-2fe8"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 2391
expires: Wed, 08 May 2024 20:05:26 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab0fade0f712a-OSL
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/pwa_android_en.b229a444a-690.png | 154.197.121.128 | 200 OK | 33 kB |
URL GET HTTP/21win-cdn.com/img/pwa_android_en.b229a444a-690.png IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typePNG image data, 690 x 450, 8-bit colormap, non-interlaced Hash43e03a24e305838eac0629c5cbf85550 85c71568d1008a17b928ac548987911daf187020 368a53c990be07280c5f3d3a726f0365f24befd9da404e98c139d88d8b5bf10b
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/pwa_android_en.b229a444a-690.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:26 GMT
content-type: image/png
content-length: 33278
cf-bgj: imgq:100,h2pri
cf-polished: origSize=37637
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "663b6aff-9305"
last-modified: Wed, 08 May 2024 12:07:27 GMT
cf-cache-status: HIT
age: 2391
expires: Wed, 08 May 2024 20:05:26 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab0fb5ea3712a-OSL
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/pwa_ios_en.f08ddb1e6-690.png | 154.197.121.128 | 200 OK | 35 kB |
URL GET HTTP/21win-cdn.com/img/pwa_ios_en.f08ddb1e6-690.png IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typePNG image data, 690 x 450, 8-bit colormap, non-interlaced Hash232d05b165c6b0fc9695db490aa71f47 f04ccc74ebd190747114ceeb882d51db8e9268c6 9f1c5e7317322a12fab89e9a96b3c4dcb22381d5751128217b168e3477e5e207
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/pwa_ios_en.f08ddb1e6-690.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:26 GMT
content-type: image/png
content-length: 34925
cf-bgj: imgq:100,h2pri
cf-polished: origSize=39066
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "663b6aff-989a"
last-modified: Wed, 08 May 2024 12:07:27 GMT
cf-cache-status: HIT
age: 2391
expires: Wed, 08 May 2024 20:05:26 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab0fb5ea8712a-OSL
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/banner_desktop_main_1x/plain/https://1win-cdn.com/img/cashback.f5a548e68-399.png@avif | 188.114.96.1 | 200 OK | 6.5 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/banner_desktop_main_1x/plain/https://1win-cdn.com/img/cashback.f5a548e68-399.png@avif IP188.114.96.1:443
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hash6eb918cc26ed4d4b3f96d5b031ebdd69 aca2ee56704a569aa16df44cd5420c8bfb31c6f1 3fba98236326ef72ca6967cc5e0f6ccd4f0f8cce5d06df23e1cbd78713ada4e9
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/banner_desktop_main_1x/plain/https://1win-cdn.com/img/cashback.f5a548e68-399.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:27 GMT
content-type: image/avif
content-length: 6537
cache-control: public, max-age=31536000
content-disposition: inline; filename="cashback.f5a548e68-399.avif"
content-security-policy: script-src 'none'
etag: "afr-jhlkuoDx_XrwjiuFbkzj6HdVsjvDmAeQvV8BbYs/RIjY2M2EyOWUyLWNjOTki"
x-request-id: Rvzg_t1LM6_b7wss0rpv6
cf-cache-status: HIT
age: 85306
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2Fsxd3JtVp017q5IDxDXAiQAOgDtmIF5ZqFY7gntH69hhb0OM7ZcaxXIIYV7gNKmwU7Jr%2F4O4ieDNsSkUa7HjMgMsmA%2F6Z2n%2B%2F%2FIUuhLcVz3%2FJP1g5d5nVTc3COUbxJpcNR6vrElEsM4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab0fbde04569a-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/speed-and-cash.dffacd6c5.svg | 154.197.121.128 | 200 OK | 15 kB |
URL GET HTTP/21win-cdn.com/img/speed-and-cash.dffacd6c5.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hashd839c6dd37e631911147bc09751541b1 71bdb5097f3e84fc59a8421cdce3c4ee266291e2 626eac4429a561c66cb0d2f25e7adce23b8d9ce50d0b7adede694d9fda8993f4
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/speed-and-cash.dffacd6c5.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:26 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-5bb7"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5573
expires: Wed, 08 May 2024 20:05:26 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab0f798ae712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/betraja.5cf6f15c0-75.png | 154.197.121.128 | 200 OK | 1.1 kB |
URL GET HTTP/21win-cdn.com/img/betraja.5cf6f15c0-75.png IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typePNG image data, 75 x 75, 8-bit colormap, non-interlaced Hash2840e342f235c6d7d76db654ff6a0edd 8f81dc2954a1e234394d7b284e02742730f25f37 2ad89292fa4c717acf6c24a9fa1f4c795f1e63f7e03bd4800c73f989c595a950
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/betraja.5cf6f15c0-75.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:27 GMT
content-type: image/png
content-length: 1054
cf-bgj: imgq:100,h2pri
cf-polished: origSize=1174
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "663b6aff-496"
last-modified: Wed, 08 May 2024 12:07:27 GMT
cf-cache-status: HIT
age: 5719
expires: Wed, 08 May 2024 20:05:27 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab0fc5fc7712a-OSL
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/best-bitcoin-casino.9c1716b1a-50.png | 154.197.121.128 | 200 OK | 972 B |
URL GET HTTP/21win-cdn.com/img/best-bitcoin-casino.9c1716b1a-50.png IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typePNG image data, 50 x 50, 8-bit colormap, non-interlaced Hashd75b75efec83a2230764a8fed9d1dd3e ee4318789396290da2017d433fe622b9a005aff2 24397ec04f26d6b7c9465094a088ab89e4a4216accd5cb45e8563f694dd3fcd5
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/best-bitcoin-casino.9c1716b1a-50.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:27 GMT
content-type: image/png
content-length: 972
cf-bgj: imgq:100,h2pri
cf-polished: origSize=1035
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "663b6aff-40b"
last-modified: Wed, 08 May 2024 12:07:27 GMT
cf-cache-status: HIT
age: 2930
expires: Wed, 08 May 2024 20:05:27 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab0fc5fcb712a-OSL
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/21758.91f05a98e.js | 154.197.121.128 | 200 OK | 124 kB |
URL GET HTTP/21win-cdn.com/js/21758.91f05a98e.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Size124 kB (123820 bytes) Hash926a5c89632ae7567c0d3a3fd5e7f694 1c499558ab9bc1318f415f17565b222cf1b7c4e3 39cd3f2956658de1c070c59a3ce798d6b009c0738be8c76935144c6971f4e683
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/21758.91f05a98e.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:24 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-6557c"
expires: Sat, 06 May 2034 16:05:24 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 13701
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab0e90b99712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/91217.fc8dbcaea.js | 154.197.121.128 | 200 OK | 11 kB |
URL GET HTTP/21win-cdn.com/js/91217.fc8dbcaea.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hash4ab99ea03600bb19cc95d993cd7030a5 1437552cc8d2f180c30574d12e0671aac79b7ee3 4048c16c536166186ea0e1fa401e96d143839091a1f86ea71fc11b4b42f1314d
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/91217.fc8dbcaea.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:26 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-33c"
expires: Sat, 06 May 2034 16:05:26 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 675548
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab0f6cf5f712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| d16q5vvir3f28d.cloudfront.net/raffle-20240411/headerLink.png |  143.204.42.156 | 200 OK | 3.9 kB |
URL GET HTTP/2d16q5vvir3f28d.cloudfront.net/raffle-20240411/headerLink.png IP143.204.42.156:443
CertificateIssuerAmazon Subject*.cloudfront.net FingerprintFA:21:45:DC:4D:94:03:A3:09:77:51:78:4A:21:F2:C5:6D:94:BE:52 ValidityTue, 10 Oct 2023 00:00:00 GMT - Thu, 19 Sep 2024 23:59:59 GMT
File typePNG image data, 124 x 48, 8-bit colormap, non-interlaced Hash3219393f1efd01cf2db20820dff57cf2 ebdbcf916084a0d5a70680021d269680e9f41d41 8bb1195fc7bb92abd77f1a9bb21ce32e20e509d25d3aef4c412b50c8fae6ec06
GET /raffle-20240411/headerLink.png HTTP/1.1
Host: d16q5vvir3f28d.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: image/png
content-length: 3884
date: Tue, 07 May 2024 18:02:38 GMT
last-modified: Thu, 11 Apr 2024 12:20:45 GMT
etag: "3219393f1efd01cf2db20820dff57cf2"
x-amz-server-side-encryption: AES256
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 095562e8748e634f880ee3c4ada2b6d0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: JscfFUDM_-_BDn2oU4u7YhI5TPYBBSfZ-noAVqXAAmjYEBYtoPtPsA==
age: 79370
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/common/banners/all-v2?lang=en&type=desktop&bannersType=main&localeId=1 | 154.197.121.128 | 200 OK | 3.7 kB |
URL GET HTTP/21win-cdn.com/common/banners/all-v2?lang=en&type=desktop&bannersType=main&localeId=1 IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hashbf711733d7d0f612cc228cf57f5e5d1d ac6f7b5fcd659477a69bf6b6dac117ecbc67d1b5 8a75aadfaa68c1ae86f48fab46ea753a1fccb3acaf6c2550648453da25e8e428
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /common/banners/all-v2?lang=en&type=desktop&bannersType=main&localeId=1 HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1wxei.com
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:26 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: *
etag: W/"21ce-G+w/bJ5mwJlUDylGk/bOXwQAuRE"
vary: Origin
expires: Wed, 08 May 2024 16:05:26 GMT
cache-control: max-age=0
x-frame-options: DENY
cf-cache-status: DYNAMIC
set-cookie: __cf_bm=WdaIJ6H7VQLjkuo4cngK9Kdr9PpygO6zFNQ_Nwn0Ous-1715184326-1.0.1.1-TrVN0un676gY9Dd6Uj4Ghg3ZEyRDh5amoMwzmS9Jp.o0OD_QSE7aaopLPPmmydZdjBkr0muQhubGGNbdkrWzaA; path=/; expires=Wed, 08-May-24 16:35:26 GMT; domain=.1win-cdn.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 880ab0fb5de4b50f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| www.googletagmanager.com/gtag/destination?id=DC-12688802&l=dataLayer&cx=c | 142.250.74.168 | 200 OK | 74 kB |
URL GET HTTP/3www.googletagmanager.com/gtag/destination?id=DC-12688802&l=dataLayer&cx=c IP142.250.74.168:443
CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT
File typeJavaScript source, ASCII text, with very long lines (1822) Hashfe59b49f75adc4930350035b18b5034d de2cfc8b40b0e43ba370db048fd478bb137a7ab0 3c7697aa19d206f0d0d7786bf25320587a831b105791a768d196bf7127d9ef5a
GET /gtag/destination?id=DC-12688802&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 08 May 2024 16:05:27 GMT
expires: Wed, 08 May 2024 16:05:27 GMT
cache-control: private, max-age=900
last-modified: Wed, 08 May 2024 15:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 73883
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| 1wxei.com/common/title?path=bets&lang=en | 190.115.24.78 | 200 OK | 92 kB |
URL GET HTTP/21wxei.com/common/title?path=bets&lang=en IP190.115.24.78:443
CertificateIssuerLet's Encrypt Subject1wxei.com FingerprintCA:3F:CE:4F:5D:2D:36:0F:E0:57:FA:FD:DA:AD:4D:90:21:89:F1:42 ValidityWed, 08 May 2024 01:46:30 GMT - Tue, 06 Aug 2024 01:46:29 GMT
File typegzip compressed data, from Unix Hash69c31b0a68110d6cf32bfcd0ba898120 bc8e70c318d956a5ba98cf81462faa7af6c73d62 28362c41e03a9898b9bf6bb0ee6ceb2eef05eef05c4429c6f999f2327ee4b245
GET /common/title?path=bets&lang=en HTTP/1.1
Host: 1wxei.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __ddg1_=5vrZ4YHNusaOFg33JmNC; visit_domain=1wxei.com; core-sticky=http://10.233.84.5:80; 1w_lang=en; 1w_locale=1; AMP_494cccfe21=JTdCJTIyZGV2aWNlSWQlMjIlM0ElMjJiMGUxZDlhOS05YzAxLTQ1MWEtYTkxNS00ZjZmZmExZDVjOGElMjIlMkMlMjJzZXNzaW9uSWQlMjIlM0ExNzE1MTg0MzI0MzIzJTJDJTIyb3B0T3V0JTIyJTNBZmFsc2UlMkMlMjJsYXN0RXZlbnRUaW1lJTIyJTNBMTcxNTE4NDMyNDM2NSUyQyUyMmxhc3RFdmVudElkJTIyJTNBMCU3RA==; AMP_MKTG_494cccfe21=JTdCJTdE
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: ddos-guard
date: Wed, 08 May 2024 16:05:26 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=3600, stale-while-revalidate=300
etag: W/"25-bM/5z02X/xOkKbh8eZCiJpcKcd0"
vary: Origin, Accept-Encoding
x-frame-options: ALLOW-FROM ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan, ALLOW-FROM 1win-partner.com ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| www.googletagmanager.com/gtag/js?id=AW-16482547739&l=dataLayer&cx=c | 142.250.74.168 | 200 OK | 88 kB |
URL GET HTTP/3www.googletagmanager.com/gtag/js?id=AW-16482547739&l=dataLayer&cx=c IP142.250.74.168:443
CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT
File typeJavaScript source, ASCII text, with very long lines (4179) Hashc42aea811cd770e4a04437273379226d 75d1bb11f0ad30b5bcece7b34b4dd62e37005a49 18ecc62b759a49bdc890a054ae6417a926ee331fcd198f9518b0c147e88a7f35
GET /gtag/js?id=AW-16482547739&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 08 May 2024 16:05:27 GMT
expires: Wed, 08 May 2024 16:05:27 GMT
cache-control: private, max-age=900
last-modified: Wed, 08 May 2024 15:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 87601
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| 1win-cdn.com/img/500_i18_img.77110d4f9-1320.webp | 154.197.121.128 | 200 OK | 25 kB |
URL GET HTTP/21win-cdn.com/img/500_i18_img.77110d4f9-1320.webp IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeRIFF (little-endian) data, Web/P image Hash1f85b44a5305e8928fcae8922301d92a 7ecc0724a7560af7c4debc83014bab875eba685b 660ffadc474a5738fb2d93662e90e32d80dad0baa670e737854347ef8e4b904d
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/500_i18_img.77110d4f9-1320.webp HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:27 GMT
content-type: image/webp
content-length: 25292
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: "663b6aff-62cc"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5621
expires: Wed, 08 May 2024 20:05:27 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab0fe1aa6712a-OSL
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/500_i18_bg.0e037ee17-1320.webp | 154.197.121.128 | 200 OK | 40 kB |
URL GET HTTP/21win-cdn.com/img/500_i18_bg.0e037ee17-1320.webp IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 1320x427, Scaling: [none]x[none], YUV color, decoders should clamp Hash14de8fd7c8de24bb9f6f89ddd3c2d480 9635193c712dafa2c58339dee09588880a96a980 633593c73a175eabb2a5716a04aa84b1b49fc8e4ac4687b07509db36350076b7
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/500_i18_bg.0e037ee17-1320.webp HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:27 GMT
content-type: image/webp
content-length: 39614
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: "663b6aff-9abe"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5621
expires: Wed, 08 May 2024 20:05:27 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab0fe1aa4712a-OSL
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/lucky-jet.f927485da.svg | 154.197.121.128 | 200 OK | 2.2 kB |
URL GET HTTP/21win-cdn.com/img/lucky-jet.f927485da.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hashbe5724ac029752efe7cda07c555e8a0d 5ddd0dea8c8edab87a57b975ad110839137c284f ed20568e3ac4fa8e2363b088be87295d89b3deb041164c65148d44ce820ce790
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/lucky-jet.f927485da.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:26 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-f8d"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5573
expires: Wed, 08 May 2024 20:05:26 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab0f798ad712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/1play/8cd3ae6e-3840-454e-8e42-434cd48af16c.jpg@avif | 188.114.96.1 | 200 OK | 6.3 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/1play/8cd3ae6e-3840-454e-8e42-434cd48af16c.jpg@avif IP188.114.96.1:443
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hash049927e2f79d1b3f7c0db06be6378930 bc6a9c76a5027d6e63381bb7cf0ff70068d06792 8488c7746bd184e9f0210a44f098d433e1f94e2bec27d1e26c2b75cf82250b17
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/1play/8cd3ae6e-3840-454e-8e42-434cd48af16c.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:27 GMT
content-type: image/avif
content-length: 6321
cache-control: public, max-age=31536000
content-disposition: inline; filename="8cd3ae6e-3840-454e-8e42-434cd48af16c.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY2MTY2NmI4LTJiMmQxIg"
x-request-id: uf4G2aWnOYwTdyosxHGo1
cf-cache-status: HIT
age: 70742
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lnldNjRWZKRDxf3tR%2F3tg4mDIUc4Z43TI98TNI73Jcm3yBehJooMipd1FHSAeoMwAA6WgiE9hXXuPdBs5fhl%2FV4AOz2f5EEuyxLzTXVOjic2dQDn31kH6hjpfZW98E2fH0GsQIw47SY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab0ff2b87569a-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/1play/0c8b561e-d1d5-4e08-903f-f0b53d280c7c.jpg@avif | 188.114.96.1 | 200 OK | 5.6 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/1play/0c8b561e-d1d5-4e08-903f-f0b53d280c7c.jpg@avif IP188.114.96.1:443
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hashbaf3f199ffdfb682bbcd9d3837e517c0 3803d7a122952937942ab92c0724af229c4f2dfe 2e33b0efc808c5c2e8e2741821e0b3aa7f595fd7c5d14b51a5b0b75c5fd87058
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/1play/0c8b561e-d1d5-4e08-903f-f0b53d280c7c.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:27 GMT
content-type: image/avif
content-length: 5627
cache-control: public, max-age=31536000
content-disposition: inline; filename="0c8b561e-d1d5-4e08-903f-f0b53d280c7c.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1YjM4MThkLTE2MjkwIg"
x-request-id: sqvHPCw8RSGhIoq_jQMf2
cf-cache-status: HIT
age: 85306
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gqjrcD%2BNYKp%2FzweXnBwFfTwq%2FYuynlzI0BZJiG4beZtaPGo7xPxzLR%2BIdy86L599ivP1sKGONf7%2Bb3oCta7UPIoyl5hKkURq0zwDJe1EDYuE7bysRwiUEiMtiJvEKjZ2KjIGWgSQ%2Fhw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab0ff2b8e569a-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/1play/e47f89a4-3663-4c9d-bc45-fe1845d34e1b.png@avif | 188.114.96.1 | 200 OK | 5.1 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/1play/e47f89a4-3663-4c9d-bc45-fe1845d34e1b.png@avif IP188.114.96.1:443
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hash78c35d95a329313abe507e5fd846f7b7 31fb39c006cc6629f8e0c3041eb47bd3e07c4eec 0dd9631740338687b4b97e20f6f7df31f2b2a649af5da408f1283db108a8929e
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/1play/e47f89a4-3663-4c9d-bc45-fe1845d34e1b.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:27 GMT
content-type: image/avif
content-length: 5097
cache-control: public, max-age=31536000
content-disposition: inline; filename="e47f89a4-3663-4c9d-bc45-fe1845d34e1b.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1YjM4MTA2LTRjMTU0Ig"
x-request-id: AgTsFYATSt543oOCtJFQF
cf-cache-status: HIT
age: 75849
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VxpYoviVxqeDdgH6NEnLN9%2F%2BKicj83%2F8huAqk8HGzDpuXV71KviIBEaJscNXeg%2FNOZEsSWWG80HlT34loYdujPB3URPUNcgPSqEB13X8Y8pBZlgxsLjdxdvMzF%2F%2B1mUQcMrd7W6wkvQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab0ff2b95569a-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/wta.c6d5e2ef3.svg | 154.197.121.128 | 200 OK | 7.6 kB |
URL GET HTTP/21win-cdn.com/img/wta.c6d5e2ef3.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hashf9514f2ae3bc2bd3903b5f62046f8dd5 e51b281c12e662911d28536562082c2706ec1c70 749b8f9fa1eeea14d9c3f2a4eb8d9d388bfd73d63cc0d1427abe042e26b0c53b
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/wta.c6d5e2ef3.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:27 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-d04"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 2930
expires: Wed, 08 May 2024 20:05:27 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab0fc4fb6712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/fiba.4b405b699.svg | 154.197.121.128 | 200 OK | 205 kB |
URL GET HTTP/21win-cdn.com/img/fiba.4b405b699.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Size205 kB (205009 bytes) Hash9b20c4b31e860d5334491f086144cf99 0989b09dbeeb67188a2ecd3ad211a8c4a965e7d0 78117d2c71b93a797d64ba7dfae9d7b376c0ea1ab14d32a7f3b7cdb04403cd32
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/fiba.4b405b699.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:27 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-4ce"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 4058
expires: Wed, 08 May 2024 20:05:27 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab0fc5fb7712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/max%20win%20gaming.00fa88483.svg | 154.197.121.128 | 200 OK | 8.9 kB |
URL GET HTTP/21win-cdn.com/img/max%20win%20gaming.00fa88483.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hash696554bcae8aa35a16efa23c4703c556 b49538d56f3743e5172c8901a99f5779b3258ae3 55ac96c26446851cd1d4a2914804c2b3ab4fe65c1a8327b7d1d2998918fa53ee
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/max%20win%20gaming.00fa88483.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:27 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-2fb"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5622
expires: Wed, 08 May 2024 20:05:27 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab101a893712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/onlyplay.1c7a3c455.svg | 154.197.121.128 | 200 OK | 6.5 kB |
URL GET HTTP/21win-cdn.com/img/onlyplay.1c7a3c455.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hash75d4273264ae2289842b94bccfcee24a faf4792174e155614cae6313b367764cbad92a13 691ab496808abbfbe57196f6b03a29b7a498fc43071cf706f910b1d9efcded53
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/onlyplay.1c7a3c455.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:27 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-6ad"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 2930
expires: Wed, 08 May 2024 20:05:27 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab101e8fa712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/tvbet.fea6d0222.svg | 154.197.121.128 | 200 OK | 8.5 kB |
URL GET HTTP/21win-cdn.com/img/tvbet.fea6d0222.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hashe68b10aab895fdcce722b950b7d3de3e 0b2a591121c2437d3612c991e21d7423c14f16fe a36f1a8ac35855cc364612560095bcde5a6753599ed7d1a6213a605b91d22ca6
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/tvbet.fea6d0222.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:28 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-24ca"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 3005
expires: Wed, 08 May 2024 20:05:28 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab102eae7712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/upgaming.242b9e921.svg | 154.197.121.128 | 200 OK | 9.8 kB |
URL GET HTTP/21win-cdn.com/img/upgaming.242b9e921.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hashdcc618dda18e957a8ba0c2ed56ccd95b 6ea7a99d70f3c7fd9635c60e41f9ef89e4bf49e0 28da52b1434b972abdc7d87d5dfb25b8e25c971f1a065ad3ea08b5200abe6337
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/upgaming.242b9e921.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:28 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-129c"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 2391
expires: Wed, 08 May 2024 20:05:28 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab102eae8712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/spinomenal/b766d86a-eade-487b-98e3-7c58464e62de.png@avif | 188.114.96.1 | 200 OK | 9.3 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/spinomenal/b766d86a-eade-487b-98e3-7c58464e62de.png@avif IP188.114.96.1:443
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hash19ea6dc62a4b1d3b87a9940660698dd1 8c3052c6f52d60b40824437d282619e91034db7a 37fdf454398cc9c71d94e939cd12dc958e9380d776cc895395d52fca7ff78308
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/spinomenal/b766d86a-eade-487b-98e3-7c58464e62de.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:28 GMT
content-type: image/avif
content-length: 9300
cache-control: public, max-age=31536000
content-disposition: inline; filename="b766d86a-eade-487b-98e3-7c58464e62de.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY0MTJlYmFlLTMwYjZmIg"
x-request-id: H5JlTxFxiug-gsAN0uQr1
cf-cache-status: HIT
age: 81505
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5sCiBayfhhSijnQaatClvy6B4Gp%2FmoH%2FGLmT0q1ezyY2Ip0E%2BnWZQXmWhCo%2FtDBPUmdaGSZDnmeZzxiq42igbVEcXPmBvH6h%2FqzNDPOmpAhDyA2pSe2XsSuEpGDmvEkulijZLERQp98%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab103dac6569a-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/spinmatic.f74cf69af.svg | 154.197.121.128 | 200 OK | 8.8 kB |
URL GET HTTP/21win-cdn.com/img/spinmatic.f74cf69af.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hashdccc24a6a639ef476027b3590dae390a aa20c5e9ca4e451780ac661d04fc43587ec20af9 da8c78b9afc4e370d1228cbaf908253242122a470ee9fee2f59dd112e458771b
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/spinmatic.f74cf69af.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:28 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-86d"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 7024
expires: Wed, 08 May 2024 20:05:28 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab102ba8d712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/playson.2ff1c7d85.svg | 154.197.121.128 | 200 OK | 9.5 kB |
URL GET HTTP/21win-cdn.com/img/playson.2ff1c7d85.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hash0f1781cb61ff24957b5e25e4a4f037c0 d054d2d9e438af860f6b0949e0147799c2f07494 b3f1d3f11526adc3586d7af8ff1be2bea0da99f0a43917db452d53782d428d00
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/playson.2ff1c7d85.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:28 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-ae5"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5713
expires: Wed, 08 May 2024 20:05:28 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab1021946712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/bfgames/9d7c96cf-66aa-4580-9563-baa3f940db93.jpg@avif | 188.114.96.1 | 200 OK | 9.9 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/bfgames/9d7c96cf-66aa-4580-9563-baa3f940db93.jpg@avif IP188.114.96.1:443
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hash26af576690cab574a1d969032fdc5f16 8f279f854c9eaaf667d3a0c92c5a5276f9f01cd4 2a0d9e95e9d3526457ba6469ad12b84828057965145caee52dec0388ab28a614
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/bfgames/9d7c96cf-66aa-4580-9563-baa3f940db93.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:28 GMT
content-type: image/avif
content-length: 9892
cache-control: public, max-age=31536000
content-disposition: inline; filename="9d7c96cf-66aa-4580-9563-baa3f940db93.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1MWQyN2EzLTIzOTk3Ig"
x-request-id: oLIa4BJLqwG1HB5BEqpqM
cf-cache-status: HIT
age: 77199
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2Bczks79YjXGd6lh0meBJjBAyAqxVlOfP2vNytRla3Xh3NO8pTvqv1%2BodiwkW4r1D8Yx4fdilDeT8xge1iMOq07s8Pgz6dvG4MxkOZSPDrPtpMyVxAI%2FYsEdi%2FdUeVPCw7zGecfeh9BM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab103eade569a-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/playtech.cecac3222.svg | 154.197.121.128 | 200 OK | 9.8 kB |
URL GET HTTP/21win-cdn.com/img/playtech.cecac3222.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hash2f0866753be91b0d7ca482079a712693 2ef834fd91a286a890698c04c1239089ee20aad0 ffcbe97ce28008aa4097a3acf3a60bd42d0178e26107300a33a27cc6fde233c4
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/playtech.cecac3222.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:28 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-a00"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 3679
expires: Wed, 08 May 2024 20:05:28 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab102194b712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/fbcbd07e-2fbd-4b00-9edd-96eaae801b22.png@avif | 188.114.96.1 | 200 OK | 8.3 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/fbcbd07e-2fbd-4b00-9edd-96eaae801b22.png@avif IP188.114.96.1:443
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hash9867f5ddac7eff5f2fd88dfdec8fd493 6ea9a242437fe23c61e09a00030ae3eee78d3cd1 2a35868035bda3ac30307b7226b56456bb7bab2d244b808e07d3384cd18ba1e1
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/fbcbd07e-2fbd-4b00-9edd-96eaae801b22.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:28 GMT
content-type: image/avif
content-length: 8337
cache-control: public, max-age=31536000
content-disposition: inline; filename="fbcbd07e-2fbd-4b00-9edd-96eaae801b22.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1ZTFkNjFmLTdjN2M4Ig"
x-request-id: I85TlysGV19zGB3VN3wxj
cf-cache-status: HIT
age: 70743
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=M4QIEUOd8JQw%2BEfPP6Tnlp1LxXlOb9%2FRzvHH%2FE4nfvwsdh2TRAYlSp7LtzYa5%2BySC3OwRgYVhc%2B5Pz4a0as6QmeoQQaSk7aWK4M1Py6qPYuI%2BYiYBIOLlp7eGlJv4duXj0poAISz1WY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab103eae3569a-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/04f67ecf-d744-4f0e-b33b-5fee6d24649e.jpg@avif | 188.114.96.1 | 200 OK | 6.9 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/04f67ecf-d744-4f0e-b33b-5fee6d24649e.jpg@avif IP188.114.96.1:443
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hashf4d034b11dd303021ad639388d1721bb eb5131c3192a0ce42a3d1e5eb706e14dbf5f9efa c1f8592835a5491c95e668858c9b1a8fbf74f6644bbaa8d1f4a4efbf8cc637b0
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/04f67ecf-d744-4f0e-b33b-5fee6d24649e.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:28 GMT
content-type: image/avif
content-length: 6917
cache-control: public, max-age=31536000
content-disposition: inline; filename="04f67ecf-d744-4f0e-b33b-5fee6d24649e.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY0ODgyYjA3LTFjMjM5Ig"
x-request-id: 1yyGRHeiPvnFDJlVeYtGo
cf-cache-status: HIT
age: 80807
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qw5Quwfk9RqmovRZRF2nneRwghit8X6t5rjKTRw1AGeEnh7eHqU4RJq%2B4FvVYCDG61AAMXOnom5vdXXlBNFSd83mv2dKADXJnUgmyKKZxnraH3%2F%2Fcm57QHE37MR7HtFKEhyvaXGDFGY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab103eadf569a-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/netgame.8e28ed366.svg | 154.197.121.128 | 200 OK | 11 kB |
URL GET HTTP/21win-cdn.com/img/netgame.8e28ed366.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hash28586c41621969a88f90329d1bcc8715 a0c899b9375bf1926751aa85890fc293d2e392f5 88363a0b748e0ae1c99c34f3f38132857ae3d17dc6776b44c86d11fbb3181dfe
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/netgame.8e28ed366.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:27 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-b65"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5574
expires: Wed, 08 May 2024 20:05:27 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab101b8ae712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/pragmatic/096d2c09-0aad-4662-8a89-4d8777978e05.png@png | 188.114.96.1 | 200 OK | 59 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/pragmatic/096d2c09-0aad-4662-8a89-4d8777978e05.png@png IP188.114.96.1:443
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typePNG image data, 419 x 314, 8-bit colormap, non-interlaced Hashb0f06d0ef7268647da7e3b6750967c5b 1431e1d9cae2f096ba933a8a4156d258fe8fd929 d23444774528888037ab7cf3212e16ba23894f1a71597982eb382413ad752140
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/pragmatic/096d2c09-0aad-4662-8a89-4d8777978e05.png@png HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:28 GMT
content-type: image/png
content-length: 59016
cache-control: public, max-age=31536000
content-disposition: inline; filename="096d2c09-0aad-4662-8a89-4d8777978e05.png"
content-security-policy: script-src 'none'
etag: "YivgRLogmnYHS1cXPJjS1dpZXN4A7BZ3bWbLSqbfqjQ/RIjY1ZGRmMGJkLTRkZmFlIg"
x-request-id: Q5uvSd88DPJPJGCS8pDXy
cf-cache-status: HIT
age: 65931
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NoUlAWYCJePbVVwjBUyCNBsdtRNU%2BK8VmXmlAMmgvWErfSOMEJE8w7yLYRvk5xEqwDYuOZR93%2F1c7zaVAmb%2F9FAcvMk9yeuqdhB2T3oTFYAkddDl1PCv9yxsqpgQFHHA8ZFpmstZ1WA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab1047c0b569a-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/pg%20soft.fdb9d6567.svg | 154.197.121.128 | 200 OK | 64 kB |
URL GET HTTP/21win-cdn.com/img/pg%20soft.fdb9d6567.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hash4ef0783d8e67764dbf8a23408e99358b 12c7602c0bf023b2c4e06c6a3ba19929d54343e5 d534e0448721030680656f417fc60220b96a69c46c52e99fb2e914be99c243e3
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/pg%20soft.fdb9d6567.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:28 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-5a0"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 3357
expires: Wed, 08 May 2024 20:05:28 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab101f923712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/aaf2d443-c77f-48d2-b319-c986f21359b9.png@avif | 188.114.96.1 | 200 OK | 11 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/aaf2d443-c77f-48d2-b319-c986f21359b9.png@avif IP188.114.96.1:443
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hash69589818044ff973aa67c696e7e394fd 0f03ad92c7eb38789b111436be2e733faad871a4 11b7536dae29bf130716d915551940bb971627b613ef1ea7e1e351a0411bc534
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/aaf2d443-c77f-48d2-b319-c986f21359b9.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:28 GMT
content-type: image/avif
content-length: 10793
cache-control: public, max-age=31536000
content-disposition: inline; filename="aaf2d443-c77f-48d2-b319-c986f21359b9.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY0MDljNTQ5LTRmZWNiIg"
x-request-id: BsBdAEl7D51TnYMcZ71aV
cf-cache-status: HIT
age: 70743
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ITqK3osSYE%2B9TTmnkLkSBbMOhy5ivpplC1ze%2B%2F0FKsWIjWnpJ54bJI5IvJgZm8q7RlzUBwLUjSl2JC6pJ2R2KJ20rney7xzee%2BKsYxI6pHI04%2BBO7KQlWQ4bkDtDC7mvUMFviCZ1CDU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab104ecdc569a-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/pragmatic/096d2c09-0aad-4662-8a89-4d8777978e05.png@avif | 188.114.96.1 | 200 OK | 5.0 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/pragmatic/096d2c09-0aad-4662-8a89-4d8777978e05.png@avif IP188.114.96.1:443
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hash4ed163b7295ee97d380351dd868d4216 6987db5ad9f1b684e98e657aacb7dd38706e6a34 f612299c5c7d80db2a40298d6efbcce5aa740cbf02b0bfad807a91a60a11f606
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/pragmatic/096d2c09-0aad-4662-8a89-4d8777978e05.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:28 GMT
content-type: image/avif
content-length: 4967
cache-control: public, max-age=31536000
content-disposition: inline; filename="096d2c09-0aad-4662-8a89-4d8777978e05.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1ZGRmMGJkLTRkZmFlIg"
x-request-id: tIWim6rSgFENbirgZB3aQ
cf-cache-status: HIT
age: 81505
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zzttecfoZb2Lfm1Yj5bNlMS7MDtQvqmpvwM0%2BBWfalQv7CJsjjLjtJesSm4l3TERf3W6Zsf3rJVnE49mJjJ9zi9yB0AeFYfUdV5Z3kW3d480nAlvxvRPpGMqUErk9FKSam%2Bfuz4tkKo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab104eced569a-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/bd529428-aaab-4991-a790-150cd6317398.jpg@avif | 188.114.96.1 | 200 OK | 5.0 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/bd529428-aaab-4991-a790-150cd6317398.jpg@avif IP188.114.96.1:443
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hash3c7a3851260b12a9627faa9016f3ce1f 9df4442c906d9741c13ef21ed9eefb5f99d044c5 8b330aef0c0829a3f623aacd997fcae862db1c1b712f56cfdde0c267417d4942
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/bd529428-aaab-4991-a790-150cd6317398.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:28 GMT
content-type: image/avif
content-length: 5004
cache-control: public, max-age=31536000
content-disposition: inline; filename="bd529428-aaab-4991-a790-150cd6317398.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY2MDQwNTUwLTEzNTFiIg"
x-request-id: POGVM5U7XburYgl2LOHs0
cf-cache-status: HIT
age: 85338
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aDHfMm0U34gFv6yhff79oPc7waadCPe9HzACSa%2Fh375GRqm74MXzS3Y23ceAwomSTbuBa20xzZm5Lb0b4lUBR4Wi9DvlVO73lAfH0RB2r5Htog6lfcY2jB0Teq%2BC8KAdO9wz6aMDbN8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab104ece6569a-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/6f680e79-feec-4211-9534-21a166c91202.jpg@avif | 188.114.96.1 | 200 OK | 4.7 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/6f680e79-feec-4211-9534-21a166c91202.jpg@avif IP188.114.96.1:443
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hash4e85a0bde3faf39a0eb79d1afbf94a3c bfda6edfa14599e73e5a8096ae707b7355fb9d2f fea08e33454d5f3e26915f9862ba5acc30108166648fa38500e19f7cb1324473
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/6f680e79-feec-4211-9534-21a166c91202.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:28 GMT
content-type: image/avif
content-length: 4683
cache-control: public, max-age=31536000
content-disposition: inline; filename="6f680e79-feec-4211-9534-21a166c91202.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1YzM2MzcyLTFhNTFhIg"
x-request-id: SDhj3o6iI09jSaV1xC7zB
cf-cache-status: HIT
age: 76639
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iuKaAs%2Bs6JJGjOi61%2BXGEeJklzNocqyNiAdP%2FzgwlKjuj41Y9UbmSV3gTlLGANc3tjf9CrFnUZqS5lzTGI4Lm8K8ILt49%2F3T%2FZEtzo0bHzI9SCTwBZmntFhibWnJCP%2B0ISxUmZnwQEk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab104ecf1569a-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/tvbet/a6a15f20-ce33-4ddc-9763-e38986fcdb2c.jpg@avif | 188.114.96.1 | 200 OK | 6.6 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/tvbet/a6a15f20-ce33-4ddc-9763-e38986fcdb2c.jpg@avif IP188.114.96.1:443
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hashe96a71a5fe56033b87ca3809fb4fab55 22b9068fece941bf32a6e67885ea41fd70233ac6 e7d80eb4af58fe47ec89fadcf5b2e5969f43527c11668ae3f4af541fe61a5853
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/tvbet/a6a15f20-ce33-4ddc-9763-e38986fcdb2c.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:28 GMT
content-type: image/avif
content-length: 6634
cache-control: public, max-age=31536000
content-disposition: inline; filename="a6a15f20-ce33-4ddc-9763-e38986fcdb2c.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY2MGMxZWU2LTNlZDNkIg"
x-request-id: qDJlJ2R-SOJh4usDIwbZn
cf-cache-status: HIT
age: 85338
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xnk2KimMm%2FjAFaxe1mewS0y%2BB77GqnkOS0Qk8Z%2BPQnQU3T5prM0UA%2FfkGt%2BAZT7payEtQ88TW0Mzh32EQeh8OSMmi%2F%2BqhjNVPqylAX2qksalcCXgyqdt18JVaqdngYnaJbqoelrpors%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab104ecf4569a-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/flags/ru.svg | 154.197.121.128 | 200 OK | 6.1 kB |
URL GET HTTP/21win-cdn.com/img/flags/ru.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hash357202c0bf5c60dca2f4a72bdf15281b 4e1221726791a46951ed63b84c09e2cf09db1939 2f708ff9bd3500a8bf8979a3cdba09ea5c10e177f5a251337d481f39afbec75a
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/flags/ru.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:28 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-110"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6172
expires: Wed, 08 May 2024 20:05:28 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab1047d4d712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/pragmatic/3223fafb-6b1b-46ba-bb4e-d667854eb8e8.png@avif | 188.114.96.1 | 200 OK | 8.2 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/pragmatic/3223fafb-6b1b-46ba-bb4e-d667854eb8e8.png@avif IP188.114.96.1:443
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hash2bb5dde390003652a0eb9ebe2ec82506 a380f9976a7e050fb4d5d16645fb739f1c012635 8a7bde50fbfc69782f930b7983c89539fa483d076ec7bfd327cbf615987bed3b
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/pragmatic/3223fafb-6b1b-46ba-bb4e-d667854eb8e8.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:28 GMT
content-type: image/avif
content-length: 8197
cache-control: public, max-age=31536000
content-disposition: inline; filename="3223fafb-6b1b-46ba-bb4e-d667854eb8e8.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1NGIzZjM1LTMwNzIxIg"
x-request-id: ejgpplgS_jgdEjE0wtm06
cf-cache-status: HIT
age: 70743
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ebX2XJIzDqvlf4ak7k5ZuHZ3TNepY8PWkdRzBOKn1LzeW0P5BKIjGl9Z9%2FDv7VoX49%2FK%2FrG%2BKLTte8VRNrMgSLnfOMawNsR6zoTeSTDA8mU3RWrGaTFiKl5gNHEZf9begjJdhCoqm5o%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab104fd00569a-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/e6dd9f4c-282a-4040-8fcc-256b4d959834.jpg@avif | 188.114.96.1 | 200 OK | 9.3 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/e6dd9f4c-282a-4040-8fcc-256b4d959834.jpg@avif IP188.114.96.1:443
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hash0f8864e9375258e414b04c6732d13b3b e5577d640e162a5d812d94c60bf9d8aa2ef0dd46 2f41e33d30919a1521364450bb1e867a1f7851f25f7ec18b0325fc51f123793e
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/e6dd9f4c-282a-4040-8fcc-256b4d959834.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:28 GMT
content-type: image/avif
content-length: 9286
cache-control: public, max-age=31536000
content-disposition: inline; filename="e6dd9f4c-282a-4040-8fcc-256b4d959834.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1NWY0Y2IzLTIzZDY3Ig"
x-request-id: ocH5-jbdxAxetP0OmPcPA
cf-cache-status: HIT
age: 70743
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=w%2FLB%2FI1ttdx10xo5sBNnV%2FimtvFGccZPNGjfv5QZI4D8P6mTCcarCageo%2BmBfm2m3cBUzCxKdgQ74eOuZkfrJhx1XFj3Iof0O1WPv2j3%2F178cn7%2BsOsT8nzhef%2BWRPdit6B%2FkHhuHNo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab104fcfe569a-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/57228a66-bd62-4072-a80c-3bef549a758c.jpg@avif | 188.114.96.1 | 200 OK | 9.4 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/57228a66-bd62-4072-a80c-3bef549a758c.jpg@avif IP188.114.96.1:443
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hash7eb2cba4654091d306b65c6fe0a8f631 e1a4eecb3f5db01aa2774cf811e3c2cda95f426b ffd6b30a5e9e4e68ea1f492d19ba67578359d3a390dd90ea295cbc4bd81827d9
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/57228a66-bd62-4072-a80c-3bef549a758c.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:28 GMT
content-type: image/avif
content-length: 9433
cache-control: public, max-age=31536000
content-disposition: inline; filename="57228a66-bd62-4072-a80c-3bef549a758c.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY0MzY4Mzc0LTI1MTcxIg"
x-request-id: Y_S_l8ymuWqEP5rYiQsvA
cf-cache-status: HIT
age: 85338
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tLi2AW%2FSXS%2BExfVMu1BJXfhOnNWY1UrBLK0nFqZKIPBHxj32oXwAIT%2BnfUYZ3O0Uwp7zz9XXBOoQLdw%2BRLGz3CkNBtKrdb0gjVseICBfRyH4QIdv4paDChh%2B7BLjBZdHWeseQeZ%2BUOQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab104fd03569a-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/pragmatic/c_d25464ae840baf966d3d1019c718c0fc.png@avif | 188.114.96.1 | 200 OK | 6.4 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/pragmatic/c_d25464ae840baf966d3d1019c718c0fc.png@avif IP188.114.96.1:443
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hash4e7067f0087797bc8a2752288c82d468 7a97f30b9cf7b7c0167847006aefcd3411e4c414 626952781c5dcc08fb5dc238ced257f7bcc86ed4e656e61c829199ab4f023e62
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/pragmatic/c_d25464ae840baf966d3d1019c718c0fc.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:28 GMT
content-type: image/avif
content-length: 6364
cache-control: public, max-age=31536000
content-disposition: inline; filename="c_d25464ae840baf966d3d1019c718c0fc.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjYyOGUyMTVlLTRiYWM1Ig"
x-request-id: TlNWZ38pE9uIHD6irnmEj
cf-cache-status: HIT
age: 76639
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SoZby4Yc0eJY3YytvTEJbbeYkFzxiq4sf3AHwBhBKtnSRClSLzp2lT%2B1JKJV8h1mkVEVOEahNR2kwZAa2Wfs%2BHN9bUNa5d54vCepIXMBWRH15577DTq4jolgSoloq8TZh%2BeNDIfDMKA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab104fd02569a-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/fundist/aaf2d443-c77f-48d2-b319-c986f21359b9.png@png | 188.114.96.1 | 200 OK | 88 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/fundist/aaf2d443-c77f-48d2-b319-c986f21359b9.png@png IP188.114.96.1:443
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typePNG image data, 415 x 310, 8-bit colormap, non-interlaced Hash2a627dce574cd03ec51827125160e8f3 89626b5b93bf6dc13ecf42c8d7eb2ee162fb8e5a e0e651b46f26db530780471a57fe8d2244d887904e18637781f772ebd1dc9bfd
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/fundist/aaf2d443-c77f-48d2-b319-c986f21359b9.png@png HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:28 GMT
content-type: image/png
content-length: 83991
cache-control: public, max-age=31536000
content-disposition: inline; filename="aaf2d443-c77f-48d2-b319-c986f21359b9.png"
content-security-policy: script-src 'none'
etag: "YivgRLogmnYHS1cXPJjS1dpZXN4A7BZ3bWbLSqbfqjQ/RIjY0MDljNTQ5LTRmZWNiIg"
x-request-id: upRdJY8tyJvaJWAJmZuZ5
cf-cache-status: HIT
age: 80304
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KrAKvftwHfM7rpcv9LcbWRstaDjfcYvr%2B7AkdUeVXzkOtis%2BrbHj0A5zNUSG7H33xQEOa8hYigZXPjPRFoW5oHCBB5r%2B705M4cmxfZfYNGfzK2HJ6hUAPk5dFbKZClp42osHmT%2FVESk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab1046bda569a-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/cf957920-b419-48fc-9770-c04187b3098d.jpg@avif | 188.114.96.1 | 200 OK | 8.2 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/cf957920-b419-48fc-9770-c04187b3098d.jpg@avif IP188.114.96.1:443
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hash4690a4b61d201902c45336db8106dff9 939591a5793aa03ab3071614e332b2b9d25e4c27 26f706b40a0dfebff8f896074f248c0dd60d2ce1372c3d23bf8bc14c862fe976
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/cf957920-b419-48fc-9770-c04187b3098d.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:28 GMT
content-type: image/avif
content-length: 8152
cache-control: public, max-age=31536000
content-disposition: inline; filename="cf957920-b419-48fc-9770-c04187b3098d.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY0MzY5ODg1LTFmOWIzIg"
x-request-id: CuQxJIWN1LOaM0eYxzpAe
cf-cache-status: HIT
age: 75850
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wSY0rz5XXTu64s6Evwde1xs2u92wM11ilbwsGlx7ig4hLV9sT60JrkwVOrh1S2i3cmN1qGm2rFjgZEYp24JAB6kk7YddzpKsk%2FxXqeVMWqaxTlgbO5uvO1SVSX%2F70rrpAfe6UxJUJZI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab104ecfb569a-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/platipus.dd3b50ce6.svg | 154.197.121.128 | 200 OK | 2.1 kB |
URL GET HTTP/21win-cdn.com/img/platipus.dd3b50ce6.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hash3e9071b198355e0906d1e4141c433b79 999a8ed4d6b92b12af9bc29c8068d657004ea03e 57a910c342fd9234569dc0e2f1669be3b52b0fc43e4d414b62197266a24ed8b1
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/platipus.dd3b50ce6.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:28 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-e84"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5713
expires: Wed, 08 May 2024 20:05:28 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab102092b712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/slotmill.c42ddd447.svg | 154.197.121.128 | 200 OK | 6.3 kB |
URL GET HTTP/21win-cdn.com/img/slotmill.c42ddd447.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hash20d5fe73d4924ef0e00e5860d0b46a73 8a8c1cd4c968ff84cdd0e12eb0a7a3545a14eec3 cd111b46fe7990f98f217bd6fa5d4da1df8b5b603ec41c454a595932a337e4db
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/slotmill.c42ddd447.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:28 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-3313"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5623
expires: Wed, 08 May 2024 20:05:28 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab102aa63712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| region1.analytics.google.com/g/collect?v=2&tid=G-548949LWLW>m=45je4510v894728184z8894400803za200&_p=1715184325949&_gaz=1&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=935859607.1715184329&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&_s=1&dp=%2F&sid=1715184328&sct=1&seg=0&dl=https%3A%2F%2F1wxei.com%2F&dt=1win&en=page_view&_fv=1&_nsi=1&_ss=1&ep.page_url=https%3A%2F%2F1wxei.com%2F&up.UserID=&up.platform_language=en&up.device_type=desktop&up.platform=web&up.os=other&tfd=5789 | 216.239.32.36 | 204 No Content | 0 B |
URL POST HTTP/2region1.analytics.google.com/g/collect?v=2&tid=G-548949LWLW>m=45je4510v894728184z8894400803za200&_p=1715184325949&_gaz=1&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=935859607.1715184329&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&_s=1&dp=%2F&sid=1715184328&sct=1&seg=0&dl=https%3A%2F%2F1wxei.com%2F&dt=1win&en=page_view&_fv=1&_nsi=1&_ss=1&ep.page_url=https%3A%2F%2F1wxei.com%2F&up.UserID=&up.platform_language=en&up.device_type=desktop&up.platform=web&up.os=other&tfd=5789 IP216.239.32.36:443
CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-548949LWLW>m=45je4510v894728184z8894400803za200&_p=1715184325949&_gaz=1&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=935859607.1715184329&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&_s=1&dp=%2F&sid=1715184328&sct=1&seg=0&dl=https%3A%2F%2F1wxei.com%2F&dt=1win&en=page_view&_fv=1&_nsi=1&_ss=1&ep.page_url=https%3A%2F%2F1wxei.com%2F&up.UserID=&up.platform_language=en&up.device_type=desktop&up.platform=web&up.os=other&tfd=5789 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1wxei.com
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: https://1wxei.com
date: Wed, 08 May 2024 16:05:29 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/playbro.9ed310f23.svg | 154.197.121.128 | 200 OK | 13 kB |
URL GET HTTP/21win-cdn.com/img/playbro.9ed310f23.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hash00bdbe7f1153397857691fd7a217dd3a 85e39b48dc9480d6aa0a0056bb4d4e4e9cb50d94 a72532b6d87a2991596260f0bfc7e3d4ef9e516424eac95e86c441f86b6319d2
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/playbro.9ed310f23.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:28 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-12e7"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5623
expires: Wed, 08 May 2024 20:05:28 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab1020940712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/nolimit%20city.5b7440267.svg | 154.197.121.128 | 200 OK | 9.5 kB |
URL GET HTTP/21win-cdn.com/img/nolimit%20city.5b7440267.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hash188d753464feb127bfe3fc021a3fdc46 fcf1002669b246d50f3eb7ec3fde820a9e20eaae ea6b1b0c71e266d740c476edbe35bf6e56e9c8ecf2e80fba822d09fbdd1e5cd0
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/nolimit%20city.5b7440267.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:27 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-693"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5754
expires: Wed, 08 May 2024 20:05:27 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab101b8b6712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/red%20tiger.157f419e2.svg | 154.197.121.128 | 200 OK | 16 kB |
URL GET HTTP/21win-cdn.com/img/red%20tiger.157f419e2.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hash97986091e7e683458adb0e3d6fb8c740 627dde4dc5825f918dec912eff1acdbee1164631 9058d6d5176dd8b466e6dbdd256c19493f2e663cc17417ee0555fcc9d3ac4645
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/red%20tiger.157f419e2.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:28 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-3990"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 7024
expires: Wed, 08 May 2024 20:05:28 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab102298c712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/netent.95417a961.svg | 154.197.121.128 | 200 OK | 411 B |
URL GET HTTP/21win-cdn.com/img/netent.95417a961.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash2d03397e9bbe65a3ef67997397e022e9 fb0b1910223c4d535ea354aab603f5c7dd510f9b 910725778b07399cfa75db8e0dbc96ed8d81afe272664135740a54d5ac805d8d
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/netent.95417a961.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:27 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-3f7"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 3050
expires: Wed, 08 May 2024 20:05:27 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab101b8a5712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/quickspin.d9067a98a.svg | 154.197.121.128 | 200 OK | 9.0 kB |
URL GET HTTP/21win-cdn.com/img/quickspin.d9067a98a.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hashc8705646789afd75a464361489360704 65108f970d8bbe78d11e2bf1d5954e44602059c2 854c08caa0afafa3c3e1b0a490bcdec9bd75df0233e639e3c13bcc8e8d299dd4
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/quickspin.d9067a98a.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:28 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-954"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6123
expires: Wed, 08 May 2024 20:05:28 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab102296a712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/oryx.ddc50c514.svg | 154.197.121.128 | 200 OK | 49 kB |
URL GET HTTP/21win-cdn.com/img/oryx.ddc50c514.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hash3dedc514b14f95ea18c1058f8b862e97 bcd6eb7c75077878eccfc129b59ced2a1ce59d2b b1b1640250c7d8ceabe6142d6cbab229c48fe914e89a54215f38fc35f5e30d58
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/oryx.ddc50c514.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:28 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-557"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5622
expires: Wed, 08 May 2024 20:05:27 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab101e909712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/bonus_hover_1.eb9b2d69a-1320.webp | 154.197.121.128 | 200 OK | 48 kB |
URL GET HTTP/21win-cdn.com/img/bonus_hover_1.eb9b2d69a-1320.webp IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 1320x427, Scaling: [none]x[none], YUV color, decoders should clamp Hash5495ba7e07dc7a05a6008b8585bca92b f8dadc060dcf17862805f72d7815c9b9b119375e 570d0b7b7b49c540125d6b4636dcd2284e0c18a2c015ea56035b21ae91e400c7
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/bonus_hover_1.eb9b2d69a-1320.webp HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:45 GMT
content-type: image/webp
content-length: 47816
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: "663b6aff-bac8"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 2391
expires: Wed, 08 May 2024 20:05:45 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab171cb1a712a-OSL
X-Firefox-Spdy: h2
|
|
| services.addons.mozilla.org/api/v4/addons/search/?guid=default-theme%40mozilla.org%2Caddons-search-detection%40mozilla.com%2Cgoogle%40search.mozilla.org%2Cwikipedia%40search.mozilla.org%2Cbing%40search.mozilla.org%2Cddg%40search.mozilla.org%2Cfirefox-compact-light%40mozilla.org%2Cfirefox-compact-dark%40mozilla.org%2Cfirefox-alpenglow%40mozilla.org%2Camazon%40search.mozilla.org&lang=en-US | 54.230.111.124 | | 82 B |
URL services.addons.mozilla.org/api/v4/addons/search/?guid=default-theme%40mozilla.org%2Caddons-search-detection%40mozilla.com%2Cgoogle%40search.mozilla.org%2Cwikipedia%40search.mozilla.org%2Cbing%40search.mozilla.org%2Cddg%40search.mozilla.org%2Cfirefox-compact-light%40mozilla.org%2Cfirefox-compact-dark%40mozilla.org%2Cfirefox-alpenglow%40mozilla.org%2Camazon%40search.mozilla.org&lang=en-US IP54.230.111.124:0
Hash4f822d39c269d2c47e3174b6c6bad3b7 d56bd07959c766e9c18faa9cf1070548f9236b65 cda00e555c758b1c13b6cbd17049ca8471057d16c60f08f551dbc331308eecf3
GET /api/v4/addons/search/?guid=default-theme%40mozilla.org%2Caddons-search-detection%40mozilla.com%2Cgoogle%40search.mozilla.org%2Cwikipedia%40search.mozilla.org%2Cbing%40search.mozilla.org%2Cddg%40search.mozilla.org%2Cfirefox-compact-light%40mozilla.org%2Cfirefox-compact-dark%40mozilla.org%2Cfirefox-alpenglow%40mozilla.org%2Camazon%40search.mozilla.org&lang=en-US HTTP/1.1
Host: services.addons.mozilla.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/json
content-length: 82
server: openresty
date: Wed, 08 May 2024 15:12:59 GMT
allow: GET, HEAD, OPTIONS
x-amo-request-id: c7e86b2992e34056827e034f435b97b1
content-security-policy: media-src https://videos.cdn.mozilla.net; child-src https://www.recaptcha.net/recaptcha/; object-src 'none'; font-src 'self' https://addons.mozilla.org/static-server/; style-src 'unsafe-inline' https://addons.mozilla.org/static-server/; script-src https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/js https://www.recaptcha.net/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://addons.mozilla.org/static-server/; img-src 'self' blob: data: https://addons.mozilla.org/static-server/ https://addons.mozilla.org/user-media/; form-action 'self'; default-src 'none'; frame-src https://www.recaptcha.net/recaptcha/; connect-src 'self' https://*.google-analytics.com; report-uri /__cspreport__
x-frame-options: DENY
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: same-origin
cross-origin-opener-policy: same-origin
cache-control: max-age=3600
public-key-pins: max-age=5184000; includeSubDomains; pin-sha256="WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18="; pin-sha256="r/mIkG3eEpVdm+u/ko/cwxzOMo1bk4TyHIlByibiA5E="
via: 1.1 google, 1.1 4c07121ca6e32bcda85cc9091b92050e.cloudfront.net (CloudFront)
etag: "4f822d39c269d2c47e3174b6c6bad3b7"
vary: origin,X-Country-Code,Accept-Language
x-cache: Hit from cloudfront
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: icsMnppbsZGb_SsT48obaicHZblV3fSb-UfivuwN2jR53a9hNnijpg==
age: 3171
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/onetouch.b026a50c5.svg | 154.197.121.128 | 200 OK | 1.1 kB |
URL GET HTTP/21win-cdn.com/img/onetouch.b026a50c5.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hash13e927418e2ace53b4dfe61b481c61bb 63c7b26a8f48abbe5f4e0f400a2c563c0c0fb342 991eefd500593643efa6bafb3cfc778aa0fb0545e0301b351dbbcdade44b802b
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/onetouch.b026a50c5.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:27 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-95a"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5622
expires: Wed, 08 May 2024 20:05:27 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab101e8f7712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| region1.analytics.google.com/g/collect?v=2&tid=G-548949LWLW>m=45je4510v894728184z8894400803za200&_p=1715184325949&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=935859607.1715184329&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&_s=3&dp=%2F&sid=1715184328&sct=1&seg=0&dl=https%3A%2F%2F1wxei.com%2F&dt=1win&en=slider_banner_view&ep.page_url=https%3A%2F%2F1wxei.com%2F&ep.device_type=desktop&ep.platform=web&ep.os=other&ep.domain=1wxei.com&tfd=28078 | 216.239.32.36 | | 0 B |
URL region1.analytics.google.com/g/collect?v=2&tid=G-548949LWLW>m=45je4510v894728184z8894400803za200&_p=1715184325949&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=935859607.1715184329&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&_s=3&dp=%2F&sid=1715184328&sct=1&seg=0&dl=https%3A%2F%2F1wxei.com%2F&dt=1win&en=slider_banner_view&ep.page_url=https%3A%2F%2F1wxei.com%2F&ep.device_type=desktop&ep.platform=web&ep.os=other&ep.domain=1wxei.com&tfd=28078 IP216.239.32.36:0
CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-548949LWLW>m=45je4510v894728184z8894400803za200&_p=1715184325949&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=935859607.1715184329&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&_s=3&dp=%2F&sid=1715184328&sct=1&seg=0&dl=https%3A%2F%2F1wxei.com%2F&dt=1win&en=slider_banner_view&ep.page_url=https%3A%2F%2F1wxei.com%2F&ep.device_type=desktop&ep.platform=web&ep.os=other&ep.domain=1wxei.com&tfd=28078 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1wxei.com
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/3 204 No Content
access-control-allow-origin: https://1wxei.com
date: Wed, 08 May 2024 16:05:51 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| static-adm.1win-cdn.com/banner-files/rfxwTrFuErqIl7deps1GMl2_3P3hUMQ9ZQ6j0SjNGb4z3btiNIHOLzPcQ9VHcIZJAhrLgY5FBKI4NnumZAPbeN6GQ1YgUWEpkLM2.png | 172.67.181.254 | | 343 kB |
URL static-adm.1win-cdn.com/banner-files/rfxwTrFuErqIl7deps1GMl2_3P3hUMQ9ZQ6j0SjNGb4z3btiNIHOLzPcQ9VHcIZJAhrLgY5FBKI4NnumZAPbeN6GQ1YgUWEpkLM2.png IP172.67.181.254:0
File typePNG image data, 1508 x 484, 8-bit/color RGBA, non-interlaced Size343 kB (342614 bytes) Hash0fb32faf4a0bab08c2c43bc2b8fdc7d3 8d602f523f52894cb61ca15a6cee68a338c5b2df 27edfbfd0e130fbd615b00c70e3622a291ff52aa7cd208cd07b67890657023e5
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /banner-files/rfxwTrFuErqIl7deps1GMl2_3P3hUMQ9ZQ6j0SjNGb4z3btiNIHOLzPcQ9VHcIZJAhrLgY5FBKI4NnumZAPbeN6GQ1YgUWEpkLM2.png HTTP/1.1
Host: static-adm.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:54 GMT
content-type: image/png
content-length: 342614
last-modified: Tue, 13 Feb 2024 22:31:52 GMT
etag: "65cbedd8-53a56"
cache-control: max-age=14400
cf-cache-status: HIT
age: 4646
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=u27q8qsNCq%2Bq%2B7OCLU4bHGgAaHSB3JsYIQ8EpKrNOhjXL%2Bd2kUS6M1hsbE3gDUEZS13HtCqFVcILe9rlc65Hj7wo7v92tKyrQ5A8JLSdpxCq9NwvQifNTXsIk2TMGcmUPozaiouBWp809g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab1a75a8e56b5-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| static-adm.1win-cdn.com/banner-files/46gFMSTQIPqJxLalK5SGf1Qu3vBY1sRPesH8oR3qqpg9WVTmHGsLr4EVG50m6vA-Yhk3QAH7z8q80aD30ApLYjvPhvJBl8FvX1ER.png | 172.67.181.254 | | 688 kB |
URL static-adm.1win-cdn.com/banner-files/46gFMSTQIPqJxLalK5SGf1Qu3vBY1sRPesH8oR3qqpg9WVTmHGsLr4EVG50m6vA-Yhk3QAH7z8q80aD30ApLYjvPhvJBl8FvX1ER.png IP172.67.181.254:0
File typePNG image data, 1508 x 484, 8-bit/color RGB, non-interlaced Size688 kB (687886 bytes) Hash77ba95ad8ddaa7f3daa66a219bb6cfa2 ec691214380c50d53169cf50a5df33224ddfea98 6ead41def293f3004e67e4101523c17c691a41b7b42fbdf58dfb1687101628bd
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /banner-files/46gFMSTQIPqJxLalK5SGf1Qu3vBY1sRPesH8oR3qqpg9WVTmHGsLr4EVG50m6vA-Yhk3QAH7z8q80aD30ApLYjvPhvJBl8FvX1ER.png HTTP/1.1
Host: static-adm.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:54 GMT
content-type: image/png
content-length: 687886
last-modified: Tue, 13 Feb 2024 22:30:34 GMT
etag: "65cbed8a-a7f0e"
cache-control: max-age=14400
cf-cache-status: HIT
age: 4646
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FJWcqLfaKeAJtZgxXFCKzHx7uzzuH5cmYZ%2BT1pCFPh0kLXE3DTeeoSYhCAcyHxJUY8gUEBlML4azsv4Q5S3j%2FyQFQCdjgteJKpsAx1A9jej%2BR%2FUftcnKYnbExrzvUkDSKVSBXd6r%2FypZfg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab1a74a8356b5-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/pragmatic/2189ff93-376e-4fb5-bcd2-30ed6afb4cbb.png@avif | 188.114.96.1 | 200 OK | 6.0 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/pragmatic/2189ff93-376e-4fb5-bcd2-30ed6afb4cbb.png@avif IP188.114.96.1:443
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hash45ccd50f5dfaf7808c6795422417f214 38499698cec05af36aa2bc0e390952e400486003 50255b7836fb64aa3258a941253e4a85e7d77d42a4dd8b8129955c20945d7ebc
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/pragmatic/2189ff93-376e-4fb5-bcd2-30ed6afb4cbb.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:28 GMT
content-type: image/avif
content-length: 5951
cache-control: public, max-age=31536000
content-disposition: inline; filename="2189ff93-376e-4fb5-bcd2-30ed6afb4cbb.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY2MTdiYTBhLTYyM2ZiIg"
x-request-id: vlwtQiswla1uj5KnUB_aU
cf-cache-status: HIT
age: 70743
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BZ5Q9amNpE7DYn7Ff6WTgprqgfprdMRqsytdbjr2ffAoxZJLXYmNtiwL5mgtkfYIAc7JJQS40UbIi%2BoMOBUxjmMRodXroPOKD94ypDSCZQQhlONiQiDZUhUNR%2FG0%2BGEzJ2b%2FPXMtkh8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab104ecea569a-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/54591.6225c61c0.js | 154.197.121.128 | 200 OK | 8.4 kB |
URL GET HTTP/21win-cdn.com/js/54591.6225c61c0.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeASCII text, with very long lines (8698), with no line terminators Hash41e975f16f531883d5f266775d139f88 a2ac8d31191bc2a25f164475aee38ff975a15770 d145c232509fd3e58a93c5493202d4dfbf825abe18935a455dfcaacab663a85c
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/54591.6225c61c0.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:26 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 06 May 2024 12:32:27 GMT
etag: W/"6638cddb-2100"
expires: Sat, 06 May 2034 16:05:26 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 184721
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab0f5fe4f712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/spinomenal/816dc231-c8b7-4ffb-bae9-d78caff7e923.jpg@avif | 188.114.96.1 | 200 OK | 7.4 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/spinomenal/816dc231-c8b7-4ffb-bae9-d78caff7e923.jpg@avif IP188.114.96.1:443
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hash7d78a951d170034c2ce027bf5ea6c69f 56ffbce11b718eceeb70ad7ac12f28f44f3c8b93 8edab6a41bf81d3abcef43bc57b4c446cd3c493af6eb231409f7b0ecaaf56dfd
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/spinomenal/816dc231-c8b7-4ffb-bae9-d78caff7e923.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:28 GMT
content-type: image/avif
content-length: 7441
cache-control: public, max-age=31536000
content-disposition: inline; filename="816dc231-c8b7-4ffb-bae9-d78caff7e923.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1YjNhOTQ4LTI4YTY3Ig"
x-request-id: DqTBFz-huGT-LFs2ZsACa
cf-cache-status: HIT
age: 70743
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AKHLp6HPEAlGvYV3Tih3h1mEdgVSLWKMPtJxJtyp9kba%2FLSaJEcdUZPdL31q%2F1ljDAge3GaoP%2BWurnvhAIbeb2cj%2FY66rY6u0IfrKtR%2BGDUALcYl%2BGUhyqRTnhmYsf091%2Bcb4%2ByrRtg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab103ca9b569a-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/css/index.fd224ee8e.css | 154.197.121.128 | 200 OK | 6.2 kB |
URL GET HTTP/21win-cdn.com/css/index.fd224ee8e.css IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeASCII text, with very long lines (6186), with no line terminators Hashc218042c31114bc4c7a311d8b19cb43e c6e84556a091c219daf13d98091e46a6623b7b5d d9600b9cedc5ef763fc5d021974dede1a25f1449d2b42d496044932ed716edf5
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /css/index.fd224ee8e.css HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:23 GMT
content-type: text/css
last-modified: Thu, 04 Apr 2024 11:31:45 GMT
etag: W/"660e8fa1-1823"
expires: Sat, 06 May 2034 16:05:23 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 689558
set-cookie: __cf_bm=l4zcz5lQFFETEcrIXMleXAu932JjTKra3jjGKSc9y1Q-1715184323-1.0.1.1-WMub8JNDz3a3.ydei0xqqK.Uw4_ePMwVIwWrsWMHT3LTjgYQM8C9dH5KN7ruSoSa99Pe2XLSI6tYC1jThWifkg; path=/; expires=Wed, 08-May-24 16:35:23 GMT; domain=.1win-cdn.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab0e6af98712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/flags/en.svg | 154.197.121.128 | 200 OK | 2.2 kB |
URL GET HTTP/21win-cdn.com/img/flags/en.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash79e4258317717cae7d54221d403e28d4 85a14a9c6aa03cf4c9ec9e942a06e5987cb61d0a 0b0d98ecb898886bc24f0a6859a7a76034f960374c9914370e69d3ac7467a697
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/flags/en.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:26 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-8ae"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 2391
expires: Wed, 08 May 2024 20:05:26 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab0f72fe6712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/boldplay.70a46bd71.svg | 154.197.121.128 | 200 OK | 4.7 kB |
URL GET HTTP/21win-cdn.com/img/boldplay.70a46bd71.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hashb9145dace81bbcbef7d60609e72c9c63 c182aef9dae96fe22563e38cf8ad0bd5cfb9f588 8efe8d59068c4a443da7fca222bf01d3a94a01db7c7ace4463c434ff0aa93235
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/boldplay.70a46bd71.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:27 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-123c"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5622
expires: Wed, 08 May 2024 20:05:27 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab1009ec6712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/cyberslots.988fdd12e.svg | 154.197.121.128 | 200 OK | 2.3 kB |
URL GET HTTP/21win-cdn.com/img/cyberslots.988fdd12e.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hashaeeace00abaabb5ae6a47e900873f09b d6e4385ea3efcfbfba30b6f0a58ea08ec9a11a95 0c1fdd20cf809c07733b67a12eb0f3cdc88a57ebcbb2ba293a717b4b9b3865ab
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/cyberslots.988fdd12e.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:27 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-901"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5622
expires: Wed, 08 May 2024 20:05:27 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab100ef23712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/games%20inc.64fb099a0.svg | 154.197.121.128 | 200 OK | 695 B |
URL GET HTTP/21win-cdn.com/img/games%20inc.64fb099a0.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash3d90ca2a78e19006ff1926510ed316d4 0becc591fcf773fa9e56396884dfd0f963a46e73 e7d7da9c1e3909de31009cba4f854e960403196039b489c7e42d4d6ad3acec0c
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/games%20inc.64fb099a0.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:27 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-2b7"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5622
expires: Wed, 08 May 2024 20:05:27 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab1015fbb712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/desktop.b9c515d35.js | 154.197.121.128 | 200 OK | 136 kB |
URL GET HTTP/21win-cdn.com/js/desktop.b9c515d35.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size136 kB (136401 bytes) Hashd7a9ad8bd4dcb4009607dc52a7e3f3d9 3b3035ec2737cd847dc6b3805a0b192f387ffb7a 67526207ef6c971e8c9df978a52cd85959aecc4a66f3e6400fb1b0afc669f9f3
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/desktop.b9c515d35.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:24 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-214d1"
expires: Sat, 06 May 2034 16:05:24 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 13657
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab0e91baf712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| www.googletagmanager.com/gtag/js?id=G-548949LWLW&l=dataLayer&cx=c | 142.250.74.168 | 200 OK | 263 kB |
URL GET HTTP/3www.googletagmanager.com/gtag/js?id=G-548949LWLW&l=dataLayer&cx=c IP142.250.74.168:443
CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT
File typeJavaScript source, ASCII text, with very long lines (5955) Size263 kB (262567 bytes) Hashcd05f5fbe74558a82bc25a73e493d500 1134a16b09685a06bab388443ab6fe6a76c0414e 3abc736cde79f9ced9a54fea9bc18cb52bbbc42b1f73b977405475390db20abe
GET /gtag/js?id=G-548949LWLW&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 08 May 2024 16:05:27 GMT
expires: Wed, 08 May 2024 16:05:27 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 91538
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| 1win-cdn.com/js/icons-pack-casino.fd47961dc.js | 154.197.121.128 | 200 OK | 91 kB |
URL GET HTTP/21win-cdn.com/js/icons-pack-casino.fd47961dc.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Hashcaf103b3719cd36e18dd18439deac2fe b2e498d23c374abbc8ccd46f2ca03cb2bb2f41a3 4b280d2612a827e6604aef233c91cfd79b359a47065c728a350d0646c5c8a68c
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/icons-pack-casino.fd47961dc.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:27 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-164f9"
expires: Sat, 06 May 2034 16:05:27 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 686252
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab0ff5cdc712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/4theplayer.f89265cdd.svg | 154.197.121.128 | 200 OK | 4.2 kB |
URL GET HTTP/21win-cdn.com/img/4theplayer.f89265cdd.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash5cb7cf2507e642be8dd905487dc5ab67 68ad93bac5948542dade50964d8384eb9bff3573 f5bc2b7e50f7ecad4b80ce6102973c2cba12fdbd502b64505788c6f82ba08b66
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/4theplayer.f89265cdd.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:27 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-1067"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5622
expires: Wed, 08 May 2024 20:05:27 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab0ff9d35712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/softswiss/cf957920-b419-48fc-9770-c04187b3098d.jpg@png |  0.0.0.0 | | 0 B |
URL GET imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/softswiss/cf957920-b419-48fc-9770-c04187b3098d.jpg@png IP0.0.0.0:0
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/softswiss/cf957920-b419-48fc-9770-c04187b3098d.jpg@png HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
|
|
| 1win-cdn.com/js/62692.9dadb7398.js | 154.197.121.128 | 200 OK | 847 B |
URL GET HTTP/21win-cdn.com/js/62692.9dadb7398.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (881), with no line terminators Hash2396c8bca3aec16d12512850881beeaa f5e1ff1163ce9250fb0aae5e5ae0f7b53fa92bf1 dec438624d1ac734c43c52b607f839c13cef99ab7bd4f172d32c97e81630ff18
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/62692.9dadb7398.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:26 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-34f"
expires: Sat, 06 May 2034 16:05:26 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 689160
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab0f6cf6c712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/1spin4win.bb21057a4.svg | 154.197.121.128 | 200 OK | 1.2 kB |
URL GET HTTP/21win-cdn.com/img/1spin4win.bb21057a4.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hashc7e582dcd4acb7d74e4065abbe28183e d04183d1e1dc6665f54a667c7977b6c6a3672791 671ef5f707012d29c043164d157ca7028d371107dca629046657198f1f0173c8
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/1spin4win.bb21057a4.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:27 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-4da"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5622
expires: Wed, 08 May 2024 20:05:27 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab0ff8d25712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/electric%20elephant%20.dd56c804d.svg | 154.197.121.128 | 200 OK | 5.2 kB |
URL GET HTTP/21win-cdn.com/img/electric%20elephant%20.dd56c804d.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hashee4b076249d3d52c42ca2f59e03cae25 d072a4002835fbd0279757a42bed97a398e7adf7 9eeb2fb4664558d20a84cd82fb347d73ef91975eb4a5c5ee274b16f3ebd9c495
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/electric%20elephant%20.dd56c804d.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:27 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-143b"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5622
expires: Wed, 08 May 2024 20:05:27 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab1012f7f712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/mancala%20gaming.441ae5f23.svg | 154.197.121.128 | 200 OK | 3.2 kB |
URL GET HTTP/21win-cdn.com/img/mancala%20gaming.441ae5f23.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hashfecafa12f578f5ced554ed31aba5c852 7e1f6f044c0508f11d1c5a58a41c3d1423bd7069 77c790b43104ff72a4363c886ef16e2716f2de4bd9b8a870b1228aec39924fe7
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/mancala%20gaming.441ae5f23.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:27 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-c90"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5754
expires: Wed, 08 May 2024 20:05:27 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab101a891712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| region1.analytics.google.com/g/collect?v=2&tid=G-548949LWLW>m=45je4510v894728184z8894400803za200&_p=1715184325949&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=935859607.1715184329&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&_s=2&dp=%2F&sid=1715184328&sct=1&seg=0&dl=https%3A%2F%2F1wxei.com%2F&dt=1win&en=slider_banner_view&ep.page_url=https%3A%2F%2F1wxei.com%2F&ep.device_type=desktop&ep.platform=web&ep.os=other&ep.domain=1wxei.com&tfd=11671 | 216.239.32.36 | 204 No Content | 0 B |
URL POST HTTP/3region1.analytics.google.com/g/collect?v=2&tid=G-548949LWLW>m=45je4510v894728184z8894400803za200&_p=1715184325949&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=935859607.1715184329&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&_s=2&dp=%2F&sid=1715184328&sct=1&seg=0&dl=https%3A%2F%2F1wxei.com%2F&dt=1win&en=slider_banner_view&ep.page_url=https%3A%2F%2F1wxei.com%2F&ep.device_type=desktop&ep.platform=web&ep.os=other&ep.domain=1wxei.com&tfd=11671 IP216.239.32.36:443
CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-548949LWLW>m=45je4510v894728184z8894400803za200&_p=1715184325949&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=935859607.1715184329&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&_s=2&dp=%2F&sid=1715184328&sct=1&seg=0&dl=https%3A%2F%2F1wxei.com%2F&dt=1win&en=slider_banner_view&ep.page_url=https%3A%2F%2F1wxei.com%2F&ep.device_type=desktop&ep.platform=web&ep.os=other&ep.domain=1wxei.com&tfd=11671 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1wxei.com
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/3 204 No Content
access-control-allow-origin: https://1wxei.com
date: Wed, 08 May 2024 16:05:35 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| 1win-cdn.com/img/sprite-roulette@2.255074856-256.webp | 154.197.121.128 | 200 OK | 720 kB |
URL GET HTTP/21win-cdn.com/img/sprite-roulette@2.255074856-256.webp IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeRIFF (little-endian) data, Web/P image Size720 kB (719644 bytes) Hash344d71695bd0f387fedd84fba6ace2c1 1d37e2d66ab1098072febc0a0dc3769d44090048 7775854f4b641fa2c9f954c79de9d4bd51ffea8b9bc74d8e01768718cc438003
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/sprite-roulette@2.255074856-256.webp HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:26 GMT
content-type: image/webp
content-length: 719644
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: "663b6aff-afb1c"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 2391
expires: Wed, 08 May 2024 20:05:26 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab0f93b65712a-OSL
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/banner_desktop_main_1x/plain/https://1win-cdn.com/img/bonus.8be9e8f98-362.png@avif | 188.114.96.1 | 200 OK | 5.3 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/banner_desktop_main_1x/plain/https://1win-cdn.com/img/bonus.8be9e8f98-362.png@avif IP188.114.96.1:443
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hash2644fa31ed595bed0cb922c0c7539272 de9318bf140b0f2ea79f367170734ff434917747 8b139975393524fcf487dbb870a640733d99cfb4352c679c7449baf2ca2babcd
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/banner_desktop_main_1x/plain/https://1win-cdn.com/img/bonus.8be9e8f98-362.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:27 GMT
content-type: image/avif
content-length: 5298
cache-control: public, max-age=31536000
content-disposition: inline; filename="bonus.8be9e8f98-362.avif"
content-security-policy: script-src 'none'
etag: "afr-jhlkuoDx_XrwjiuFbkzj6HdVsjvDmAeQvV8BbYs/RIjY2M2E3M2ZkLWMyMGQi"
x-request-id: v5wdVxYsdwRtTcnLkfg-j
cf-cache-status: HIT
age: 70742
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Zl0CbNjs%2B7cXwJhNiGDfZU9EHtvqGdBycT5h5AZX%2FKmudM0Hd3yG8kj8EAYFn4dLfp2o6%2Be5HDzfiPAduXswXznnl2Csmnk2CZ94Z%2Fr4EWkeYxDuBxv60qApU8J12303wmg%2BKC81QJ4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab0fbde0b569a-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/gamzix.c753c377b.svg | 154.197.121.128 | 200 OK | 3.9 kB |
URL GET HTTP/21win-cdn.com/img/gamzix.c753c377b.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hashc9bdfac4b8a9fec4171e1e4eaada52d9 e0ecf83a680f3cb4750ca30306d444bf25e8a890 a9f4f158614d42eb732421ef41983f0cbfe1f29e95101bd315d0b3d238f1d21d
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/gamzix.c753c377b.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:27 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-f3b"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 2391
expires: Wed, 08 May 2024 20:05:27 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab101680a712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/caleta.b1dc71f69.svg | 154.197.121.128 | 200 OK | 1.3 kB |
URL GET HTTP/21win-cdn.com/img/caleta.b1dc71f69.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hashbbba19a0f7e2c3b02a8ca7d7c833eb63 5dd340d9cc4c395174865b155829f3054fb29275 96061a9a0bc3a990d16e91b8c52ca6436dfde7223b3e9741bee8a772f4559ccd
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/caleta.b1dc71f69.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:27 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-518"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 7024
expires: Wed, 08 May 2024 20:05:27 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab100beeb712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/css/desktop.916d40f3f.css | 154.197.121.128 | 200 OK | 74 kB |
URL GET HTTP/21win-cdn.com/css/desktop.916d40f3f.css IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeASCII text, with very long lines (65536), with no line terminators Hash51c6f2c7a39234d9d61b540fd4da7f5c 019a5c21cdb9372330136e8bd5482b856b213842 65b38b11c54688030a8e2a3293fe595ceca56b8a053fe5ea7b099ac220480bb6
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /css/desktop.916d40f3f.css HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:23 GMT
content-type: text/css
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-121d6"
expires: Sat, 06 May 2034 16:05:23 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 13656
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab0e86ac8712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/32005.5701eb106.js | 154.197.121.128 | 200 OK | 9.3 kB |
URL GET HTTP/21win-cdn.com/js/32005.5701eb106.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typetroff or preprocessor input, Unicode text, UTF-8 text, with very long lines (9505), with no line terminators Hash4a79fbedaadd34c9dd7b5f01247cbe93 82fd41837bf0bbfeb081566a10661a0731dc3490 5fe762deb09b396f532a4ec03c23b0b25f616393dc7fd44ba7256065ee9d9e92
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/32005.5701eb106.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:26 GMT
content-type: application/javascript; charset=utf-8
last-modified: Tue, 07 May 2024 13:17:22 GMT
etag: W/"663a29e2-2428"
expires: Sat, 06 May 2034 16:05:26 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 96154
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab0f5ce26712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/8653.ed7806659.js | 154.197.121.128 | 200 OK | 952 B |
URL GET HTTP/21win-cdn.com/js/8653.ed7806659.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (994), with no line terminators Hash1a63c0338e50d3b4dfe4a7cea9098d20 3915a35a401582840fc4139f2a94260a8cc21c12 5876ed8be9f28ec2128149035402d973d5b243d80e470048018ec6df9c3d6439
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/8653.ed7806659.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:26 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-3b8"
expires: Sat, 06 May 2034 16:05:26 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 680667
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab0f86a29712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/bombay%20live.ab678ab94.svg | 154.197.121.128 | 200 OK | 1.5 kB |
URL GET HTTP/21win-cdn.com/img/bombay%20live.ab678ab94.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash291aed0c4eee33d7354cb7440283934c ed96adcc70c1f20adad6a9b7a4fa494c45a0d66e e74a67564e0b43deb9d4a6cf97c232567d7dc8111c457c32360d695c21692291
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/bombay%20live.ab678ab94.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:27 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-5b4"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5622
expires: Wed, 08 May 2024 20:05:27 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab100aed3712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/atp.e87cf2801.svg | 154.197.121.128 | 200 OK | 12 kB |
URL GET HTTP/21win-cdn.com/img/atp.e87cf2801.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash3fc6d0c6036c51b4dfe66e116e849214 86ce1aaadafc27a3777f00411012d449f3ae9637 8f671c058e48d1614f577f5acae1f1c27c7ce6af1cc2bcebb8cdacc1280f5207
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/atp.e87cf2801.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:27 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-2f1a"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5719
expires: Wed, 08 May 2024 20:05:27 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab0fc5fba712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/gamomat.593230062.svg | 154.197.121.128 | 200 OK | 643 B |
URL GET HTTP/21win-cdn.com/img/gamomat.593230062.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hashbfaa3d42e6ab264b9080e74f867e85de 5026f5b14a42af9eaaf3d09468fa27728287cdae 9911098f481a732b6e8ae3ff8ce922ae03f087eba0d8359f1ad1a23b8a71e630
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/gamomat.593230062.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:27 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-283"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5622
expires: Wed, 08 May 2024 20:05:27 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab1016803712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/habanero.92654c79c.svg | 154.197.121.128 | 200 OK | 3.6 kB |
URL GET HTTP/21win-cdn.com/img/habanero.92654c79c.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash9d25ca67fcccda561c314873654994a8 0e5592059d8c6114a25d0affd4af7e50e44d36af e43f0e0abd0ae12393dc2b91c459fdcf045669e63be099f9cb44cd37904bd761
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/habanero.92654c79c.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:27 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-de9"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6122
expires: Wed, 08 May 2024 20:05:27 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab1017839712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/mascot%20gaming.21cafbe70.svg | 154.197.121.128 | 200 OK | 5.2 kB |
URL GET HTTP/21win-cdn.com/img/mascot%20gaming.21cafbe70.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash692c90ac31385db12fe64a48ec01b77a e9249716fcbdc6e0b75b798d0f37ed6942a045da d0b041e1a396908bda558a5d224edb3cd80787d88910beb2fdb2dc4e5186045a
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/mascot%20gaming.21cafbe70.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:27 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-144f"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 8
expires: Wed, 08 May 2024 20:05:27 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab101a892712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/31310.c605a9b9f.js | 154.197.121.128 | 200 OK | 528 B |
URL GET HTTP/21win-cdn.com/js/31310.c605a9b9f.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (546), with no line terminators Hash819ea0d23f76434d7cf7bdad5c0dc71f 06f5a3c6cd80db3f5850633d2f868f55e7e92447 3fc29ff364ab40aadf6f25a1d6423b9d333cfecf786e3cfcc04175850357eedb
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/31310.c605a9b9f.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:26 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-210"
expires: Sat, 06 May 2034 16:05:26 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 689160
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab0f72fe4712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/cool%20games.019d15340.svg | 154.197.121.128 | 200 OK | 3.6 kB |
URL GET HTTP/21win-cdn.com/img/cool%20games.019d15340.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hashc3efa9849696becabebca718837f0827 96c9a9ae1bcc9e9b7ca05f52c14a1dc0cd986653 ee6d141e322862aa269184cbe47e86f7e8882b13966a905121857502eaa1a8fa
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/cool%20games.019d15340.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:27 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-e13"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5622
expires: Wed, 08 May 2024 20:05:27 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab100df14712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/fundist/6f680e79-feec-4211-9534-21a166c91202.jpg@png | 0.0.0.0 | | 0 B |
URL GET imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/fundist/6f680e79-feec-4211-9534-21a166c91202.jpg@png IP0.0.0.0:0
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/fundist/6f680e79-feec-4211-9534-21a166c91202.jpg@png HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
|
|
| 1wxei.com/firebase/8.1.1/firebase-messaging.js | 190.115.24.78 | 200 OK | 41 kB |
URL GET HTTP/21wxei.com/firebase/8.1.1/firebase-messaging.js IP190.115.24.78:443
CertificateIssuerLet's Encrypt Subject1wxei.com FingerprintCA:3F:CE:4F:5D:2D:36:0F:E0:57:FA:FD:DA:AD:4D:90:21:89:F1:42 ValidityWed, 08 May 2024 01:46:30 GMT - Tue, 06 Aug 2024 01:46:29 GMT
File typeJavaScript source, ASCII text, with very long lines (40719) Hash450e8b32262706d42cfdd438c49208f5 31c7e4aac1d1303c1e83a0b591abc3501e278668 58a372bb9d424111a2e73c427edb10db91c0f05e8f323f046d20f5cf8fd6f30f
GET /firebase/8.1.1/firebase-messaging.js HTTP/1.1
Host: 1wxei.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __ddg1_=5vrZ4YHNusaOFg33JmNC; visit_domain=1wxei.com; core-sticky=http://10.233.84.5:80; 1w_lang=en; 1w_locale=1; AMP_494cccfe21=JTdCJTIyZGV2aWNlSWQlMjIlM0ElMjJiMGUxZDlhOS05YzAxLTQ1MWEtYTkxNS00ZjZmZmExZDVjOGElMjIlMkMlMjJzZXNzaW9uSWQlMjIlM0ExNzE1MTg0MzI0MzIzJTJDJTIyb3B0T3V0JTIyJTNBZmFsc2UlMkMlMjJsYXN0RXZlbnRUaW1lJTIyJTNBMTcxNTE4NDMyNDM2NSUyQyUyMmxhc3RFdmVudElkJTIyJTNBMCU3RA==; AMP_MKTG_494cccfe21=JTdCJTdE
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: ddos-guard
date: Wed, 08 May 2024 03:51:15 GMT
content-type: application/javascript
last-modified: Tue, 07 May 2024 18:33:33 GMT
etag: W/"663a73fd-9f25"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: ALLOW-FROM ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan, ALLOW-FROM 1win-partner.com ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan
content-encoding: br
vary: Accept-Encoding
age: 44051
content-length: 10915
ddg-cache-status: HIT
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/1x2gaming.00302c7de.svg | 154.197.121.128 | 200 OK | 2.6 kB |
URL GET HTTP/21win-cdn.com/img/1x2gaming.00302c7de.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash113eb6d7137f5f70e8e824f5487e85bd 3d4d5852693e551b81b3d8106608e11bdb3a5080 72f4e464420bdd29f86767f770246a82e37d7d54e601f3f460fdcaf351339a0b
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/1x2gaming.00302c7de.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:27 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-9fb"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5622
expires: Wed, 08 May 2024 20:05:27 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab0ff9d2f712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/aviatrix.b5fd712c8.svg | 154.197.121.128 | 200 OK | 14 kB |
URL GET HTTP/21win-cdn.com/img/aviatrix.b5fd712c8.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hashc92109aa9c320cc21b175481d4219bac 624606f9179e2fe695a087e64df63ec4cedf912b 8892810b3c337925e0e2a61199d9fee94a589789225f916bc9aa6d0b6c76b438
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/aviatrix.b5fd712c8.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:27 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-34fe"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5574
expires: Wed, 08 May 2024 20:05:27 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab1004e61712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/sa%20gaming.396c34ca4.svg | 154.197.121.128 | 200 OK | 2.4 kB |
URL GET HTTP/21win-cdn.com/img/sa%20gaming.396c34ca4.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hasheec27b0a30619e016eae50d11f9a53b9 ff3da2add15102d508e5f361ba5fef6c01bafcc4 d980864e2bbbbf04843596ec55869200f0fb749ae5113b85b17d377bc8acbab8
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/sa%20gaming.396c34ca4.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:28 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-948"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5623
expires: Wed, 08 May 2024 20:05:28 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab1029a41712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/38209.ce0dbb534.js | 154.197.121.128 | 200 OK | 1.3 kB |
URL GET HTTP/21win-cdn.com/js/38209.ce0dbb534.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (1359), with no line terminators Hash8cac0a300131504f4cdf9de98e24c2bc c76c49c15203750221970fefea15fe0352bb9978 a213d9451b50ae86bd8e75883092b22dedfcdc6ae2e26f5dd9c7de3d8957c16d
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/38209.ce0dbb534.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:26 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-51f"
expires: Sat, 06 May 2034 16:05:26 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 676314
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab0f6ef96712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/48430.9af74daeb.js | 154.197.121.128 | 200 OK | 1.2 kB |
URL GET HTTP/21win-cdn.com/js/48430.9af74daeb.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (1192), with no line terminators Hash13ee598a8e47be5a3df2543dc3171f75 630992d944c63ecf139694eb2e3e5ac0047bd23d 602ae541f8651417c75bee8a5666440303481bf090e791bad62894339350c339
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/48430.9af74daeb.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:26 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-496"
expires: Sat, 06 May 2034 16:05:26 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 680667
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab0f70fb9712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/41543.9ecf6875c.js | 154.197.121.128 | 200 OK | 695 B |
URL GET HTTP/21win-cdn.com/js/41543.9ecf6875c.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (713), with no line terminators Hash3a416c7a8b544cab2961aa391df25f73 1760b78a71e89b19890fc1e1d457f20fc7931b8f 63858586d9c72226c0522e2b0dbd181ef99b481aebef11049ac603b942c6876b
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/41543.9ecf6875c.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:26 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-2b7"
expires: Sat, 06 May 2034 16:05:26 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 681663
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab0f86a2a712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/fantasma.8f4e2392c.svg | 154.197.121.128 | 200 OK | 3.4 kB |
URL GET HTTP/21win-cdn.com/img/fantasma.8f4e2392c.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash2b6e488681e5af743e430cce2f0c2187 5a3102291017d617e6346a59664b1ec7eece4423 f34079a7f0c56e9ef5af475418998e11aa38c64bf4900827c830263eb9e8ac11
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/fantasma.8f4e2392c.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:27 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-d34"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5712
expires: Wed, 08 May 2024 20:05:27 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab1014fa0712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/liw.134f23084.svg | 154.197.121.128 | 200 OK | 7.8 kB |
URL GET HTTP/21win-cdn.com/img/liw.134f23084.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash264daa943330a145d35b4c46632ff260 9eb716994914e9640f1a2965a0cef6eeb6c2eba0 f0224d25386512226df690d731c56ff27c141f6c608684d2c3d67fa9e26594de
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/liw.134f23084.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:27 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-1e9e"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5622
expires: Wed, 08 May 2024 20:05:27 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab1019873712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/0ba3209c-cc88-4939-8825-8169ef474010.jpg@avif | 188.114.96.1 | 200 OK | 8.4 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/0ba3209c-cc88-4939-8825-8169ef474010.jpg@avif IP188.114.96.1:443
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hash19f229b84c704888d3b7a617d4ea0d5f ead41a6984c57debbde1fdbe6820dcdd07634f99 2ded6d38b4a260c8c2b217d42f160b0ad2e5f2ffba86bc3f4b98c660c29ff870
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/0ba3209c-cc88-4939-8825-8169ef474010.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:28 GMT
content-type: image/avif
content-length: 8415
cache-control: public, max-age=31536000
content-disposition: inline; filename="0ba3209c-cc88-4939-8825-8169ef474010.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY2MjhiZjVkLTIwNzNlIg"
x-request-id: qm6oGx3zgZoAvqzoU-0Oq
cf-cache-status: HIT
age: 77199
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=a3RYmTiFiKg8pXq4vjyB%2FmE8DV2T%2BdXxB38axh9hWSMTNqCwsEZ5CxOHXsQ49xvWrMxjAh5ncWPu2QAj387qp1BFg1Wr4%2BI5AWVGN%2FEHdOaW6c%2Fi8Mzg8koVjD5m1dfJ88Bn0WhLGk0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab103dadb569a-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/ct%20interactive.74b20dbc3.svg | 154.197.121.128 | 200 OK | 2.2 kB |
URL GET HTTP/21win-cdn.com/img/ct%20interactive.74b20dbc3.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hashe709608dd45ff01d7f75d21bc3534e1e d45bc1ea2a957ab8113ecf7da9564be00207c6d4 d3909007c8efcbb7e2d3fdabe0dde74063c3efcd76d989f83f6d128b89494b2f
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/ct%20interactive.74b20dbc3.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:27 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-889"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 7024
expires: Wed, 08 May 2024 20:05:27 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab100ef1e712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/gaming%20corps.5c3f3647c.svg | 154.197.121.128 | 200 OK | 1.9 kB |
URL GET HTTP/21win-cdn.com/img/gaming%20corps.5c3f3647c.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hashddcf2a0ddef8449807db0b7419c39291 9757b762ac3efb096bd45b869ee4d06565a1e9c2 f03dab28c20b3b25823b4b64bbd27953a463c5e9bd7b5bcfa12930f6793fb1e4
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/gaming%20corps.5c3f3647c.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:27 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-790"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6482
expires: Wed, 08 May 2024 20:05:27 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab1016fec712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/retrogames.bb592a878.svg | 154.197.121.128 | 200 OK | 7.3 kB |
URL GET HTTP/21win-cdn.com/img/retrogames.bb592a878.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash58c68473b3dd3ae2f45e31560e366dbf 577748dead61e9aff6756db3bade90442cde170f e4305fe1e258b0357e17b29825d8fcf96aa9e60f453118e4a69066eb2c955207
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/retrogames.bb592a878.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:28 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-1cb4"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5623
expires: Wed, 08 May 2024 20:05:28 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab10259e4712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/desktop.b9c515d35.js | 154.197.121.128 | 200 OK | 136 kB |
URL GET HTTP/21win-cdn.com/js/desktop.b9c515d35.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size136 kB (136401 bytes) Hashd7a9ad8bd4dcb4009607dc52a7e3f3d9 3b3035ec2737cd847dc6b3805a0b192f387ffb7a 67526207ef6c971e8c9df978a52cd85959aecc4a66f3e6400fb1b0afc669f9f3
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/desktop.b9c515d35.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:23 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-214d1"
expires: Sat, 06 May 2034 16:05:23 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 13656
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab0e86ac0712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/10400.f146ec26b.js | 154.197.121.128 | 200 OK | 10 kB |
URL GET HTTP/21win-cdn.com/js/10400.f146ec26b.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeJavaScript source, ASCII text, with very long lines (10227), with no line terminators Hash15eac69773e4a58c28d83941ba68a74d d7a102d8e5b17065207de75d40e50e4406ff6e4a 57cf3cf3d84271aa5926a0aea38039976c7778b8cf9e182e3b1412211339994b
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/10400.f146ec26b.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:26 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 06 May 2024 08:52:05 GMT
etag: W/"66389a35-27f3"
expires: Sat, 06 May 2034 16:05:26 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 198457
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab0f5ee3d712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/itf.9b1402c42.svg | 154.197.121.128 | 200 OK | 2.8 kB |
URL GET HTTP/21win-cdn.com/img/itf.9b1402c42.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash27cca74bc2226d97c21e7f62ff3d1865 737970ba7c15660eb385cd530793056ea1106019 c1ee5d4712434ef1e4d165c360d4931abdf99d8e8fc81bfa8d64ca8cf8f9fe64
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/itf.9b1402c42.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:27 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-af0"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 2392
expires: Wed, 08 May 2024 20:05:27 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab0fc5fbd712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/cq9.5d5072e17.svg | 154.197.121.128 | 200 OK | 4.6 kB |
URL GET HTTP/21win-cdn.com/img/cq9.5d5072e17.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash47469c2cd9d79b1305e3e02f76d0dc24 d63ca4b97bbdd2533e5c1ac86bacd621a4150410 cbdced2050313c54915ec2417995b7de59675fffbbedf861202570a6e4ad5536
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/cq9.5d5072e17.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:27 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-120b"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 7024
expires: Wed, 08 May 2024 20:05:27 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab100ef18712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/57552.ee60d28a1.js | 154.197.121.128 | 200 OK | 75 kB |
URL GET HTTP/21win-cdn.com/js/57552.ee60d28a1.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Hash3640868f35b73089eee8ce1f80955ad1 80e813108a8b082c210e8139451264d1e45bf4be a1f29c8068358d69428bf58353a89d61180a115876810909ca98e9268fac09ff
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/57552.ee60d28a1.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:25 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 24 Apr 2024 12:10:29 GMT
etag: W/"6628f6b5-1262b"
expires: Sat, 06 May 2034 16:05:25 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 686295
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab0f55d75712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/big%20time%20gaming.e2bd46001.svg | 154.197.121.128 | 200 OK | 5.6 kB |
URL GET HTTP/21win-cdn.com/img/big%20time%20gaming.e2bd46001.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash736482b909f3d90f4b87845b06343f95 05501f25bbd97642449a87b6113fbb3a2cf36f41 68f08269f37245370fb3122fa2c76f755644e1a9cce3e1abb1cda283aff2de62
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/big%20time%20gaming.e2bd46001.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:27 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-15e9"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5622
expires: Wed, 08 May 2024 20:05:27 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab1009ec3712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/edict.ca67383de.svg | 154.197.121.128 | 200 OK | 13 kB |
URL GET HTTP/21win-cdn.com/img/edict.ca67383de.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash7794e14088c92dc44e186b65dfd0782b f81ec0b93e38339b2e2f8f94d2f7c568b8943fff c7f35f1baf838b1d2df12f6f0c9ec002d9fc4f57fcee414b74fad3cabb71864a
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/edict.ca67383de.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:27 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-3206"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5622
expires: Wed, 08 May 2024 20:05:27 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab1011f6f712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/genii.367222bbe.svg | 154.197.121.128 | 200 OK | 3.8 kB |
URL GET HTTP/21win-cdn.com/img/genii.367222bbe.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash237593257bbdb3559e06330cf7e76c54 c3e1a90bb3397fff3428fdd71d2a4d7df74ea164 2b84c2a6e55531b52b615ebaba90cd7bb757fe1399e901927b4aba9f1718b097
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/genii.367222bbe.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:27 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-ecd"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5622
expires: Wed, 08 May 2024 20:05:27 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab1017813712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/a2d833f8-b8d6-4fb7-8063-08501557df20.png@avif | 188.114.96.1 | 200 OK | 7.7 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/a2d833f8-b8d6-4fb7-8063-08501557df20.png@avif IP188.114.96.1:443
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hasha301711d2f250aac2cf9a7b842d5639e f64334b263231df3e7505d31d155e4277e8337db c44c30f8bb76dda1f98ed40d6aa5eb9e0b906618ba0ef88033c315b926d51668
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/a2d833f8-b8d6-4fb7-8063-08501557df20.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:28 GMT
content-type: image/avif
content-length: 7665
cache-control: public, max-age=31536000
content-disposition: inline; filename="a2d833f8-b8d6-4fb7-8063-08501557df20.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1ZmQ1ZTBlLTRmM2ViIg"
x-request-id: BJABdYmHfcvdKcjvabDcx
cf-cache-status: HIT
age: 81505
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JCbuR5Bd4YufXiKQV6XZA0IP1ZC3ZJNDZQaYytJsiYwTY0FHbOi%2FBrnzPWSVdQw1Iv3GEVNdkqVcVHrkh5lggJwOrQisqKMNf0PxC18T%2FX1uRuaBu6TV3DUJW0LcwlQn0F8QM3%2BoVMo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab103dac0569a-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/40223bea-129c-45a9-afed-277cad8ba9a1.png@avif | 188.114.96.1 | 200 OK | 5.9 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/40223bea-129c-45a9-afed-277cad8ba9a1.png@avif IP188.114.96.1:443
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hash9d19a8ee72d8c48af25fdc64baaa1377 845b03e70fa87c6cd8025abe3c257117e0d88bb6 02a25486cea99e7a7cbc3a72ed94b5466705f26440184d1a2f2f5ebff6695ce3
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/40223bea-129c-45a9-afed-277cad8ba9a1.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:28 GMT
content-type: image/avif
content-length: 5859
cache-control: public, max-age=31536000
content-disposition: inline; filename="40223bea-129c-45a9-afed-277cad8ba9a1.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY0MDA5OTI1LTMwMWYwIg"
x-request-id: Gtd2gR3NIUujjGjkA0lEY
cf-cache-status: HIT
age: 70743
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qd8N%2F0zCzumTL936QwR%2FIpoGW8D2p6SkbTkeVKYUFNMdlsfkUyck87hHwpqMt5k9kVg0I8JrQRi5USFR%2B77Gl5PN0cR4cOJJ8WFxwy5O9IYsPMsuOSyFBqr5dkoTHjIUXv5Vzz%2BpBp0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab103caa6569a-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1wxei.com/core-js/3.33.3/minified.js | 190.115.24.78 | 200 OK | 244 kB |
URL GET HTTP/21wxei.com/core-js/3.33.3/minified.js IP190.115.24.78:443
CertificateIssuerLet's Encrypt Subject1wxei.com FingerprintCA:3F:CE:4F:5D:2D:36:0F:E0:57:FA:FD:DA:AD:4D:90:21:89:F1:42 ValidityWed, 08 May 2024 01:46:30 GMT - Tue, 06 Aug 2024 01:46:29 GMT
Size244 kB (244105 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /core-js/3.33.3/minified.js HTTP/1.1
Host: 1wxei.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __ddg1_=5vrZ4YHNusaOFg33JmNC
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: ddos-guard
date: Wed, 08 May 2024 03:51:14 GMT
content-type: application/javascript
last-modified: Tue, 07 May 2024 18:33:33 GMT
etag: W/"663a73fd-3b989"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: ALLOW-FROM ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan, ALLOW-FROM 1win-partner.com ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan
content-encoding: br
vary: Accept-Encoding
age: 44049
content-length: 74494
ddg-cache-status: HIT
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/6c924d76-6964-4196-b545-1cc5c1ce019e.jpg@avif | 188.114.96.1 | 200 OK | 3.3 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/6c924d76-6964-4196-b545-1cc5c1ce019e.jpg@avif IP188.114.96.1:443
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hashb521bef6762ffadc98bae1073bc51102 d954bae917b2dbe88dd99f4861378026617c0051 5ea36ff6bcb73fe3cb477b259728a597be8b170546984eb824ec3582d1c6e207
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/6c924d76-6964-4196-b545-1cc5c1ce019e.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:28 GMT
content-type: image/avif
content-length: 3320
cache-control: public, max-age=31536000
content-disposition: inline; filename="6c924d76-6964-4196-b545-1cc5c1ce019e.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1NTIwNWFmLTEwNzYxIg"
x-request-id: xOqcr0pspglCrlGtEnLgs
cf-cache-status: HIT
age: 77199
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=s6JzsmnoSk9aW4u8lADvIe1vOPAng5ugGYR0O1nsnFxzNZj2iGJA%2FbVKNso5mKouSrBVLVTzN2jA1A7qp%2BlEgdjNQ5S631BdJyF83S4gvHwiYcO5%2FtxuTvbdCcFB7seJze6k7%2Fvw1pg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab103ca9e569a-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/91635.a2db5f817.js | 154.197.121.128 | 200 OK | 748 B |
URL GET HTTP/21win-cdn.com/js/91635.a2db5f817.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (766), with no line terminators Hash74c5864ef446bbb00f9e7e1b39eff8f9 04696352def160b6c3536b2b11c4351f02f49780 348cacf24053c417315aaf1dd971cf88c758964beeb37725c7f683b90bb5e7d2
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/91635.a2db5f817.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:26 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-2ec"
expires: Sat, 06 May 2034 16:05:26 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 680667
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab0f6df7e712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/ezugi.a9c66babd.svg | 154.197.121.128 | 200 OK | 1.4 kB |
URL GET HTTP/21win-cdn.com/img/ezugi.a9c66babd.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash329b99ccd51d8cd3e1a5c8a1b83a84eb ad907259ddfcffb089829ad24a4411ff1cd4b1c0 96e851dca3bca1d7d99061ec91cab28bd2c037ce8732e80a4ed601e86c0e67c4
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/ezugi.a9c66babd.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:27 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-59f"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6122
expires: Wed, 08 May 2024 20:05:27 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab1013f96712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/nhl.9b1a4945d.svg | 154.197.121.128 | 200 OK | 5.5 kB |
URL GET HTTP/21win-cdn.com/img/nhl.9b1a4945d.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash776fb511daa35474ef8291916961aab6 58a4d5e39d8d100ef715b74a99bc5920259578f1 4e5efe564f1dfb5226aabc8c88a454033a02f175a7e9c807314a05b9eebc7571
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/nhl.9b1a4945d.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:27 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-1584"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 3513
expires: Wed, 08 May 2024 20:05:27 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab0fc5fb8712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/wazdan.1cf2cebcc.svg | 154.197.121.128 | 200 OK | 2.0 kB |
URL GET HTTP/21win-cdn.com/img/wazdan.1cf2cebcc.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hashf19410782a9e906c5987a9ec3dec0a8e 9df4dc8c8b7defde41a5caea964099dd1c882245 728bdcd00db7137c2e314ddf1f2dbe368b5a66d31ff5ccf0ca8e8ba83e3da5c9
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/wazdan.1cf2cebcc.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:28 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-7bd"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5623
expires: Wed, 08 May 2024 20:05:28 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab102fb1a712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/1x2%20multiplayer.00302c7de.svg | 154.197.121.128 | 200 OK | 2.6 kB |
URL GET HTTP/21win-cdn.com/img/1x2%20multiplayer.00302c7de.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash113eb6d7137f5f70e8e824f5487e85bd 3d4d5852693e551b81b3d8106608e11bdb3a5080 72f4e464420bdd29f86767f770246a82e37d7d54e601f3f460fdcaf351339a0b
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/1x2%20multiplayer.00302c7de.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:27 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-9fb"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5622
expires: Wed, 08 May 2024 20:05:27 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab0ff8d27712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/mrslotty/7fdd4ca4-61a6-451c-9533-185b9f88a4da.png@avif | 188.114.96.1 | 200 OK | 7.4 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/mrslotty/7fdd4ca4-61a6-451c-9533-185b9f88a4da.png@avif IP188.114.96.1:443
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hash4841c7a15b396644ee7ba8554ffb5bf6 a2829093874a49809c29b2d4a186e1af8cea5153 1e8c5d052a6863b10764bb9391767143f9c6599b48d966322520927913fb3d9c
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/mrslotty/7fdd4ca4-61a6-451c-9533-185b9f88a4da.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:28 GMT
content-type: image/avif
content-length: 7407
cache-control: public, max-age=31536000
content-disposition: inline; filename="7fdd4ca4-61a6-451c-9533-185b9f88a4da.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1MDg1NWMyLTQ5ZTFmIg"
x-request-id: ayKlLuwlDWjGizyzfc3h7
cf-cache-status: HIT
age: 78891
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BspDKCI951t1LcBDHNzAzXFwsgATVYswakkKHygWvg2KxNBILCY7T8r4zeFBNgfIN8F1dQ1I%2BGOG3TqTWGXbtrEVr7cHdSM%2BZ%2B0geNZicB7Yl0CQwpVjT7Zy4pI%2FiRgbe%2BYmYQPo2sA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab103dabd569a-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/88971.a170f9f22.js | 154.197.121.128 | 200 OK | 529 B |
URL GET HTTP/21win-cdn.com/js/88971.a170f9f22.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (547), with no line terminators Hash747fc30343cbabbbcd8246b2a4598ccc 9bf22fb112b065a447c3dc013d3e513f7814566d 7970a6d096e6162d9b534b3160178c89ea5aa9c041f6adf5294be76148e09780
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/88971.a170f9f22.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:27 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-211"
expires: Sat, 06 May 2034 16:05:27 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 690253
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab0ff7d18712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/betsolutions.5d0a153ca.svg | 154.197.121.128 | 200 OK | 1.6 kB |
URL GET HTTP/21win-cdn.com/img/betsolutions.5d0a153ca.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash066b7782f9f8acb732cd85f2df1344ac 7bb3c193cb5dd835fec3e3ce7ed032be4200afc9 95ee3f610ca3eb081f9fd0b7c61dc40ea0e5f470b0ba72dee69c1a06a9198e35
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/betsolutions.5d0a153ca.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:27 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-61d"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5622
expires: Wed, 08 May 2024 20:05:27 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab1009eb6712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/bgaming.ae3573ff9.svg | 154.197.121.128 | 200 OK | 4.0 kB |
URL GET HTTP/21win-cdn.com/img/bgaming.ae3573ff9.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hashf2081caf12b5dad178e766a8bd906e19 5ffdd19030dd7868b979fa8c19243e62b70eabb8 ac0b648f44a2ab64ba3f4e7517ebbe6ba9ff28082268f67b9afebc0d8d38e884
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/bgaming.ae3573ff9.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:27 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-f9d"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 2930
expires: Wed, 08 May 2024 20:05:27 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab1009ebf712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/thunderkick.6962312e1.svg | 154.197.121.128 | 200 OK | 841 B |
URL GET HTTP/21win-cdn.com/img/thunderkick.6962312e1.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hashee06089b308c5065a8e92a32b7b38686 2e83ac75ceb109c245525a733cfb3efc97cc42bd 24c651706b7981a60f137cc5b44b8d28dd81116565ffbdaef6687c8b41e4da21
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/thunderkick.6962312e1.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:28 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-349"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 7024
expires: Wed, 08 May 2024 20:05:28 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab102dadf712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/90511.4bc374431.js | 154.197.121.128 | 200 OK | 637 B |
URL GET HTTP/21win-cdn.com/js/90511.4bc374431.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (655), with no line terminators Hasha148eff943a30bc50c489b0cf73349ca 757f5c140878aca4fd1e3c8936e54f6abe59f95f ce9597252bbb61b1a89d84ac59a501e64985510009e7521964cdbf9933e32c09
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/90511.4bc374431.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:26 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-27d"
expires: Sat, 06 May 2034 16:05:26 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 675891
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab0f7e951712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/fifa.604717ea7.svg | 154.197.121.128 | 200 OK | 924 B |
URL GET HTTP/21win-cdn.com/img/fifa.604717ea7.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash27cf15a53b2412f9ed5eed8d31e3e42c 7e36a8980f616c440e2be62e539ea1dbd932f668 da435f1ef957744b70f4ce88d8463e883b23601054fc39e53c31a80536ec590f
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/fifa.604717ea7.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:27 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-39c"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 2391
expires: Wed, 08 May 2024 20:05:27 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab0fc5fc0712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/goldenrace.4bb50c89d.svg | 154.197.121.128 | 200 OK | 2.2 kB |
URL GET HTTP/21win-cdn.com/img/goldenrace.4bb50c89d.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash273a325a862af8a6f05811ac5a7c7f29 936efb3df57c80b5ee35a1ebed295fe90ec13145 0e9220c87c66f8eec886bcb17e5beb3242f287ea3099ff14d81e49c41d2c4d32
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/goldenrace.4bb50c89d.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:27 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-88a"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6122
expires: Wed, 08 May 2024 20:05:27 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab1017823712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/zillion.c0e3dd6f0.svg | 154.197.121.128 | 200 OK | 684 B |
URL GET HTTP/21win-cdn.com/img/zillion.c0e3dd6f0.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hashd9e09ca4e933fc8dabb60c1335cb7cd6 37b3bb2ea200f88ae0f7c681547dfba6fcce1449 fb15bc779be9be33fbb41082ce8c6defe5cbeb6273b2a3cf620e40ef4416c177
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/zillion.c0e3dd6f0.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:28 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-2ac"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 2391
expires: Wed, 08 May 2024 20:05:28 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab1032b61712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/betgames.f9572e26f.svg | 154.197.121.128 | 200 OK | 3.1 kB |
URL GET HTTP/21win-cdn.com/img/betgames.f9572e26f.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash22c1b0dd1e37b9c443eda963fe76d96e 7cdb9b3ec3c095dd657c2bc18489b00fc8f5f7fd 058002db89099b878d2fceffc78b9bdc47a5c5e990ebab7af3d1a9bac806a4f6
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/betgames.f9572e26f.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:27 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-beb"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 2190
expires: Wed, 08 May 2024 20:05:27 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab1006e79712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/78449.1776bac9f.js | 154.197.121.128 | 200 OK | 786 B |
URL GET HTTP/21win-cdn.com/js/78449.1776bac9f.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (804), with no line terminators Hash3997e692861614602ae0ad581192673b 274ba9d8795299558fc25f0bdceb6997a27b8a4d 70920957cad5b0eb4747ccfa5e2cbde79c7f88bd7e3077e5715924c1c4368716
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/78449.1776bac9f.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:27 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-312"
expires: Sat, 06 May 2034 16:05:27 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 681432
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab0ffedc2712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/betsoft.cc500155f.svg | 154.197.121.128 | 200 OK | 4.7 kB |
URL GET HTTP/21win-cdn.com/img/betsoft.cc500155f.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hashfa91200f1738243c9a1bf9ebf853c238 43a438416c285aaf55c7f2edb2676616ffa0c838 9235396681ab2e82a2b5ce89e4f2e711f69cde3f6fb83af4050e110c4a55d3c9
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/betsoft.cc500155f.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:27 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-1286"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 2391
expires: Wed, 08 May 2024 20:05:27 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab1008ead712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/spearhead.27c37f3dd.svg | 154.197.121.128 | 200 OK | 1.2 kB |
URL GET HTTP/21win-cdn.com/img/spearhead.27c37f3dd.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hashb7d0037b4b499acbf11a3a7d22d9f7e8 b4a122e841ea28158af2f35adaf0b802713ffda3 aaa2c2f064d9c7709062169ce8ef64c7e6158b89d6700351c1be538cb0bdc0fe
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/spearhead.27c37f3dd.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:28 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-4aa"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 2391
expires: Wed, 08 May 2024 20:05:28 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab102ba7a712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-548949LWLW&cid=935859607.1715184329>m=45je4510v894728184z8894400803za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3lPl2l1&npa=1&frm=0&z=699252781 | 142.250.74.163 | 200 OK | 42 B |
URL GET HTTP/2www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-548949LWLW&cid=935859607.1715184329>m=45je4510v894728184z8894400803za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3lPl2l1&npa=1&frm=0&z=699252781 IP142.250.74.163:443
CertificateIssuerGoogle Trust Services LLC Subject*.google.no Fingerprint7D:68:6D:B1:32:34:52:51:20:C9:53:FF:B9:B7:8F:7E:05:F9:F5:97 ValidityTue, 16 Apr 2024 04:31:00 GMT - Tue, 09 Jul 2024 04:30:59 GMT
File typeGIF image data, version 89a, 1 x 1 Hashd89746888da2d9510b64a9f031eaecd5 d5fceb6532643d0d84ffe09c40c481ecdf59e15a ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-548949LWLW&cid=935859607.1715184329>m=45je4510v894728184z8894400803za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3lPl2l1&npa=1&frm=0&z=699252781 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 08 May 2024 16:05:28 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/present-with-light.bd57fb068-151.png | 154.197.121.128 | 200 OK | 5.6 kB |
URL GET HTTP/21win-cdn.com/img/present-with-light.bd57fb068-151.png IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typePNG image data, 151 x 161, 8-bit colormap, non-interlaced Hasha804ad67f4add53f8c251c2ebc80469d 4108aeab2f7a7c3720885edeb445e6131a383a49 06cee660e5b0dfa3ec59c1a1e03e4ab3da6cb22d1e49c9c51f9cf84ed925e304
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/present-with-light.bd57fb068-151.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:26 GMT
content-type: image/png
content-length: 5600
cf-bgj: imgq:100,h2pri
cf-polished: origSize=6732
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "663b6aff-1a4c"
last-modified: Wed, 08 May 2024 12:07:27 GMT
cf-cache-status: HIT
age: 1051
expires: Wed, 08 May 2024 20:05:26 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab0f6ffa0712a-OSL
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/gameart.7beff0d18.svg | 154.197.121.128 | 200 OK | 2.6 kB |
URL GET HTTP/21win-cdn.com/img/gameart.7beff0d18.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash0316280cc350cb02b448e29142cbc493 16182a01de1fe9f3918bdfff51002844776c1b08 be85aab3a3bd01ae6471157366d278a01d650882cccaa670c8d5472eda92a073
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/gameart.7beff0d18.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:27 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-a30"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 7024
expires: Wed, 08 May 2024 20:05:27 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab1014fb4712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| www.google.com/recaptcha/api.js | 216.58.211.4 | 200 OK | 850 B |
URL GET HTTP/2www.google.com/recaptcha/api.js IP216.58.211.4:443
CertificateIssuerGoogle Trust Services LLC Subjectwww.google.com FingerprintC6:A2:DC:31:5A:53:FA:DD:55:71:A3:F4:DD:43:3D:16:71:B8:B3:99 ValidityTue, 16 Apr 2024 04:20:32 GMT - Tue, 09 Jul 2024 04:20:31 GMT
File typeJavaScript source, ASCII text, with very long lines (850), with no line terminators Hashcc9da74bc51547f7da14aea584e7bd4e cb70339c904703d3a88777889e63b867a04ab2d1 9d640e16608a79d4f95372f1dd9c1edf1322993b6f0d6ec224ff0f01d2053d64
GET /recaptcha/api.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
expires: Wed, 08 May 2024 16:05:26 GMT
date: Wed, 08 May 2024 16:05:26 GMT
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/58258.98332d90c.js | 154.197.121.128 | 200 OK | 2.7 kB |
URL GET HTTP/21win-cdn.com/js/58258.98332d90c.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (2724), with no line terminators Hash8692e36ae40202509fcf29c9029676f1 7709e6929dc63ac467d0bd948268795fbec2181b b1ec5aac00e643db59f10336f15e83163d7840bcb12bf70938dea4ab61993b26
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/58258.98332d90c.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:26 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-a8c"
expires: Sat, 06 May 2034 16:05:26 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 681970
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab0f85a23712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/bookmaker-rating-en.e5dcc84dd.svg | 154.197.121.128 | 200 OK | 19 kB |
URL GET HTTP/21win-cdn.com/img/bookmaker-rating-en.e5dcc84dd.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash6cc20c3ddeede7970b09582754e1fe3e 343b04db5d2d9bc03ccdbbe914c61b2a41245ba6 11419071480a1e574e8e7d0b7bcbd505c2e3f0506233b781cd4e1e3965e95816
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/bookmaker-rating-en.e5dcc84dd.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:27 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-4ab4"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5215
expires: Wed, 08 May 2024 20:05:27 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab0fc5fc4712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/revolver.25aaacada.svg | 154.197.121.128 | 200 OK | 3.9 kB |
URL GET HTTP/21win-cdn.com/img/revolver.25aaacada.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash49db2026a7b56b5525113dde1df88e5f 145eaf3e89aaa41bc641b6cfd321d900f74065d6 6f0a14e96df44350c7101bb3382f02983f1eb98fced9d4309cf99b2210a96adc
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/revolver.25aaacada.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:28 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-f28"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5623
expires: Wed, 08 May 2024 20:05:28 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab10269f3712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/57652.297e4ecc2.js | 154.197.121.128 | 200 OK | 647 B |
URL GET HTTP/21win-cdn.com/js/57652.297e4ecc2.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (667), with no line terminators Hash53d580c5f29a2a838b6595fa6ff0f0a3 ab60adb7207a806d271778effe677ed01dc144b0 d09039f573818646e722fef48f6f9d999dc7382548877a5699e9b45be29ec6dc
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/57652.297e4ecc2.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:26 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-287"
expires: Sat, 06 May 2034 16:05:26 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 689160
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab0f798bb712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/apparat.f7a706d8e.svg | 154.197.121.128 | 200 OK | 387 B |
URL GET HTTP/21win-cdn.com/img/apparat.f7a706d8e.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hashc263fae5892b9bdd3fa5e761a8aeb723 4646d9080fe51e04962c1f2dabf13119c6d71a41 2a333baf6e1f1e4d92fa73faae466563009d96e860c1423519b890b68153b70d
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/apparat.f7a706d8e.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:27 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-183"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6482
expires: Wed, 08 May 2024 20:05:27 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab1003e3a712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/boomerang.413a98511.svg | 154.197.121.128 | 200 OK | 36 kB |
URL GET HTTP/21win-cdn.com/img/boomerang.413a98511.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hashd37b7a09c29c7e0179175433f4b9cff7 9c24e32b7e570cd294ee7400d7b6b96348a6a8f9 e9eaf42baf55a608a7663e6f63812bd1faf020d3d75d6c12ddec5ea4b945e53a
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/boomerang.413a98511.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:27 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-8c38"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6482
expires: Wed, 08 May 2024 20:05:27 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab100aed5712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/css/47729.aeb93cc08.css | 154.197.121.128 | 200 OK | 8.6 kB |
URL GET HTTP/21win-cdn.com/css/47729.aeb93cc08.css IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeASCII text, with very long lines (8604), with no line terminators Hash869f5272fe034aeed4673ff39a6a21b8 3479ef5492e46c2643d5926aca2ae140245cc031 1fdaca341cccef31f8dab533d2f841f1cddde134cdcc916b1340be3b797ee74a
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /css/47729.aeb93cc08.css HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:26 GMT
content-type: text/css
last-modified: Fri, 26 Apr 2024 11:07:10 GMT
etag: W/"662b8ade-2199"
expires: Sat, 06 May 2034 16:05:26 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 675412
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab0f61e75712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/rubyplay.b4553f39e.svg | 154.197.121.128 | 200 OK | 7.6 kB |
URL GET HTTP/21win-cdn.com/img/rubyplay.b4553f39e.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash3858ea5c6be5319073b0453eac475c1b 72be49666df66401b531cfe9658ae2b64f897b0b fb96a6365440b705da9c72c59a869499f4872ed922243f9d248536974a860980
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/rubyplay.b4553f39e.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:28 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-1d85"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5575
expires: Wed, 08 May 2024 20:05:28 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab1027a24712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/fazi.19d7f4b72.svg | 154.197.121.128 | 200 OK | 645 B |
URL GET HTTP/21win-cdn.com/img/fazi.19d7f4b72.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hashc2948d97afb6d8e1cf8e7b50b62a9272 a1607553e252407e35addae9b48c1cedfeebd048 309347ec479f691cb02b9aaac9c06aea9cbefa075c591a35b0651e8928e64792
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/fazi.19d7f4b72.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:27 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-285"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5622
expires: Wed, 08 May 2024 20:05:27 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab1014fa1712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/bonus.75b0226c8-1320.webp | 154.197.121.128 | 200 OK | 48 kB |
URL GET HTTP/21win-cdn.com/img/bonus.75b0226c8-1320.webp IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 1320x427, Scaling: [none]x[none], YUV color, decoders should clamp Hash8c760c7064f0128ae142377fd17b2a06 edfcaffb6cd42075bfecedd2153fd44764d69df7 32161eece0cfdf13f56657eae013b7c465da15413d352eb0eca7ad536808750c
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/bonus.75b0226c8-1320.webp HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:45 GMT
content-type: image/webp
content-length: 47824
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: "663b6aff-bad0"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 2391
expires: Wed, 08 May 2024 20:05:45 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab171cb29712a-OSL
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/35967.a72ac7974.js | 154.197.121.128 | 200 OK | 958 B |
URL GET HTTP/21win-cdn.com/js/35967.a72ac7974.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (986), with no line terminators Hashf101f5dc77f24d2d3912e2c93bc1edc4 49f1e57d6778aad6b5a46d2cfb37ca3211dc6374 ca67bce590a2a7f3283eb1c50196d936b87658532ef3ac5485ba1459ad1577f8
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/35967.a72ac7974.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:26 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-3be"
expires: Sat, 06 May 2034 16:05:26 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 676313
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab0f839d1712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/salsa.8d18d113d.svg | 154.197.121.128 | 200 OK | 4.5 kB |
URL GET HTTP/21win-cdn.com/img/salsa.8d18d113d.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash8ddc56d0a9c2b1ae996c3521eddfae36 db430c81bcb0d7090c4067b858c8d48f0ba5d320 08bcd575204796b49e6590b14d0aef61c53647132f039606f45957b971c37844
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/salsa.8d18d113d.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:28 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-1187"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5623
expires: Wed, 08 May 2024 20:05:28 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab1029a49712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| www.gstatic.com/recaptcha/releases/vjbW55W42X033PfTdVf6Ft4q/recaptcha__en.js | 142.250.74.35 | 200 OK | 514 kB |
URL GET HTTP/2www.gstatic.com/recaptcha/releases/vjbW55W42X033PfTdVf6Ft4q/recaptcha__en.js IP142.250.74.35:443
CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT
File typeJavaScript source, ASCII text, with very long lines (632) Size514 kB (514225 bytes) Hashadd520996e437bff5d081315da187fbf 2e489fe16f3712bf36df00b03a8a5af8fa8d4b42 922b951591d52d44aa7015ebc95cab08192aa435b64f9016673ac5da1124a8b4
GET /recaptcha/releases/vjbW55W42X033PfTdVf6Ft4q/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1wxei.com
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 204445
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 06 May 2024 16:12:34 GMT
expires: Tue, 06 May 2025 16:12:34 GMT
cache-control: public, max-age=31536000
last-modified: Sun, 05 May 2024 20:00:16 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 172373
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/barbara%20bang.790acb7dc.svg | 154.197.121.128 | 200 OK | 27 kB |
URL GET HTTP/21win-cdn.com/img/barbara%20bang.790acb7dc.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash287d95b42ce0b42532a5c8caff190779 6d6b4d0d17c558215c719336d124ba53a7118083 739c17db57dc727e751e65cf1d4aed12fb371a1e40060a3b22c92e630219e945
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/barbara%20bang.790acb7dc.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:27 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-68da"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5754
expires: Wed, 08 May 2024 20:05:27 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab1005e6e712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/elbet.701d0b0cd.svg | 154.197.121.128 | 200 OK | 11 kB |
URL GET HTTP/21win-cdn.com/img/elbet.701d0b0cd.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hashbd34c45017a4b3fe3d0813abbe16f113 2177a96200b95aa21ece71bfcbeadd200904c279 2ac83316161088868fcb56ac9812110d94b73567efab5e25b7387089d1ba7624
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/elbet.701d0b0cd.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:27 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-2a4d"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5622
expires: Wed, 08 May 2024 20:05:27 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab1012f78712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/1win-normal.34748aac6.svg | 154.197.121.128 | 200 OK | 4.6 kB |
URL GET HTTP/21win-cdn.com/img/1win-normal.34748aac6.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash6a657a7851fa92f791304f1cdb123e9a ae2def67a366ffe67578bf82e3c47b4f1966e784 8443e4838f78a5ad2efa628846e3337e1cec32b94cfce323eb25f2e97989a02f
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/1win-normal.34748aac6.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:26 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-1221"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 3402
expires: Wed, 08 May 2024 20:05:26 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab0f798a5712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/carRaffleDesktopHeaderTicket.1a4740acc.svg | 154.197.121.128 | 200 OK | 1.0 kB |
URL GET HTTP/21win-cdn.com/img/carRaffleDesktopHeaderTicket.1a4740acc.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash923ec09a017c369d475682b8b60fe652 f2a4cf5f06644b65bb3df522652a41a2b09c2aa9 7dd1302808a915df5f6af1480cd4fc562a8ad77550aa3ec0a32d5663d8d6afc6
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/carRaffleDesktopHeaderTicket.1a4740acc.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:27 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-3ff"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 2391
expires: Wed, 08 May 2024 20:05:27 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab0fc6fd9712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/amatic.1ad22f1f0.svg | 154.197.121.128 | 200 OK | 1.0 kB |
URL GET HTTP/21win-cdn.com/img/amatic.1ad22f1f0.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hashbeaad3ec246cc02d25e05017a1e1739a 391c594a7f9ff5db52bfbd1c41e6577e6ac49dc7 184333dfcbe0cc2997b77991da69552dd91fe8d480186f8a8b76187e11e00a84
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/amatic.1ad22f1f0.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:27 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-400"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5622
expires: Wed, 08 May 2024 20:05:27 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab0fffdf4712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/atmosfera.32402e33f.svg | 154.197.121.128 | 200 OK | 9.0 kB |
URL GET HTTP/21win-cdn.com/img/atmosfera.32402e33f.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash3ba4610ae40c2d70390afaa7cba36721 01eeff20113a096675d71c018a7f109c8e53da28 815ee6469c0e9ab67b094e7e529109be7cd887973cfa0d784ac1638e9e5b5637
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/atmosfera.32402e33f.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:27 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-230d"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6122
expires: Wed, 08 May 2024 20:05:27 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab1004e57712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/evoplay.cfa676ca9.svg | 154.197.121.128 | 200 OK | 2.6 kB |
URL GET HTTP/21win-cdn.com/img/evoplay.cfa676ca9.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash7b4d8b1998ceae4f1e4defe0e5b322a9 b60d4fa2033a28349d7920647907368835ab514d ba06d2a9476e9302fb1576b656f6c522ada52d31d30e9461649e874207ca18bb
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/evoplay.cfa676ca9.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:27 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-a24"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5574
expires: Wed, 08 May 2024 20:05:27 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab1013f94712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/pragmatic/2189ff93-376e-4fb5-bcd2-30ed6afb4cbb.png@png | 0.0.0.0 | | 0 B |
URL GET imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/pragmatic/2189ff93-376e-4fb5-bcd2-30ed6afb4cbb.png@png IP0.0.0.0:0
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/pragmatic/2189ff93-376e-4fb5-bcd2-30ed6afb4cbb.png@png HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
|
|
| 1win-cdn.com/js/28852.501b5fba6.js | 154.197.121.128 | 200 OK | 906 B |
URL GET HTTP/21win-cdn.com/js/28852.501b5fba6.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (924), with no line terminators Hashf97751384d582a6e650b35ebe9d32479 e545afff49a2a354c28392833508fd88ebaa4875 1df0101a9f183c7133c49e126c64e4820760e5ab7d99895d0ee7e6d514810b9b
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/28852.501b5fba6.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:26 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-38a"
expires: Sat, 06 May 2034 16:05:26 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 681970
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab0f71fd1712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/1win%20games.9b8574150.svg | 154.197.121.128 | 200 OK | 1.6 kB |
URL GET HTTP/21win-cdn.com/img/1win%20games.9b8574150.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash50dad4fc2924bcfbb1745e9351fc32bd e71c68d2d20f197e3d4645e4d791436496b4528d 98974ebbc36d921b989f19beb197990dec088ab52912315b8a7854f4a8a871a2
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/1win%20games.9b8574150.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:27 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-643"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 3004
expires: Wed, 08 May 2024 20:05:27 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab0ff1c5d712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/igrosoft.69f8e3ca4.svg | 154.197.121.128 | 200 OK | 1.3 kB |
URL GET HTTP/21win-cdn.com/img/igrosoft.69f8e3ca4.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hashc193a82075a3318b6b01f6652548e025 008409af9a242969c8c0205fc8052d17b61410b3 71151a1f7c348dc26ab089351320dfd6cf0ccfe3c0019c475e0917c0f9b353f8
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/igrosoft.69f8e3ca4.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:27 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-500"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5622
expires: Wed, 08 May 2024 20:05:27 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab1018841712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/superlotto.0b2069aeb.svg | 154.197.121.128 | 200 OK | 7.0 kB |
URL GET HTTP/21win-cdn.com/img/superlotto.0b2069aeb.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash128046b1d7f6f312cc287763f0c22336 4d2984a448e97d8b6e5b34a4c9fd08dfceb6f4a1 8531767fbaba9dae9a2f659ba50799bef2f9f0c207105bd1010f5e0a12b84f89
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/superlotto.0b2069aeb.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:28 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-1b55"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5623
expires: Wed, 08 May 2024 20:05:28 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab102cab9712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/sprite-dice-frame@2.8e0d70675-256.png | 154.197.121.128 | 200 OK | 16 kB |
URL GET HTTP/21win-cdn.com/img/sprite-dice-frame@2.8e0d70675-256.png IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typePNG image data, 256 x 256, 8-bit colormap, non-interlaced Hash2018c59c5dccfaec96873d1ce9a60276 46ad94df758fdb9f0a257d99fcf52314cf5df926 b57379b1cd70db0d460ce31140e81eb78d3347ad6f7dd2cf9fe1c624d5e65439
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/sprite-dice-frame@2.8e0d70675-256.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:26 GMT
content-type: image/png
content-length: 15901
cf-bgj: imgq:100,h2pri
cf-polished: origSize=17269
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "663b6aff-4375"
last-modified: Wed, 08 May 2024 12:07:27 GMT
cf-cache-status: HIT
age: 5622
expires: Wed, 08 May 2024 20:05:26 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab0f95b90712a-OSL
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/kalamba.6e06f7faa.svg | 154.197.121.128 | 200 OK | 2.7 kB |
URL GET HTTP/21win-cdn.com/img/kalamba.6e06f7faa.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash7c40c808f85699562366c94d8075727c daba803ead149eec52b19b82e57afa940922e3c1 8b130bc8c17d44e469cdaabdb68bf8bd4fd819a3763227a6c5601b28a637b8d1
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/kalamba.6e06f7faa.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:27 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-a9c"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 7023
expires: Wed, 08 May 2024 20:05:27 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab1019868712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/sprite-tvbet-frame@2.52cde99d0-256.png | 154.197.121.128 | 200 OK | 3.9 kB |
URL GET HTTP/21win-cdn.com/img/sprite-tvbet-frame@2.52cde99d0-256.png IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typePNG image data, 256 x 256, 8-bit colormap, non-interlaced Hashbd11730c197227300ae5e1b00b8cc637 c0e28cfb09642e9402f12f9c6677242ef671de33 2868cadf19218572e4970158bb91602551898a040cac6fed88b1d98d77f1b649
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/sprite-tvbet-frame@2.52cde99d0-256.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:26 GMT
content-type: image/png
content-length: 3888
cf-bgj: imgq:100,h2pri
cf-polished: origSize=4458
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "663b6aff-116a"
last-modified: Wed, 08 May 2024 12:07:27 GMT
cf-cache-status: HIT
age: 2391
expires: Wed, 08 May 2024 20:05:26 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab0f92b43712a-OSL
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/3%20oaks%20gaming.a6d146d58.svg | 154.197.121.128 | 200 OK | 2.7 kB |
URL GET HTTP/21win-cdn.com/img/3%20oaks%20gaming.a6d146d58.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash443b070227be618d0513c134be5b65f2 cea77f63f79f4a2406af9f75e29078e40c69f9e3 99766510c4cf78a018e87ef969b90f738755e653efa66e1b5f2f9e6ab7d41ed8
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/3%20oaks%20gaming.a6d146d58.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:27 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-aa2"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5622
expires: Wed, 08 May 2024 20:05:27 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab0ff9d33712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/728d6758-6f50-4b1b-8132-2430ff7e0aa6.jpeg@avif | 188.114.96.1 | 200 OK | 7.5 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/728d6758-6f50-4b1b-8132-2430ff7e0aa6.jpeg@avif IP188.114.96.1:443
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hash91cb93c7b3bcfdaf5be22dd889c68647 20c0af4b44bfe11283e15f237fa8c762a10d4711 c8a4e944374127623a31b75cec94c6b6d3509cb961f03169774cd8d725b0cb4a
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/728d6758-6f50-4b1b-8132-2430ff7e0aa6.jpeg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:28 GMT
content-type: image/avif
content-length: 7460
cache-control: public, max-age=31536000
content-disposition: inline; filename="728d6758-6f50-4b1b-8132-2430ff7e0aa6.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY0NzQ2ZGJmLWRhZDki"
x-request-id: nlnrqp76oKsPxZfPgQlZm
cf-cache-status: HIT
age: 70743
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aRnIi40dkv5Xqs424gsgeCj21YRr3q1NypYBpmYKOPfww7uPKXgWngaR%2FJjiFcETGlo%2BcJXKhcC%2BWQ4sMAlVjz3zEyRjflQsYCqo2CIYNibnS9skI6A8dgHc6wJb1bEZE%2F4xohWDd%2FU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab104ecf8569a-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/58988.1061f60b1.js | 154.197.121.128 | 200 OK | 58 kB |
URL GET HTTP/21win-cdn.com/js/58988.1061f60b1.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/58988.1061f60b1.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:26 GMT
content-type: application/javascript; charset=utf-8
last-modified: Tue, 07 May 2024 13:17:22 GMT
etag: W/"663a29e2-e06d"
expires: Sat, 06 May 2034 16:05:26 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 91793
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab0f5ee47712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/spinomenal.e0cf93b3a.svg | 154.197.121.128 | 200 OK | 2.3 kB |
URL GET HTTP/21win-cdn.com/img/spinomenal.e0cf93b3a.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hashcccb25968af8377b09aaabb6aac79736 84938c2eeb2043bd681550b012601b0b0a2395b0 59b22e2b3007555e659e3a56f1c622f3635e7e0a7f284ce7b9a56dfe5fde9e9d
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/spinomenal.e0cf93b3a.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:27 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-8d0"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 2930
expires: Wed, 08 May 2024 20:05:27 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab0ff1c60712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/skywind.9cd4f870b.svg | 154.197.121.128 | 200 OK | 1.5 kB |
URL GET HTTP/21win-cdn.com/img/skywind.9cd4f870b.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash6133bd0ec680372c4b1478cca75bd999 852e07d884235f5b480657590f2cba1ce4d53d7f 6e09ca60ae8119229bdebf17f96b69ea481296cf4da7dbd9c2d27ee8111d30f0
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/skywind.9cd4f870b.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:28 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-5e3"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 3005
expires: Wed, 08 May 2024 20:05:28 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab1029a5f712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/endorphina/16b695c0-a55e-4b62-a358-7f28a054f5c3.png@avif | 188.114.96.1 | 200 OK | 8.1 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/endorphina/16b695c0-a55e-4b62-a358-7f28a054f5c3.png@avif IP188.114.96.1:443
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hash0e5690478eedfa1df868b3925ae7765f 2b5c93c92cd6c824f2b78e3eca5acdcd0848c5a7 efc476f654991ceb6e2ec648f67789fe3f5a56c2e85dcabae86175ee1a1f06d0
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/endorphina/16b695c0-a55e-4b62-a358-7f28a054f5c3.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:28 GMT
content-type: image/avif
content-length: 8133
cache-control: public, max-age=31536000
content-disposition: inline; filename="16b695c0-a55e-4b62-a358-7f28a054f5c3.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1NmY0YzBmLTViZWY2Ig"
x-request-id: wIvVBE6Ca87qQK-_rWGwc
cf-cache-status: HIT
age: 81506
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=P5ExeGhZR7fPLqolyhPiRdYuaSDd8DF736nqXDZhrhPiLZgIFP9Y6bT0BqsIyINw%2BcDG5JcTfUU%2FIL3l7CB5fyFFC9HWXuqJHvjtZT2GScJ2V8uGgjZXS%2BHVmn%2BJuHoUeZtT9Y1mP%2FQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab103dada569a-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/bonus.d101262c2-1979.png | 0.0.0.0 | | 0 B |
URL GET 1win-cdn.com/img/bonus.d101262c2-1979.png IP0.0.0.0:0
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/bonus.d101262c2-1979.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
|
|
| 1win-cdn.com/img/relax.1a68769f8.svg | 154.197.121.128 | 200 OK | 1.4 kB |
URL GET HTTP/21win-cdn.com/img/relax.1a68769f8.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hashd29d9c49a3e8be4842246e8b658651b1 71129bcf41f71edffe3fb4db0b4ff2faf37bd536 67d8edefc6b96e711c297519bc268d93c477cebc6a6cd0f912bb1567ee2a71eb
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/relax.1a68769f8.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:28 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-57f"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5755
expires: Wed, 08 May 2024 20:05:28 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab10259df712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/endorphina.20b721ba6.svg | 154.197.121.128 | 200 OK | 7.1 kB |
URL GET HTTP/21win-cdn.com/img/endorphina.20b721ba6.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hasha89aae2f962bcb01ecb8e3ddd113b797 706e09d5fa8312ec4cd3c7ca606ad19edca158d9 3a3f4f70b1c092a12634c8a8fbf3409fa001ee6d9a1eed7f0a3a5cfe5866dd6a
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/endorphina.20b721ba6.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:27 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-1bc9"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 2930
expires: Wed, 08 May 2024 20:05:27 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab1012f87712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/48357.2f661a8c9.js | 154.197.121.128 | 200 OK | 9.6 kB |
URL GET HTTP/21win-cdn.com/js/48357.2f661a8c9.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (9833), with no line terminators Hashac10e417d3205818d44f428fb5946e98 1e2586b11318351ff352b3155225e2e90617151f 56e1ca7bc3d7559714a27119b6076e3b06a69bc9848518bfac6fac0d55dae24a
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/48357.2f661a8c9.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:26 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 06 May 2024 08:52:05 GMT
etag: W/"66389a35-256e"
expires: Sat, 06 May 2034 16:05:26 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 198457
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab0f5be0e712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/casino-mentor.f6b6387ac-172.png | 154.197.121.128 | 200 OK | 1.9 kB |
URL GET HTTP/21win-cdn.com/img/casino-mentor.f6b6387ac-172.png IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typePNG image data, 172 x 50, 8-bit colormap, non-interlaced Hash3ec6ec7d9016e953c300249c2af5704f e7b2ec568a2118a744cdd1fabe6fa8959c637532 135d5b6cdac55c8f3598b1d5d04bcf737608501709df2567d270fd30ba02b25a
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/casino-mentor.f6b6387ac-172.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:27 GMT
content-type: image/png
content-length: 1857
cf-bgj: imgq:100,h2pri
cf-polished: origSize=1976
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "663b6aff-7b8"
last-modified: Wed, 08 May 2024 12:07:27 GMT
cf-cache-status: HIT
age: 6411
expires: Wed, 08 May 2024 20:05:27 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab0fc5fc9712a-OSL
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/ufc.0ef6261ee.svg | 154.197.121.128 | 200 OK | 1.3 kB |
URL GET HTTP/21win-cdn.com/img/ufc.0ef6261ee.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash5e1d7cc60040fd95a490ccc47b6d1e2a 7a5e6176ec8156ab9cdbbe382e92390f05bb388b f993e31c54b287c1ba4d046fb9e9fee3959cbf3a3608c7e8da6cfb4daa1ec083
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/ufc.0ef6261ee.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:27 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-527"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 3513
expires: Wed, 08 May 2024 20:05:27 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab0fc4fb3712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/bet2tech.41863da88.svg | 154.197.121.128 | 200 OK | 1.8 kB |
URL GET HTTP/21win-cdn.com/img/bet2tech.41863da88.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash37036b9327cf2f08f10c828a969255cc 110c9e121e3f79982f785db63213d01a94faf4b0 13efe39819f6ca0b2ae3ceba64c239738536fee39cd1d6a4a142079050975f2a
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/bet2tech.41863da88.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:27 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-71f"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5622
expires: Wed, 08 May 2024 20:05:27 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab1005e73712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/swintt.7c851d380.svg | 154.197.121.128 | 200 OK | 427 B |
URL GET HTTP/21win-cdn.com/img/swintt.7c851d380.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash90e9054f87471fee18244fbfaa5c2434 e4f14ab709714096c57f1e9941c4f28aacdae8f0 b0bec97d4b607d5aafa8a013b13b9cd75579c41d514ddba2caa53070867e95ef
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/swintt.7c851d380.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:28 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-1ab"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5623
expires: Wed, 08 May 2024 20:05:28 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab102cac1712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/elk.c0f58697d.svg | 154.197.121.128 | 200 OK | 983 B |
URL GET HTTP/21win-cdn.com/img/elk.c0f58697d.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash58995520e7430cd69b54d08c244aacc1 3db7918420563842879038fd5b4ba2050458ddeb 5110cb34328fe32430f0ef1a8a85709a1245aa2df8d876656a6dd74c8ed5accb
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/elk.c0f58697d.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:27 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-3d7"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5622
expires: Wed, 08 May 2024 20:05:27 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab1012f86712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/fundist/728d6758-6f50-4b1b-8132-2430ff7e0aa6.jpeg@png | 0.0.0.0 | | 0 B |
URL GET imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/fundist/728d6758-6f50-4b1b-8132-2430ff7e0aa6.jpeg@png IP0.0.0.0:0
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/fundist/728d6758-6f50-4b1b-8132-2430ff7e0aa6.jpeg@png HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
|
|
| 1win-cdn.com/img/reelplay.06dc7f4c0.svg | 154.197.121.128 | 200 OK | 25 kB |
URL GET HTTP/21win-cdn.com/img/reelplay.06dc7f4c0.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hashb322085b94eec118c20d5acba9ea8465 616f9440231bd629e6d2b6aea1d1baac51386151 542c8ac685d4bf37c20fe8c1b758db347c1300495f467ee0cf4d335239c42b26
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/reelplay.06dc7f4c0.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:28 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-60b9"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5623
expires: Wed, 08 May 2024 20:05:28 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab10249d5712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/sprite-tvbet@2.888adc8ee-256.webp | 154.197.121.128 | 200 OK | 354 kB |
URL GET HTTP/21win-cdn.com/img/sprite-tvbet@2.888adc8ee-256.webp IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeRIFF (little-endian) data, Web/P image Size354 kB (353842 bytes) Hash8df817e5ef0af5dc8279d3f20cae9bc3 12c85bcc74a48053c92f3f75ce3c14e1a19e46d3 61a0f98511e6c60430ab044d1f80e1c9eff83f577064d465cc5f893ba3ce0fee
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/sprite-tvbet@2.888adc8ee-256.webp HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:26 GMT
content-type: image/webp
content-length: 353842
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: "663b6aff-56632"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 2391
expires: Wed, 08 May 2024 20:05:26 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab0f92b48712a-OSL
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/57460.093f52cba.js | 154.197.121.128 | 200 OK | 438 B |
URL GET HTTP/21win-cdn.com/js/57460.093f52cba.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (460), with no line terminators Hash6dec8ed713dfd3300ca7f2907fe2f259 a467664dd1f209c8b7360ae5088144073d4b6272 a359d5ee11e7b5c08922355687a9b639fb2d73f1a259db499e935d49dfba9386
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/57460.093f52cba.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:27 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-1b6"
expires: Sat, 06 May 2034 16:05:27 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 686291
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab0ffad48712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/7mojos%20live.cb6749a25.svg | 154.197.121.128 | 200 OK | 6.6 kB |
URL GET HTTP/21win-cdn.com/img/7mojos%20live.cb6749a25.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash63dcbe9ebaa3f238a8c0152142b06a03 cac36df8800a2f72b9b51f9eeffd74e82be4ae7e c22e31035811334913ddbd32cfc1881c38c08fdd4d4b4c1c5362ecb6ee23a316
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/7mojos%20live.cb6749a25.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:27 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-19ef"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5622
expires: Wed, 08 May 2024 20:05:27 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab0ffdd9d712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/amusnet%20interactive.428b45c71.svg | 154.197.121.128 | 200 OK | 672 B |
URL GET HTTP/21win-cdn.com/img/amusnet%20interactive.428b45c71.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hashdd800d25fd1fc6956949e43d9997d38d d2e3ced7d4ad91488dc8dde871b6651a01153f4a 8a010ef18c9d5777be9dbf363882bb9eadb3ded464fa63f0dd133e10a1bfef1b
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/amusnet%20interactive.428b45c71.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:27 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-2a0"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 2391
expires: Wed, 08 May 2024 20:05:27 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab1000e02712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/turbo%20games.0a45ae56b.svg | 154.197.121.128 | 200 OK | 1.0 kB |
URL GET HTTP/21win-cdn.com/img/turbo%20games.0a45ae56b.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hasha3d3ed5aaed2f3fd7a089aa6b6e00aea d366f4c84c203fd116575a62676b89bcd97c5816 8c7289cbe7f24989aef5f3b52bf00d1178c03b134a718bdbf54d7ffa7d8426ed
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/turbo%20games.0a45ae56b.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:28 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-416"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 2192
expires: Wed, 08 May 2024 20:05:28 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab102eae6712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/worldmatch.9f3d40aa7.svg | 154.197.121.128 | 200 OK | 522 B |
URL GET HTTP/21win-cdn.com/img/worldmatch.9f3d40aa7.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hashc3aab966ecda4dadceb7b556b4205478 e8e501768b244593d7e5a59b6a7cf77e3b0d4581 ba1ec219d7a5dafe4c7ce5aa35171278f90b26d55c3ce4b1fd2474ce69487bf1
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/worldmatch.9f3d40aa7.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:28 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-20a"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 7024
expires: Wed, 08 May 2024 20:05:28 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab1030b23712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| www.googletagmanager.com/gtm.js?id=GTM-KGKQDC7 | 142.250.74.168 | 200 OK | 366 kB |
URL GET HTTP/2www.googletagmanager.com/gtm.js?id=GTM-KGKQDC7 IP142.250.74.168:443
CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT
Size366 kB (365766 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /gtm.js?id=GTM-KGKQDC7 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 08 May 2024 16:05:26 GMT
expires: Wed, 08 May 2024 16:05:26 GMT
cache-control: private, max-age=900
last-modified: Wed, 08 May 2024 15:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 106283
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/hacksaw.5f0e80ecd.svg | 154.197.121.128 | 200 OK | 841 B |
URL GET HTTP/21win-cdn.com/img/hacksaw.5f0e80ecd.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash3371207f99abc98b9fb8ae8e13877c7c 82efe0611bab5262b245fbc98522a20bb2fc6529 ca3477693ffb8842144691591c6344d96dd368cb41b51aaf5e9e40ece7338831
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/hacksaw.5f0e80ecd.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:27 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-349"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5754
expires: Wed, 08 May 2024 20:05:27 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab101883d712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/63502.d79807f7c.js | 154.197.121.128 | 200 OK | 135 kB |
URL GET HTTP/21win-cdn.com/js/63502.d79807f7c.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size135 kB (135227 bytes) Hasha96e8f77207eb314deed6396463ffefa 2aa9286dba017fbcf9ff859e59b5a051cdfd73c7 227d6d7911161549ffd703d7ee317ba6994b18b40241ecfd5873768851bb5e4c
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/63502.d79807f7c.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:24 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 06 May 2024 08:52:05 GMT
etag: W/"66389a35-2103b"
expires: Sat, 06 May 2034 16:05:24 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 198457
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab0e8fb8d712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/css/21758.dae54c10d.css | 154.197.121.128 | 200 OK | 31 kB |
URL GET HTTP/21win-cdn.com/css/21758.dae54c10d.css IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeASCII text, with very long lines (31262) Hash042184ca7fa3adf2a29c3de64253e215 321e3142ce096f24515bf9c5699fda45dcc5e76c 672247ee69b11db439dc0db48c1b8115542d13a4c9c2f23af0a0433b453adc7a
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /css/21758.dae54c10d.css HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:24 GMT
content-type: text/css
last-modified: Mon, 06 May 2024 12:32:27 GMT
etag: W/"6638cddb-7a1f"
expires: Sat, 06 May 2034 16:05:24 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 184726
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab0e90b90712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/spinomenal/61ea6817-a009-4c14-94a8-2d97fb8082c3.png@avif | 188.114.96.1 | 200 OK | 6.1 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/spinomenal/61ea6817-a009-4c14-94a8-2d97fb8082c3.png@avif IP188.114.96.1:443
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hash172757f78e8e2026f280f94f4d032035 17cea3940511dbbbb5077e78e28ddadef3090931 f0480a63411ce5b83d0c87ea580863a1a6908dc635db4309719cf9119d3df28f
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/spinomenal/61ea6817-a009-4c14-94a8-2d97fb8082c3.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:27 GMT
content-type: image/avif
content-length: 6121
cache-control: public, max-age=31536000
content-disposition: inline; filename="61ea6817-a009-4c14-94a8-2d97fb8082c3.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1ODk1MmJlLTZhY2Q4Ig"
x-request-id: mDzQ5h6tWKlbyUv2bDsmx
cf-cache-status: HIT
age: 81094
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VHJprmAOH%2B9vbI7t0gdQWWjyXXPtuTwOMMy1laWc9FCja%2BPdQ6zk6VQyvN1MshPsxdK5uYzf3LYGPL%2BqixUzRG7yU%2FYfLqTA%2BjIagsRGSXn0QFI10MB3ISfV5y6vU9QphaqBFJEWUog%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab0ff2b8b569a-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/20420.30b3c996e.js | 154.197.121.128 | 200 OK | 573 B |
URL GET HTTP/21win-cdn.com/js/20420.30b3c996e.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (591), with no line terminators Hash41330d1d45db0c752d96abc28dbb0644 3e716caf3e130d706d19fff163b8fda8b91574eb fbcbcecc2dd56e59b3e7ae495a64eafdbee9d493cd3b86ba0ebe14f75e031dc0
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/20420.30b3c996e.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:27 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-23d"
expires: Sat, 06 May 2034 16:05:27 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 689559
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab1006e85712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/100hp%20gaming.8352a77d8.svg | 154.197.121.128 | 200 OK | 2.4 kB |
URL GET HTTP/21win-cdn.com/img/100hp%20gaming.8352a77d8.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash4ed7fa45e0933ca6d981ea7fdd5e86ad 9da697d8f40394da2cc17c0c82e73cb1130023d3 619d6f72aec387dbde0c96adf91a96436c6c496d67a67841a4058fda6283210d
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/100hp%20gaming.8352a77d8.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:27 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-935"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5574
expires: Wed, 08 May 2024 20:05:27 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab0ff8d24712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/evolution.acb5f3085.svg | 154.197.121.128 | 200 OK | 2.5 kB |
URL GET HTTP/21win-cdn.com/img/evolution.acb5f3085.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hasha27852d0f8f77af9c6a274605b932984 415500832c34ac475d87411fa799dead414701b4 c162d16756ed886b03e4195178b00ea6d54baa3e71ce40f0dd46f3ebb3643e39
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/evolution.acb5f3085.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:27 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-9da"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 2930
expires: Wed, 08 May 2024 20:05:27 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab1013f93712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/tvbet/a6a15f20-ce33-4ddc-9763-e38986fcdb2c.jpg@png | 0.0.0.0 | | 0 B |
URL GET imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/tvbet/a6a15f20-ce33-4ddc-9763-e38986fcdb2c.jpg@png IP0.0.0.0:0
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/tvbet/a6a15f20-ce33-4ddc-9763-e38986fcdb2c.jpg@png HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
|
|
| 1win-cdn.com/font/SFNSDisplay-cyrillic.e423f3776.woff2 | 154.197.121.128 | 200 OK | 17 kB |
URL GET HTTP/21win-cdn.com/font/SFNSDisplay-cyrillic.e423f3776.woff2 IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 16852, version 1.0 Hashc4f31a30bdf4dbced79fb75fc03111cf 14765799051deb933539e19f1ffa26198cabd4c1 cded98e2b95ccbf34690d20e4d466e2457d754f960b819d052d188dae2c9e9fc
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /font/SFNSDisplay-cyrillic.e423f3776.woff2 HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1wxei.com
DNT: 1
Connection: keep-alive
Referer: https://1win-cdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:26 GMT
content-type: application/octet-stream
content-length: 16852
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: "663b6aff-41d4"
expires: Sat, 06 May 2034 16:05:26 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: MISS
accept-ranges: bytes
set-cookie: __cf_bm=vq3b5FHJCnlC28pXsjqw2R9KyjqAAv17id2b_GG6KCg-1715184326-1.0.1.1-xGQn.3DaQoviXT7WtcwoFvP.JzP6NiFXikHHEVn17UbZ_zlgh_uZ9zKWOMFc.P288lJM_lHuFGlHyBD4n2yhOQ; path=/; expires=Wed, 08-May-24 16:35:26 GMT; domain=.1win-cdn.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab0f90a82b50f-OSL
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/gamebeat.5649e97f9.svg | 154.197.121.128 | 200 OK | 1.1 kB |
URL GET HTTP/21win-cdn.com/img/gamebeat.5649e97f9.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hashf47237dc478a7b0d1ed4d2687cc13396 66ce5afa1722b78b22858e1ae057290f36a13c81 af0e90737145635ae2a9807d550dfc2bd2746cbc50f74b828a3aa4c0e9a8ca19
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/gamebeat.5649e97f9.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:27 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-472"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 3678
expires: Wed, 08 May 2024 20:05:27 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab1015fb6712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/thunderspin.2d11ae63d.svg | 154.197.121.128 | 200 OK | 2.5 kB |
URL GET HTTP/21win-cdn.com/img/thunderspin.2d11ae63d.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash604f41c295f537f07943cfe15d6f15f2 ab1b0075af6b7a8c6aa80eaa1ffbec9931a09369 9a89dee21e4f99f3d08e324ca4d4c6b1c08f3acc53bbc9027d57757359734198
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/thunderspin.2d11ae63d.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:28 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-9d8"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 2391
expires: Wed, 08 May 2024 20:05:28 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab102dae1712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/44101.cd5168bbb.js | 154.197.121.128 | 200 OK | 33 kB |
URL GET HTTP/21win-cdn.com/js/44101.cd5168bbb.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeJavaScript source, ASCII text, with very long lines (33049), with no line terminators Hash64fb718df447a3a994dcc6f6030b0488 6d312ce281fb912b3ff51e28e46239d55a7b7e8c fa3e3d09282ece932ecf45ea31c7f6bf3fea37d414070c6bcd8c01f466f4c932
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/44101.cd5168bbb.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:25 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 06 May 2024 12:32:27 GMT
etag: W/"6638cddb-8119"
expires: Sat, 06 May 2034 16:05:25 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 184720
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab0f55d71712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/icons-pack-payment-full.c748a9e6d.js | 154.197.121.128 | 200 OK | 121 kB |
URL GET HTTP/21win-cdn.com/js/icons-pack-payment-full.c748a9e6d.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size121 kB (121043 bytes) Hash3db61399d0d4c57b17b5a337d59e3f0e 9312e9b832f7c0cc755c7c8b867986babdac8628 876516cc68bca8bef6cc55a91e8f13c040dfd4d63be038326fcc515eb22ad026
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/icons-pack-payment-full.c748a9e6d.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:26 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-1d8d3"
expires: Sat, 06 May 2034 16:05:26 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 686296
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab0f89a6b712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/7mojos%20slots.c8ad63b4f.svg | 154.197.121.128 | 200 OK | 9.0 kB |
URL GET HTTP/21win-cdn.com/img/7mojos%20slots.c8ad63b4f.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hashee7f334d83ac78ee94aa7cb499a7d252 acaf3f1ec2dd643c920f036bceed9922c4398d9a eef20c5785f1ea1445bc5d54982011d999ae577a2d354eb7035465336ad1555b
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/7mojos%20slots.c8ad63b4f.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:27 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-233d"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5622
expires: Wed, 08 May 2024 20:05:27 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab0ffdda5712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/smartsoft.d4a2c90f3.svg | 154.197.121.128 | 200 OK | 4.4 kB |
URL GET HTTP/21win-cdn.com/img/smartsoft.d4a2c90f3.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hashe363d734db0fb177f2d082d5ec933b2e 21840bbc0a0843627d204818be4abba494436a12 ba8913cfda5417b5d2d8015dd340def1fc7cec97a5c875ba14590a044a5daa53
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/smartsoft.d4a2c90f3.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:28 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-112f"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 2877
expires: Wed, 08 May 2024 20:05:28 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab102aa69712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1wxei.com/img/icons/favicon-16x16-darkmode.png | 190.115.24.78 | 200 OK | 344 B |
URL GET HTTP/21wxei.com/img/icons/favicon-16x16-darkmode.png IP190.115.24.78:443
CertificateIssuerLet's Encrypt Subject1wxei.com FingerprintCA:3F:CE:4F:5D:2D:36:0F:E0:57:FA:FD:DA:AD:4D:90:21:89:F1:42 ValidityWed, 08 May 2024 01:46:30 GMT - Tue, 06 Aug 2024 01:46:29 GMT
File typePNG image data, 16 x 16, 8-bit colormap, non-interlaced Hash55101f46ace081073c98f0d75229ae94 384e813b0f35437de99eb269c7d5c76479e20886 e380e9db272a2b59fabadab58a1d0a0ba51fbba121eec2920d4ab7b239b85a5f
GET /img/icons/favicon-16x16-darkmode.png HTTP/1.1
Host: 1wxei.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __ddg1_=5vrZ4YHNusaOFg33JmNC; visit_domain=1wxei.com; core-sticky=http://10.233.84.5:80
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: ddos-guard
date: Wed, 08 May 2024 03:51:15 GMT
content-type: image/png
content-length: 344
last-modified: Tue, 07 May 2024 18:33:33 GMT
etag: "663a73fd-158"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: ALLOW-FROM ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan, ALLOW-FROM 1win-partner.com ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan
accept-ranges: bytes
age: 44049
ddg-cache-status: HIT
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/ada717cd-e63b-40b2-adbf-c1009964d6f0.png@avif | 188.114.96.1 | 200 OK | 7.8 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/ada717cd-e63b-40b2-adbf-c1009964d6f0.png@avif IP188.114.96.1:443
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hash6a86c5bb3ff2902051c8a5b9212df604 4c871b9b1b0da3cb252977e3177d302cad6230fd 131c4194037afc4e0e990751d6b75b478eef845d855d2d20bc2722612ddf671c
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/ada717cd-e63b-40b2-adbf-c1009964d6f0.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:28 GMT
content-type: image/avif
content-length: 7785
cache-control: public, max-age=31536000
content-disposition: inline; filename="ada717cd-e63b-40b2-adbf-c1009964d6f0.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY2MWNlZTJkLTZiYjFhIg"
x-request-id: soAn6Cv9FDG1lRMNVYG9M
cf-cache-status: HIT
age: 76958
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2ySlT%2BXIazyC4lVCiWGsnUKZ4JLTAcDKtt%2F%2BysR1IXR9087sHU3BeFU0AsQMM6uMlk60McjJUJzyEgnMXepQO%2BeR5beKuOozp2LLUFsHL9q%2BHg2HrpXBiFWBuPpQCcDdVODedIl6eO0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab103dad5569a-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/pragmatic.2e7a96b71.svg | 154.197.121.128 | 200 OK | 2.4 kB |
URL GET HTTP/21win-cdn.com/img/pragmatic.2e7a96b71.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash0318d08339acfa9fb15b1f56bb22b145 caa87d78a9c14af0beeb66733294652e6b1627b8 24fe7388e4f3fc5ddea45e6369a02683ca4ecbe85d5e18c8f67d47a69709cea9
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/pragmatic.2e7a96b71.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:28 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-953"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5575
expires: Wed, 08 May 2024 20:05:28 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab1021960712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/46719.c1d2eb9c5.js | 154.197.121.128 | 200 OK | 527 B |
URL GET HTTP/21win-cdn.com/js/46719.c1d2eb9c5.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (545), with no line terminators Hash8375a4110ec42498df870269f31e79db d974e51c02dbdc175ffa8d4384b385ecce38e581 b63b4ea04779e05a75b5e69f026faa71ee3601834dc416ce230a65ef9171d861
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/46719.c1d2eb9c5.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:27 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-20f"
expires: Sat, 06 May 2034 16:05:27 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 689160
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab0ff4cc9712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/jetx.64787fc5c.svg | 154.197.121.128 | 200 OK | 13 kB |
URL GET HTTP/21win-cdn.com/img/jetx.64787fc5c.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash0046061bb77d38094cc0f71b7371d406 1fd7894d0117251f1eeec1a343b85532d7864a05 bac9b1ac206602f5369235b21d6373b9b6f7980ff55c4e851d8a40f00db4d0fa
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/jetx.64787fc5c.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:26 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-33f5"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5573
expires: Wed, 08 May 2024 20:05:26 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab0f798b4712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/cricket-betting-guru.cfe7d4265-500.png | 154.197.121.128 | 200 OK | 8.1 kB |
URL GET HTTP/21win-cdn.com/img/cricket-betting-guru.cfe7d4265-500.png IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typePNG image data, 500 x 500, 8-bit colormap, non-interlaced Hash953b3b7e0c94ed3c3af678f19b076c5a 993c897eadbd5f11f4fa712cda067ea633c8e68f d996933d2daf078f08f1460583730af70894c8e2317c273661c10aa3affc5acd
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/cricket-betting-guru.cfe7d4265-500.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:27 GMT
content-type: image/png
content-length: 8067
cf-bgj: imgq:100,h2pri
cf-polished: origSize=9249
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "663b6aff-2421"
last-modified: Wed, 08 May 2024 12:07:27 GMT
cf-cache-status: HIT
age: 5719
expires: Wed, 08 May 2024 20:05:27 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab0fc5fcd712a-OSL
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/46665.703cfe1de.js | 154.197.121.128 | 200 OK | 1.0 kB |
URL GET HTTP/21win-cdn.com/js/46665.703cfe1de.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (1042), with no line terminators Hash530c1fc3208b67ba84edf563465386ad d2ae074df39f95da703f5a582a2dadec59962e2c 82df31a277f44a4f8045b7081e23b00003dcadb0f695354354559aaff26a392a
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/46665.703cfe1de.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:27 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-3fe"
expires: Sat, 06 May 2034 16:05:27 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 689559
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab0ffad58712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/truelab.ec113fba7.svg | 154.197.121.128 | 200 OK | 2.0 kB |
URL GET HTTP/21win-cdn.com/img/truelab.ec113fba7.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hashedd84be1aaadcb0b503864bea380f168 af4583fc1079d7d5e07cc6ca22b56f9eeaab7418 d73eced8792c2507b075c7a7a313f1e228700fda1108d4ab44d707b36b241e06
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/truelab.ec113fba7.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:28 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-7b0"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6489
expires: Wed, 08 May 2024 20:05:28 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab102eae3712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/icons-pack-social.4455053b1.js | 154.197.121.128 | 200 OK | 26 kB |
URL GET HTTP/21win-cdn.com/js/icons-pack-social.4455053b1.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeJavaScript source, ASCII text, with very long lines (25529), with no line terminators Hash1b14185591d9bcf20bd451f8e80432b5 b234f9245842f8270f24b137798dab716dca4f96 8fe516d4373eef98060bd7bd9a38c40915c5628bd90429ee567feeb3ff5e3bcb
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/icons-pack-social.4455053b1.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:26 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 24 Apr 2024 14:53:09 GMT
etag: W/"66291cd5-63b9"
expires: Sat, 06 May 2034 16:05:26 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 681970
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab0f86a2d712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/belatra.1e7508387.svg | 154.197.121.128 | 200 OK | 5.1 kB |
URL GET HTTP/21win-cdn.com/img/belatra.1e7508387.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash3a3db4a05ec45ff249ff2330cc6131d9 d4e82a85d11863ae6e91cf542676f8ed0dc5a130 356a6b1e0c2826d245756e52b8505d57e4cc1d2059957fe6fa4b4c37ce6754ff
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/belatra.1e7508387.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:27 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-13fa"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5622
expires: Wed, 08 May 2024 20:05:27 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab1005e71712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/apollo%20play.610da8846.svg | 154.197.121.128 | 200 OK | 5.5 kB |
URL GET HTTP/21win-cdn.com/img/apollo%20play.610da8846.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash50314c7ffb9d11a02d2c58c66e124e29 3ebfb6e02132e3281c64e7866a621fc9ff43678e c6073fd4fbb0239b24f30fc4d2e90e2d34060adb4854b0b3eb34e5c0e363346d
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/apollo%20play.610da8846.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:27 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-158b"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 2391
expires: Wed, 08 May 2024 20:05:27 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab1001e0d712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/silverback.297288e25.svg | 154.197.121.128 | 200 OK | 42 kB |
URL GET HTTP/21win-cdn.com/img/silverback.297288e25.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash2910b9f6ba7f900a0246432d2777b217 86b09b58a3eb69c70f175e577cfefd4efe1dfa0c b5274849cf17745568ee5854a736f1ca11cf874511dc6554884c6083155fdde2
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/silverback.297288e25.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:28 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-a2dd"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5623
expires: Wed, 08 May 2024 20:05:28 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab1029a4b712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/yggdrasil.a6bc350dc.svg | 154.197.121.128 | 200 OK | 5.8 kB |
URL GET HTTP/21win-cdn.com/img/yggdrasil.a6bc350dc.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash1156d7b0c16ee989276ab38995b5e316 2efca22c943534eec487d1441efc9c1280c0ce62 05a95300234033b2ad7ffbf88873540ae90bfb3b849dc207666d8deed966d24d
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/yggdrasil.a6bc350dc.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:28 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-1697"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5713
expires: Wed, 08 May 2024 20:05:28 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab1031b2e712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/agt.893343a61.svg | 154.197.121.128 | 200 OK | 1.2 kB |
URL GET HTTP/21win-cdn.com/img/agt.893343a61.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash7ad74db93c568d4ee26b28bd127cda5a 4ab7df3219bc8e68824c09c8f758159829875274 0a4c193bc9415878d304a5fc14e1e45c5390cf8648bb3d0c8ee4827663107f2a
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/agt.893343a61.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:27 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-4be"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 2930
expires: Wed, 08 May 2024 20:05:27 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab0ffddac712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/spadegaming.8dc1e9a8e.svg | 154.197.121.128 | 200 OK | 3.8 kB |
URL GET HTTP/21win-cdn.com/img/spadegaming.8dc1e9a8e.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash747a1c4577c4f0216b3c2312e11b1950 c38313a9fb030d29f16ed7bbc1dab939a874aff5 e6e69bc9af907311e8e0d47d368dc74a985349748dc05803b4717e4aa8a3f6c1
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/spadegaming.8dc1e9a8e.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:28 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-edd"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 7024
expires: Wed, 08 May 2024 20:05:28 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab102aa75712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/86359.48c462178.js | 154.197.121.128 | 200 OK | 634 B |
URL GET HTTP/21win-cdn.com/js/86359.48c462178.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (654), with no line terminators Hash33a83c5ac34b557d3037a52c8dead1fe 6bd3202d3720d8c86a84a63f1975b5d53d044ef9 7eb34e53490cdfe14b7d40ae44b2bf4e92d10e204114c1bf5352f6a66c587b8b
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/86359.48c462178.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:26 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-27a"
expires: Sat, 06 May 2034 16:05:26 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 675548
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab0f6ffb0712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/aviator-game-logo.2fb50dc03.svg | 154.197.121.128 | 200 OK | 3.1 kB |
URL GET HTTP/21win-cdn.com/img/aviator-game-logo.2fb50dc03.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hashced188fd368f5c8439ebd4398c9c9315 3b04cd5dfecda2e4b27b203dba4a6cef1b7890ea 82811dea95287317cc83610df97a7bc61db4783bd43ef75c8131c497f7868ef6
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/aviator-game-logo.2fb50dc03.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:26 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-bfa"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5573
expires: Wed, 08 May 2024 20:05:26 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab0f798b1712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/leap.f4cfad944.svg | 154.197.121.128 | 200 OK | 2.5 kB |
URL GET HTTP/21win-cdn.com/img/leap.f4cfad944.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash9129fc106fce1317a16bb3acbd708de8 64dead6ad9646ce68218ae82cf9d369811d3b88d 993824f1fe4aa4c5c4132998d9b0a11fb719a92494f86e32d015a980473a59af
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/leap.f4cfad944.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:27 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-99d"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 7023
expires: Wed, 08 May 2024 20:05:27 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab101986a712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/bf%20games.7559aed26.svg | 154.197.121.128 | 200 OK | 5.0 kB |
URL GET HTTP/21win-cdn.com/img/bf%20games.7559aed26.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hashb94bb2811096b861bfbf8fbcd4de9149 17418a385bb399e79588ba1f6d3ee661c40197c5 c1f44795037017c6bfdb6b4e563a6c9323468cc8df433cfd871784dcf55472f1
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/bf%20games.7559aed26.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:27 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-1382"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5574
expires: Wed, 08 May 2024 20:05:27 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab1009ebd712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/fundist/e6dd9f4c-282a-4040-8fcc-256b4d959834.jpg@png | 0.0.0.0 | | 0 B |
URL GET imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/fundist/e6dd9f4c-282a-4040-8fcc-256b4d959834.jpg@png IP0.0.0.0:0
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/fundist/e6dd9f4c-282a-4040-8fcc-256b4d959834.jpg@png HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
|
|
| 1win-cdn.com/js/18860.cc0fd1e0e.js | 154.197.121.128 | 200 OK | 28 kB |
URL GET HTTP/21win-cdn.com/js/18860.cc0fd1e0e.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeJavaScript source, ASCII text, with very long lines (27990), with no line terminators Hash4b143001b05330bb316fe6b48531dbb6 ffa1e8fc89a58cf47350481057028603fe7fff91 d2384a77cb70880903f3d1b81d47cdaf69af5bfb006fd23fb938c512ee2f486e
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/18860.cc0fd1e0e.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:24 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 06 May 2024 12:32:27 GMT
etag: W/"6638cddb-6d56"
expires: Sat, 06 May 2034 16:05:24 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 184725
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab0e8fb7d712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/uefa.093dd4fef.svg | 154.197.121.128 | 200 OK | 1.9 kB |
URL GET HTTP/21win-cdn.com/img/uefa.093dd4fef.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash252f6dec5cdba134798b102acab7283f a159330042e787e62a548cbf2dc4dcb59a00fced 7bcf663e19c650e822b1f795b49a01535cc7994e2aaf701b8b3f7a98fbbd9696
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/uefa.093dd4fef.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:27 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-782"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 2231
expires: Wed, 08 May 2024 20:05:27 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab0fc4fb0712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/fundist/bd529428-aaab-4991-a790-150cd6317398.jpg@png | 188.114.96.1 | 200 OK | 0 B |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/fundist/bd529428-aaab-4991-a790-150cd6317398.jpg@png IP188.114.96.1:443
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/fundist/bd529428-aaab-4991-a790-150cd6317398.jpg@png HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:28 GMT
content-type: image/png
content-length: 60835
cache-control: public, max-age=31536000
content-disposition: inline; filename="bd529428-aaab-4991-a790-150cd6317398.png"
content-security-policy: script-src 'none'
etag: "YivgRLogmnYHS1cXPJjS1dpZXN4A7BZ3bWbLSqbfqjQ/RIjY2MDQwNTUwLTEzNTFiIg"
x-request-id: e3MCuVlst3GJPw8axMsrK
cf-cache-status: HIT
age: 75187
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2B%2BcdvbVWr%2BeLbX0cOksFezD5w7cWiwXmbJEFh58Hp%2F%2B4kdYUUHzZmaLcHL%2B%2FK8yRonhxYIIAdiKnKZAKv7f9VqY2rLmV5c%2BS%2FzP1eEWze27Fs6dTgzfz34KdqvxeN8GUSV6LS7cp7s8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab1047bf9569a-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win.direct/v4/socket.io/?Language=en&xorigin=1wxei.com&EIO=4&transport=websocket | 134.122.54.186 | 101 Switching Protocols | 0 B |
URL GET HTTP/1.11win.direct/v4/socket.io/?Language=en&xorigin=1wxei.com&EIO=4&transport=websocket IP134.122.54.186:443 ASN#14061 DIGITALOCEAN-ASN
CertificateIssuerLet's Encrypt Subject*.1win.direct Fingerprint52:A8:ED:F5:F8:3D:CF:F0:55:C1:2A:96:EA:32:49:27:6C:D8:26:27 ValiditySun, 17 Mar 2024 06:46:18 GMT - Sat, 15 Jun 2024 06:46:17 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /v4/socket.io/?Language=en&xorigin=1wxei.com&EIO=4&transport=websocket HTTP/1.1
Host: 1win.direct
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://1wxei.com
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: qzEuhJMTcbpgtnwssjtpRw==
DNT: 1
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Sec-Websocket-Accept: DAh8sTZFF26YjPmXvlYVmZ/MSdo=
Sec-Websocket-Extensions: permessage-deflate
Set-Cookie: core-sticky=96c6ced66f0d2109; Path=/; HttpOnly
Upgrade: websocket
|
|
| 1win-cdn.com/img/fugaso.1a40d61ad.svg | 154.197.121.128 | 200 OK | 2.4 kB |
URL GET HTTP/21win-cdn.com/img/fugaso.1a40d61ad.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hashfbe83afa72fe7a858d1fcd467a7e3acb 5dc85aabeac449d7287662a7b6ffe2936e447b84 21f646343e711bc51884ff1699ff6dc11de867dd10a58fee0ad946c197d46cc0
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/fugaso.1a40d61ad.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wxei.com/
Cookie: __cf_bm=Z256FUeP3P0K.sR1R1jm_ONkc3gSfsMGD8vrrm_EYcQ-1715184323-1.0.1.1-8dyajKuue8RswMXqfblyAtle0OSmlzX0JubfZwBa6mdU78HThczfQxEF7mml.EaE8Rofgn2IS9TD_RSq.JO0RQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:05:27 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-951"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 3356
expires: Wed, 08 May 2024 20:05:27 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880ab1014fa9712a-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|