Report - 1wmdru.top/

Report Overview

Submitted URL

1wmdru.top/
IP

190.115.24.78

ASN

#262254 DDOS-GUARD CORP.
Submitted

2023-04-01T22:18:30Z

Access

public
Website Title
Final URL
Tags

None
urlquery detections

No alerts detected

Detections

urlquery

0
Network Intrusion Detection

2
Threat Detection Systems

8

Domain Summary

Domain	Rank	First Seen	Last Seen	Sent	Received	IP
1wmdru.top (10)	unknown	2023-02-04T02:08:18Z	2023-03-22T16:38:27Z	5866	6176	190.115.24.78
r3.o.lencr.org (10)	344	2020-12-02T09:52:13Z	2023-04-01T18:12:25Z	3380	8862	23.36.76.226
content-signature-2.cdn.mozilla.net (1)	1152	2020-11-03T13:26:46Z	2023-04-01T17:56:08Z	413	5882	34.160.144.191
push.services.mozilla.com (1)	2140	2014-10-24T10:27:06Z	2023-04-01T18:14:35Z	606	238	34.117.65.55
api.amplitude.com (2)	1242	2019-01-27T16:02:28Z	2023-04-02T20:29:32Z	1034	614	52.12.237.161
mc.yandex.ru (2)	2672	2012-05-21T11:38:30Z	2023-04-01T18:48:29Z	1755	3493	93.158.134.119
region1.google-analytics.com (1)	unknown	2022-03-17T12:26:33Z	2023-04-01T18:50:46Z	661	441	216.239.32.36
firefox.settings.services.mozilla.com (2)	867	2020-06-04T22:08:41Z	2023-04-01T18:13:29Z	782	2373	35.241.9.150
1win-cdn.com (125)	unknown	2022-12-12T13:37:00Z	2023-04-02T06:37:52Z	50871	2681294	104.26.5.11
www.googletagmanager.com (1)	75	2013-05-22T04:07:37Z	2023-04-01T18:22:38Z	376	60762	142.250.74.168
12688802.fls.doubleclick.net (2)	unknown	2023-01-13T19:52:23Z	2023-04-02T01:43:21Z	1259	2090	142.250.74.70
ocsp.globalsign.com (1)	2075	2012-07-20T19:46:16Z	2023-04-01T18:13:33Z	359	1491	151.101.194.133
imgproxy.1win-cdn.com (24)	unknown	2022-12-22T23:56:11Z	2023-04-02T01:43:21Z	12091	184909	104.26.5.11
contile.services.mozilla.com (1)	1114	2021-05-27T20:32:35Z	2023-04-01T18:12:11Z	333	391	34.117.237.239
api.lab.amplitude.com (1)	13117	2020-10-31T14:21:39Z	2023-04-02T20:20:00Z	489	602	151.101.130.132
ocsp.comodoca.com (2)	1696	2012-05-21T09:01:17Z	2023-04-02T04:04:33Z	682	2032	104.18.32.68
adservice.google.com (4)	76	2021-02-20T17:10:48Z	2023-04-01T22:26:31Z	2646	3302	142.250.74.162
script.hotjar.com (1)	887	2020-11-05T17:23:46Z	2023-04-01T18:12:06Z	379	69707	54.230.111.44
adservice.google.no (3)	96969	2018-06-20T01:38:38Z	2023-04-01T18:12:30Z	2007	2172	142.250.74.34
ocsp.pki.goog (14)	175	2018-07-01T08:43:07Z	2023-04-01T18:12:04Z	4802	9790	142.250.74.3
12572451.fls.doubleclick.net (2)	unknown	2022-11-11T19:14:49Z	2023-04-02T01:43:21Z	1352	2158	142.250.74.70
1win.direct (24)	unknown	2022-08-16T12:27:23Z	2023-04-02T01:43:20Z	11631	149373	134.122.54.186
img-getpocket.cdn.mozilla.net (7)	1631	2018-06-22T01:36:00Z	2023-04-01T05:09:04Z	3801	56116	34.120.237.76
ps250.1win-service.com (1)	unknown	2020-02-06T00:26:52Z	2023-04-02T01:43:24Z	647	669	104.21.53.47

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-04-01T22:18:14Z	medium	Client IP	Internal IP	ET DNS Query to a *.top domain - Likely Hostile
2023-04-01T22:18:14Z	medium	Client IP	190.115.24.78	ET INFO HTTP Request to a *.top domain

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-04-01	medium	1wmdru.top/	Phishing
2023-04-01	medium	1wmdru.top/pwaNotFound.html	Phishing
2023-04-01	medium	1wmdru.top/get-authorization?random=1680387496256-0.7535596242863966	Phishing
2023-04-01	medium	1wmdru.top/1.txt?1680387496550	Phishing
2023-04-01	medium	1wmdru.top/sw.7b67e677.js	Phishing
2023-04-01	medium	1wmdru.top/	Phishing
2023-04-01	medium	1wmdru.top/firebase/8.1.1/firebase-app.js	Phishing
2023-04-01	medium	1wmdru.top/firebase/8.1.1/firebase-messaging.js	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

HTTP Transactions (242)

URL IP Response Size

1wmdru.top/

190.115.24.78

301 Moved Permanently

175

URL HTTP/1.1

1wmdru.top/
IP

190.115.24.78:0
ASN

#262254 DDOS-GUARD CORP.

Magic

HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators

Size

175
Hash

27d3037d4815f88b7bb724cb258524e1

092678ca1f61e13d97f37f7be9438e7b32b722e9

0c0a343c76a265d5b6b5b3708383afaf77f187eaa7f3fa8f1fec18cdf4ebe198

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

NIDS	Severity	Alert
suricata	medium	ET INFO HTTP Request to a *.top domain

HTTP Headers

                                        GET / HTTP/1.1
Host: 1wmdru.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                        HTTP/1.1 301 Moved Permanently
Server: openresty/1.19.9.1
Date: Sat, 01 Apr 2023 22:18:17 GMT
Content-Type: text/html
Content-Length: 175
Connection: keep-alive
Location: https://1wmdru.top
X-Frame-Options: DENY

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

035772439731bbe3992c865f68e4b977

53fe2d0f678772b6b3e935aaca4d1ef82767e48f

9880ae6537e30af38e8d7ed612a5a44a54037d86686c63ef7eeebcc62cbda05f

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9880AE6537E30AF38E8D7ED612A5A44A54037D86686C63EF7EEEBCC62CBDA05F"
Last-Modified: Sat, 01 Apr 2023 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6984
Expires: Sun, 02 Apr 2023 00:14:41 GMT
Date: Sat, 01 Apr 2023 22:18:17 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

b3c6ad41618caef9613685a8f786def7

ce6e1256460e0d28da63f797e14a77c1477d0779

ce87c093a66e4a2adfba7794f5db0428a0986b7e74690b773cbd7708ccca3f0e

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CE87C093A66E4A2ADFBA7794F5DB0428A0986B7E74690B773CBD7708CCCA3F0E"
Last-Modified: Sat, 01 Apr 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3385
Expires: Sat, 01 Apr 2023 23:14:42 GMT
Date: Sat, 01 Apr 2023 22:18:17 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

a57eb49c1ac36edd2db6573eb357bd87

592724177530a39ce4af02874beb776b91fefbbe

0dd258adc062ad2b6f5ce8fec0457e55e594c942817f37509ca2d1f2e8152edf

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0DD258ADC062AD2B6F5CE8FEC0457E55E594C942817F37509CA2D1F2E8152EDF"
Last-Modified: Fri, 31 Mar 2023 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4077
Expires: Sat, 01 Apr 2023 23:26:14 GMT
Date: Sat, 01 Apr 2023 22:18:17 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939

URL HTTP/2

firefox.settings.services.mozilla.com/v1/
IP

35.241.9.150:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with very long lines (939), with no line terminators

Size

939
Hash

4ad6984a756720fbfff47b37a75513a2

355e35258114452af8b9638985ed9d8ef3bf0aca

43181fccb10652c68cae86e5e32b4e8f426fb5ad49d8125cb99e072cff573cf5

HTTP Headers

                                        GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Backoff, Content-Type, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 01 Apr 2023 21:28:31 GMT
content-type: application/json
age: 2986
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-05-20-17-04-38.chain

34.160.144.191

200 OK

5348

URL HTTP/2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-05-20-17-04-38.chain
IP

34.160.144.191:0
ASN

#15169 GOOGLE

Magic

PEM certificate\012- , ASCII text

Size

5348
Hash

95f61d351f5fc9533cc78e255ce9bc06

fba284117f347782ac23c51d141d7e3ec15a867e

7fcc5f9e52e389d8d7c6df7f1f2a1291ae0aaae8e554f3022239ab092b2ef3c3

HTTP Headers

                                        GET /chains/remote-settings.content-signature.mozilla.org-2023-05-20-17-04-38.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
x-amz-id-2: l4SiL41GdA4SRmME6btxqvIgtZmg8C3I4OV303Ft7Wy5GY1b0fS5NmIoxPemBepwjbgFs1AHvzQ=
x-amz-request-id: 3XQ5JVB46XWNQYH6
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 01 Apr 2023 21:52:06 GMT
age: 1571
last-modified: Fri, 31 Mar 2023 17:04:39 GMT
etag: "95f61d351f5fc9533cc78e255ce9bc06"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

URL HTTP/2

contile.services.mozilla.com/v1/tiles
IP

34.117.237.239:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with no line terminators

Size

12
Hash

23e88fb7b99543fb33315b29b1fad9d6

a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce

7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

                                        GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
date: Sat, 01 Apr 2023 22:18:17 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

7df6a2e6c691e1a2ad631179b413079a

d6043f89f7c596ae993fc62981b0e70d178879c2

57faba87c1ae916eb74f612e057b84185b3ddf58a9db98d7ccdf46f37d4f7c45

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "57FABA87C1AE916EB74F612E057B84185B3DDF58A9DB98D7CCDF46F37D4F7C45"
Last-Modified: Sat, 01 Apr 2023 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21588
Expires: Sun, 02 Apr 2023 04:18:05 GMT
Date: Sat, 01 Apr 2023 22:18:17 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

9e9f6891559058a4f43596719386a231

8b9bdfb379748c09759d43d9771a71269c0391d3

d1a9523b4094f8ce15ca02124033623203e20b8e375172c1f84491d6b4c0ea6c

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D1A9523B4094F8CE15CA02124033623203E20B8E375172C1F84491D6B4C0EA6C"
Last-Modified: Fri, 31 Mar 2023 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10143
Expires: Sun, 02 Apr 2023 01:07:20 GMT
Date: Sat, 01 Apr 2023 22:18:17 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329

URL HTTP/2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP

35.241.9.150:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with very long lines (329), with no line terminators

Size

329
Hash

0333b0655111aa68de771adfcc4db243

63f295a144ac87a7c8e23417626724eeca68a7eb

60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

                                        GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: ETag, Last-Modified, Expires, Retry-After, Cache-Control, Alert, Backoff, Pragma, Content-Length, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 01 Apr 2023 22:14:41 GMT
age: 216
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

push.services.mozilla.com/

34.117.65.55

101 Switching Protocols

URL HTTP/1.1

push.services.mozilla.com/
IP

34.117.65.55:0
ASN

#15169 GOOGLE

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

                                        GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: tAo3vxltncZN/W+51ElDzw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                        HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: tj9HNM+8QjAOYib6ZYihgelJygw=
Date: Sat, 01 Apr 2023 22:18:17 GMT
Via: 1.1 google
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

1win-cdn.com/font/SFNSDisplay-latin.50a4eaff3.woff2

104.26.5.11

200 OK

33064

URL HTTP/2

1win-cdn.com/font/SFNSDisplay-latin.50a4eaff3.woff2
IP

104.26.5.11:0
ASN

#13335 CLOUDFLARENET

Magic

Web Open Font Format (Version 2), TrueType, length 33064, version 1.0\012- data

Size

33064
Hash

de175cbf569bb3ccf1f761c845cbd896

8d93663b858bae157ba5fc40e1400177104d71bd

df3772666587111462634070c47969ad9687bbf80d0694bb2e6c33be39434d68

HTTP Headers

                                        GET /font/SFNSDisplay-latin.50a4eaff3.woff2 HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1wmdru.top
Connection: keep-alive
Referer: https://1wmdru.top/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
date: Sat, 01 Apr 2023 22:18:18 GMT
content-type: application/octet-stream
content-length: 33064
last-modified: Thu, 30 Mar 2023 11:02:41 GMT
etag: "64256c51-8128"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qaP%2BI%2B4VPBgBNj0%2BlildL2Iql3skfOOfIJW2%2BcQOc%2B4lThLHiqGSU6lMVbSLBtJLx4DIzZmO0rO%2FYMuGC%2FRISPkhwJiT1xSEPeAI5vmD%2FfC7vbG1qbfzoTBk9XGi6w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7b1435067b420b55-OSL
X-Firefox-Spdy: h2

1win-cdn.com/font/SFNSText-latin.f09aa5229.woff2

104.26.5.11

200 OK

43512

URL HTTP/2

1win-cdn.com/font/SFNSText-latin.f09aa5229.woff2
IP

104.26.5.11:0
ASN

#13335 CLOUDFLARENET

Magic

Web Open Font Format (Version 2), TrueType, length 43512, version 1.0\012- data

Size

43512
Hash

426f20bb65ea80d35f3f2a999d5d7d1e

85f211a450f26d7f0822d718fc61085a506fa455

06e02d3d2d01bb2c88786b0a2dd2d692f6659c0159ec4754f7db49c12e03b0d6

HTTP Headers

                                        GET /font/SFNSText-latin.f09aa5229.woff2 HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1wmdru.top
Connection: keep-alive
Referer: https://1wmdru.top/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
date: Sat, 01 Apr 2023 22:18:18 GMT
content-type: application/octet-stream
content-length: 43512
last-modified: Thu, 30 Mar 2023 11:02:41 GMT
etag: "64256c51-a9f8"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NkkNUKQ4f%2BnQXd4k%2BS9BhirXJ7AAQKKYbPvw9UkFyO0ECp%2BECPXuV6XBvUzGAc0nBrI0m6NSixsnntiuqykQrx%2FF%2BFUDy80t6nHZROxMTNZc50oQ1KA%2BWe3wSgiuaA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7b1435068b5a0b55-OSL
X-Firefox-Spdy: h2

1win-cdn.com/js/chunk-common.f1b48f749.js

104.26.5.11

200 OK

5754

URL HTTP/2

1win-cdn.com/js/chunk-common.f1b48f749.js
IP

104.26.5.11:0
ASN

#13335 CLOUDFLARENET

Magic

ASCII text, with very long lines (17851)

Size

5754
Hash

49cacd298951c29a7f0988c38c029219

318b62bb21bec58adf4f9173c5c40eb461a5a6e5

51006e73117052ff1d6026053881f3c5e68849d4d151c2a4c1a66c7d93bf0a9d

HTTP Headers

                                        GET /js/chunk-common.f1b48f749.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1wmdru.top
Connection: keep-alive
Referer: https://1wmdru.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
date: Sat, 01 Apr 2023 22:18:18 GMT
content-type: application/javascript; charset=utf-8
last-modified: Thu, 30 Mar 2023 11:07:01 GMT
etag: W/"64256d55-45ee"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8vUZRNOLnnfo6XxyL3gG0crztIz%2FFIIiqCHDAOOpArL6uJbN13rENGue1sCJtvZsTrWvds9dGGoKhOMlHkivEmjQlGbZR8h99AIYiuoP%2BY9Vsh6xipVtEDN0GjuItQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7b1435068b5d0b55-OSL
content-encoding: br
X-Firefox-Spdy: h2

1win-cdn.com/css/77202.cc5a0f04e.css

104.26.5.11

200 OK

32916

URL HTTP/2

1win-cdn.com/css/77202.cc5a0f04e.css
IP

104.26.5.11:0
ASN

#13335 CLOUDFLARENET

Magic

ASCII text, with very long lines (21032), with no line terminators

Size

32916
Hash

dded10954bc508811247aee10a908a0b

9bded8901720ef11ffbd4989cc85884f7754ae2f

91e61af44365c5cf5460ee5f57c4ce5d71bb26d531b3fb545abe1928991d7b00

HTTP Headers

                                        GET /css/77202.cc5a0f04e.css HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1wmdru.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                        HTTP/2 200 OK
date: Sat, 01 Apr 2023 22:18:18 GMT
content-type: text/css
cache-control: max-age=315360000
cf-bgj: minify
cf-polished: origSize=21035
access-control-allow-origin: *
etag: W/"6422fbed-522b"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Tue, 28 Mar 2023 14:38:37 GMT
cf-cache-status: HIT
age: 372540
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TsT9c%2BW0nmzchJRYTSwN%2F3SwuzCQTGFwEgnmugFyrtDGfKulurJHPqgIcFaU3515ld%2BU6YI9wXCqR3jyVibpnEvETQlGugnUyA4E5nC%2BdRApoDZVHscxCsFk6BSwkA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7b1435098eecb524-OSL
content-encoding: br
X-Firefox-Spdy: h2

1wmdru.top/img/icons/favicon-16x16-darkmode.png

190.115.24.78

200 OK

410

URL HTTP/2

1wmdru.top/img/icons/favicon-16x16-darkmode.png
IP

190.115.24.78:0
ASN

#262254 DDOS-GUARD CORP.

Magic

PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced\012- data

Size

410
Hash

c7a60b79929bf150e44e5ac28fcd0d4e

f1ecf72f71d7b4153b151e7a27d40bf0c926b09e

f2b53ffbd8af9378b2e1d160500d2a2f3fae9b963cf4d6a3e88108a765a548cf

HTTP Headers

                                        GET /img/icons/favicon-16x16-darkmode.png HTTP/1.1
Host: 1wmdru.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1wmdru.top/
Cookie: visit_domain=1wmdru.top; core-sticky=http://10.233.80.135:80
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                        HTTP/2 200 OK
server: openresty/1.19.9.1
date: Sat, 01 Apr 2023 22:18:18 GMT
content-type: image/png
content-length: 410
last-modified: Thu, 30 Mar 2023 11:07:01 GMT
etag: "64256d55-19a"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: DENY
accept-ranges: bytes
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472

URL HTTP/1.1

ocsp.pki.goog/gts1c3
IP

142.250.74.3:0
ASN

#15169 GOOGLE

Magic

data

Size

472
Hash

952513ca42adae3d5d739d3fdb9bf121

ae098b91f1a9bb5f99398e76ac5512550b822093

93b1f9965338820e21ec3694037f6f599863f3d8a0faa7f1492ac64077161ddb

HTTP Headers

                                        POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 01 Apr 2023 22:18:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.googletagmanager.com/gtm.js?id=GTM-KGKQDC7

142.250.74.168

200 OK

60115

URL HTTP/2

www.googletagmanager.com/gtm.js?id=GTM-KGKQDC7
IP

142.250.74.168:0
ASN

#15169 GOOGLE

Magic

ASCII text, with very long lines (16747)

Size

60115
Hash

9d089b4dd0b3e4197a82f58da864e2c5

1cf911d5d5e4d65de9df4337da3f0454ab94b2ea

2e0e031f540f1fad4b024e8d8c70dd93d5e3cad7e22139f4c9bd8ea527cc7859

HTTP Headers

                                        GET /gtm.js?id=GTM-KGKQDC7 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1wmdru.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 01 Apr 2023 22:18:18 GMT
expires: Sat, 01 Apr 2023 22:18:18 GMT
cache-control: private, max-age=900
last-modified: Sat, 01 Apr 2023 21:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 60115
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

1wmdru.top/pwaNotFound.html

190.115.24.78

200 OK

2847

URL HTTP/2

1wmdru.top/pwaNotFound.html
IP

190.115.24.78:0
ASN

#262254 DDOS-GUARD CORP.

Magic

data

Size

2847
Hash

2e95080c0e1abe922f9589b6d5c3edb6

2a08d2d0565021f7e743bca7104115d8010a5a17

990bbd14962a6b670c6fcc1dbb317f23d807a5281953147e2f90b766be62d1a7

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

                                        GET /pwaNotFound.html HTTP/1.1
Host: 1wmdru.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1wmdru.top/sw.7b67e677.js
Connection: keep-alive
Cookie: visit_domain=1wmdru.top; core-sticky=http://10.233.80.135:80; amp_494ccc=zZQ43L-3dohFyQM8A6L_m-...1gsvecm73.1gsvecm73.0.0.0; 1w_lang=en
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

                                        HTTP/2 200 OK
server: openresty/1.19.9.1
date: Sat, 01 Apr 2023 22:18:18 GMT
content-type: text/html
last-modified: Thu, 30 Mar 2023 11:07:01 GMT
etag: W/"64256d55-1370"
cache-control: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2

1wmdru.top/get-authorization?random=1680387496256-0.7535596242863966

190.115.24.78

200 OK

URL HTTP/2

1wmdru.top/get-authorization?random=1680387496256-0.7535596242863966
IP

190.115.24.78:0
ASN

#262254 DDOS-GUARD CORP.

Magic

JSON data\012- , ASCII text, with no line terminators

Size

19
Hash

97816351479ac35375c10e73546c9459

b388abc5b856b3cb65032cf68d12cdee27073fc7

759315d5ae8c31136d2a7bc803e591554894987559325cdf7e0b5965bec0eaca

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

                                        GET /get-authorization?random=1680387496256-0.7535596242863966 HTTP/1.1
Host: 1wmdru.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1wmdru.top/
Cookie: visit_domain=1wmdru.top; core-sticky=http://10.233.80.135:80; amp_494ccc=zZQ43L-3dohFyQM8A6L_m-...1gsvecm73.1gsvecm73.0.0.0; 1w_lang=en
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

                                        HTTP/2 200 OK
server: openresty/1.19.9.1
date: Sat, 01 Apr 2023 22:18:18 GMT
content-type: application/json; charset=utf-8
content-length: 19
access-control-allow-origin: https://1wmdru.top
access-control-allow-credentials: true
x-frame-options: DENY
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471

URL HTTP/1.1

ocsp.pki.goog/gts1c3
IP

142.250.74.3:0
ASN

#15169 GOOGLE

Magic

data

Size

471
Hash

76a65b0f376bb82846831db20aa3bb78

0bc33c8341e81c9f8e9f274374edb0784d3e4247

e136ce51d1029379f5d8a72571d6e0f8d4aa96f269fe7ca3815ff1af3e1bce0c

HTTP Headers

                                        POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 01 Apr 2023 22:18:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471

URL HTTP/1.1

ocsp.pki.goog/gts1c3
IP

142.250.74.3:0
ASN

#15169 GOOGLE

Magic

data

Size

471
Hash

76a65b0f376bb82846831db20aa3bb78

0bc33c8341e81c9f8e9f274374edb0784d3e4247

e136ce51d1029379f5d8a72571d6e0f8d4aa96f269fe7ca3815ff1af3e1bce0c

HTTP Headers

                                        POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 01 Apr 2023 22:18:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

1wmdru.top/1.txt?1680387496550

190.115.24.78

200 OK

URL HTTP/2

1wmdru.top/1.txt?1680387496550
IP

190.115.24.78:0
ASN

#262254 DDOS-GUARD CORP.

Magic

ASCII text

Size

8
Hash

48cfef8b3001a8c220dc815870f9916e

b77e871e72a3083c4bb31d6bcb5a257557181269

3d2c759213949af96fbdcd756a5146f64a9acadf9625bd7a9feb04bb4517b4f9

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

                                        GET /1.txt?1680387496550 HTTP/1.1
Host: 1wmdru.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1wmdru.top/sw.7b67e677.js
Connection: keep-alive
Cookie: visit_domain=1wmdru.top; core-sticky=http://10.233.80.135:80; amp_494ccc=zZQ43L-3dohFyQM8A6L_m-...1gsvecm73.1gsvecmh5.0.4.4; 1w_lang=en; _gcl_au=1.1.130747707.1680387496
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

                                        HTTP/2 200 OK
server: openresty/1.19.9.1
date: Sat, 01 Apr 2023 22:18:19 GMT
content-type: text/plain
content-length: 8
last-modified: Thu, 30 Mar 2023 11:07:01 GMT
etag: "64256d55-8"
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2

12688802.fls.doubleclick.net/activityi;src=12688802;type=actio0;cat=allpa0;ord=1;num=4046254839481;gtm=45He33t0;auiddc=130747707.1680387496;~oref=https%3A%2F%2F1wmdru.top%2F?

142.250.74.70

200 OK

235

URL HTTP/2

12688802.fls.doubleclick.net/activityi;src=12688802;type=actio0;cat=allpa0;ord=1;num=4046254839481;gtm=45He33t0;auiddc=130747707.1680387496;~oref=https%3A%2F%2F1wmdru.top%2F?
IP

142.250.74.70:0
ASN

#15169 GOOGLE

Magic

HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (449), with no line terminators

Size

235
Hash

903b9bc6cc185373537edd7807ae019a

0657394b8d019bd19055a6502ebcd470eaa72781

8fc563d29b127d3d7aae498a4a48887f00ab26ae68154f8cd38688066e74df7a

HTTP Headers

                                        GET /activityi;src=12688802;type=actio0;cat=allpa0;ord=1;num=4046254839481;gtm=45He33t0;auiddc=130747707.1680387496;~oref=https%3A%2F%2F1wmdru.top%2F? HTTP/1.1
Host: 12688802.fls.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1wmdru.top/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 01 Apr 2023 22:18:19 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 235
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sat, 01-Apr-2023 22:33:19 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

1win-cdn.com/js/chunk-vendors.288bdb6f3.js

104.26.5.11

200 OK

135471

URL HTTP/2

1win-cdn.com/js/chunk-vendors.288bdb6f3.js
IP

104.26.5.11:0
ASN

#13335 CLOUDFLARENET

Magic

Unicode text, UTF-8 text, with very long lines (65469), with no line terminators

Size

135471
Hash

0c652a7e56653af8dde67dbbaf779493

288a21860ff5c0cf08f30378cbec4fb48306bcb0

21b73fd8ae129e486c4a1d1b749827a96a217eb96f784bc3c5c66e35845dca4a

HTTP Headers

                                        GET /js/chunk-vendors.288bdb6f3.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1wmdru.top
Connection: keep-alive
Referer: https://1wmdru.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
date: Sat, 01 Apr 2023 22:18:18 GMT
content-type: application/javascript; charset=utf-8
last-modified: Thu, 30 Mar 2023 11:07:01 GMT
etag: W/"64256d55-68600"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xeo8q8y1JHSeX%2BkjixKlPAjKzICX4IzqGvIDhwPWt22ARUpv0TBIyy%2B%2FATEv9tDULlRs1pLZCi0rzGtkjyP%2BDecJ43GDzoidZsy1ZiMf2VXSWY9tmZLiJZQBJwvxtg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7b1435068b470b55-OSL
content-encoding: br
X-Firefox-Spdy: h2

1win-cdn.com/css/35616.7f5925bbb.css

104.26.5.11

200 OK

14162

URL HTTP/2

1win-cdn.com/css/35616.7f5925bbb.css
IP

104.26.5.11:0
ASN

#13335 CLOUDFLARENET

Magic

ASCII text, with very long lines (20838), with no line terminators

Size

14162
Hash

23ebcd67364bf19648ee8d9b581ea910

39be803424c6af8ca6a159893039948d75db1639

2496424a88fcfbffea660345e90a203f33df0b61086e808b4030254c1f00d62e

HTTP Headers

                                        GET /css/35616.7f5925bbb.css HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Referer: https://1wmdru.top/
Connection: keep-alive
TE: trailers

                                        HTTP/2 200 OK
date: Sat, 01 Apr 2023 22:18:19 GMT
content-type: text/css
cache-control: max-age=315360000
cf-bgj: minify
access-control-allow-origin: *
etag: W/"6409c316-5166"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Thu, 09 Mar 2023 11:29:26 GMT
cf-cache-status: HIT
age: 2001332
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UH7uSSqTPAYEsPlXKM%2FLArEnTD1UR4qEZXl97pk2JtRA3h8yV6dvH2WH2BBvTXJhCBOqck9Ly7ghsAJl2GFO6KN1WkZLp52JXwNT5WdnpUa6XWZiSwvOTpVmvgWK0g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7b14350cfc0db524-OSL
content-encoding: br
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

a0d6c3457945786697bc100ac80245a4

4774e6cc431b4e14256f47c432b04ce3c1c18874

8b162cd1e04e8d35493772671b01685ae39ac20e4540139a387d44a9dc98ad1c

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8B162CD1E04E8D35493772671B01685AE39AC20E4540139A387D44A9DC98AD1C"
Last-Modified: Fri, 31 Mar 2023 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5350
Expires: Sat, 01 Apr 2023 23:47:29 GMT
Date: Sat, 01 Apr 2023 22:18:19 GMT
Connection: keep-alive

12572451.fls.doubleclick.net/activityi;src=12572451;type=1m0c10;cat=all_p0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=1;num=7040658980612.209?

142.250.74.70

200 OK

274

URL HTTP/2

12572451.fls.doubleclick.net/activityi;src=12572451;type=1m0c10;cat=all_p0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=1;num=7040658980612.209?
IP

142.250.74.70:0
ASN

#15169 GOOGLE

Magic

HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (520), with no line terminators

Size

274
Hash

f4261f6db41d853ce12fda65d8251fe7

fde8f4bcd3e3789f90f0ff25f1200f1ee5ac8658

0b195200525060222bfd66b15c85d510d9631c9bb19ac16a19cf12d785697f30

HTTP Headers

                                        GET /activityi;src=12572451;type=1m0c10;cat=all_p0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=1;num=7040658980612.209? HTTP/1.1
Host: 12572451.fls.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1wmdru.top/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

                                        HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 01 Apr 2023 22:18:19 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 274
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sat, 01-Apr-2023 22:33:19 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471

URL HTTP/1.1

ocsp.pki.goog/gts1c3
IP

142.250.74.3:0
ASN

#15169 GOOGLE

Magic

data

Size

471
Hash

76a65b0f376bb82846831db20aa3bb78

0bc33c8341e81c9f8e9f274374edb0784d3e4247

e136ce51d1029379f5d8a72571d6e0f8d4aa96f269fe7ca3815ff1af3e1bce0c

HTTP Headers

                                        POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 01 Apr 2023 22:18:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471

URL HTTP/1.1

ocsp.pki.goog/gts1c3
IP

142.250.74.3:0
ASN

#15169 GOOGLE

Magic

data

Size

471
Hash

76a65b0f376bb82846831db20aa3bb78

0bc33c8341e81c9f8e9f274374edb0784d3e4247

e136ce51d1029379f5d8a72571d6e0f8d4aa96f269fe7ca3815ff1af3e1bce0c

HTTP Headers

                                        POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 01 Apr 2023 22:18:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

12688802.fls.doubleclick.net/activityi;src=12688802;type=actio0;cat=allpa0;ord=1;num=2582624627619;gtm=45He33t0;auiddc=130747707.1680387496;~oref=https%3A%2F%2F1wmdru.top%2Fbets%2Fhome?

142.250.74.70

200 OK

245

URL HTTP/2

12688802.fls.doubleclick.net/activityi;src=12688802;type=actio0;cat=allpa0;ord=1;num=2582624627619;gtm=45He33t0;auiddc=130747707.1680387496;~oref=https%3A%2F%2F1wmdru.top%2Fbets%2Fhome?
IP

142.250.74.70:0
ASN

#15169 GOOGLE

Magic

HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (460), with no line terminators

Size

245
Hash

bcb45c1d7a38fa7a7c08e8e9d1a643fb

b1a22796e600b31e668aac4b16e8d91b6b2d2f8c

1e945ae3cdae457a6ef1ce01b458ddd5d0d56c2cbabdaad3fab0a876a5237fc1

HTTP Headers

                                        GET /activityi;src=12688802;type=actio0;cat=allpa0;ord=1;num=2582624627619;gtm=45He33t0;auiddc=130747707.1680387496;~oref=https%3A%2F%2F1wmdru.top%2Fbets%2Fhome? HTTP/1.1
Host: 12688802.fls.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1wmdru.top/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

                                        HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 01 Apr 2023 22:18:19 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 245
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sat, 01-Apr-2023 22:33:19 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

142.250.74.70

200 OK

274

URL HTTP/2

12572451.fls.doubleclick.net/activityi;src=12572451;type=1m0c10;cat=all_p0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=1;num=5313735779699.452?
IP

142.250.74.70:0
ASN

#15169 GOOGLE

Magic

HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (520), with no line terminators

Size

274
Hash

7a75871ae8e2da96d44a0526a8e7a2f1

de1034c4d71c087cde7a184227b6b1352772423b

d868c73a4df36fd600e5b02ad9d7c67f981929a1e0bd0eae0c0ecc8c70b34ef2

HTTP Headers

                                        GET /activityi;src=12572451;type=1m0c10;cat=all_p0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=1;num=5313735779699.452? HTTP/1.1
Host: 12572451.fls.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1wmdru.top/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

                                        HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 01 Apr 2023 22:18:19 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 274
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sat, 01-Apr-2023 22:33:19 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.globalsign.com/gseccovsslca2018

151.101.194.133

200 OK

939

URL HTTP/1.1

ocsp.globalsign.com/gseccovsslca2018
IP

151.101.194.133:0
ASN

#54113 FASTLY

Magic

data

Size

939
Hash

af2920c936a727d0e7919824430ed1c7

85222058bc2785ce03edb4dee884c359b38596ac

a9d49c7f0e3f339859fc9f744695172f753a0f1fbc9a95be93a202f2dc64e45a

HTTP Headers

                                        POST /gseccovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 939
Server: nginx
Content-Type: application/ocsp-response
Expires: Wed, 05 Apr 2023 19:34:25 GMT
ETag: "85222058bc2785ce03edb4dee884c359b38596ac"
Last-Modified: Sat, 01 Apr 2023 19:34:26 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Sat, 01 Apr 2023 22:18:19 GMT
Age: 2050
X-Served-By: cache-qpg1234-QPG, cache-bma1631-BMA
X-Cache: HIT, HIT
X-Cache-Hits: 4, 10
X-Timer: S1680387499.177525,VS0,VE0

api.lab.amplitude.com/sdk/vardata

151.101.130.132

200 OK

URL HTTP/2

api.lab.amplitude.com/sdk/vardata
IP

151.101.130.132:0
ASN

#54113 FASTLY

Magic

JSON data\012- , ASCII text, with no line terminators

Size

2
Hash

99914b932bd37a50b983c5e7c90ae93b

bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

HTTP Headers

                                        OPTIONS /sdk/vardata HTTP/1.1
Host: api.lab.amplitude.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: authorization,x-amp-exp-user
Referer: https://1wmdru.top/
Origin: https://1wmdru.top
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
access-control-allow-origin: https://1wmdru.top
access-control-allow-credentials: true
access-control-max-age: 1800
access-control-allow-methods: GET,POST,HEAD
access-control-allow-headers: authorization,x-amp-exp-user
x-amzn-trace-id: Root=1-6428adaa-27aaae6f6a103aa8213e1727
x-content-type-options: nosniff
accept-ranges: bytes
date: Sat, 01 Apr 2023 22:18:18 GMT
x-served-by: cache-bma1677-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1680387499.823267,VS0,VE175
vary: Origin
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2

1win-cdn.com/js/1883.ce7803cd3.js

104.26.5.11

200 OK

81670

URL HTTP/2

1win-cdn.com/js/1883.ce7803cd3.js
IP

104.26.5.11:0
ASN

#13335 CLOUDFLARENET

Magic

ASCII text, with very long lines (13698), with no line terminators

Size

81670
Hash

12cddf5f37b451f2c7a66895a4fede87

815cdcc763fd90ddd2f5f55dbd19d37f796a7f82

0d1a176e99384eb28c3cc46d80938d79cde1392ad61c6f7120e7502d185e7bcb

HTTP Headers

                                        GET /js/1883.ce7803cd3.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Referer: https://1wmdru.top/
Connection: keep-alive
TE: trailers

                                        HTTP/2 200 OK
date: Sat, 01 Apr 2023 22:18:19 GMT
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
cf-bgj: minify
cf-polished: origSize=13741
access-control-allow-origin: *
etag: W/"6409c402-35ad"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Thu, 09 Mar 2023 11:33:22 GMT
cf-cache-status: HIT
age: 2001333
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2B%2F1V67E5qpr3MsD2WW4cgP%2BF28TbRONs3PO5kvGIV1I8e8KB9hZbj6wnpwAkc3F423W2%2BuzEoSZDRXwJNVe6pnKqKnvyZp%2FsqFQ8W4P6XtRxWXD52I2seedOsII2bA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7b14350cfc16b524-OSL
content-encoding: br
X-Firefox-Spdy: h2

1win.direct/socket.io/?Language=en&EIO=3&transport=websocket

134.122.54.186

101 Switching Protocols

URL HTTP/1.1

1win.direct/socket.io/?Language=en&EIO=3&transport=websocket
IP

134.122.54.186:0
ASN

#14061 DIGITALOCEAN-ASN

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

                                        GET /socket.io/?Language=en&EIO=3&transport=websocket HTTP/1.1
Host: 1win.direct
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://1wmdru.top
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: GLdg0Cvpru8BjaCLdH0Skw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                        HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Sec-Websocket-Accept: gwq3OyGzZL5IhfClTAf2lB/nkdE=
Sec-Websocket-Extensions: permessage-deflate
Set-Cookie: core-sticky=890391af8fc888d1; Path=/; HttpOnly
Upgrade: websocket

ocsp.comodoca.com/

104.18.32.68

200 OK

472

URL HTTP/1.1

ocsp.comodoca.com/
IP

104.18.32.68:0
ASN

#13335 CLOUDFLARENET

Magic

data

Size

472
Hash

55bed5145978028bf2e0fe7d9dcccab9

869f56c4c0821544c643767d3315b09da87e73c7

0e449ab16eb27fbcd78f9082e53b3f097f3fed3ac327f3ee2bf5199cea0731ac

HTTP Headers

                                        POST / HTTP/1.1
Host: ocsp.comodoca.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Date: Sat, 01 Apr 2023 22:18:19 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 01 Apr 2023 04:47:34 GMT
Expires: Sat, 08 Apr 2023 04:47:33 GMT
Etag: "869f56c4c0821544c643767d3315b09da87e73c7"
Cache-Control: max-age=603659,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: HIT
Age: 1216
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7b14350f5f7eb4f7-OSL

ocsp.comodoca.com/

104.18.32.68

200 OK

472

URL HTTP/1.1

ocsp.comodoca.com/
IP

104.18.32.68:0
ASN

#13335 CLOUDFLARENET

Magic

data

Size

472
Hash

55bed5145978028bf2e0fe7d9dcccab9

869f56c4c0821544c643767d3315b09da87e73c7

0e449ab16eb27fbcd78f9082e53b3f097f3fed3ac327f3ee2bf5199cea0731ac

HTTP Headers

                                        POST / HTTP/1.1
Host: ocsp.comodoca.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Date: Sat, 01 Apr 2023 22:18:19 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 01 Apr 2023 04:47:34 GMT
Expires: Sat, 08 Apr 2023 04:47:33 GMT
Etag: "869f56c4c0821544c643767d3315b09da87e73c7"
Cache-Control: max-age=603659,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: HIT
Age: 1216
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7b14350f59d00b39-OSL

1win-cdn.com/js/95765.3116a22f7.js

104.26.5.11

200 OK

5548

URL HTTP/2

1win-cdn.com/js/95765.3116a22f7.js
IP

104.26.5.11:0
ASN

#13335 CLOUDFLARENET

Magic

Unicode text, UTF-8 text, with very long lines (16834), with no line terminators

Size

5548
Hash

b9a035dbdc5844db876d55cc16e3e547

ee7e453f9a9fcb1b25c8137e6132321576b9d534

d6d007729bd5a5f742236f93eca2c82774095ff8a6166c711480958a81b9517c

HTTP Headers

                                        GET /js/95765.3116a22f7.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Referer: https://1wmdru.top/
Connection: keep-alive
TE: trailers

                                        HTTP/2 200 OK
date: Sat, 01 Apr 2023 22:18:19 GMT
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
cf-bgj: minify
cf-polished: origSize=16880
access-control-allow-origin: *
etag: W/"6422ece9-41f0"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Tue, 28 Mar 2023 13:34:33 GMT
cf-cache-status: HIT
age: 376710
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=I1azS68Hf%2FoHpdp7CF7loNV0ZZCXpg%2BN4rrGlfYV5eWmTdJGgWxL8hR%2Fibd5Ejir5yZ9zIUxW5hzK%2Blvig%2BNZZPtt1QFbObcYbYTYqcZsd7HSJnSx6jmxpcywx8NcQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7b14350d1c46b524-OSL
content-encoding: br
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

14539c5e0ca6ce826e62bdadad738bbd

92ce1bbc7f338d3e48e35d637513ab0aba610a98

58e8d186f5d0531c2597d267b0a92bb46909e8fa162b2b5f7fa6e50b2e0af357

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "58E8D186F5D0531C2597D267B0A92BB46909E8FA162B2B5F7FA6E50B2E0AF357"
Last-Modified: Fri, 31 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7319
Expires: Sun, 02 Apr 2023 00:20:18 GMT
Date: Sat, 01 Apr 2023 22:18:19 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

14539c5e0ca6ce826e62bdadad738bbd

92ce1bbc7f338d3e48e35d637513ab0aba610a98

58e8d186f5d0531c2597d267b0a92bb46909e8fa162b2b5f7fa6e50b2e0af357

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "58E8D186F5D0531C2597D267B0A92BB46909E8FA162B2B5F7FA6E50B2E0AF357"
Last-Modified: Fri, 31 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7319
Expires: Sun, 02 Apr 2023 00:20:18 GMT
Date: Sat, 01 Apr 2023 22:18:19 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

14539c5e0ca6ce826e62bdadad738bbd

92ce1bbc7f338d3e48e35d637513ab0aba610a98

58e8d186f5d0531c2597d267b0a92bb46909e8fa162b2b5f7fa6e50b2e0af357

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "58E8D186F5D0531C2597D267B0A92BB46909E8FA162B2B5F7FA6E50B2E0AF357"
Last-Modified: Fri, 31 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7319
Expires: Sun, 02 Apr 2023 00:20:18 GMT
Date: Sat, 01 Apr 2023 22:18:19 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

14539c5e0ca6ce826e62bdadad738bbd

92ce1bbc7f338d3e48e35d637513ab0aba610a98

58e8d186f5d0531c2597d267b0a92bb46909e8fa162b2b5f7fa6e50b2e0af357

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "58E8D186F5D0531C2597D267B0A92BB46909E8FA162B2B5F7FA6E50B2E0AF357"
Last-Modified: Fri, 31 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7319
Expires: Sun, 02 Apr 2023 00:20:18 GMT
Date: Sat, 01 Apr 2023 22:18:19 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa56dcfe2-79ba-46e2-a5e5-2ea22b3f0188.jpeg

34.120.237.76

200 OK

8228

URL HTTP/2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa56dcfe2-79ba-46e2-a5e5-2ea22b3f0188.jpeg
IP

34.120.237.76:0
ASN

#15169 GOOGLE

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

Size

8228
Hash

97c512a7abba6c872434ee06af4aac22

903dcbffcafa6d486322c31142e3813cc3ab9172

751a868af79fa595a659694a2d2c16e084fc38e639a7d1506c4fb56288cd21a5

HTTP Headers

                                        GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa56dcfe2-79ba-46e2-a5e5-2ea22b3f0188.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
content-length: 8228
x-amzn-requestid: fbddd88d-c5ab-4809-8870-df8227d51ffb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CnUloHJCIAMF4KA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64260156-4f7ba06b6292df92266c6bc2;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Thu, 30 Mar 2023 21:38:30 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Miss from cloudfront
x-amz-cf-id: iWJhkG-cuxGvRp6jAtK6L_1JYg1zJ10oOFmqNb_zrf_wXVWGlKQDOw==
via: 1.1 e39f48cc8f516dc1072afdb086c71f32.cloudfront.net (CloudFront), 1.1 d90109c5a0c30f43223e0db85921c5c2.cloudfront.net (CloudFront), 1.1 google
date: Sat, 01 Apr 2023 21:51:24 GMT
age: 1615
etag: "903dcbffcafa6d486322c31142e3813cc3ab9172"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

3800

URL HTTP/2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6fb8174c-0fbe-4857-bc0b-3e50751be490.jpeg
IP

34.120.237.76:0
ASN

#15169 GOOGLE

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

Size

3800
Hash

ddcef2c96778d9fdee670e187a43ab32

e8c98891a1ffdbb6d30cf8746e067d56fe65d964

4e6fb506079b1daab0b1913a31c6252452f133af9276e18d25fe6fb622ce54ec

HTTP Headers

                                        GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6fb8174c-0fbe-4857-bc0b-3e50751be490.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
content-length: 3800
x-amzn-requestid: a182fb32-649a-4228-a591-080aae8c053a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Cqm9VEY2oAMFf5g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-642751ee-3a1abb584aa61a954dbd52c1;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Fri, 31 Mar 2023 21:34:38 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Miss from cloudfront
x-amz-cf-id: 8_m0xs9JUsoheDqkfPQdh3kzcE3zhX2Io1kl_Y4sDqLr2_03TiK2eA==
via: 1.1 88a7ff956a5b49ec3a35abfc0027af12.cloudfront.net (CloudFront), 1.1 8ae6af4d17aae7471e5fe2792eb6abcc.cloudfront.net (CloudFront), 1.1 google
date: Sat, 01 Apr 2023 21:50:39 GMT
age: 1660
etag: "e8c98891a1ffdbb6d30cf8746e067d56fe65d964"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

10248

URL HTTP/2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5c8939ac-5249-469a-92a8-f7d39e16fd0c.jpeg
IP

34.120.237.76:0
ASN

#15169 GOOGLE

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

Size

10248
Hash

c9725cb9ee354d9c9ca233288e3621ed

5e1ca2a4695fa9e4e6e69b5a5cb05c8ce43244fb

c03a0ed04efe13a15b6a0a05848473de9f5196c26096579b99475b22df2a7c4a

HTTP Headers

                                        GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5c8939ac-5249-469a-92a8-f7d39e16fd0c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
content-length: 10248
x-amzn-requestid: c53c08eb-adf7-447d-b303-759b6419a2bc
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ClU6GHD4oAMFcww=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6425350d-7a6494c770dd83f17e839234;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Thu, 30 Mar 2023 07:06:53 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: 8ReqCnX98wfim_pADgR68l76iJctnAwKTv-1qtbnNSmKZ8fQTfrHdQ==
via: 1.1 53ee82a7eb57de316cba44c26680b4a6.cloudfront.net (CloudFront), 1.1 aa623e134417515bd2496cb01d5e5626.cloudfront.net (CloudFront), 1.1 google
date: Sat, 01 Apr 2023 07:25:20 GMT
age: 53579
etag: "5e1ca2a4695fa9e4e6e69b5a5cb05c8ce43244fb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9859

URL HTTP/2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff94a70cc-7556-4fae-8603-14d3b253f74c.jpeg
IP

34.120.237.76:0
ASN

#15169 GOOGLE

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

Size

9859
Hash

da174e6ccc9451c5071ba10eeb97f6f6

c38827a9ac1218768839877263e1f2984fbdc454

76da406c8ae8cd6ca8471928f3aec3876aed2c21bc10edc0fbdaef5c100c1030

HTTP Headers

                                        GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff94a70cc-7556-4fae-8603-14d3b253f74c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
content-length: 9859
x-amzn-requestid: 526d70f5-3eab-410e-97d4-e489e152bd43
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Cl6tIFhxoAMFa-w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64257186-14e697b924e79d1e5bc6d040;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Thu, 30 Mar 2023 11:24:54 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: qKEs-bdLIfTk7TjXU0kLNzqEBDhhUXkX_osB-9p5LdfJfUbo8LwyuQ==
via: 1.1 4b800f7fa2c3fbb9f4f3c505b0df315e.cloudfront.net (CloudFront), 1.1 d16c3f15bd14953a9d4109eaaa991de2.cloudfront.net (CloudFront), 1.1 google
date: Sat, 01 Apr 2023 01:27:32 GMT
age: 75047
etag: "c38827a9ac1218768839877263e1f2984fbdc454"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

4697

URL HTTP/2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdfa5d643-243c-4157-97e2-d929d9b82514.jpeg
IP

34.120.237.76:0
ASN

#15169 GOOGLE

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

Size

4697
Hash

613b90b49678a72443e992713b7eb711

f4216e9b06d9cb62aadfafce434789a3cc5d1fe2

7cb101a12e824bf26552b2aaeb00df0e3f239c254168b9dee65192b484f1b61e

HTTP Headers

                                        GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdfa5d643-243c-4157-97e2-d929d9b82514.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
content-length: 4697
x-amzn-requestid: 800eecdb-6883-4266-a476-7e3ce7985d3c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ClVE3HmcoAMF9cg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64253552-6ee0d63805e7a9631efa30fd;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Thu, 30 Mar 2023 07:08:02 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Miss from cloudfront
x-amz-cf-id: coKmHNJLD7miKkRqU3JiHYurjgK5WSnLuwTfw9uNohVOXv-7XjVatg==
via: 1.1 304b956e2039e07753fa39109152d594.cloudfront.net (CloudFront), 1.1 174acb08636ac7d9e9a778bbf1bcbc52.cloudfront.net (CloudFront), 1.1 google
date: Sat, 01 Apr 2023 07:45:25 GMT
age: 52374
etag: "f4216e9b06d9cb62aadfafce434789a3cc5d1fe2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5950

URL HTTP/2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F808d12ec-c97a-4c49-976e-6025ea897112.jpeg
IP

34.120.237.76:0
ASN

#15169 GOOGLE

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

Size

5950
Hash

800c2662fd6ab8829a02b7d63084c38d

0917d2c376f8d2af2a436a33ce2bfe1cbdb8b239

76545e9f75dc558fdb7b54550934c7775318fb4150a9309f60e65d982d2e576e

HTTP Headers

                                        GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F808d12ec-c97a-4c49-976e-6025ea897112.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
content-length: 5950
x-amzn-requestid: 5d5a94f5-db2f-4c4c-9c9f-08c14b0ccd80
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Cqm7NG2NIAMF-sQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-642751e1-57c957f442c42fe148e66831;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Fri, 31 Mar 2023 21:34:25 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: KkjS04mCLqFET4v9-sePYK-zcztrds608GECT1Fxz3BEpslgxnpLOg==
via: 1.1 f193acd25f2604e189bfbfaf539aaa06.cloudfront.net (CloudFront), 1.1 2241406ac19fffc8f35d6ddef8e22f56.cloudfront.net (CloudFront), 1.1 google
date: Sat, 01 Apr 2023 21:38:49 GMT
age: 2370
etag: "0917d2c376f8d2af2a436a33ce2bfe1cbdb8b239"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

1win-cdn.com/js/80794.1b3c3f334.js

104.26.5.11

200 OK

2702

URL HTTP/2

1win-cdn.com/js/80794.1b3c3f334.js
IP

104.26.5.11:0
ASN

#13335 CLOUDFLARENET

Magic

ASCII text, with very long lines (7914), with no line terminators

Size

2702
Hash

b7b040611e1d8055e262f344f067a7f1

e6b382fda0080c2325e86003b88d5990a9b81aa4

908952fcebc6f7f1375560db973fd6bfd04b75a15ae1d1fbb6b6855adfdb71e5

HTTP Headers

                                        GET /js/80794.1b3c3f334.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Referer: https://1wmdru.top/
Connection: keep-alive
TE: trailers

                                        HTTP/2 200 OK
date: Sat, 01 Apr 2023 22:18:19 GMT
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
cf-bgj: minify
cf-polished: origSize=7958
access-control-allow-origin: *
etag: W/"64117956-1f16"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Wed, 15 Mar 2023 07:52:54 GMT
cf-cache-status: HIT
age: 1519796
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7ZAeQ3Zb7LD73OvYg6oCdMvnSSUfnCkCS7kDgr%2BN72QqksFCYASOWYsSKzHK8V7pI7Ds9BXU%2BJ9eyr8chKanKqYqCFue9WCyY69%2BWtxKuNK26ciz2VQqoZaLjJ8ZBA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7b14350d1c45b524-OSL
content-encoding: br
X-Firefox-Spdy: h2

api.amplitude.com/

52.12.237.161

200 OK

URL HTTP/2

api.amplitude.com/
IP

52.12.237.161:0
ASN

#16509 AMAZON-02

Magic

ASCII text, with no line terminators

Size

7
Hash

260ca9dd8a4577fc00b7bd5810298076

53a5687cb26dc41f2ab4033e97e13adefd3740d6

aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27

HTTP Headers

                                        POST / HTTP/1.1
Host: api.amplitude.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 1099
Cross-Origin-Resource-Policy: cross-origin
Origin: https://1wmdru.top
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Referer: https://1wmdru.top/
Connection: keep-alive
TE: trailers

                                        HTTP/2 200 OK
date: Sat, 01 Apr 2023 22:18:19 GMT
content-type: text/html;charset=utf-8
content-length: 7
access-control-allow-origin: *
access-control-allow-methods: GET, POST
trace-id: Root=1-6428adab-224b7dde360ac5c8686e237e
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

1win-cdn.com/img/present-with-light.bd57fb068-151.png

104.26.5.11

200 OK

6732

URL HTTP/2

1win-cdn.com/img/present-with-light.bd57fb068-151.png
IP

104.26.5.11:0
ASN

#13335 CLOUDFLARENET

Magic

PNG image data, 151 x 161, 8-bit colormap, non-interlaced\012- data

Size

6732
Hash

6e2f4fff39b3a495fecefe5fee863c51

d358f1c8d7fe7298feea325c7ea6d145a3634026

4800fa860802fd0e46629776201afccd5adc1bf6b8b5a45a5e7c46d8d3b2a690

HTTP Headers

                                        GET /img/present-with-light.bd57fb068-151.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Referer: https://1wmdru.top/
Connection: keep-alive
TE: trailers

                                        HTTP/2 200 OK
date: Sat, 01 Apr 2023 22:18:19 GMT
content-type: image/png
content-length: 6732
last-modified: Thu, 09 Mar 2023 11:29:26 GMT
etag: "6409c316-1a4c"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 2001332
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=q3OsCHco4T1a%2B00ufoloPYllSE7AScVrH4un9%2BCT%2B7iNQ8g2GVfHB2IBcx0K%2FD%2BOEjoXq94gZeK%2FQq%2BgcdY6TitjmqiwhyHHN3JVWeEIFi8j5KS5B%2BGmVDxL1WHllw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7b1435129bd0b524-OSL
X-Firefox-Spdy: h2

1win-cdn.com/img/sprite-tvbet-frame@2.52cde99d0-256.png

104.26.5.11

200 OK

4458

URL HTTP/2

1win-cdn.com/img/sprite-tvbet-frame@2.52cde99d0-256.png
IP

104.26.5.11:0
ASN

#13335 CLOUDFLARENET

Magic

PNG image data, 256 x 256, 8-bit colormap, non-interlaced\012- data

Size

4458
Hash

40212134fb58f842529fa66647f1b7d2

e6d355ea609129942cde7b9d47e587ae5cc8596c

c04666bc555dfa0fbd2b5da4984cb813b58eab772e1fa1efa2fd2e62c6d11f7b

HTTP Headers

                                        GET /img/sprite-tvbet-frame@2.52cde99d0-256.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Referer: https://1wmdru.top/
Connection: keep-alive
TE: trailers

                                        HTTP/2 200 OK
date: Sat, 01 Apr 2023 22:18:20 GMT
content-type: image/png
content-length: 4458
last-modified: Fri, 10 Mar 2023 09:46:26 GMT
etag: "640afc72-116a"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1944913
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZWsbtU%2FEMTtAuewiMsrpo%2Fl1lxmdPFAxgaUJjliCNnGgUcN7ee7CGUOsR%2BmBpCohUD1dpXkfMrDXAsxvSbYr0fXvTAuN%2Bd0S0m58eGGwPtkNhr%2B00LA7xLWBrEOj%2Bw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7b1435130c71b524-OSL
X-Firefox-Spdy: h2

1win-cdn.com/img/free-money-link-image.4433e4971-120.png

104.26.5.11

200 OK

6292

URL HTTP/2

1win-cdn.com/img/free-money-link-image.4433e4971-120.png
IP

104.26.5.11:0
ASN

#13335 CLOUDFLARENET

Magic

PNG image data, 120 x 97, 8-bit colormap, non-interlaced\012- data

Size

6292
Hash

8c77c77c33189721a876fefeadf5ca83

0b197aa9e55fe824b28e55b9e0591f8631b6c3c8

b2a4295182c1f7c9619a4d2f842be12f4cbc6c4bb8d2ea607f06ff3bc4099486

HTTP Headers

                                        GET /img/free-money-link-image.4433e4971-120.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Referer: https://1wmdru.top/
Connection: keep-alive
TE: trailers

                                        HTTP/2 200 OK
date: Sat, 01 Apr 2023 22:18:20 GMT
content-type: image/png
content-length: 6292
last-modified: Thu, 09 Mar 2023 11:29:26 GMT
etag: "6409c316-1894"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 2001333
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KmaiqOSHaic1Kf2kcxVhiBZiAFLOgT4ZcYdZ7O7pMBeD%2B%2F%2FKDxrQHep8pgjwSsoE2ijZPylxL3waWm%2FmCvPeaDjJ42m5s3y%2BOcO8MfzEn3GpRFf2p9vwtI6z3Ix9lA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7b143512fc67b524-OSL
X-Firefox-Spdy: h2

1win-cdn.com/img/sprite-roulette-frame@2.76ea5a241-256.png

104.26.5.11

200 OK

29770

URL HTTP/2

1win-cdn.com/img/sprite-roulette-frame@2.76ea5a241-256.png
IP

104.26.5.11:0
ASN

#13335 CLOUDFLARENET

Magic

PNG image data, 256 x 256, 8-bit colormap, non-interlaced\012- data

Size

29770
Hash

fa83f73358ed73cbd8a0faf0d8e6c019

586b95f1e5e1945abd0248e995f79274463c1cd8

ede3848497b96e7defd4c5d53133cf2e374487411186a66a6146191ae5692f77

HTTP Headers

                                        GET /img/sprite-roulette-frame@2.76ea5a241-256.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Referer: https://1wmdru.top/
Connection: keep-alive
TE: trailers

                                        HTTP/2 200 OK
date: Sat, 01 Apr 2023 22:18:20 GMT
content-type: image/png
content-length: 29770
last-modified: Fri, 10 Mar 2023 09:46:26 GMT
etag: "640afc72-744a"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1944913
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Fadyh3298UT11NFOfVzu6JI2k7601ugmG%2FuUrDBnTYEVaNeqZQlqPLYWRP6Ln2vcR4eSaGBTab4xo9HFqPddZnUTLLG96fAbHiKWARW%2BOuAxK7QUBOJ74mXDSLYXjg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7b1435130c77b524-OSL
X-Firefox-Spdy: h2

1win-cdn.com/img/sprite-tvbet@2.888adc8ee-256.webp

104.26.5.11

200 OK

353842

URL HTTP/2

1win-cdn.com/img/sprite-tvbet@2.888adc8ee-256.webp
IP

104.26.5.11:0
ASN

#13335 CLOUDFLARENET

Magic

RIFF (little-endian) data, Web/P image\012- data

Size

353842
Hash

8df817e5ef0af5dc8279d3f20cae9bc3

12c85bcc74a48053c92f3f75ce3c14e1a19e46d3

61a0f98511e6c60430ab044d1f80e1c9eff83f577064d465cc5f893ba3ce0fee

HTTP Headers

                                        GET /img/sprite-tvbet@2.888adc8ee-256.webp HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Referer: https://1wmdru.top/
Connection: keep-alive
TE: trailers

                                        HTTP/2 200 OK
date: Sat, 01 Apr 2023 22:18:20 GMT
content-type: image/webp
content-length: 353842
last-modified: Thu, 30 Mar 2023 11:02:41 GMT
etag: "64256c51-56632"
x-frame-options: DENY
cache-control: max-age=14400
cf-cache-status: HIT
age: 2940
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lk29aJjuPBYC5yHahK%2FzAXuPeyZN7admsPO8MdH3mxeBkd7DABmikuehd1gZJMZKvtAAFG5qWDj1NRXKQS7qoUJzptyWthbZdxJ2XNAeG3SjDQynclTH47vOwT595w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7b1435130c75b524-OSL
X-Firefox-Spdy: h2

1win-cdn.com/img/sprite-dice-frame@2.8e0d70675-256.png

104.26.5.11

200 OK

17269

URL HTTP/2

1win-cdn.com/img/sprite-dice-frame@2.8e0d70675-256.png
IP

104.26.5.11:0
ASN

#13335 CLOUDFLARENET

Magic

PNG image data, 256 x 256, 8-bit colormap, non-interlaced\012- data

Size

17269
Hash

b5469917695caf597285ce3e08c0e314

8d6b57a1590baf7531d688d5dde729ede7d02108

3353862bc343fe2f92faf7e59595d9aa80d2fbdc90c6677437daf3a9acd84b32

HTTP Headers

                                        GET /img/sprite-dice-frame@2.8e0d70675-256.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Referer: https://1wmdru.top/
Connection: keep-alive
TE: trailers

                                        HTTP/2 200 OK
date: Sat, 01 Apr 2023 22:18:20 GMT
content-type: image/png
content-length: 17269
last-modified: Thu, 09 Mar 2023 11:29:26 GMT
etag: "6409c316-4375"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 2001333
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=y2cnAT3XJINkR5KYzROjHahDMflRSefoH23rLckKdaM6yiHkLIDUGE63kOKU4TbtJaP4GxN%2BSR64nSVC25Lh1QmFevnDYAYqKLNzQqqTYYSa1jv4U3j5wnj3sne%2FDw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7b1435130c7db524-OSL
X-Firefox-Spdy: h2

1win-cdn.com/img/sprite-poker-frame@2.1caa31af7-256.png

104.26.5.11

200 OK

10453

URL HTTP/2

1win-cdn.com/img/sprite-poker-frame@2.1caa31af7-256.png
IP

104.26.5.11:0
ASN

#13335 CLOUDFLARENET

Magic

PNG image data, 256 x 256, 8-bit colormap, non-interlaced\012- data

Size

10453
Hash

74023900d89b98987ea3248f4a89a218

4ea53a2415cf89647c40a32c69b50bde861a40ed

484183c9f4d5b2d68649d3025af4d2b95a5cb71f40a1cf960d62e0e3560162ab

HTTP Headers

                                        GET /img/sprite-poker-frame@2.1caa31af7-256.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Referer: https://1wmdru.top/
Connection: keep-alive
TE: trailers

                                        HTTP/2 200 OK
date: Sat, 01 Apr 2023 22:18:20 GMT
content-type: image/png
content-length: 10453
last-modified: Thu, 09 Mar 2023 11:29:26 GMT
etag: "6409c316-28d5"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 2001333
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rQFVagJ0TBzEWypzU2y04FLtg5vjo%2B%2FjqHvaTqAGFxHuFUkEGSo30Q8Ga6xQtt8n8DcTR%2BvucGqRDNfOkSSIO5L6KpqMQ0p3B%2FMoN6B6l0r%2F1Hug0BG7y%2FOFbQeybw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7b1435130c7fb524-OSL
X-Firefox-Spdy: h2

1win-cdn.com/img/sprite-poker@2.a38733e7a-256.webp

104.26.5.11

200 OK

360930

URL HTTP/2

1win-cdn.com/img/sprite-poker@2.a38733e7a-256.webp
IP

104.26.5.11:0
ASN

#13335 CLOUDFLARENET

Magic

RIFF (little-endian) data, Web/P image\012- data

Size

360930
Hash

3da44652926631bc4fc847cfcbad6c71

a5f7955272162e543d5db897e200d00d3af22b22

354fe37cee669fe141e1e1dcb3b5a12df1ff2b9b34be38b4f2e20dd46fdb7d2a

HTTP Headers

                                        GET /img/sprite-poker@2.a38733e7a-256.webp HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Referer: https://1wmdru.top/
Connection: keep-alive
TE: trailers

                                        HTTP/2 200 OK
date: Sat, 01 Apr 2023 22:18:20 GMT
content-type: image/webp
content-length: 360930
last-modified: Thu, 30 Mar 2023 11:02:41 GMT
etag: "64256c51-581e2"
x-frame-options: DENY
cache-control: max-age=14400
cf-cache-status: HIT
age: 2940
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VDRahM7mhJqLeNK697LnU6mPqUdVGHnnjJP8xQu3eehQZCa7O6JjAgwdLzKK5xE0r9KGy8doxN4LYQq8Rszk9BtLgdWd6p9ZuOzNmuY1Rqzbzdk3gxPYXmrrzTARLg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7b1435130c80b524-OSL
X-Firefox-Spdy: h2

1win-cdn.com/img/sprite-dice@2.6e1ac0ed1-256.webp

104.26.5.11

200 OK

429680

URL HTTP/2

1win-cdn.com/img/sprite-dice@2.6e1ac0ed1-256.webp
IP

104.26.5.11:0
ASN

#13335 CLOUDFLARENET

Magic

RIFF (little-endian) data, Web/P image\012- data

Size

429680
Hash

abaa6833958bdc5427e6fa573cbfa70a

d43989916cc382e4e3d983933d9cd52a7d1dbeb2

51ba8ea694483e38020360731af53be7cd411671786008119b70b2a320e3bd92

HTTP Headers

                                        GET /img/sprite-dice@2.6e1ac0ed1-256.webp HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Referer: https://1wmdru.top/
Connection: keep-alive
TE: trailers

                                        HTTP/2 200 OK
date: Sat, 01 Apr 2023 22:18:20 GMT
content-type: image/webp
content-length: 429680
last-modified: Thu, 30 Mar 2023 11:02:41 GMT
etag: "64256c51-68e70"
x-frame-options: DENY
cache-control: max-age=14400
cf-cache-status: HIT
age: 2940
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fI8nLmq9v5EUAyHTjS8CUOCZ%2FoiW%2FGDVuuYQgjCmiluJOmSrnwbCtDOnirtvS72nxcVEvHBPnmFFM0rjsLNXxd5nyCL6loWnhqGfjCXPpJrYNho%2BMVCh2Qn6ZpqQFg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7b1435130c7eb524-OSL
X-Firefox-Spdy: h2

1win-cdn.com/img/sprite-roulette@2.255074856-256.webp

104.26.5.11

200 OK

719644

URL HTTP/2

1win-cdn.com/img/sprite-roulette@2.255074856-256.webp
IP

104.26.5.11:0
ASN

#13335 CLOUDFLARENET

Magic

RIFF (little-endian) data, Web/P image\012- data

Size

719644
Hash

344d71695bd0f387fedd84fba6ace2c1

1d37e2d66ab1098072febc0a0dc3769d44090048

7775854f4b641fa2c9f954c79de9d4bd51ffea8b9bc74d8e01768718cc438003

HTTP Headers

                                        GET /img/sprite-roulette@2.255074856-256.webp HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Referer: https://1wmdru.top/
Connection: keep-alive
TE: trailers

                                        HTTP/2 200 OK
date: Sat, 01 Apr 2023 22:18:20 GMT
content-type: image/webp
content-length: 719644
last-modified: Thu, 30 Mar 2023 11:02:41 GMT
etag: "64256c51-afb1c"
x-frame-options: DENY
cache-control: max-age=14400
cf-cache-status: HIT
age: 2940
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vAOJu9OZe%2FmBSJIodqk051vLX0tqzcBssRdCvD3rUdwAVa2MBk9Vyrh%2F3k4w1LxcaO1V7myDV%2BYUmiCbkOdCiBDvF6%2FtTq4njKnUADD8jCyf81i%2Fb%2Bwmd%2FprytXOcw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7b1435130c79b524-OSL
X-Firefox-Spdy: h2

1win-cdn.com/img/pwa_android_en.b229a444a-690.png

104.26.5.11

200 OK

37637

URL HTTP/2

1win-cdn.com/img/pwa_android_en.b229a444a-690.png
IP

104.26.5.11:0
ASN

#13335 CLOUDFLARENET

Magic

PNG image data, 690 x 450, 8-bit colormap, non-interlaced\012- data

Size

37637
Hash

8b6daeaca5784288934eb5c3dbc3401d

2df52222cb03510733d5f5c616278143e7f93f2d

53ee238e1169d7940016da0159e72a214403576447cf1b8cb384942a6200d191

HTTP Headers

                                        GET /img/pwa_android_en.b229a444a-690.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Referer: https://1wmdru.top/
Connection: keep-alive
TE: trailers

                                        HTTP/2 200 OK
date: Sat, 01 Apr 2023 22:18:20 GMT
content-type: image/png
content-length: 37637
last-modified: Thu, 09 Mar 2023 11:29:26 GMT
etag: "6409c316-9305"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 2001333
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=unYokKCJRJ3YEzDX%2FUxQbhS7FX1GPhpyR9V%2BskNSfGRE9oUZ3yljJHYnYxhsW2T4YIXk5xTIxxsijDo%2B%2FAU9nk%2FKlGxn5EizE%2FQ2rgcBg4yRmqnwGgGoovd2rucddA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7b1435132c97b524-OSL
X-Firefox-Spdy: h2

1win-cdn.com/img/jetx.64787fc5c.svg

104.26.5.11

200 OK

45058

URL HTTP/2

1win-cdn.com/img/jetx.64787fc5c.svg
IP

104.26.5.11:0
ASN

#13335 CLOUDFLARENET

Magic

SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (8774)

Size

45058
Hash

befd3e4bf0caafa485b64a5a14718dd0

2b973a919b0601d0e99a014cf794051c2753f36d

9f687da9f939c45ad98d0a59d5220cb6ac927f1e6a2e17218d782cebe56b7728

HTTP Headers

                                        GET /img/jetx.64787fc5c.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Referer: https://1wmdru.top/
Connection: keep-alive
TE: trailers

                                        HTTP/2 200 OK
date: Sat, 01 Apr 2023 22:18:19 GMT
content-type: image/svg+xml
last-modified: Thu, 09 Mar 2023 11:29:26 GMT
etag: W/"6409c316-33f5"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 2001332
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QLuomZfqiK9glGhSJEPRsrNHYM91vsvIEAN5wUKWbcU8xlSozw0gV9GW%2FC%2FKJqSdeNPcBgSgp%2FnKHI8HKOzTe9u8LUynpMmftnLeIjSoMmrqv6NNyldYM0ye9qJnKg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7b143512bc18b524-OSL
content-encoding: br
X-Firefox-Spdy: h2

1win-cdn.com/img/home-poker-banner-bg.87d818974-600.webp

104.26.5.11

200 OK

11812

URL HTTP/2

1win-cdn.com/img/home-poker-banner-bg.87d818974-600.webp
IP

104.26.5.11:0
ASN

#13335 CLOUDFLARENET

Magic

RIFF (little-endian) data, Web/P image\012- data

Size

11812
Hash

d42d6b091c917baad89cc62f34b1ef8d

6915e60ae50f4b00af5083ce1217a7dab04df42d

9ac95cc43cf590f1f9a5dd85b5b0bf04d98e38d3005b6e4b436f8c04d09a66e9

HTTP Headers

                                        GET /img/home-poker-banner-bg.87d818974-600.webp HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Referer: https://1wmdru.top/
Connection: keep-alive
TE: trailers

                                        HTTP/2 200 OK
date: Sat, 01 Apr 2023 22:18:20 GMT
content-type: image/webp
content-length: 11812
last-modified: Thu, 30 Mar 2023 11:02:42 GMT
etag: "64256c52-2e24"
x-frame-options: DENY
cache-control: max-age=14400
cf-cache-status: HIT
age: 2940
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oAuQL83Vgt7Tp2gpVpnXLvPfGGfjI5mirLXvTzujwSsUN8CcGXOxXrVICXYFSgTb1nF1L3OVG6gA1g571AFHwKMWdLNKmID7CizujiyqRPAxtYP9yjIL5MB%2FbMwIXQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7b1435132c98b524-OSL
X-Firefox-Spdy: h2

1win-cdn.com/img/aviator-game-logo.2fb50dc03.svg

104.26.5.11

200 OK

9479

URL HTTP/2

1win-cdn.com/img/aviator-game-logo.2fb50dc03.svg
IP

104.26.5.11:0
ASN

#13335 CLOUDFLARENET

Magic

SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (2997)

Size

9479
Hash

c91225bb6943f3c7ccd2962784aae937

6d53885c4d91257844370429cd3cb75dc1b79e77

dbc8060ea4d9772065e60903c2d1f4a35ad148fa5beca919b436edfdabcd29d1

HTTP Headers

                                        GET /img/aviator-game-logo.2fb50dc03.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Referer: https://1wmdru.top/
Connection: keep-alive
TE: trailers

                                        HTTP/2 200 OK
date: Sat, 01 Apr 2023 22:18:19 GMT
content-type: image/svg+xml
last-modified: Thu, 09 Mar 2023 11:29:26 GMT
etag: W/"6409c316-bfa"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 2001332
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wqlUeTFgiDcBEO4b4kKwFtcIzvXmZILEufexwSN04bVP7SVKIC42XRaNFhD0TGTzyclujXQI27l6zwQyp0kEIsXrL5IBOcZRBOAsCh%2BtuFW84OV72Ocu2HbMqU2nVw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7b143512bc11b524-OSL
content-encoding: br
X-Firefox-Spdy: h2

imgproxy.1win-cdn.com/unsafe/banner_desktop_main_1x/plain/https://1win-cdn.com/banner-files/bonus-banner-deposit.png@avif

104.26.5.11

200 OK

4323

URL HTTP/2

imgproxy.1win-cdn.com/unsafe/banner_desktop_main_1x/plain/https://1win-cdn.com/banner-files/bonus-banner-deposit.png@avif
IP

104.26.5.11:0
ASN

#13335 CLOUDFLARENET

Magic

ISO Media, AVIF Image\012- data

Size

4323
Hash

22a160f55908549771f823852d5eaeea

267d86356fc72824681f08d9fd1207b77530c08d

bb19dc50ecc9dd60ce8760b73843ce465df86b78a76de6a924c813fc770a2f23

HTTP Headers

                                        GET /unsafe/banner_desktop_main_1x/plain/https://1win-cdn.com/banner-files/bonus-banner-deposit.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Referer: https://1wmdru.top/
Connection: keep-alive
TE: trailers

                                        HTTP/2 200 OK
date: Sat, 01 Apr 2023 22:18:20 GMT
content-type: image/avif
content-length: 4323
cache-control: public, max-age=31536000
content-disposition: inline; filename="bonus-banner-deposit.avif"
etag: "afr-jhlkuoDx_XrwjiuFbkzj6HdVsjvDmAeQvV8BbYs/RIjYxYTRlY2UwLTU0YWIyIg"
expires: Mon, 03 Apr 2023 20:38:57 GMT
x-request-id: k_UiPjjC7eUn-KF9U943Q
x-cache-status: HIT
cf-cache-status: HIT
age: 364241
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3ia%2BQLzT%2Fz3EZqUQ%2BygFkVq1MD02yQZw1uBK0x3yHIzLupAI%2BANXHC0Ab6h1u8id8D5WkdBS%2B9km9gYQAnK%2B9FPopIlxJaaoC0vVSlJ7pdEWYIzvMlCs%2BjUSKulCO9PpXx%2Bt6hZIjA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7b1435136cd7b524-OSL
X-Firefox-Spdy: h2

1win-cdn.com/font/SFNSDisplay-cyrillic.e423f3776.woff2

104.26.5.11

200 OK

16852

URL HTTP/2

1win-cdn.com/font/SFNSDisplay-cyrillic.e423f3776.woff2
IP

104.26.5.11:0
ASN

#13335 CLOUDFLARENET

Magic

Web Open Font Format (Version 2), TrueType, length 16852, version 1.0\012- data

Size

16852
Hash

c4f31a30bdf4dbced79fb75fc03111cf

14765799051deb933539e19f1ffa26198cabd4c1

cded98e2b95ccbf34690d20e4d466e2457d754f960b819d052d188dae2c9e9fc

HTTP Headers

                                        GET /font/SFNSDisplay-cyrillic.e423f3776.woff2 HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1wmdru.top
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Referer: https://1win-cdn.com/
Connection: keep-alive
TE: trailers

                                        HTTP/2 200 OK
date: Sat, 01 Apr 2023 22:18:20 GMT
content-type: application/octet-stream
content-length: 16852
last-modified: Thu, 30 Mar 2023 11:02:41 GMT
etag: "64256c51-41d4"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ctarx1fESJxePuIFSlZsnPW0tqkQ7Z2CRfAJUz514dDDhGhEdI6P31j7E2ggWzaUzPVCQVmIO8ck5k5xdtUUFXkrvkmCYk2wAV2jFSjWB8rgvTsvYcX7MXmA1YYyNg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7b143512fd370b55-OSL
X-Firefox-Spdy: h2

imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/1play/5b4ab347-f37c-44e4-93e6-2c1c0efa069e.jpg@avif

104.26.5.11

200 OK

5302

URL HTTP/2

imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/1play/5b4ab347-f37c-44e4-93e6-2c1c0efa069e.jpg@avif
IP

104.26.5.11:0
ASN

#13335 CLOUDFLARENET

Magic

ISO Media, AVIF Image\012- data

Size

5302
Hash

76a502c1036d076e2317739f0cc878d8

480303b6e1e68b1d04e998d9bcd26224429db376

e377abb67003f9b87b6c67e87b9814b99bb3c1de68f286546d9af4e6d6377351

HTTP Headers

                                        GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/1play/5b4ab347-f37c-44e4-93e6-2c1c0efa069e.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Referer: https://1wmdru.top/
Connection: keep-alive
TE: trailers

                                        HTTP/2 200 OK
date: Sat, 01 Apr 2023 22:18:20 GMT
content-type: image/avif
content-length: 5302
cache-control: public, max-age=31536000
content-disposition: inline; filename="5b4ab347-f37c-44e4-93e6-2c1c0efa069e.avif"
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjYzOTM2OTc5LTJiMmQxIg"
expires: Sun, 02 Apr 2023 20:17:48 GMT
x-request-id: zPhgdY5gWvkg4vM7pvWq-
x-cache-status: HIT
cf-cache-status: HIT
age: 486536
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UOU1jSnxsQkf5kdHEyEkdNwdq%2B%2FKmlPZY8sdCJyySru4GDxxePnUXAyGd6vunbPJfBEy7B0f1YtdMXpVgzyYpItwqI9wJUDSS01YTXJpLZXrLEyan7CBm9JqQKbUk%2Fkg5UOiRmryMA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7b1435143dd7b524-OSL
X-Firefox-Spdy: h2

imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/1play/81c5273a-ebb1-47f6-8535-6376c353ea74.png@avif

104.26.5.11

200 OK

3601

URL HTTP/2

imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/1play/81c5273a-ebb1-47f6-8535-6376c353ea74.png@avif
IP

104.26.5.11:0
ASN

#13335 CLOUDFLARENET

Magic

ISO Media, AVIF Image\012- data

Size

3601
Hash

38274844df1004bd9a0e2ebaa78fc880

ef316b9b62257b1e930eb064f30c1baecd86f2b9

5d128fbc4ca805ffd77a5d0c93ed6c15e548157d1b6a68b16c2849a98799a6a6

HTTP Headers

                                        GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/1play/81c5273a-ebb1-47f6-8535-6376c353ea74.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Referer: https://1wmdru.top/
Connection: keep-alive
TE: trailers

                                        HTTP/2 200 OK
date: Sat, 01 Apr 2023 22:18:20 GMT
content-type: image/avif
content-length: 3601
cache-control: public, max-age=31536000
content-disposition: inline; filename="81c5273a-ebb1-47f6-8535-6376c353ea74.avif"
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjYzOTM2OTc1LTY1Njk0Ig"
expires: Mon, 03 Apr 2023 21:47:23 GMT
x-request-id: 3_3K_XaC4gvPsdkGmWl7c
x-cache-status: HIT
cf-cache-status: HIT
age: 355614
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oWesQ3mdef%2BC6MjgSwjChznvcqk6zWTORKRavbtHn4k1b%2FK%2BQdLJCjuQbEvme00JS5Ga8Lc58E15XGyFis5qCjKcC7se%2B75iJB2ONossE%2BvYJSYKWpkjOGOPmxmArufB%2BjD%2Fth4o7g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7b1435143dd9b524-OSL
X-Firefox-Spdy: h2

imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/1play/576a0d3a-0df0-4a5b-ac90-7e9f2ab73407.png@avif

104.26.5.11

200 OK

4304

URL HTTP/2

imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/1play/576a0d3a-0df0-4a5b-ac90-7e9f2ab73407.png@avif
IP

104.26.5.11:0
ASN

#13335 CLOUDFLARENET

Magic

ISO Media, AVIF Image\012- data

Size

4304
Hash

d5f05284c21b7798248cd9fa99bfd299

bf9b3b55c3aa5508d51c2935e6494a6f91fb21b9

85a15ca1b3ad7e7569214ac1e02596a70b806eccd8ebf2b9fb079ca53986a0d4

HTTP Headers

                                        GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/1play/576a0d3a-0df0-4a5b-ac90-7e9f2ab73407.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Referer: https://1wmdru.top/
Connection: keep-alive
TE: trailers

                                        HTTP/2 200 OK
date: Sat, 01 Apr 2023 22:18:20 GMT
content-type: image/avif
content-length: 4304
cache-control: public, max-age=31536000
content-disposition: inline; filename="576a0d3a-0df0-4a5b-ac90-7e9f2ab73407.avif"
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjYzOTM2OTZmLTIwOWY5Ig"
expires: Fri, 07 Apr 2023 17:37:27 GMT
x-request-id: jBTwP1UWLpMT8tFrsYKax
x-cache-status: HIT
cf-cache-status: HIT
age: 102126
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SG2BHOjejIM4LSqfDchMOcwTlsgsRpafioqhsfHWy5kZrdSVF0ec6MFS%2BPR3UPryoB8EXCYAfw717GN6P9S6zhKiO2ofo2Xm53zYzTcCR9Tk2bAclrBMGYApDwH6g%2F22OjLZnSGEfA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7b1435143dd8b524-OSL
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471

URL HTTP/1.1

ocsp.pki.goog/gts1c3
IP

142.250.74.3:0
ASN

#15169 GOOGLE

Magic

data

Size

471
Hash

02c95981e800dd9363a6d19dae24da1e

21059a3e85170b78c401f344a2cc11359afe51d9

c50c93dbf298c3c2e641e178f9c43680c1989bb2a06bc2db723484a7da223cd9

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (38)

#1 JS:Script (size: 186)

URL

IP

ASN

Introduced by

Inline HTML

Observations

Hash

#2 JS:Script (size: 13698)

URL

IP

ASN

Introduced by

Inline HTML

Observations

Hash

#3 JS:Script (size: 7914)

URL

IP

ASN

Introduced by

Inline HTML

Observations

Hash

#4 JS:Script (size: 231781)

URL

IP

ASN

Introduced by

Inline HTML

Observations

Hash

#5 JS:Script (size: 348)

URL

IP

ASN

Introduced by

Inline HTML

Observations

Hash

#6 JS:Script (size: 29276)

URL

IP

ASN

Introduced by

Inline HTML

Observations

Hash

#7 JS:Script (size: 508)

URL

IP

ASN

Introduced by

Inline HTML