| 1wsxxy.life/img/logo/main/1win-normal.svg |  190.115.24.78 | 200 OK | 1.5 kB |
URL GET HTTP/21wsxxy.life/img/logo/main/1win-normal.svg IP190.115.24.78:443
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerLet's Encrypt Subject1wsxxy.life Fingerprint6C:F2:F1:6E:19:D6:B7:36:4D:06:B6:E4:4A:E8:7F:4A:72:88:B1:6C ValiditySat, 27 Apr 2024 11:51:31 GMT - Fri, 26 Jul 2024 11:51:30 GMT
File typeSVG Scalable Vector Graphics image Hash0a5e2aff3499f587617337c0add83e72 c713ec3dbfd744114ba3b9cbf7b9ce3d40fbd8a4 a5cb3d03f299b837679eaa793491a03acc5fc1afdbc7f207b7566646f3bd2ecb
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/logo/main/1win-normal.svg HTTP/1.1
Host: 1wsxxy.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/casino/list/4
Cookie: __ddg1_=NUPB2r5wGQRpS38TTCB6
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: ddos-guard
date: Wed, 01 May 2024 01:22:05 GMT
content-type: image/svg+xml
last-modified: Tue, 30 Apr 2024 16:16:26 GMT
etag: W/"6631195a-1221"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
content-encoding: br
vary: Accept-Encoding
age: 666196
content-length: 1474
ddg-cache-status: HIT
X-Firefox-Spdy: h2
|
|
| 1wsxxy.life/core-js/3.33.3/minified.js | 190.115.24.78 | 200 OK | 74 kB |
URL GET HTTP/21wsxxy.life/core-js/3.33.3/minified.js IP190.115.24.78:443
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerLet's Encrypt Subject1wsxxy.life Fingerprint6C:F2:F1:6E:19:D6:B7:36:4D:06:B6:E4:4A:E8:7F:4A:72:88:B1:6C ValiditySat, 27 Apr 2024 11:51:31 GMT - Fri, 26 Jul 2024 11:51:30 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (31999) Hash38facf849f100d0fe6269a53a7bca451 9bb69f981438d48b093bd1eb673885476b4932f0 ce68e1614ab493deaecfa6eb9711736de0348248e1d559b5f6dfb5dc4c29b459
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /core-js/3.33.3/minified.js HTTP/1.1
Host: 1wsxxy.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/casino/list/4
Cookie: __ddg1_=NUPB2r5wGQRpS38TTCB6
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: ddos-guard
date: Wed, 01 May 2024 14:31:43 GMT
content-type: application/javascript
last-modified: Tue, 30 Apr 2024 16:16:26 GMT
etag: W/"6631195a-3b989"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: ALLOW-FROM ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan, ALLOW-FROM 1win-partner.com ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan
content-encoding: br
vary: Accept-Encoding
age: 618818
content-length: 74162
ddg-cache-status: HIT
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/font/SFNSText-latin.f09aa5229.woff2 |  154.197.121.128 | 200 OK | 44 kB |
URL GET HTTP/21win-cdn.com/font/SFNSText-latin.f09aa5229.woff2 IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 43512, version 1.0 Hash426f20bb65ea80d35f3f2a999d5d7d1e 85f211a450f26d7f0822d718fc61085a506fa455 06e02d3d2d01bb2c88786b0a2dd2d692f6659c0159ec4754f7db49c12e03b0d6
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /font/SFNSText-latin.f09aa5229.woff2 HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1wsxxy.life/
Origin: https://1wsxxy.life
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:21 GMT
content-type: application/octet-stream
content-length: 43512
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: "660d5374-a9f8"
expires: Sat, 06 May 2034 18:25:21 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 275287
accept-ranges: bytes
set-cookie: __cf_bm=0scHm.iat9xn_VnyTVqD4ygS19szHdvOlxmFeusoUzM-1715192721-1.0.1.1-uJJxDclD77JmNp3xnRe27mPUylCCW1FDKvNVf0iBvzpwZzdnlQ1NfxofZQfT12ZfoyndfyjVLYN8szctYZk3cw; path=/; expires=Wed, 08-May-24 18:55:21 GMT; domain=.1win-cdn.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7defe9745699-OSL
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/font/SFNSDisplay-latin.50a4eaff3.woff2 | 154.197.121.128 | 200 OK | 33 kB |
URL GET HTTP/21win-cdn.com/font/SFNSDisplay-latin.50a4eaff3.woff2 IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 33064, version 1.0 Hashde175cbf569bb3ccf1f761c845cbd896 8d93663b858bae157ba5fc40e1400177104d71bd df3772666587111462634070c47969ad9687bbf80d0694bb2e6c33be39434d68
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /font/SFNSDisplay-latin.50a4eaff3.woff2 HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1wsxxy.life/
Origin: https://1wsxxy.life
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:21 GMT
content-type: application/octet-stream
content-length: 33064
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: "660d5374-8128"
expires: Sat, 06 May 2034 18:25:21 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 275287
accept-ranges: bytes
set-cookie: __cf_bm=hLyk7no4U4LxkWB7Rxz1I8twnPIVnh9o3urgWJbhNvs-1715192721-1.0.1.1-b_.xSwU1X82AUboIDEcESOqoiaogj0nkumVkT2EhCBrc8QaFudxoYxv_1JNC6Pr6wJFV8hQ0a.dj1ZWpGVqXmg; path=/; expires=Wed, 08-May-24 18:55:21 GMT; domain=.1win-cdn.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7defe96f5699-OSL
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/63502.d79807f7c.js | 154.197.121.128 | 200 OK | 26 kB |
URL GET HTTP/21win-cdn.com/js/63502.d79807f7c.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hash12c67e0c372bb9fb9caa39dadb1e8576 b8d258eaba4572d74f81c8450a9e4d00a31eef1e 899d3bbd41700541dc0a62ad7d5a5a7319d1ef5df1437b5a8c8ac66712f5b2cb
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/63502.d79807f7c.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:22 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 06 May 2024 08:52:05 GMT
etag: W/"66389a35-2103b"
expires: Sat, 06 May 2034 18:25:22 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 206855
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7df26d26568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1wsxxy.life/affiliate:link_visit?partner_key=7s9r&sub_ids=undefined | 190.115.24.78 | 200 OK | 553 B |
URL GET HTTP/21wsxxy.life/affiliate:link_visit?partner_key=7s9r&sub_ids=undefined IP190.115.24.78:443
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerLet's Encrypt Subject1wsxxy.life Fingerprint6C:F2:F1:6E:19:D6:B7:36:4D:06:B6:E4:4A:E8:7F:4A:72:88:B1:6C ValiditySat, 27 Apr 2024 11:51:31 GMT - Fri, 26 Jul 2024 11:51:30 GMT
File typegzip compressed data, from Unix Hash4441cb556e53f3343199ee123a6b4ce5 e9ea2f1a76b7b4d9febf5d0bdc104fca0845a8a8 9c1f5d05bd6e6a60f13d61e652d391c1feb12e98bc63740f61bfaa879e06bb30
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /affiliate:link_visit?partner_key=7s9r&sub_ids=undefined HTTP/1.1
Host: 1wsxxy.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1wsxxy.life/casino/list/4
DNT: 1
Connection: keep-alive
Cookie: __ddg1_=NUPB2r5wGQRpS38TTCB6; partner_key=7s9r; visit_domain=1wsxxy.life
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: ddos-guard
date: Wed, 08 May 2024 18:25:22 GMT
content-type: application/json; charset=utf-8
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Authorization, X-Origin
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin: undefined
access-control-expose-headers: Authorization
access-control-max-age: 7200
etag: W/"25-Zj67mG54TfZ031q1ea2QwFUXWX4"
set-cookie: core-sticky=http://10.233.84.234:80; Path=/; HttpOnly
x-powered-by: Express
x-frame-options: ALLOW-FROM ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan, ALLOW-FROM 1win-partner.com ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
|
|
| 1win.direct/v4/socket.io/?Language=en&xorigin=1wsxxy.life&EIO=4&transport=websocket |  134.122.54.186 | | 0 B |
URL 1win.direct/v4/socket.io/?Language=en&xorigin=1wsxxy.life&EIO=4&transport=websocket IP134.122.54.186:0 ASN#14061 DIGITALOCEAN-ASN
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /v4/socket.io/?Language=en&xorigin=1wsxxy.life&EIO=4&transport=websocket HTTP/1.1
Host: 1win.direct
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://1wsxxy.life
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 0QB5tvxzXXnE0UY0hno6+g==
DNT: 1
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Sec-Websocket-Accept: h1yMRxBPrycTgEOq16evX2gjS0E=
Sec-Websocket-Extensions: permessage-deflate
Set-Cookie: core-sticky=2d7acae8672f87dd; Path=/; HttpOnly
Upgrade: websocket
|
|
| 1wsxxy.life/firebase/8.1.1/firebase-app.js | 190.115.24.78 | 200 OK | 6.6 kB |
URL GET HTTP/21wsxxy.life/firebase/8.1.1/firebase-app.js IP190.115.24.78:443
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerLet's Encrypt Subject1wsxxy.life Fingerprint6C:F2:F1:6E:19:D6:B7:36:4D:06:B6:E4:4A:E8:7F:4A:72:88:B1:6C ValiditySat, 27 Apr 2024 11:51:31 GMT - Fri, 26 Jul 2024 11:51:30 GMT
File typeJavaScript source, ASCII text, with very long lines (19927) Hash5b9dcee25dd464bbf914b48e05e770c7 3f4e99ad6ce1fb6eb6be51dbd50ffab375eb0533 01a87f9f8138f66274cfedb855c0bfbe1529600a65ed26b0c863533e1e94abce
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /firebase/8.1.1/firebase-app.js HTTP/1.1
Host: 1wsxxy.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/casino/list/4
Cookie: __ddg1_=NUPB2r5wGQRpS38TTCB6; partner_key=7s9r; visit_domain=1wsxxy.life; core-sticky=http://10.233.84.234:80; 1w_lang=en; 1w_locale=1; AMP_494cccfe21=JTdCJTIyZGV2aWNlSWQlMjIlM0ElMjI5ZWY4OGNjYS0wMjRhLTRmNTMtYjIwOC03MjhmODk5OTBhMDglMjIlMkMlMjJzZXNzaW9uSWQlMjIlM0ExNzE1MTkyNzIyNTQzJTJDJTIyb3B0T3V0JTIyJTNBZmFsc2UlMkMlMjJsYXN0RXZlbnRUaW1lJTIyJTNBMTcxNTE5MjcyMjU3OSUyQyUyMmxhc3RFdmVudElkJTIyJTNBMCU3RA==; AMP_MKTG_494cccfe21=JTdCJTdE
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: ddos-guard
date: Wed, 08 May 2024 10:28:42 GMT
content-type: application/javascript
last-modified: Wed, 08 May 2024 08:34:08 GMT
etag: W/"663b3900-4ded"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: ALLOW-FROM ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan, ALLOW-FROM 1win-partner.com ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan
content-encoding: br
vary: Accept-Encoding
age: 28600
content-length: 6578
ddg-cache-status: HIT
X-Firefox-Spdy: h2
|
|
| 1wsxxy.life/firebase/8.1.1/firebase-messaging.js | 190.115.24.78 | 200 OK | 11 kB |
URL GET HTTP/21wsxxy.life/firebase/8.1.1/firebase-messaging.js IP190.115.24.78:443
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerLet's Encrypt Subject1wsxxy.life Fingerprint6C:F2:F1:6E:19:D6:B7:36:4D:06:B6:E4:4A:E8:7F:4A:72:88:B1:6C ValiditySat, 27 Apr 2024 11:51:31 GMT - Fri, 26 Jul 2024 11:51:30 GMT
File typeJavaScript source, ASCII text, with very long lines (40719) Hash450e8b32262706d42cfdd438c49208f5 31c7e4aac1d1303c1e83a0b591abc3501e278668 58a372bb9d424111a2e73c427edb10db91c0f05e8f323f046d20f5cf8fd6f30f
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /firebase/8.1.1/firebase-messaging.js HTTP/1.1
Host: 1wsxxy.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/casino/list/4
Cookie: __ddg1_=NUPB2r5wGQRpS38TTCB6; partner_key=7s9r; visit_domain=1wsxxy.life; core-sticky=http://10.233.84.234:80; 1w_lang=en; 1w_locale=1; AMP_494cccfe21=JTdCJTIyZGV2aWNlSWQlMjIlM0ElMjI5ZWY4OGNjYS0wMjRhLTRmNTMtYjIwOC03MjhmODk5OTBhMDglMjIlMkMlMjJzZXNzaW9uSWQlMjIlM0ExNzE1MTkyNzIyNTQzJTJDJTIyb3B0T3V0JTIyJTNBZmFsc2UlMkMlMjJsYXN0RXZlbnRUaW1lJTIyJTNBMTcxNTE5MjcyMjU3OSUyQyUyMmxhc3RFdmVudElkJTIyJTNBMCU3RA==; AMP_MKTG_494cccfe21=JTdCJTdE
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: ddos-guard
date: Wed, 01 May 2024 17:47:43 GMT
content-type: application/javascript
last-modified: Tue, 30 Apr 2024 16:16:26 GMT
etag: W/"6631195a-9f25"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: ALLOW-FROM ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan, ALLOW-FROM 1win-partner.com ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan
content-encoding: br
vary: Accept-Encoding
age: 607059
content-length: 10915
ddg-cache-status: HIT
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/desktop.b9c515d35.js | 154.197.121.128 | 200 OK | 37 kB |
URL GET HTTP/21win-cdn.com/js/desktop.b9c515d35.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hashbdaa0bc6318a4aba528e44732419c11f b18190dae199d4eb1861390cd17d7f9a56f2d939 3de04141433385da9db1cd8fbc1369302098b86baa8b16fff1373b37b2e70d0e
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/desktop.b9c515d35.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=yzhwdhrz9AtfVLroH8AXMaBbu7nHqOjp49ILnCwEFOg-1715192721-1.0.1.1-YHZf6onHDmpbibWccdPhtseVH8O6ulfMh5DoSOy7Y8bNdukufNoHC4NN0C5sMKdPmQjQIAdQ82JhQVFLxFkV7w
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:22 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-214d1"
expires: Sat, 06 May 2034 18:25:22 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 22055
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7df16bb0568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/css/desktop.916d40f3f.css | 154.197.121.128 | 200 OK | 15 kB |
URL GET HTTP/21win-cdn.com/css/desktop.916d40f3f.css IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hash70a2fc8e5da99ce93928183fa9153bae d312f9146a9b93158afdcaba871bfde6b4f0b1aa bd08527c2b3e7d7103a8a02c235d4761f2a485765ed76ff1d2d86ac65fdca742
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /css/desktop.916d40f3f.css HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=yzhwdhrz9AtfVLroH8AXMaBbu7nHqOjp49ILnCwEFOg-1715192721-1.0.1.1-YHZf6onHDmpbibWccdPhtseVH8O6ulfMh5DoSOy7Y8bNdukufNoHC4NN0C5sMKdPmQjQIAdQ82JhQVFLxFkV7w
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:22 GMT
content-type: text/css
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-121d6"
expires: Sat, 06 May 2034 18:25:22 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 22055
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7df16bb9568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/present-with-light.bd57fb068-151.png | 154.197.121.128 | 200 OK | 5.6 kB |
URL GET HTTP/21win-cdn.com/img/present-with-light.bd57fb068-151.png IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typePNG image data, 151 x 161, 8-bit colormap, non-interlaced Hasha804ad67f4add53f8c251c2ebc80469d 4108aeab2f7a7c3720885edeb445e6131a383a49 06cee660e5b0dfa3ec59c1a1e03e4ab3da6cb22d1e49c9c51f9cf84ed925e304
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/present-with-light.bd57fb068-151.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:23 GMT
content-type: image/png
content-length: 5600
cf-bgj: imgq:100,h2pri
cf-polished: origSize=6732
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "663b6aff-1a4c"
last-modified: Wed, 08 May 2024 12:07:27 GMT
cf-cache-status: HIT
age: 1940
expires: Wed, 08 May 2024 22:25:23 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7df6fdb1568e-OSL
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/chunk-vendors.84f8d8042.js | 154.197.121.128 | 200 OK | 189 kB |
URL GET HTTP/21win-cdn.com/js/chunk-vendors.84f8d8042.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Size189 kB (189288 bytes) Hash4463ca451e550381192b54b94ab9962b 55b459615c27370a305b79cbfafa71d54c37380b 99ef47bb151eb37021273c49bbad8a58c08cf4ca061c96d591886658a1a17ae0
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/chunk-vendors.84f8d8042.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:21 GMT
content-type: application/javascript; charset=utf-8
last-modified: Thu, 25 Apr 2024 11:30:31 GMT
etag: W/"662a3ed7-3bb32"
expires: Sat, 06 May 2034 18:25:21 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 684774
set-cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag; path=/; expires=Wed, 08-May-24 18:55:21 GMT; domain=.1win-cdn.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7defe90f568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/28852.501b5fba6.js | 154.197.121.128 | 200 OK | 1.1 kB |
URL GET HTTP/21win-cdn.com/js/28852.501b5fba6.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hash85df618c77639242488473ef9e352974 ae42b659938c44d06056e2589b294b93e5c18fb8 b77fd8975d093baf2571d7fca38e3123f9d34b02ec778507043303f4530a1ca9
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/28852.501b5fba6.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:23 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-38a"
expires: Sat, 06 May 2034 18:25:23 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 690367
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7df72e2f568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/86359.48c462178.js | 154.197.121.128 | 200 OK | 16 kB |
URL GET HTTP/21win-cdn.com/js/86359.48c462178.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hash4816fc437ff66be47011e119753f1df2 59bdb4ddbc95b9de2e8f075c331f205c85a83ceb f10c628b2e5d941249b3f1591c1b3c4610a2feb5b9654e856494470e64a8b6dc
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/86359.48c462178.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:23 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-27a"
expires: Sat, 06 May 2034 18:25:23 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 683945
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7df6fdbd568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/pwa_android_en.b229a444a-690.png | 154.197.121.128 | 200 OK | 33 kB |
URL GET HTTP/21win-cdn.com/img/pwa_android_en.b229a444a-690.png IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typePNG image data, 690 x 450, 8-bit colormap, non-interlaced Hash43e03a24e305838eac0629c5cbf85550 85c71568d1008a17b928ac548987911daf187020 368a53c990be07280c5f3d3a726f0365f24befd9da404e98c139d88d8b5bf10b
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/pwa_android_en.b229a444a-690.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:23 GMT
content-type: image/png
content-length: 33278
cf-bgj: imgq:100,h2pri
cf-polished: origSize=37637
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "663b6aff-9305"
last-modified: Wed, 08 May 2024 12:07:27 GMT
cf-cache-status: HIT
age: 569
expires: Wed, 08 May 2024 22:25:23 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7df88a04568e-OSL
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/500_i18_bg.0e037ee17-1320.webp | 154.197.121.128 | 200 OK | 40 kB |
URL GET HTTP/21win-cdn.com/img/500_i18_bg.0e037ee17-1320.webp IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 1320x427, Scaling: [none]x[none], YUV color, decoders should clamp Hash14de8fd7c8de24bb9f6f89ddd3c2d480 9635193c712dafa2c58339dee09588880a96a980 633593c73a175eabb2a5716a04aa84b1b49fc8e4ac4687b07509db36350076b7
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/500_i18_bg.0e037ee17-1320.webp HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:23 GMT
content-type: image/webp
content-length: 39614
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: "663b6aff-9abe"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Wed, 08 May 2024 22:25:23 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7dfa7dd2568e-OSL
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/500_i18_img.77110d4f9-1320.webp | 154.197.121.128 | 200 OK | 25 kB |
URL GET HTTP/21win-cdn.com/img/500_i18_img.77110d4f9-1320.webp IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeRIFF (little-endian) data, Web/P image Hash1f85b44a5305e8928fcae8922301d92a 7ecc0724a7560af7c4debc83014bab875eba685b 660ffadc474a5738fb2d93662e90e32d80dad0baa670e737854347ef8e4b904d
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/500_i18_img.77110d4f9-1320.webp HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:23 GMT
content-type: image/webp
content-length: 25292
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: "663b6aff-62cc"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Wed, 08 May 2024 22:25:23 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7dfa7dd5568e-OSL
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/softswiss/37defc3f-971a-43ed-8326-7184e875e2a2.png@png | 188.114.96.1 | 200 OK | 62 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/softswiss/37defc3f-971a-43ed-8326-7184e875e2a2.png@png IP188.114.96.1:443
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typePNG image data, 419 x 314, 8-bit colormap, non-interlaced Hash2b14ff3ad965bf1a909a847a977d2193 d2711ec9e5b335c4aa1af2b1bc464debee484b1c ef759f6aedfae1d75f9cdc412001efc85f4de3ff02585905aabf2c13e4e94ff2
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/softswiss/37defc3f-971a-43ed-8326-7184e875e2a2.png@png HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:23 GMT
content-type: image/png
content-length: 62020
cache-control: public, max-age=31536000
content-disposition: inline; filename="37defc3f-971a-43ed-8326-7184e875e2a2.png"
content-security-policy: script-src 'none'
etag: "YivgRLogmnYHS1cXPJjS1dpZXN4A7BZ3bWbLSqbfqjQ/RIjY2Mzg4YTk1LTcwNTljIg"
x-request-id: SsmQg1uh96cBNwT1j0o0s
cf-cache-status: HIT
age: 198177
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EefbeFHd60OtcqsIb7c7BjNYpoceZWTE%2BrytzQGoR3SGAYZLgtLGNwLlSEti0IajnFK1w3Gf6R%2B9cdHML6qWpWHJtsQ7Usnw3qMjKO6k9TwICGsPq1t0rBTMNIztUUN6cIG8FyBVc0o%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7dfb1e7fb50c-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/spinomenal.e0cf93b3a.svg | 154.197.121.128 | 200 OK | 87 kB |
URL GET HTTP/21win-cdn.com/img/spinomenal.e0cf93b3a.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hash5882bcac32d147a2e0597b449df1f660 fcd28f1ac752ef48b926575ba4daaa55e0e027e9 05548461ef5f0e522e7abb76eb385df9372b95c2a2aa17a547cb67f1f1969d05
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/spinomenal.e0cf93b3a.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:23 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-8d0"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 4086
expires: Wed, 08 May 2024 22:25:23 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7dfaeea2568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/jetx.64787fc5c.svg | 154.197.121.128 | 200 OK | 23 kB |
URL GET HTTP/21win-cdn.com/img/jetx.64787fc5c.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hash46529a9ef90d8a97a2bb6d2add30ec21 543bbcda90ca262a6f45e61389b41b68785204a6 d5f1591a124b5aeeb2a42a22bd85db3a5a14a697869b3a5647034e2ae9c3d995
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/jetx.64787fc5c.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:23 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-33f5"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6691
expires: Wed, 08 May 2024 22:25:23 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7df7d845568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/lucky-jet.f927485da.svg | 154.197.121.128 | 200 OK | 45 kB |
URL GET HTTP/21win-cdn.com/img/lucky-jet.f927485da.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hashbddd67d6ac7a5a746ad7ef15aec774fc 6eec7a4964bb81e7d552286b6fdaf39500823ad6 40d2b231694ac2e754c5498fab09953189d20bc0a940b418019e3b37b3d79a96
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/lucky-jet.f927485da.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:23 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-f8d"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6691
expires: Wed, 08 May 2024 22:25:23 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7df7c825568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/css/36775.1ad325918.css | 154.197.121.128 | 200 OK | 76 kB |
URL GET HTTP/21win-cdn.com/css/36775.1ad325918.css IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hashddb039953b169cbb4ba0dd13535dcd53 9d35740d32808c30f2a94118b2af431f7c169e38 eaec1466c5309d52c96cb6e23f80207834702e8e8e265bc982ffdba6ed5ffdff
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /css/36775.1ad325918.css HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:22 GMT
content-type: text/css
last-modified: Mon, 08 Apr 2024 09:34:39 GMT
etag: W/"6613ba2f-4326"
expires: Sat, 06 May 2034 18:25:22 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 694419
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7df62c2f568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/37061.57ea53f4c.js | 154.197.121.128 | 200 OK | 73 kB |
URL GET HTTP/21win-cdn.com/js/37061.57ea53f4c.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hash67bc5817702ff72d3e3080c2df9e8535 7f31f0d46bd94ed9ec9621b7b52646c3a488a696 dc929f7aabbedd9fd1428276ac6790df6941ed42b555326c55c9381cc8431dd8
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/37061.57ea53f4c.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:22 GMT
content-type: application/javascript; charset=utf-8
last-modified: Fri, 26 Apr 2024 16:49:25 GMT
etag: W/"662bdb15-6074"
expires: Sat, 06 May 2034 18:25:22 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 684710
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7df5ebc9568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/carRaffleDesktopHeaderTicket.1a4740acc.svg | 154.197.121.128 | 200 OK | 61 kB |
URL GET HTTP/21win-cdn.com/img/carRaffleDesktopHeaderTicket.1a4740acc.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hash101e8a872ef93ec7981eef01adab0134 a58afe5abf3987228c869115b721bf0c0995a383 8ae4fd9d14d1534025f40b447a491cdb91da722697a9a96eedd69de86b1a6170
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/carRaffleDesktopHeaderTicket.1a4740acc.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:23 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-3ff"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 2386
expires: Wed, 08 May 2024 22:25:23 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7df9ecb5568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/rubyplay.b4553f39e.svg | 154.197.121.128 | 200 OK | 51 kB |
URL GET HTTP/21win-cdn.com/img/rubyplay.b4553f39e.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hasha56f331ef461217407ed9651b2e10cc7 d3f53cb8b685d8b7002ac2cbb18ddb189ce101dd 124bfcdcdc2e2994dd54a5552496dc34cff555f4ac616ca5740d0b2ebb1b9eb9
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/rubyplay.b4553f39e.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:23 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-1d85"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6503
expires: Wed, 08 May 2024 22:25:23 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7dfaae23568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/relax/7de225ca-20dc-4614-8419-5ab0f0ed899f.png@png | 188.114.96.1 | 200 OK | 49 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/relax/7de225ca-20dc-4614-8419-5ab0f0ed899f.png@png IP188.114.96.1:443
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typePNG image data, 300 x 225, 8-bit colormap, non-interlaced Hash6247e9a58b1d07f08a4634a1abfdf822 a6a4e5b4e97d463ee08b2edf2eada83089190b92 cab223bb91ce8be299f39af9f53a2abdcc2dc8e4d5154486067c8dc4a9b59296
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/relax/7de225ca-20dc-4614-8419-5ab0f0ed899f.png@png HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:23 GMT
content-type: image/png
content-length: 49448
cache-control: public, max-age=31536000
content-disposition: inline; filename="7de225ca-20dc-4614-8419-5ab0f0ed899f.png"
content-security-policy: script-src 'none'
etag: "YivgRLogmnYHS1cXPJjS1dpZXN4A7BZ3bWbLSqbfqjQ/RIjY2M2I2MTQwLTMyYzdiIg"
x-request-id: DKePzCmJ3Dq0bfzM9rkYl
cf-cache-status: HIT
age: 23355
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2y4K3cxssiL6xvanmFU3exDnUbWa07lT5EJWlAYakWIKTpzQErlKzlNvWZ3hw8BNYLB0cTVIvpMh5CsNH5b7CIXclJQm6m5Gi4rDgBTpX51O635NwMczdQaEnUf3%2FEp8dz3A9rJMIx8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7dfb8f6cb50c-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/36775.678726ba1.js | 154.197.121.128 | 200 OK | 58 kB |
URL GET HTTP/21win-cdn.com/js/36775.678726ba1.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hash299105cfb085cedba3af394ecc3b3d69 8a3eeec1a1cb2096e302a1fd173f73316b2fc3dc 2aa995e189273a8235f1ee5530729e08334275adbb555174bd77d230b53ce96b
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/36775.678726ba1.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:22 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 06 May 2024 12:32:26 GMT
etag: W/"6638cdda-1e4e"
expires: Sat, 06 May 2034 18:25:22 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 187441
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7df63c46568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/softswiss/7d4ae801-73bc-4552-b90d-c8f6e3d995ea.jpg@png | 188.114.96.1 | 200 OK | 53 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/softswiss/7d4ae801-73bc-4552-b90d-c8f6e3d995ea.jpg@png IP188.114.96.1:443
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typePNG image data, 419 x 314, 8-bit colormap, non-interlaced Hasha4d0674a463a191374952baa6933ec03 7ae55afa598eea7f32334f0b976c3c6cb848dcee 8575004e1f87b004c53987ebbe02230d23bcd0e3a22ac78ba1845aa28b0eff3f
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/softswiss/7d4ae801-73bc-4552-b90d-c8f6e3d995ea.jpg@png HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:23 GMT
content-type: image/png
content-length: 52971
cache-control: public, max-age=31536000
content-disposition: inline; filename="7d4ae801-73bc-4552-b90d-c8f6e3d995ea.png"
content-security-policy: script-src 'none'
etag: "YivgRLogmnYHS1cXPJjS1dpZXN4A7BZ3bWbLSqbfqjQ/RIjY2M2I2YzA1LTQ0ZWIyIg"
x-request-id: j5Im3XBNA7dMk_jtGR7MV
cf-cache-status: HIT
age: 4700
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TxMJ2Hbdd8VbORNlNemasIH0%2FvYFj3eZe0se2of%2BBXVrluSaxNewSomWrS0juqIDx%2FvmUzr5rFfKI9VtgdS8c11VXGmCqFkJkJ7ylmS2%2FdNfrEBf6qQM7K1m6PrQ0EhHplWvIbUgl%2FY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7dfbcfdab50c-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/endorphina/fa92c3f8-7763-4b13-a314-53fc7b755939.png@png | 188.114.96.1 | 200 OK | 63 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/endorphina/fa92c3f8-7763-4b13-a314-53fc7b755939.png@png IP188.114.96.1:443
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typePNG image data, 419 x 314, 8-bit colormap, non-interlaced Hashe41463c791f4060288ee3d49f63a7de6 3447b99f9194bf4474c04d9f0dbcb7855b8db324 ddf7ac0144fad05c491e362b9e4c731ee5af1234b1a1c9acc22d1062246636b3
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/endorphina/fa92c3f8-7763-4b13-a314-53fc7b755939.png@png HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:23 GMT
content-type: image/png
content-length: 63243
cache-control: public, max-age=31536000
content-disposition: inline; filename="fa92c3f8-7763-4b13-a314-53fc7b755939.png"
content-security-policy: script-src 'none'
etag: "YivgRLogmnYHS1cXPJjS1dpZXN4A7BZ3bWbLSqbfqjQ/RIjY2MzlmNGNiLTU4YTc1Ig"
x-request-id: ME3SPPdPJKMlQLsXw4b5g
cf-cache-status: HIT
age: 117376
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FiOZB%2BI3HQskpysIXGxaCgQEnTvgSzzjhM6HrBA226c%2B%2Bqd5JWpIoSasOEaydmPjUaU3nN42CWmOCPnKXxqJgjty0EVK77rrj4BhDbTjCFle0l7zdQ7WKnyopatVJJS4CscqNrKYUUk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7dfbcfd6b50c-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/infingames/43f0df08-b4a6-4f93-aba3-5719ba5874ba.png@png | 188.114.96.1 | 200 OK | 60 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/infingames/43f0df08-b4a6-4f93-aba3-5719ba5874ba.png@png IP188.114.96.1:443
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typePNG image data, 419 x 314, 8-bit colormap, non-interlaced Hash4a351f1f13fcc4697dbc0f9d3c7b3835 4a058a50db61b4a48269d25181217032e68a8309 064c7bc41bf0f9d29f66f3e4a7e9bd29c02364f1e79ff1d8992908d403185a16
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/infingames/43f0df08-b4a6-4f93-aba3-5719ba5874ba.png@png HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:23 GMT
content-type: image/png
content-length: 60392
cache-control: public, max-age=31536000
content-disposition: inline; filename="43f0df08-b4a6-4f93-aba3-5719ba5874ba.png"
content-security-policy: script-src 'none'
etag: "YivgRLogmnYHS1cXPJjS1dpZXN4A7BZ3bWbLSqbfqjQ/RIjY2MDEyZDViLTNkY2RhIg"
x-request-id: Jjcxycbn8SHNtsqIwLDgM
cf-cache-status: HIT
age: 91263
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FyQNLiozvBQjLwUyMNxwVT5afH4VaDkpz9g9ySkLF%2BJBDrGn5Yf7o3YufATnS2CBhCgRd2p7aaMWrT1DnSVljfgJlO5fmlIYyi6mH3uCqrVqyLRU%2F%2FthEMhaDtyVQJmlDMUzZAZO%2Bt4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7dfc0859b50c-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/softswiss/6f0dd2ec-e4c8-48ac-a74b-85446e788a97.png@png | 188.114.96.1 | 200 OK | 70 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/softswiss/6f0dd2ec-e4c8-48ac-a74b-85446e788a97.png@png IP188.114.96.1:443
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typePNG image data, 419 x 314, 8-bit colormap, non-interlaced Hash760c873abbb684cd06ea541b3daf6efb c514fa2ffb8cc241c04eeca2a439fbba145cbc87 57e075e3e23e161a6230a3292660e9447d62ff4f4f7bbd11711044310bc791cd
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/softswiss/6f0dd2ec-e4c8-48ac-a74b-85446e788a97.png@png HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:23 GMT
content-type: image/png
content-length: 69779
cache-control: public, max-age=31536000
content-disposition: inline; filename="6f0dd2ec-e4c8-48ac-a74b-85446e788a97.png"
content-security-policy: script-src 'none'
etag: "YivgRLogmnYHS1cXPJjS1dpZXN4A7BZ3bWbLSqbfqjQ/RIjY2MzhkMDhjLTRjYjlmIg"
x-request-id: -tbvtoAykv2oeJhRFfe0_
cf-cache-status: HIT
age: 187417
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zWnPkI3un74k2hmAlH9Msc6tl4krXQ7MeJ%2BoUoKHCQZkVqtIV03D%2BzZHVYySaMBm7Ynv0ryWNSr%2FW4OmBNaBuThkBNNpuVdObG6Omi0DPKFFTteFU129fZTeOqgTP03IipsRVAHnbpY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7dfbd813b50c-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/pragmatic/304789e6-5a8e-4b13-828f-c3504fe6e2d4.png@png | 188.114.96.1 | 200 OK | 75 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/pragmatic/304789e6-5a8e-4b13-828f-c3504fe6e2d4.png@png IP188.114.96.1:443
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typePNG image data, 419 x 314, 8-bit colormap, non-interlaced Hashd0a557c4ad55210e05108c8023e815ce 332a2869f57075058b74603d6a29a5e7fe871ffb a420f8a9c7e436faf1be0915d7b3de45f2f4a7d6af427d07ef4138e683c5e96a
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/pragmatic/304789e6-5a8e-4b13-828f-c3504fe6e2d4.png@png HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:23 GMT
content-type: image/png
content-length: 74662
cache-control: public, max-age=31536000
content-disposition: inline; filename="304789e6-5a8e-4b13-828f-c3504fe6e2d4.png"
content-security-policy: script-src 'none'
etag: "YivgRLogmnYHS1cXPJjS1dpZXN4A7BZ3bWbLSqbfqjQ/RIjY2MGU2OWY2LTcwMTk2Ig"
x-request-id: dXHWCTRpIIB2v1dn-CtTj
cf-cache-status: HIT
age: 528161
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XhIpTJ5vm%2BR%2BkrrsEGs3qgUZeya1VqKZdOk0fuZEyJ%2FB%2BhdKgs3NmmKtMkOR2mWNW2XKjIv%2BNZr8w5TDIoHWaBQTd%2B0%2BTcoOHs3IZoBQ1el%2FoPMIww1C7QQBnYDzAU25yZ%2FZrdFiBo8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7dfc187eb50c-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/relax.1a68769f8.svg | 154.197.121.128 | 200 OK | 69 kB |
URL GET HTTP/21win-cdn.com/img/relax.1a68769f8.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hash3e50b41252383e2db019885e77fa3708 02f726908635ca29f29a933e2de2f510b393c38b 7635683dd97ebd99872461cc484a9be864931dce19eacaa62dcac6467c585996
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/relax.1a68769f8.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:23 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-57f"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6844
expires: Wed, 08 May 2024 22:25:23 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7dfb8fe4568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/wm/969c733e-5b9d-4037-9835-360ce28ef4c0.jpg@png | 188.114.96.1 | 200 OK | 54 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/wm/969c733e-5b9d-4037-9835-360ce28ef4c0.jpg@png IP188.114.96.1:443
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typePNG image data, 419 x 314, 8-bit colormap, non-interlaced Hashdf9826c6e9a1d423fa6f7f0d841df95e c0b26001bf0fc85adead3537490a0a8931dcd69e 7c9ab68d32c1f9059ec41c7f70bf22e6bf7f6f0fd027c7a1d545a01060b42ac9
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/wm/969c733e-5b9d-4037-9835-360ce28ef4c0.jpg@png HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:23 GMT
content-type: image/png
content-length: 54374
cache-control: public, max-age=31536000
content-disposition: inline; filename="969c733e-5b9d-4037-9835-360ce28ef4c0.png"
content-security-policy: script-src 'none'
etag: "YivgRLogmnYHS1cXPJjS1dpZXN4A7BZ3bWbLSqbfqjQ/RIjY2MDU0ODkyLTExZjA2Ig"
x-request-id: ko4qsJBgjesBCvuAZH8Xj
cf-cache-status: HIT
age: 39779
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7jrJtmci3BjvNRUO%2FIFYmvQOrsxLD6FYdcNqQ7LZKMjtZ8WFAdeRCms2nZXy%2BuxvJamPdhnLP7tAUpd8zdg%2FvJKNQ3amBuJl9HAN62ZKn58zstEKdAZl4g3Xrq0yPgM%2FpSkEW8aSdMY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7dfc5915b50c-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/infingames/f51cce21-58c1-4eb1-9007-4479643090b3.png@png | 188.114.96.1 | 200 OK | 45 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/infingames/f51cce21-58c1-4eb1-9007-4479643090b3.png@png IP188.114.96.1:443
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typePNG image data, 300 x 225, 8-bit colormap, non-interlaced Hashd2e811ac5a39582b1e3ae68f6cd7aacd 7ef4392b79dc657776ca8aa5e164edfc102002f3 bd9c504ebd2995e3035b7dfd5d45a0a8a59f7f966807aed8a59b16536fdcfa0b
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/infingames/f51cce21-58c1-4eb1-9007-4479643090b3.png@png HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:23 GMT
content-type: image/png
content-length: 45426
cache-control: public, max-age=31536000
content-disposition: inline; filename="f51cce21-58c1-4eb1-9007-4479643090b3.png"
content-security-policy: script-src 'none'
etag: "YivgRLogmnYHS1cXPJjS1dpZXN4A7BZ3bWbLSqbfqjQ/RIjY2M2ExZjA5LTJlMmRmIg"
x-request-id: btoQZHaexe49L8xzCSgyX
cf-cache-status: HIT
age: 101455
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MFc%2Ftx%2B5NMhPINIFXzeZJH%2BcooWctN6NBm5e%2Blv33FpfEGsoCwd380%2BQybxU%2Br8OC%2FnSrHz9m8Q9RPYxLkTN%2Bhw3259GI%2FBuo%2Bs%2Bm3xr4hYPMFdmpfS0KMVJAzNT%2FV0ecIGQvwqtlwY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7dfc4902b50c-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/softswiss/1cd672b3-344a-4960-82e0-2e686688ef9d.jpg@png | 188.114.96.1 | 200 OK | 52 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/softswiss/1cd672b3-344a-4960-82e0-2e686688ef9d.jpg@png IP188.114.96.1:443
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typePNG image data, 419 x 314, 8-bit colormap, non-interlaced Hashb3bb174b46568fc24e98cb14747e6629 0bb2033cfcde455970e2424af622a42ff2c7dea3 4891fdf55237bf4eb0f088facc34a667c919b2bd76c9a77aa850369fda34b6f1
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/softswiss/1cd672b3-344a-4960-82e0-2e686688ef9d.jpg@png HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:23 GMT
content-type: image/png
content-length: 52348
cache-control: public, max-age=31536000
content-disposition: inline; filename="1cd672b3-344a-4960-82e0-2e686688ef9d.png"
content-security-policy: script-src 'none'
etag: "YivgRLogmnYHS1cXPJjS1dpZXN4A7BZ3bWbLSqbfqjQ/RIjY2MzM0ZGExLTM1YmVmIg"
x-request-id: 4OPnnA3nAN2Lh_RZzbFun
cf-cache-status: HIT
age: 553876
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xCE9Sg%2Bkm0tYvkJXxOUKfXkFGKGshLW0OoTV4taeQEmuaSEw7bsR77szEo6AS7Hon%2FT9XeMlRL1ayhKLBPqXwpCz2%2FLcGiNBISUB5%2BVsUF2pux%2BvdX%2FwbD0kimpOsZS%2BqKb%2F9Qx7Niw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7dfc592ab50c-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/infingames/6a554770-dcd0-452d-a5ec-3582dddf7e85.jpg@png | 188.114.96.1 | 200 OK | 74 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/infingames/6a554770-dcd0-452d-a5ec-3582dddf7e85.jpg@png IP188.114.96.1:443
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typePNG image data, 419 x 314, 8-bit colormap, non-interlaced Hash03303fe104336e0be41d4b3fde45800f 4302e15f75693baea96574ab7be5d471c3df23ff 312585a4eada041c88a65843876e7019857581236336d2619a8cf43d7208ed8f
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/infingames/6a554770-dcd0-452d-a5ec-3582dddf7e85.jpg@png HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:23 GMT
content-type: image/png
content-length: 74080
cache-control: public, max-age=31536000
content-disposition: inline; filename="6a554770-dcd0-452d-a5ec-3582dddf7e85.png"
content-security-policy: script-src 'none'
etag: "YivgRLogmnYHS1cXPJjS1dpZXN4A7BZ3bWbLSqbfqjQ/RIjY2MzM5Njc4LTFlNmRhIg"
x-request-id: BFc66CurKGkLeWSJn9R8B
cf-cache-status: HIT
age: 531662
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vJQO2LDNR%2FHbQfilvD6eb035VHcBGa6poOAX7oqAHDdD9vaW9sXMXxNWUc79PUI4bG2Nivc3F%2BJey0qsc7QF9t3MZkar05pGKu2GO6ybB9PL6QU%2BQ9X2TDh4QcWC%2Fm0dKpcpTywHWLk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7dfc8970b50c-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/91217.fc8dbcaea.js | 154.197.121.128 | 200 OK | 67 kB |
URL GET HTTP/21win-cdn.com/js/91217.fc8dbcaea.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hasha5549b0e70a8a8dd7bef062e9cd953f7 432cc357cad35b84d733e9b9fb2db9f7213892f0 33079e160a432c84873771563313e90261a2c628671c190c871baad6808f1c53
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/91217.fc8dbcaea.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:23 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-33c"
expires: Sat, 06 May 2034 18:25:23 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 683945
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7df6bd31568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/infingames/d2bc0793-34a9-4f39-9bd1-81da5fdde131.png@png | 188.114.96.1 | 200 OK | 48 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/infingames/d2bc0793-34a9-4f39-9bd1-81da5fdde131.png@png IP188.114.96.1:443
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typePNG image data, 300 x 225, 8-bit colormap, non-interlaced Hash161d6f5e0266c300a7aac9a6d162ef45 0a225773bad6eb3573647a3346738b5fe60ff480 37a81f52c866b96f3d019aeff40388f1c95eba09f33e2e23d97c9e65c78a176c
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/infingames/d2bc0793-34a9-4f39-9bd1-81da5fdde131.png@png HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:23 GMT
content-type: image/png
content-length: 48091
cache-control: public, max-age=31536000
content-disposition: inline; filename="d2bc0793-34a9-4f39-9bd1-81da5fdde131.png"
content-security-policy: script-src 'none'
etag: "YivgRLogmnYHS1cXPJjS1dpZXN4A7BZ3bWbLSqbfqjQ/RIjY2MzRhNjliLTMxYjJhIg"
x-request-id: DWTygCq9UTmHCwKROT8GU
cf-cache-status: HIT
age: 376721
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7bLy3M6eBqJGZt7UQ0Y96JpF29rv9khxahsEQAokKbhpc3x89mpOMkm4IPRutSYt7DQksiFvD4J57kOiYMypXBEPPZZncqcI2eBcVVMtJ9I42pZ8yihVhQK6jXOHV9sNpAXRMtFUyHw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7dfc896db50c-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/softswiss/12d788e0-6878-4e93-aa06-f535d954efa0.jpg@png | 188.114.96.1 | 200 OK | 71 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/softswiss/12d788e0-6878-4e93-aa06-f535d954efa0.jpg@png IP188.114.96.1:443
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typePNG image data, 419 x 314, 8-bit colormap, non-interlaced Hash3c120c4f236ae29a0894e41fcaf7c1e7 ae04eaa9e7e3599e982abc3133ac9253e4be5bb2 4ff00c6bbb2a20d9914b3db7bf771dd27dce080b3f3b0561a4e25a8096152aa6
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/softswiss/12d788e0-6878-4e93-aa06-f535d954efa0.jpg@png HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:23 GMT
content-type: image/png
content-length: 71140
cache-control: public, max-age=31536000
content-disposition: inline; filename="12d788e0-6878-4e93-aa06-f535d954efa0.png"
content-security-policy: script-src 'none'
etag: "YivgRLogmnYHS1cXPJjS1dpZXN4A7BZ3bWbLSqbfqjQ/RIjY2MzRhMWE5LTEwZWFjIg"
x-request-id: PiTcJ1RnI7IGkFboJZyz7
cf-cache-status: HIT
age: 184772
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=v1zzkTYSg6KCs2PMXFHsTbEJPqnq9l6Z0n9zsLsn2hicHnYqH109Jcmg2ZvAc%2BYdDwle3whxc1QWCZYKuwPI48l%2FV%2Fj3Rc5W%2B0eketXrVOuwXlW7a6KJ7mNZX%2FOnbI3svb16%2BGriNzs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7dfc999cb50c-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/03840bc2-5b70-4d27-88f1-01637c30885a.png@avif | 188.114.96.1 | 200 OK | 6.1 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/03840bc2-5b70-4d27-88f1-01637c30885a.png@avif IP188.114.96.1:443
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hashba7946b5946a908a41df921c0a8f9751 5d20cd2389f1b888d7bf5d88c23d3bfd35be7058 0fba33fb11e21d39ee89f29d703d77b856da7a8f8b0fcfd6a235618442b956a2
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/03840bc2-5b70-4d27-88f1-01637c30885a.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:24 GMT
content-type: image/avif
content-length: 6141
cache-control: public, max-age=31536000
content-disposition: inline; filename="03840bc2-5b70-4d27-88f1-01637c30885a.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY2M2I2ODY0LTViZjUzIg"
x-request-id: 14waHRdFjk7Yj-UixhSEY
cf-cache-status: HIT
age: 22462
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=b3dRDfU904IRi83cuuh8w7MnhHK2BTQX6GYQVoKMSResQ3l5m6rpbcrcQ%2BQfMGNEGHPPvEQZ3LL4h2e7IujA6aSLaj2ZvajICkvzwdY8qaoKU99BiABftbE6aFQLilEXdIhToGgCvOU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7dfe7b0356c5-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/62692.9dadb7398.js | 154.197.121.128 | 200 OK | 8.7 kB |
URL GET HTTP/21win-cdn.com/js/62692.9dadb7398.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hash24505a578780ba176fb70975b1a2aac4 f2cada49d86501dcffebc8b6cfda76560c737d6c a53b70c5956ef162f37db44d9b88898044347ff26e5251f3ef12c1bd1c3df141
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/62692.9dadb7398.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:23 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-34f"
expires: Sat, 06 May 2034 18:25:23 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 697557
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7df6cd4f568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/mrslotty/f2949b50-9afc-4594-826a-deb411c8ad55.png@avif | 188.114.96.1 | 200 OK | 9.9 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/mrslotty/f2949b50-9afc-4594-826a-deb411c8ad55.png@avif IP188.114.96.1:443
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hash7a72b727dc51e103496e4421f03a1128 3b835801c96ab4ac7ee5f151ec1f5db403c01fb5 d56c3c35f5cbc44c60eaaedc4c8378e0b0e695cf943ac1df559d9fd576bc0df5
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/mrslotty/f2949b50-9afc-4594-826a-deb411c8ad55.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:24 GMT
content-type: image/avif
content-length: 9866
cache-control: public, max-age=31536000
content-disposition: inline; filename="f2949b50-9afc-4594-826a-deb411c8ad55.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY2MzE0MDM5LTU0MmYzIg"
x-request-id: n2TAnh1rIA12mxAsl-eh4
cf-cache-status: HIT
age: 80307
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iCSiVXor5OgVl%2F6cl7l088wQ%2FP776f18I5sOwrU%2BmxufUPsVFlzjMrW4e46RYy6YnSVFQ78t7j%2F%2Bt8YzznrrzDHn38swkVZ%2FcD39tV6a3LdYAVqxICSbatvbdj1PBJpsshDqwY6H6uU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7dfe7b0656c5-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/spinomenal/3d6e1cf8-4e03-4d43-959a-cc79927803e2.png@avif | 188.114.96.1 | 200 OK | 8.2 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/spinomenal/3d6e1cf8-4e03-4d43-959a-cc79927803e2.png@avif IP188.114.96.1:443
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hashe20df5fb08388d684bc8801acc4a9fb8 54ca86bd7f4090619dc7b5eef469b0b907718cb9 dcf430ee6b63af41fca654c0f743cdfa409c7f9d699c249c1ca4584c2ab5bf1e
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/spinomenal/3d6e1cf8-4e03-4d43-959a-cc79927803e2.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:24 GMT
content-type: image/avif
content-length: 8219
cache-control: public, max-age=31536000
content-disposition: inline; filename="3d6e1cf8-4e03-4d43-959a-cc79927803e2.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY2MzMzZDA4LTdhYWVjIg"
x-request-id: GcYF6wWqWtxHVY8R_TF87
cf-cache-status: HIT
age: 557618
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=u%2F%2Boc6calVih1Lc%2FtqInatWvfknO%2F15rtEfD23Bv08PBG1CBjd8BZLzuQZA7LIAScRqw5u5FCTR9%2B%2FMtoCZvwtd8dac98SGT6DrDP6O3XlwvOw5fNcZnYpFCFhbXsWEgaceFRtDfvCE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7dfe8b0d56c5-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/78449.1776bac9f.js | 154.197.121.128 | 200 OK | 9.4 kB |
URL GET HTTP/21win-cdn.com/js/78449.1776bac9f.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hash19ef4042980d525ac0bc749df848c528 b97cf3734d310daadabc501cf5da9bc5158c5e8c 24623bf2ae7dc09c908fee529675eccdc9eaf27d21b42f11b1df51ed48a58ac2
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/78449.1776bac9f.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:24 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-312"
expires: Sat, 06 May 2034 18:25:24 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 689829
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7dfd7b9f568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/spinomenal/8b7e1b16-ec13-4974-937b-011e50d6d22e.png@avif | 188.114.96.1 | 200 OK | 7.7 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/spinomenal/8b7e1b16-ec13-4974-937b-011e50d6d22e.png@avif IP188.114.96.1:443
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hashb8a5820957ff3984dac3febc7cb5f309 36dd37136ede7b24b4372eec5c5b2dc25c8be069 2c023c82042b8de25194d754be81980010d22e74078cfb000832dd41de4aa879
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/spinomenal/8b7e1b16-ec13-4974-937b-011e50d6d22e.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:24 GMT
content-type: image/avif
content-length: 7723
cache-control: public, max-age=31536000
content-disposition: inline; filename="8b7e1b16-ec13-4974-937b-011e50d6d22e.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY2MzM3N2Q1LTJiZmI3Ig"
x-request-id: Kr-ZN-xbFIeBlKeQwp-f1
cf-cache-status: HIT
age: 536064
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3U9Vxyu5qu8jUIqF6AkYNrPSnD%2BFqFwn8HulzeNmOsNFBJUAsRf%2B0fs78wfL1eGE9bL1iygiPIGELI%2B4qgNsFtpeAXkv9xJBO1CoHYBuHsYA51AP2pW6BC0YbTW14FSy2uWgM%2BDUSo4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7dfe7b0556c5-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/relax/7de225ca-20dc-4614-8419-5ab0f0ed899f.png@avif | 188.114.96.1 | 200 OK | 6.7 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/relax/7de225ca-20dc-4614-8419-5ab0f0ed899f.png@avif IP188.114.96.1:443
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hash0685bbc7489abeda4bc5d859efea502c 2e839b5800ac1b6864bc38a8930a2edce8ab70a4 ee1f823ad77f2b43715ebb80be31a9bd79aae7580837ba9a8462209df2393924
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/relax/7de225ca-20dc-4614-8419-5ab0f0ed899f.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:24 GMT
content-type: image/avif
content-length: 6657
cache-control: public, max-age=31536000
content-disposition: inline; filename="7de225ca-20dc-4614-8419-5ab0f0ed899f.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY2M2I2MTQwLTMyYzdiIg"
x-request-id: UwVxUj_nCQ9kl9X9HuQ98
cf-cache-status: HIT
age: 23855
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DpYBCXIYJJf95pig0fdZIFDFdi7T2mo%2B7Ut7cyzhv%2FHGT%2BZBaZ4A6xpUCsRwiVqYFE1IANTMYhUW8VHwhGMQSpQrC32rjaWS9fDyC6dELW4EcWMgxpoJ6tGDVqenFQP5bDIGKjVVKyk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7dfe8b1056c5-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/fantasma.8f4e2392c.svg | 154.197.121.128 | 200 OK | 11 kB |
URL GET HTTP/21win-cdn.com/img/fantasma.8f4e2392c.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hash4a269e2b04460c7d86c78a675acf23dc fe5e8026c11e524830d5196293dc964d157aea10 0466cd120ed6b3029931a7cc4cf0bbe9e8d9137b6b166c691b654e08eefbddde
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/fantasma.8f4e2392c.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:24 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-d34"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5268
expires: Wed, 08 May 2024 22:25:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7dfd8be5568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/37defc3f-971a-43ed-8326-7184e875e2a2.png@avif | 188.114.96.1 | 200 OK | 7.1 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/37defc3f-971a-43ed-8326-7184e875e2a2.png@avif IP188.114.96.1:443
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hash6d77832bd366150a1ffbe38efdd37540 fd1cceaee57261b7b966313fca0fdcc5f99e10a0 e10026a93e581b30a346d7931e8a241e115988530b4d5c5307996885b95b7f52
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/37defc3f-971a-43ed-8326-7184e875e2a2.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:24 GMT
content-type: image/avif
content-length: 7067
cache-control: public, max-age=31536000
content-disposition: inline; filename="37defc3f-971a-43ed-8326-7184e875e2a2.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY2Mzg4YTk1LTcwNTljIg"
x-request-id: VfK_OOt2kV5ELukujnumP
cf-cache-status: HIT
age: 211065
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kit%2BOeQwD6RLW6ISD7nvP0vK1IZvYwGOGNXhDMgy8KVNYjhLoS2lpLIrQUcT%2BClOCqW7IqK45sprfRMHz0ec8M4ZMD%2BbhcbvOfEXcdZcRlwuSUEtewfsREeGgON6Z%2FdMQxErRJUfqs8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7dfe7afe56c5-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/endorphina/fa92c3f8-7763-4b13-a314-53fc7b755939.png@avif | 188.114.96.1 | 200 OK | 6.7 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/endorphina/fa92c3f8-7763-4b13-a314-53fc7b755939.png@avif IP188.114.96.1:443
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hash460ee110da6abe45b271a96561b11336 28aff1326d1046d59b1b18aabaea1aed602030ed 2e1db49418d98db60ef58af5f1cc680026fe6304061f518056a11a64205fda53
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/endorphina/fa92c3f8-7763-4b13-a314-53fc7b755939.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:24 GMT
content-type: image/avif
content-length: 6724
cache-control: public, max-age=31536000
content-disposition: inline; filename="fa92c3f8-7763-4b13-a314-53fc7b755939.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY2MzlmNGNiLTU4YTc1Ig"
x-request-id: Va-usMqR4HIjMcPuvk1Cx
cf-cache-status: HIT
age: 117855
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2B8D1poZdjyh52RF5AEo%2Bm0XGw9zSj7Wq9M1T64XEATtTYifYX0%2Fsx%2B4TbKlxhWLJRL7kUo7fEvA%2FzyjaCLLY9v02jpmTFwXI1o60fyB%2BZOj%2F3XX0kEqR3LpGfP2ByFaf2ggevpG%2FGV0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7dfe8b1156c5-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/7d4ae801-73bc-4552-b90d-c8f6e3d995ea.jpg@avif | 188.114.96.1 | 200 OK | 8.1 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/7d4ae801-73bc-4552-b90d-c8f6e3d995ea.jpg@avif IP188.114.96.1:443
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hashcd33de9996f051cc510b993b2fb0e474 1b334fc2170602169a86de6358ba65d8ab53d043 a5939718541fc173fb67ceca530fc0029cbc152c5870465e29facc65ccbc50e3
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/7d4ae801-73bc-4552-b90d-c8f6e3d995ea.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:24 GMT
content-type: image/avif
content-length: 8082
cache-control: public, max-age=31536000
content-disposition: inline; filename="7d4ae801-73bc-4552-b90d-c8f6e3d995ea.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY2M2I2YzA1LTQ0ZWIyIg"
x-request-id: GbDzJU3nHFeCIJClXH87T
cf-cache-status: HIT
age: 21319
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=My0TnjAVvJvTsOq0pDB4LiUiKygtUtDIs2fmGcjunPSnlPynyyM14KHtjVRUFuatI4z6PnPELFb8yn42NEFixWwh3nqBdIHZtfs8eOj6l2LeZCd1YxRN5d4segTiBKMMRwo%2F3ZXiHZ8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7dfe8b1456c5-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/worldmatch.9f3d40aa7.svg | 154.197.121.128 | 200 OK | 8.9 kB |
URL GET HTTP/21win-cdn.com/img/worldmatch.9f3d40aa7.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hashf11bc996155e5f0a27695bc1ebc8e593 d9dc26566a97f6bba6a138731cac6b24ed7caf5b 1dd60b87dec168ef7db0bfbbfc9cd05cef5b5d3bd5caa6ade165700841ef2449
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/worldmatch.9f3d40aa7.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:23 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-20a"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 774
expires: Wed, 08 May 2024 22:25:23 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7dfc5993568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/pg%20soft.fdb9d6567.svg | 154.197.121.128 | 200 OK | 6.4 kB |
URL GET HTTP/21win-cdn.com/img/pg%20soft.fdb9d6567.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hash4a77fa2c19bf1113d10e046fa5826483 100aad13a771ef6818c4848cbd45b1dd02dbd30d 5f6fe51b675d405eb7e01533af622230146152f81d03b0754dd4dc9b8e88b5fd
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/pg%20soft.fdb9d6567.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:24 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-5a0"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 4266
expires: Wed, 08 May 2024 22:25:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7dfd8bf1568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/onlyplay.1c7a3c455.svg | 154.197.121.128 | 200 OK | 9.6 kB |
URL GET HTTP/21win-cdn.com/img/onlyplay.1c7a3c455.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hash4425d885af9d6908a8715beab3994119 0df4fa6b8a0833b7a727f16fc2a0ef922259d57a 9dc67ef77c6d63e0e0a6fcde8f56db8faaa9ee3df2aef2dc149d8bd26f2a9f5a
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/onlyplay.1c7a3c455.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:23 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-6ad"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 4086
expires: Wed, 08 May 2024 22:25:23 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7dfc89d4568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/wm/969c733e-5b9d-4037-9835-360ce28ef4c0.jpg@avif | 188.114.96.1 | 200 OK | 4.9 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/wm/969c733e-5b9d-4037-9835-360ce28ef4c0.jpg@avif IP188.114.96.1:443
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hash414ad0625e2fe72620a9903d0e050e8b 9af15f642cd99f228633188289706975cbba72c4 ea03a56698d7f1d3f26cbd8d004fd1a7f1330900b019c316af5176e74830ca5b
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/wm/969c733e-5b9d-4037-9835-360ce28ef4c0.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:24 GMT
content-type: image/avif
content-length: 4943
cache-control: public, max-age=31536000
content-disposition: inline; filename="969c733e-5b9d-4037-9835-360ce28ef4c0.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY2MDU0ODkyLTExZjA2Ig"
x-request-id: Rf51Z-ELyT3qCjxCrIaqU
cf-cache-status: HIT
age: 80262
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TgPstf3fz%2B4jElVvYEqIV%2B9TLkwTrbxduuPuss4%2BZ%2BK6Dw%2FZn%2BOo4Uu3Rh95MzfLTes6WyIQ%2FRqyOwaYwGzNs8f2imBmvcCcyWzgpXNIcDNXU4C5fsBRu0%2BbiFaEU2SYQnfzkRWFKZo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7dfe9b4a56c5-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1wsxxy.life/casino/list/4 | 190.115.24.78 | | 145 kB |
URL 1wsxxy.life/casino/list/4 IP190.115.24.78:0
CertificateIssuerLet's Encrypt Subject1wsxxy.life Fingerprint6C:F2:F1:6E:19:D6:B7:36:4D:06:B6:E4:4A:E8:7F:4A:72:88:B1:6C ValiditySat, 27 Apr 2024 11:51:31 GMT - Fri, 26 Jul 2024 11:51:30 GMT
File typegzip compressed data, from Unix Size145 kB (145014 bytes) Hasha0852e700ace4b30bdd64dcb3b37b39d 64a679f2f2be257248f3237b8b50659eec929da2 e401450e64bebdb7eca8787de14dfe2a67248cceba6311c24b51c0982a30e62e
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /casino/list/4 HTTP/1.1
Host: 1wsxxy.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg1_=NUPB2r5wGQRpS38TTCB6; Domain=.1wsxxy.life; HttpOnly; Path=/; Expires=Thu, 08-May-2025 18:25:21 GMT
date: Wed, 08 May 2024 18:25:21 GMT
content-type: text/html; charset=utf-8
x-request-id: LOqMSAmrl56TsEjf
vary: Origin
access-control-allow-origin: *
x-match-domain: 1wsxxy.life
x-frame-options: ALLOW-FROM ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan, ALLOW-FROM 1win-partner.com ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/1cd672b3-344a-4960-82e0-2e686688ef9d.jpg@avif | 188.114.96.1 | 200 OK | 6.7 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/1cd672b3-344a-4960-82e0-2e686688ef9d.jpg@avif IP188.114.96.1:443
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hashfea207d850acc74c6748dbd5b7a3c79d d95c1093ae42a0d4914c500f84d931d590c45ac4 2ab2baabf63d316fe549f875d8fec92be56837bf32c7446d66c92492767dab31
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/1cd672b3-344a-4960-82e0-2e686688ef9d.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:24 GMT
content-type: image/avif
content-length: 6655
cache-control: public, max-age=31536000
content-disposition: inline; filename="1cd672b3-344a-4960-82e0-2e686688ef9d.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY2MzM0ZGExLTM1YmVmIg"
x-request-id: Ki1cVPAnCgaxy_l6Fk11x
cf-cache-status: HIT
age: 553460
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qvWEuXKn1eyq%2FlJpwdWHH7yamnqaC1v6ydguBzmh0GJ4gCczXzNVbJGG9dfh0ef6Upeg4FwG%2BrP%2F54TxLMhBJrIxWKttmm758jkFxgVRI5W2ARxxpNCsPV%2BApNc4hFHoTXNmaVTNP7Y%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7dfeab5256c5-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/91635.a2db5f817.js | 154.197.121.128 | 200 OK | 9.3 kB |
URL GET HTTP/21win-cdn.com/js/91635.a2db5f817.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hashcbc2bb4997877b6e1327adb719d39942 5bae009222f25a3ddcfc9095beb1fc1f9a3d613c 5a605e54c42934479bbb69ef77a80199139e4dc7066f5334f4fb9bd3fc3a45c1
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/91635.a2db5f817.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:23 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-2ec"
expires: Sat, 06 May 2034 18:25:23 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 689064
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7df6dd68568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/44101.cd5168bbb.js | 154.197.121.128 | 200 OK | 21 kB |
URL GET HTTP/21win-cdn.com/js/44101.cd5168bbb.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hash3206e243a7a8cd25240fb7b1e33b0bd5 3bb826707e39ab0d27fb8947f9a65aa5c3a36f50 8e1fdd59efd2d482c03abc7f7bdb20a293da1d710a9ba21b19cf30a260fe33a8
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/44101.cd5168bbb.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:22 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 06 May 2024 12:32:27 GMT
etag: W/"6638cddb-8119"
expires: Sat, 06 May 2034 18:25:22 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 193117
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7df60c04568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/amusnet%20interactive.428b45c71.svg | 154.197.121.128 | 200 OK | 7.4 kB |
URL GET HTTP/21win-cdn.com/img/amusnet%20interactive.428b45c71.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hash0c9ae8ab8d71576a8a9d4b29cd67db6a 0a1e280da1c1b952d2dc6fc1717edc66d79b6ba6 a54ee0dfbacb48e47840bd60bffe75b3a436eed8fcf23bd038e7656f524170e5
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/amusnet%20interactive.428b45c71.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:23 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-2a0"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 3565
expires: Wed, 08 May 2024 22:25:23 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7dfb1f16568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/hacksaw.5f0e80ecd.svg | 154.197.121.128 | 200 OK | 8.2 kB |
URL GET HTTP/21win-cdn.com/img/hacksaw.5f0e80ecd.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hash0ed2b332c53eed8d1ae9edc0dc002edc 5e04c44bcf40288a4f811b4423ad46ce2367baf3 8458ec3b07239ca823c8bda07b84e48be786c2bba5b862b1f3498b81b4967a53
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/hacksaw.5f0e80ecd.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:23 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-349"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6844
expires: Wed, 08 May 2024 22:25:23 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7dfb3f35568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/bf%20games.7559aed26.svg | 154.197.121.128 | 200 OK | 13 kB |
URL GET HTTP/21win-cdn.com/img/bf%20games.7559aed26.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hash22376ab982424cf6a6c03025e227775b 558176cff7a4362c59bed3af93ac616971ad8b31 c9182274841c67aff40c1dc430bd8dc4f321510481d48f9bb5ceda9afcf981dc
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/bf%20games.7559aed26.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:23 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-1382"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6691
expires: Wed, 08 May 2024 22:25:23 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7dfcaa29568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/index.7c7c5049f.js | 154.197.121.128 | 200 OK | 87 kB |
URL GET HTTP/21win-cdn.com/js/index.7c7c5049f.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hash77ca827c69026af8d09fca3a57533435 8cc8a7c337e2f65da6d56abc68ec99d3ba5c898d 49965170c51976a11c57c348e43824f4cb1b6084ec53f9ad24707a57806f5039
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/index.7c7c5049f.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:21 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-3128e"
expires: Sat, 06 May 2034 18:25:21 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 22099
set-cookie: __cf_bm=mAzY2NPjs83O0g0n_ySPdcyI5HcX4EjZNyc1xZe_ARM-1715192721-1.0.1.1-qOF1GDDc0LNyk61jfrvl.Wvx0rTkdlIWd0o9rg8uXSlV3OY5jMElRhIpKphb.2V426i0SwPd2u.v7rUvLOlCwA; path=/; expires=Wed, 08-May-24 18:55:21 GMT; domain=.1win-cdn.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7defe90c568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/css/23008.4d99d3b0f.css | 154.197.121.128 | 200 OK | 9.5 kB |
URL GET HTTP/21win-cdn.com/css/23008.4d99d3b0f.css IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hashfae06006b2f21390066b19fcafb0ee6d 90e7bc9a8c53763a4daa0d3c1050af86648e51ab e61cb30f629d85a1606bd382f8ea31a0fd1a8934109e660afc5bbb297027541b
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /css/23008.4d99d3b0f.css HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:22 GMT
content-type: text/css
last-modified: Wed, 24 Apr 2024 12:10:29 GMT
etag: W/"6628f6b5-1ecc"
expires: Sat, 06 May 2034 18:25:22 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 677226
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7df61c1a568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/4c1e97af-60e9-4cf4-a42b-25a52dc00c86.jpg@avif | 188.114.96.1 | 200 OK | 6.3 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/4c1e97af-60e9-4cf4-a42b-25a52dc00c86.jpg@avif IP188.114.96.1:443
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hash2b30cb9e4454f3f8a5cb23c134b336ec aeb47e12a454c133f916ea033c68231ee62ee7ef bf77ca3b709aaa7efac3ae95a9e9c70575cec65bf84c448829e3ad121b6b6201
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/4c1e97af-60e9-4cf4-a42b-25a52dc00c86.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:24 GMT
content-type: image/avif
content-length: 6290
cache-control: public, max-age=31536000
content-disposition: inline; filename="4c1e97af-60e9-4cf4-a42b-25a52dc00c86.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY2MzRhMTRlLWVjMzIi"
x-request-id: 2-OO2i6w83FhMx5UuxOkG
cf-cache-status: HIT
age: 467294
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Wr%2Fxhay0FBO3sPbwYT0aVeXPwkMEQsST%2FnVlnclskWZL2Lhina6WON45kXuegtDGckRWgGb39co8shZn7%2FRLFchZdMt%2B6wDJ%2FiXsmM3UJPNGaxD0b0VagkbcuRj9h1nrRVyRv9H1PxE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7dfecba656c5-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/c12ab272-7a02-4397-bc6d-c8621218b4ba.png@avif | 188.114.96.1 | 200 OK | 8.3 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/c12ab272-7a02-4397-bc6d-c8621218b4ba.png@avif IP188.114.96.1:443
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hash0545397b76c3d49b11ae68c1c5660b89 3225f95df234c5977e2506bc62c4c4615b8fd028 c322f7b0cb5dd1fb82950ed28882c4807e9e00ed386a5d309dcbcbf5b26e7846
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/c12ab272-7a02-4397-bc6d-c8621218b4ba.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:24 GMT
content-type: image/avif
content-length: 8311
cache-control: public, max-age=31536000
content-disposition: inline; filename="c12ab272-7a02-4397-bc6d-c8621218b4ba.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY2MmI5NzYyLTMwZTMzIg"
x-request-id: JNXgLpSln2g7p3eu3glhF
cf-cache-status: HIT
age: 74917
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eVP%2FGa7p12vO2mFn7UgqXjYgHMuo1RktHH1%2FKSldfh2qpnmzP6esPUIUBEtH3y0POnY1z3qoQ6pI4NipAjjp0gqbKG8US1b3jMv1K7MGeNM4Bu3bB680TtW647GfU%2Fqa4TxvznpDJaU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7dfecbab56c5-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/relax/0e39274e-0fac-4af8-a59e-37a6d80e3e51.jpg@avif | 188.114.96.1 | 200 OK | 6.0 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/relax/0e39274e-0fac-4af8-a59e-37a6d80e3e51.jpg@avif IP188.114.96.1:443
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hashe66e2168ec6d9df0eb948498855f1a87 747259f9ad03763c78a7c7ce1b5e504f04244d46 53af102c2abc2535edd2109d8cdf9b1b446a541d16ccdc45d43080a1c2b195eb
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/relax/0e39274e-0fac-4af8-a59e-37a6d80e3e51.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:24 GMT
content-type: image/avif
content-length: 6044
cache-control: public, max-age=31536000
content-disposition: inline; filename="0e39274e-0fac-4af8-a59e-37a6d80e3e51.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY2MjhlMGNiLTE2ZjA2Ig"
x-request-id: 5KfDqPdXV9Rbq0-48wb4q
cf-cache-status: HIT
age: 89640
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NR%2F6q2sNT7GJyRpH1nw1IqCh594%2BlUV8mGXRwyBdq2GpWaVw3cdRwYal1AwzgT20c%2F48YJAZELk4%2FggwrJf0WkD6y7FVIvp2eY6XQ8zC4mh%2BvrVKYjDxNekD%2FLKmhNrYQ7bn7hxSCO0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7dfecbaa56c5-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/39061.47d3b467c.js | 154.197.121.128 | 200 OK | 25 kB |
URL GET HTTP/21win-cdn.com/js/39061.47d3b467c.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hash40e7a97965e3c66bbd49530d05a4c735 4f5ed8a1cd50b9c06922532d82a8e3f101bbd94b e8d1e2e55cb8b8c11bf811f3a409270b68aa5b1ba56ea31588dce7ad68614316
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/39061.47d3b467c.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:22 GMT
content-type: application/javascript; charset=utf-8
last-modified: Fri, 03 May 2024 08:45:03 GMT
etag: W/"6634a40f-16929"
expires: Sat, 06 May 2034 18:25:22 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 465394
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7df62c29568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/evolution.acb5f3085.svg | 154.197.121.128 | 200 OK | 23 kB |
URL GET HTTP/21win-cdn.com/img/evolution.acb5f3085.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hashc1e5f845c2e6717a1e3584a9e51f22fb 7f2b671feb12de0a9e5dd2d333c8b71caee7b287 2c814209702f35cfbf882dc63e0b36ee2d65180fa9a454359af3d7b7e6125dac
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/evolution.acb5f3085.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:24 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-9da"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 4087
expires: Wed, 08 May 2024 22:25:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7dfe0ccf568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/eb2daa07-e952-4f22-a57c-65d9a38c3152.png@avif | 188.114.96.1 | 200 OK | 10 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/eb2daa07-e952-4f22-a57c-65d9a38c3152.png@avif IP188.114.96.1:443
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hashb94cfe0c7b2a9ea85451adaac184f875 f138f68c92ec3f2458d5ba29646e53784acc3b5b b6f3a5419be9717162b00c061501a950f2b97660e4361d22d95768376bc2b183
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/eb2daa07-e952-4f22-a57c-65d9a38c3152.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:24 GMT
content-type: image/avif
content-length: 10257
cache-control: public, max-age=31536000
content-disposition: inline; filename="eb2daa07-e952-4f22-a57c-65d9a38c3152.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY2MmI5OTNlLTJjZTgzIg"
x-request-id: n0W-75dDxhTxJHvsmnpZU
cf-cache-status: HIT
age: 89640
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EOLU5PS8mzduLJqQx52LC8A%2FGjb2mtaqo%2FQ7E4aK2uc4lbno7o83eVD2a238s%2BZSgMk6rcXsaWGS56qu5SXe4dM5N%2FO6Sq5%2BbBckky2Wl9HonB%2FVqE7mpH27iqRXAzxkiDwu0Ag3Rgg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7dfedbb156c5-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/59242c3e-26c3-4b40-9405-9196a2eaf6d4.png@avif | 188.114.96.1 | 200 OK | 6.5 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/59242c3e-26c3-4b40-9405-9196a2eaf6d4.png@avif IP188.114.96.1:443
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hash5f5c73c94fbb6b71ff8e11fa5d90c875 b884913b0690a60b652d290f2b03a5c7a2c56be1 3bebc77fb02d0f9f524917c2f74b80fbf33f3eee3341ec4fc96e0b7dae08b1ba
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/59242c3e-26c3-4b40-9405-9196a2eaf6d4.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:24 GMT
content-type: image/avif
content-length: 6493
cache-control: public, max-age=31536000
content-disposition: inline; filename="59242c3e-26c3-4b40-9405-9196a2eaf6d4.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY2Mjk0M2U2LTZiMTQ1Ig"
x-request-id: eLk6Wpyz0KFbz3qLsHCyL
cf-cache-status: HIT
age: 85320
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dlTf6I2s9Q2ydQfXCVRPS%2F3t5sRdMxfEpuZwejBM3be2pd7P%2FgBCy9Nx5Ib7EL%2FKLfkWWh0SJSctg10aNT3t8suHMk4bkRV%2BdV8mQMfWifDHTXad6ihtXpbkDBR63nGwFveW3oMVUVE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7dfefc1b56c5-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/b7f02fa8-e7f6-45d1-a27d-61427222928f.jpeg@avif | 188.114.96.1 | 200 OK | 6.0 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/b7f02fa8-e7f6-45d1-a27d-61427222928f.jpeg@avif IP188.114.96.1:443
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hash9cf60adfabb93d9291d72808d9a09b80 9266df015e98b530fdc2dc9d3beac1cf4c47b728 75d41b1ae144e0dfa4ca497c6740c818ab3d47e26fd399bfe942e9b3c29ec792
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/b7f02fa8-e7f6-45d1-a27d-61427222928f.jpeg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:24 GMT
content-type: image/avif
content-length: 6006
cache-control: public, max-age=31536000
content-disposition: inline; filename="b7f02fa8-e7f6-45d1-a27d-61427222928f.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY2MjEwZTY2LTY4YmVhIg"
x-request-id: sUMHn7sXzIPRRtvFhZZxq
cf-cache-status: HIT
age: 89640
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kNslVWA5xi7P29blKCdEDtw5aRkfPb58su%2F1ykF6LbEltwww24zOjhBGQM7EU7bU32mPSzAo4XrUotwtUwQEBHY%2B5u2DaAjtcRp14nwX3n6sszml0hGfz%2BMgqWVImWOIs2ArSK6WVh4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7dfefc1756c5-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/0ba3209c-cc88-4939-8825-8169ef474010.jpg@avif | 188.114.96.1 | 200 OK | 8.4 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/0ba3209c-cc88-4939-8825-8169ef474010.jpg@avif IP188.114.96.1:443
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hash19f229b84c704888d3b7a617d4ea0d5f ead41a6984c57debbde1fdbe6820dcdd07634f99 2ded6d38b4a260c8c2b217d42f160b0ad2e5f2ffba86bc3f4b98c660c29ff870
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/0ba3209c-cc88-4939-8825-8169ef474010.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:24 GMT
content-type: image/avif
content-length: 8415
cache-control: public, max-age=31536000
content-disposition: inline; filename="0ba3209c-cc88-4939-8825-8169ef474010.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY2MjhiZjVkLTIwNzNlIg"
x-request-id: qm6oGx3zgZoAvqzoU-0Oq
cf-cache-status: HIT
age: 85595
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qbtiAM04%2FKvS%2B3oBkNsD4E8gFR4q1xJ9bexTvEbOXxBeQX%2Bz1GkP%2FGo3pAwfXPa%2FBbKrODjXLKEV%2FZHRg8wBrBmDjBmw6x7pqy01eTPZ31bo4jut4mSUuW59%2FnOYo%2Bgxsu75qRIf%2F1w%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7dfefc1a56c5-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/5715b15f-4b61-4023-8db4-9a0548bcf732.png@avif | 188.114.96.1 | 200 OK | 5.4 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/5715b15f-4b61-4023-8db4-9a0548bcf732.png@avif IP188.114.96.1:443
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hasha53ccd32b6573bd5607bf7df0262de0d 5b001378ccca0734fa57f761c4e2a285ce49a037 de43ec4a13c6723c89fe3fa0953b4e335bee0318335b631dc5f2e970ca45b2c5
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/5715b15f-4b61-4023-8db4-9a0548bcf732.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:24 GMT
content-type: image/avif
content-length: 5357
cache-control: public, max-age=31536000
content-disposition: inline; filename="5715b15f-4b61-4023-8db4-9a0548bcf732.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY2MmI2ZjZiLTc3YjFiIg"
x-request-id: ol-qO_EussveIk9G0BDNi
cf-cache-status: HIT
age: 89640
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cCxHcUXtA8rlCkDJlgEoYhIKvRvOYhu9BmWqPyhgR%2FFZfzIhsxtQBt0Opikns3Gqzwpc%2BvUl8CJRLYMpuTzoWuiY%2F7ZUnYwdyrWBnThpXOZ6LP8OLzZwXaDcEw5JMoIFa%2B0%2FHSX51XU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7dfefc1c56c5-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/1885b985-c87c-430a-a7f0-59ef5e81f3e8.png@avif | 188.114.96.1 | 200 OK | 5.7 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/1885b985-c87c-430a-a7f0-59ef5e81f3e8.png@avif IP188.114.96.1:443
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hash54f58437ccfac60ea496cba4a5ebe793 901a0b135c50f1329a1d8abe29ae516bbbdf95df 05709d8730fa9cfdbb1df0003b75468271f8f8fcd9739ebb289f38d078be41d5
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/1885b985-c87c-430a-a7f0-59ef5e81f3e8.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:24 GMT
content-type: image/avif
content-length: 5723
cache-control: public, max-age=31536000
content-disposition: inline; filename="1885b985-c87c-430a-a7f0-59ef5e81f3e8.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY2MmI2ZDRjLTYxMDI3Ig"
x-request-id: rg31sGg-oZs0VKx36nZHr
cf-cache-status: HIT
age: 85320
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1vuxaa6HHRbG1UqTtnUXoXvyA9ZQNO62rlPUHHNQCMiCv0xpR%2FAb8gw58TP%2FC0Nv3iRjpddgJ5uVS0ebdqOSc6F4xsveufI47qImKFgQWSRMfhu9Yhox7Lu4N0PWP2eXiYkfqB3f8G4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7dfefc1856c5-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/30b67e65-210e-41bd-a426-9d2887fd6013.jpg@avif | 188.114.96.1 | 200 OK | 5.2 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/30b67e65-210e-41bd-a426-9d2887fd6013.jpg@avif IP188.114.96.1:443
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hashdd3a7f7de6ce70f6d60d47bcf0ac2caf 8ce7ecc9874d98bb458ae9ae27131dabb28d3b4c d233b3deef7dbac89af4ac187526357631ccf64ed72d28125381e317febfe3b6
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/30b67e65-210e-41bd-a426-9d2887fd6013.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:24 GMT
content-type: image/avif
content-length: 5227
cache-control: public, max-age=31536000
content-disposition: inline; filename="30b67e65-210e-41bd-a426-9d2887fd6013.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY2MmE0Mjk4LTE0ZDg5Ig"
x-request-id: 6EVEXMcEf7IBxLdaEeWSA
cf-cache-status: HIT
age: 89640
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=u1F4zJnz7qsBBXlVXBdVqZWIv243x9E7E2NUCsguNq4%2FN%2B551peAIBheQd0GOgKUZ1ul1%2BVRChwdW7EOk5z52aQa6d%2Bx0APOfUJRB5nRBbiQ%2B9JzROhuBsj5u7udHb8Q6%2BfyDkTvAdo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7dfefc1e56c5-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/endorphina/8c1c2087-5b6b-4de3-9a67-94c6593481d2.png@avif | 188.114.96.1 | 200 OK | 7.1 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/endorphina/8c1c2087-5b6b-4de3-9a67-94c6593481d2.png@avif IP188.114.96.1:443
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hashdc48ccc897f6834610509278cf6362a8 eba39a57b9b95bb8e27287e7f2c31a9153c1b55a 9fd9dfd7739f8f3c4ab6a8547248943305467a1cc79e95348fc1eaebbed2eba4
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/endorphina/8c1c2087-5b6b-4de3-9a67-94c6593481d2.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:24 GMT
content-type: image/avif
content-length: 7072
cache-control: public, max-age=31536000
content-disposition: inline; filename="8c1c2087-5b6b-4de3-9a67-94c6593481d2.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY2MjdiZDA0LTczMWNlIg"
x-request-id: kK82qKLC3zcGgmB2AF2XM
cf-cache-status: HIT
age: 85320
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GMvPJ7N4TCdG24SdkheVpEw2tisniHQf0N6iOAjHih%2Bmr7YQQtzwHtWSR46W5bQb%2BAznMHXOf8Wp%2FDeh7vVNIKD8hhkHibmRAytn6mjHxzy2HNWak3ZkzqIffPBjYq93Xc1uWxuWk9Q%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7dff0c2456c5-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/bd529428-aaab-4991-a790-150cd6317398.jpg@avif | 188.114.96.1 | 200 OK | 5.0 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/bd529428-aaab-4991-a790-150cd6317398.jpg@avif IP188.114.96.1:443
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hash3c7a3851260b12a9627faa9016f3ce1f 9df4442c906d9741c13ef21ed9eefb5f99d044c5 8b330aef0c0829a3f623aacd997fcae862db1c1b712f56cfdde0c267417d4942
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/bd529428-aaab-4991-a790-150cd6317398.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:24 GMT
content-type: image/avif
content-length: 5004
cache-control: public, max-age=31536000
content-disposition: inline; filename="bd529428-aaab-4991-a790-150cd6317398.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY2MDQwNTUwLTEzNTFiIg"
x-request-id: POGVM5U7XburYgl2LOHs0
cf-cache-status: HIT
age: 93734
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DeUvcsHLq7WSELP%2BT6Wfke02G8CREAKMOC1ost6oeHTrjnA%2FTYYaplKIGHvLTAH0XYF8LZ%2Brd0MLsiHtsR87i201p%2F0f5ATUu5J2%2FW%2BBKVcmbox94tZ1hetJU6VZm3zvLWDSe53uF0s%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7dff0c2756c5-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/f120e6c5-82c0-449d-9fe2-14404cf54a2b.jpg@avif | 188.114.96.1 | 200 OK | 6.1 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/f120e6c5-82c0-449d-9fe2-14404cf54a2b.jpg@avif IP188.114.96.1:443
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hash8ab343f9fbb12ed943be50f8bf5ad424 1e4052b55b0ec9a40fb8658e1484f49a9be2bcaa a7716d52b04407d20908065d05276be7f9a62b6d3f683a6d20ae38c37b50517e
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/f120e6c5-82c0-449d-9fe2-14404cf54a2b.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:24 GMT
content-type: image/avif
content-length: 6118
cache-control: public, max-age=31536000
content-disposition: inline; filename="f120e6c5-82c0-449d-9fe2-14404cf54a2b.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY2MjhlYjc4LTE1MzE1Ig"
x-request-id: HhgYYLe8up1NMZ5i7IMky
cf-cache-status: HIT
age: 85320
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=s45omiteAFpnxPIZNoaT9kADs5rDUi6a%2BJkUV4qUp1BXiMb7TXQ5D1RZfvwvoMXishguSZ6G6NCXm9L2hPEteNJrn09d85DMA8qmOTX0rozTX5PK%2BMFa2vG1q8pp5F%2BIi4d2Wo6EpN0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7dfefc2356c5-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/relax/ad048884-9c02-4406-869f-51fec7fbdd78.png@avif | 188.114.96.1 | 200 OK | 4.4 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/relax/ad048884-9c02-4406-869f-51fec7fbdd78.png@avif IP188.114.96.1:443
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hashd21bbd27caa4814c123f7835b63227dd 7b78fad1d4519f683ef7692084c7ab722bbb4a2e 64a07ee8fc56d94775348f15907dfb98a6adce91427c02c622a6341d01c5f227
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/relax/ad048884-9c02-4406-869f-51fec7fbdd78.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:24 GMT
content-type: image/avif
content-length: 4362
cache-control: public, max-age=31536000
content-disposition: inline; filename="ad048884-9c02-4406-869f-51fec7fbdd78.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY2MjhlMWRmLTJhODVmIg"
x-request-id: XoUPYEMKgOc7dSq-JHZoc
cf-cache-status: HIT
age: 85320
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZIIBIyf1XNXO0%2FrI2DgQH4JwrY7XWG7sA%2FBPuXVSXg51VqEfxZYambngBd%2Bibw6jOtJxmOznzG3yaDjsJlAcV82%2FzjthdgIIz2mr14L3jrNbVsC8jaD62zsjmWXAGcu5drvz8rENU9Q%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7dfefc2056c5-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/relax/0bb94da7-20af-4de5-b6e1-2de0057f32ce.png@avif | 188.114.96.1 | 200 OK | 6.8 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/relax/0bb94da7-20af-4de5-b6e1-2de0057f32ce.png@avif IP188.114.96.1:443
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hashb69bf7144e9a832bd3c9d28727ca838f 6a3f5f4185274a3de1a04deeaad9b31749bb7f60 9a96d95a76f3d56c89c7bc325e4c924467396edaba60680869482b8d790209bf
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/relax/0bb94da7-20af-4de5-b6e1-2de0057f32ce.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:24 GMT
content-type: image/avif
content-length: 6841
cache-control: public, max-age=31536000
content-disposition: inline; filename="0bb94da7-20af-4de5-b6e1-2de0057f32ce.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY2MjI2MGY5LTMzMTI2Ig"
x-request-id: 36spCDZGZ0DZPVBxDWj1h
cf-cache-status: HIT
age: 75779
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RiMg25hKtWtyFpXqf068ut2SiMzZFaKS7DiSb0mQf7xKMRivVxaijnBlSISqojBHgWBlUsdQWJZPstj1qGpS5JK%2BCopKy3gbQL62ikk4qNCRTfAsln2IpA48FdFN0To2jw3QN0jICys%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7dff2c4d56c5-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/mrslotty/2162e09a-d5fc-4b12-a0d2-8d192f5a8558.png@avif | 188.114.96.1 | 200 OK | 7.6 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/mrslotty/2162e09a-d5fc-4b12-a0d2-8d192f5a8558.png@avif IP188.114.96.1:443
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hashbc6a73165887159804fb12d2070a869f bd7f983ae3bfff6ae0e35d9c80cf58019305aae2 f5cd26e85f02e9dfa63bf26dbc4de65f5a4778bf470bdc7f4e885c0ddb397adb
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/mrslotty/2162e09a-d5fc-4b12-a0d2-8d192f5a8558.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:24 GMT
content-type: image/avif
content-length: 7562
cache-control: public, max-age=31536000
content-disposition: inline; filename="2162e09a-d5fc-4b12-a0d2-8d192f5a8558.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY2MWZiNzlkLTRjNmFhIg"
x-request-id: TTUnalGkpt9soteiP7HMG
cf-cache-status: HIT
age: 39431
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mWRCQoamWERJsyEhXLqHKac%2FrrsdFC3mZcQJQgOEb7GcCRxxn6jEKUef7AHjL0yx0xP7KCR1svlUICW6IZrP6Wf3Rv4uFKmFVS9%2BXVTAAflis7vxfiEpx1L9FUAPpzLWkXKsx6egfds%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7dff2c5256c5-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/52366822-4577-4d3f-acec-2589fdbeca99.png@avif | 188.114.96.1 | 200 OK | 5.9 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/52366822-4577-4d3f-acec-2589fdbeca99.png@avif IP188.114.96.1:443
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hashec228fb30fcf1883c52215d5d037a9e5 f9bcc2849c38683aa7b39b446a67f134955477e2 43693d6bce1311165db9287287b6ac8c7518fdc9cbf13c9acfa46564a2127b7f
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/52366822-4577-4d3f-acec-2589fdbeca99.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:24 GMT
content-type: image/avif
content-length: 5901
cache-control: public, max-age=31536000
content-disposition: inline; filename="52366822-4577-4d3f-acec-2589fdbeca99.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1ZmFjODU0LTQwYmY4Ig"
x-request-id: giKujZdURtkLv2oJ0LU6K
cf-cache-status: HIT
age: 78337
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Nklbyr2A9oqujZeqAq83j7wCw3X7wPyo4%2B%2BHi%2FNRcg9n3LyRw%2BJYBFiPtKI9ZaES5zoQqDFdLJQ%2Bm6FBW8Z3hz9uNESls73gOxLHU0ND8ATxbGBmEUzFCTZTqj8P7%2Bz3khc%2BYMxHx4M%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7dff2c5456c5-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/endorphina/1c654f91-494a-4999-9e09-ff3c08a1a783.jpg@avif | 188.114.96.1 | 200 OK | 7.2 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/endorphina/1c654f91-494a-4999-9e09-ff3c08a1a783.jpg@avif IP188.114.96.1:443
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hash1d9ed93e6aa073c88009ded8b66a2b9e 4ed05eeb812152c0a258afc1f7f558fda36ea915 30f26fe92113ca00ca5984124557c76572f237e8ee8e771789fbc24514a41050
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/endorphina/1c654f91-494a-4999-9e09-ff3c08a1a783.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:24 GMT
content-type: image/avif
content-length: 7172
cache-control: public, max-age=31536000
content-disposition: inline; filename="1c654f91-494a-4999-9e09-ff3c08a1a783.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY2MWZjNTExLTFkMDUxIg"
x-request-id: UyVt1u3uodEZrcjNouy2z
cf-cache-status: HIT
age: 89640
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3jNrf0hiQeSMEh3QZsyyOuaQWFSFBxfqOvmq8Bd6osMH%2FdHWYiReKCtxoTrXoa4zhIFdhvd4UVgD%2FnquLqTcOPjBLtqEsV3oheq4W7R2nFyh362Fu5rmpire5rUQS94luwZMlmWjing%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7dff2c5556c5-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/ee04d9f5-101f-4b27-9fa6-d7d9869e1876.png@avif | 188.114.96.1 | 200 OK | 6.5 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/ee04d9f5-101f-4b27-9fa6-d7d9869e1876.png@avif IP188.114.96.1:443
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hash0247a78da5e08d8910d280281a3b2807 5958a3db6d03d476db41d4e4a6e5e8d2fcb2b513 4c62543ea4cf9751ebd9f09b353c170d93d9ed8fb496fa8a6c7d2682784cb605
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/ee04d9f5-101f-4b27-9fa6-d7d9869e1876.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:24 GMT
content-type: image/avif
content-length: 6487
cache-control: public, max-age=31536000
content-disposition: inline; filename="ee04d9f5-101f-4b27-9fa6-d7d9869e1876.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY2MjI2ZjNkLTY3YTkxIg"
x-request-id: 2tcmI63YxuYXqGDvGVlSJ
cf-cache-status: HIT
age: 75779
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5f%2BrXoISylTjEr1v9uj24A9FlTb9D9dt1G21J8%2BSbPqq69efcuCko5ZOz9uUDSK3WZcFpz2Ozv7h874kxDCJQUUJziOgtnf4YoHEotVAkIlD8Ya%2FZU6Os%2FK6Xc3hT6I%2FpnD7%2FqG2q%2FM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7dff2c5656c5-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/be82a35b-87b5-4b9c-8c62-d2aa5afa7024.jpg@avif | 188.114.96.1 | 200 OK | 6.2 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/be82a35b-87b5-4b9c-8c62-d2aa5afa7024.jpg@avif IP188.114.96.1:443
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hash2bd4526708aebaa8f38fbf9994c4d815 4ebd407f529ce54858352d4ae73c5545c8889f59 814e62d5137f9338b70ac99e04202e6219061e6ec1a1122c7e24cac84b474a30
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/be82a35b-87b5-4b9c-8c62-d2aa5afa7024.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:24 GMT
content-type: image/avif
content-length: 6223
cache-control: public, max-age=31536000
content-disposition: inline; filename="be82a35b-87b5-4b9c-8c62-d2aa5afa7024.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY2MjBkY2JmLTE4NWE5Ig"
x-request-id: sStxE5o9l-RaaG-pMWYjb
cf-cache-status: HIT
age: 39431
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2UP4Y%2Fu3Y%2BlQvgTemkWIZkG06WeexJut%2FJg5hFVjWfJUicrG2ABrKIa3BftZYxCwEet%2B8IUHrbUg30YQp8cse65Elv%2BiYwltE92tY8y2fZm3DhpMFTtvTZZ7mtzsZV0uBz2G%2F0hEsew%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7dff2c5a56c5-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/pragmatic/27c3e0d7-39a5-4934-9d1d-6fb182f07b18.png@avif | 188.114.96.1 | 200 OK | 9.1 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/pragmatic/27c3e0d7-39a5-4934-9d1d-6fb182f07b18.png@avif IP188.114.96.1:443
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hash7ca2da1916091c1e95c0428c25a0654c b7b0e985402b61e327a686407f70c6b13df6b633 25de29857b2247ae6d6a42acec65c8746f18660b50a6127623b3cf6492abeef1
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/pragmatic/27c3e0d7-39a5-4934-9d1d-6fb182f07b18.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:24 GMT
content-type: image/avif
content-length: 9134
cache-control: public, max-age=31536000
content-disposition: inline; filename="27c3e0d7-39a5-4934-9d1d-6fb182f07b18.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY2MGU2OTllLTZkMTFmIg"
x-request-id: TxOCSLtUdNuE7YUvaKLln
cf-cache-status: HIT
age: 76471
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Cz10qtBYZcUwQhhklPTySDgxp9kl6JLxz7nS9vHpXEXpHvNV7FDNURvQ%2FfnfpEjD2G%2FuaxVdN0GCM1G3ceHGBZfJ%2FlmaB5nB1oCPyJfLK992CMuMrlEHk4hNTCKjyWkmjgdhrwQozI0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7dff2c5b56c5-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/e2d2b78f-c755-4757-90b0-f2632ab94445.jpeg@avif | 188.114.96.1 | 200 OK | 10 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/e2d2b78f-c755-4757-90b0-f2632ab94445.jpeg@avif IP188.114.96.1:443
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hashb7211186098c84cc373b72baacfcf8e2 fb785e9766c27312a5c9d59cd9a172d36d9a13a7 bc135b2c5d0910381da869cffd789b60072b1c6984ecfb027577588fa4722c18
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/e2d2b78f-c755-4757-90b0-f2632ab94445.jpeg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:24 GMT
content-type: image/avif
content-length: 10399
cache-control: public, max-age=31536000
content-disposition: inline; filename="e2d2b78f-c755-4757-90b0-f2632ab94445.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY2MjBkZjc5LTIzYjlkIg"
x-request-id: LtTGvFBf79vjlQrLxbBar
cf-cache-status: HIT
age: 39431
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vAVPljgraWwLs0nPSyBI%2BF126RrMT5KOQPPcYo8wSGEhdcGCekDFNk9wqEXa%2Fhl6uxt3x68q8veY%2FjfRpIfC8AcJTkG5vJav6ayBv3dtoXUEkY%2B4Dm%2FOcbJLLiekhEacnlkMhKYsLCE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7dff2c5056c5-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/3aa2926c-204e-44dd-b29e-a2b4a7eb2ca0.jpg@avif | 188.114.96.1 | 200 OK | 5.4 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/3aa2926c-204e-44dd-b29e-a2b4a7eb2ca0.jpg@avif IP188.114.96.1:443
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hash2f3326e9782fbd483d5365d96de136fa e5923a981e4cc92ab603654b8477bc50a76fa8d9 702f7584628b34c4ff5f0cb5f6b22e43bac993f0d46e7d33279a3db8ee65ab34
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/3aa2926c-204e-44dd-b29e-a2b4a7eb2ca0.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:24 GMT
content-type: image/avif
content-length: 5421
cache-control: public, max-age=31536000
content-disposition: inline; filename="3aa2926c-204e-44dd-b29e-a2b4a7eb2ca0.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY2MGVhMWVmLWRjNTMi"
x-request-id: T9mkih8XcMGEouaByO6uB
cf-cache-status: HIT
age: 85219
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Un3uuSJxybK0N6ct1YntEMqBGfhZwqtsGouE0%2F12EdZqBxNX5aK%2FaCgKTdRbOndTNsWQbbbh%2BoOsg%2BD3mPyU7RkJwjys%2Fp889PA61KZienCE2AtAznSjQ%2BnXrXjUXwwgBZK7d37A4L0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7dff3c7e56c5-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/mascot%20gaming.21cafbe70.svg | 154.197.121.128 | 200 OK | 7.2 kB |
URL GET HTTP/21win-cdn.com/img/mascot%20gaming.21cafbe70.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hash05a5215fb58ee982a06812a01f90b297 f5670d6855574e00b4086b6a28a3291f4ee3503c 0220cb9b83247ffac2491ebab2397cb21b4530ce674a1c2b58f997feddb43c9e
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/mascot%20gaming.21cafbe70.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:24 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-144f"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1197
expires: Wed, 08 May 2024 22:25:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7dfd5b54568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/1a151333-79a3-49a3-871d-0d15b9871ea6.png@avif | 188.114.96.1 | 200 OK | 6.3 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/1a151333-79a3-49a3-871d-0d15b9871ea6.png@avif IP188.114.96.1:443
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hashf66300d123f0f34aef74b40d88edb811 daf97ed8ccde34c6962f6f9f979ecbc4b7524195 bd8126951ad0ec051a2fe9c19e74c43ca0ba9eb936591ca5c8441234d22b410d
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/1a151333-79a3-49a3-871d-0d15b9871ea6.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:24 GMT
content-type: image/avif
content-length: 6318
cache-control: public, max-age=31536000
content-disposition: inline; filename="1a151333-79a3-49a3-871d-0d15b9871ea6.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY2MGVhNTI1LTNkZTZiIg"
x-request-id: 9lJbrjXo2whjtkKUmQTqe
cf-cache-status: HIT
age: 89640
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hN68eEIwcuv0jUizjN4LUMqk2GNljGHlEPvbB0M242hjLIEbbDk9XKc2ppsxJaECWWPCDs6%2Blo0K%2FtBc55EJ4Y5IkhDXeGrroaFQBW3N8zelI763TjKYIVA0dL8JLo6G%2FrtlhZVO6J8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7dff4c8b56c5-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/thunderspin.2d11ae63d.svg | 154.197.121.128 | 200 OK | 89 kB |
URL GET HTTP/21win-cdn.com/img/thunderspin.2d11ae63d.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hasheed567df6fce629b9ccf8aacd9065dc1 62676e5c943886a873fc64da5756ce695d841138 d7e79a1bc432c6aa503c723b740b6d7c724e78d40089fb8783ee864a60ad7e34
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/thunderspin.2d11ae63d.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:24 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-9d8"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1817
expires: Wed, 08 May 2024 22:25:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7e023d3b568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/igrosoft.69f8e3ca4.svg | 154.197.121.128 | 200 OK | 92 kB |
URL GET HTTP/21win-cdn.com/img/igrosoft.69f8e3ca4.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hashd72409fbb35a96905391e47b38d3e6cb f2822f69d2265a74d5a3381cd2b79fa3b1d8ad9d 0ec3b68b86eab961740a6ba28c5409048aa64b2c9121b41be6c9e5e8bb73fe1b
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/igrosoft.69f8e3ca4.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:24 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-500"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5268
expires: Wed, 08 May 2024 22:25:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7e016b5a568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/gameart.7beff0d18.svg | 154.197.121.128 | 200 OK | 75 kB |
URL GET HTTP/21win-cdn.com/img/gameart.7beff0d18.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hash82c9e41bdb9d1cb34a43942dd4fe3640 52bcff6b442c3f5eaba279b6dcd068337ba80e0e 14426538b830b4f4bd3107e39ededc5458225e5dbae4cac80724048c741a7b8a
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/gameart.7beff0d18.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:24 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-a30"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6955
expires: Wed, 08 May 2024 22:25:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7e00da53568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/gaming%20corps.5c3f3647c.svg | 154.197.121.128 | 200 OK | 4.9 kB |
URL GET HTTP/21win-cdn.com/img/gaming%20corps.5c3f3647c.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hash1e0ad44b1024f87f6c847d4e08ce99f3 9beb534d028aa8caa182455e410b3ee5f55d3836 8da311b2da16752d8b3d20a069f83e2dc4ecda177fb9d8b74232f4749d6ae0bb
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/gaming%20corps.5c3f3647c.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:24 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-790"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6955
expires: Wed, 08 May 2024 22:25:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7e011abe568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| www.gstatic.com/recaptcha/releases/vjbW55W42X033PfTdVf6Ft4q/recaptcha__en.js |  142.250.74.99 | 200 OK | 204 kB |
URL GET HTTP/2www.gstatic.com/recaptcha/releases/vjbW55W42X033PfTdVf6Ft4q/recaptcha__en.js IP142.250.74.99:443
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT
File typeJavaScript source, ASCII text, with very long lines (632) Size204 kB (204445 bytes) Hashadd520996e437bff5d081315da187fbf 2e489fe16f3712bf36df00b03a8a5af8fa8d4b42 922b951591d52d44aa7015ebc95cab08192aa435b64f9016673ac5da1124a8b4
GET /recaptcha/releases/vjbW55W42X033PfTdVf6Ft4q/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1wsxxy.life
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 204445
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 06 May 2024 16:27:37 GMT
expires: Tue, 06 May 2025 16:27:37 GMT
cache-control: public, max-age=31536000
last-modified: Sun, 05 May 2024 20:00:16 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 179868
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/evoplay.cfa676ca9.svg | 154.197.121.128 | 200 OK | 1.7 kB |
URL GET HTTP/21win-cdn.com/img/evoplay.cfa676ca9.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hash55e1bec7d8f6d5a6b08ac031391ed719 797a9bb780a896b753986e4cd665238f94c11521 c2a5d345e10e5eb7697e66262f335e9eaecd3dee28e43b0cf4237fbc187e0067
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/evoplay.cfa676ca9.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:24 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-a24"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6692
expires: Wed, 08 May 2024 22:25:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7e00ba16568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/aviator-game-logo.2fb50dc03.svg | 154.197.121.128 | 200 OK | 2.5 kB |
URL GET HTTP/21win-cdn.com/img/aviator-game-logo.2fb50dc03.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hash727c23533b996dbc4585bc0de2dc8017 f327a7c79f8169b7bd5169f725745ee91976981b d99039d9b81e8cb44efd3a060ce89fd1e66af93bf0ab1d7acd8722de004c5e70
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/aviator-game-logo.2fb50dc03.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:23 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-bfa"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6691
expires: Wed, 08 May 2024 22:25:23 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7df7d83b568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/netent.95417a961.svg | 154.197.121.128 | 200 OK | 453 B |
URL GET HTTP/21win-cdn.com/img/netent.95417a961.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hashb14ee9f6087bd4cc055ef5f01753da38 d43101e8319dfd91428cbf1ac1b1cbad42c2eb8a 0a252f06a342b939dcb707a6289219e898eec00b36b49375aaa2486f40fa9c34
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/netent.95417a961.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:24 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-3f7"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 4080
expires: Wed, 08 May 2024 22:25:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7e017b8d568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/nolimit%20city.5b7440267.svg | 154.197.121.128 | 200 OK | 7.3 kB |
URL GET HTTP/21win-cdn.com/img/nolimit%20city.5b7440267.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hash9af744c0b558d8c6c8abf3f4ba6feed8 16de34c424808afde3a3c90a3c71bd10be5c8f0d 11384bd86ba06cc1a74708127028b80018fcb7415600f381b19f1c720d112ed2
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/nolimit%20city.5b7440267.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:23 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-693"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6844
expires: Wed, 08 May 2024 22:25:23 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7dfbb856568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/turbo%20games.0a45ae56b.svg | 154.197.121.128 | 200 OK | 470 B |
URL GET HTTP/21win-cdn.com/img/turbo%20games.0a45ae56b.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash305e1b3c6dc545232bb5ac0c01539ef5 7f34efadc68fcc787edde99c9c3ee77720258b6b 67dfc792f5dcdd024832cc16917bd305ba2f78c72712e0193b88be487478a691
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/turbo%20games.0a45ae56b.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:24 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-416"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 3350
expires: Wed, 08 May 2024 22:25:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7e024d45568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/thunderkick.6962312e1.svg | 154.197.121.128 | 200 OK | 9.2 kB |
URL GET HTTP/21win-cdn.com/img/thunderkick.6962312e1.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hash4c967493137775052145d4b152d4d110 d0b8574ba2dac169d6616de933f138b08ecabd19 19a0b2797d088e13431ca297cdc7c6c19dfef686a687ef954eb3d21e09a41edd
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/thunderkick.6962312e1.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:24 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-349"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6955
expires: Wed, 08 May 2024 22:25:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7e023d33568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| region1.analytics.google.com/g/collect?v=2&tid=G-548949LWLW>m=45je4510v894728184z8894400803za200&_p=1715192722841&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=1929158001.1715192726&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&_s=2&dp=%2Fcasino%2Flist%2F4&sid=1715192725&sct=1&seg=0&dl=https%3A%2F%2F1wsxxy.life%2Fcasino%2Flist%2F4&dt=1win&en=casino_game_week_view&ep.page_url=https%3A%2F%2F1wsxxy.life%2Fcasino%2Flist%2F4&ep.device_type=desktop&ep.platform=web&ep.os=other&ep.domain=1wsxxy.life&tfd=9364 | 216.239.32.36 | 204 No Content | 0 B |
URL POST HTTP/3region1.analytics.google.com/g/collect?v=2&tid=G-548949LWLW>m=45je4510v894728184z8894400803za200&_p=1715192722841&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=1929158001.1715192726&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&_s=2&dp=%2Fcasino%2Flist%2F4&sid=1715192725&sct=1&seg=0&dl=https%3A%2F%2F1wsxxy.life%2Fcasino%2Flist%2F4&dt=1win&en=casino_game_week_view&ep.page_url=https%3A%2F%2F1wsxxy.life%2Fcasino%2Flist%2F4&ep.device_type=desktop&ep.platform=web&ep.os=other&ep.domain=1wsxxy.life&tfd=9364 IP216.239.32.36:443
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-548949LWLW>m=45je4510v894728184z8894400803za200&_p=1715192722841&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=1929158001.1715192726&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&_s=2&dp=%2Fcasino%2Flist%2F4&sid=1715192725&sct=1&seg=0&dl=https%3A%2F%2F1wsxxy.life%2Fcasino%2Flist%2F4&dt=1win&en=casino_game_week_view&ep.page_url=https%3A%2F%2F1wsxxy.life%2Fcasino%2Flist%2F4&ep.device_type=desktop&ep.platform=web&ep.os=other&ep.domain=1wsxxy.life&tfd=9364 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1wsxxy.life
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/3 204 No Content
access-control-allow-origin: https://1wsxxy.life
date: Wed, 08 May 2024 18:25:31 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| 1win-cdn.com/img/superlotto.0b2069aeb.svg | 154.197.121.128 | 200 OK | 10 kB |
URL GET HTTP/21win-cdn.com/img/superlotto.0b2069aeb.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hashc4766b59a73b0b0ceadc87a28b3ed30f 9204878ca9263241f70d0775688024b5c2c076e8 10c6e610cb548d44f2a4e65291a4263d6dd92fbe92232366e6c77371d11bcc62
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/superlotto.0b2069aeb.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:24 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-1b55"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5268
expires: Wed, 08 May 2024 22:25:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7e023d2a568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/gamzix.c753c377b.svg | 154.197.121.128 | 200 OK | 8.3 kB |
URL GET HTTP/21win-cdn.com/img/gamzix.c753c377b.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hash4a041fef090ca6d8617258121d8493eb 1cead243e6285cc8d7e4bde55865fb783cc993a4 63705c2f2da12dd11bbdd7633a5e9aaf5272d70881fe63877a3a2e9aeb2ac611
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/gamzix.c753c377b.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:24 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-f3b"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1995
expires: Wed, 08 May 2024 22:25:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7e013b00568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/gamebeat.5649e97f9.svg | 154.197.121.128 | 200 OK | 8.8 kB |
URL GET HTTP/21win-cdn.com/img/gamebeat.5649e97f9.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hash19a58ec2a4f87644051d9e13726b2179 e6553db2d0bf40debad985c3375fc2ed2f452ab0 7a6202eda40173a68f3942d50e96dafdb32ae21791ee53dc306d8521ccf8a406
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/gamebeat.5649e97f9.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:24 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-472"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 4669
expires: Wed, 08 May 2024 22:25:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7e011aa4568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| static-adm.1win-cdn.com/banner-files/JLftVVw1t0_EwybR7D7jcrvlyHh-frCp7wv7hA9MW7TXgazEy_9-I20U4ydlNhKnhDyIqrXqYPcm9wWmxxgC42pAhEQrtuGxMDuN.png | 188.114.96.1 | | 230 kB |
URL GET static-adm.1win-cdn.com/banner-files/JLftVVw1t0_EwybR7D7jcrvlyHh-frCp7wv7hA9MW7TXgazEy_9-I20U4ydlNhKnhDyIqrXqYPcm9wWmxxgC42pAhEQrtuGxMDuN.png IP188.114.96.1:0
Requested byhttps://1wsxxy.life/casino/list/4#7s9r
File typePNG image data, 1508 x 488, 8-bit colormap, non-interlaced Size230 kB (230270 bytes) Hashc45a5f023592d6b869a1a41216399dc9 280d32d02ad142bfaa08ae0bdf4e7812d2336b9e eb3288d5ba136f10c1e3ecd675b8201eed039099f751b3df152781cdffd78aeb
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /banner-files/JLftVVw1t0_EwybR7D7jcrvlyHh-frCp7wv7hA9MW7TXgazEy_9-I20U4ydlNhKnhDyIqrXqYPcm9wWmxxgC42pAhEQrtuGxMDuN.png HTTP/1.1
Host: static-adm.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:42 GMT
content-type: image/png
content-length: 230270
last-modified: Tue, 13 Feb 2024 22:31:26 GMT
etag: "65cbedbe-3837e"
cache-control: max-age=14400
cf-cache-status: HIT
age: 1091
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BRypR4byCJdJ8Oa6%2BeZxh9EmgSgyYxfaq0lrbmKP%2Bv0Gxma2gZM3b216rjtaNvZ6Rf%2FWKl%2Fvi3G066%2BqeOqA43bkvOGAjCh%2BhFobYaHQzVCdLa1qSa1J7pKc859Kn5VOXiyLKSRT2rTxaw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7e6e5e5e56c5-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/genii.367222bbe.svg | 154.197.121.128 | 200 OK | 2.2 kB |
URL GET HTTP/21win-cdn.com/img/genii.367222bbe.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hash07a1ded3abb8f7a12f9d4b8d1df4ba92 8a2168ce56b97c15e23dea0982329682b308b163 8d97cf7b66c5223bc5ab749f864962541bbf61d35b3d829cb0d8aea12fe7bcd6
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/genii.367222bbe.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:24 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-ecd"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5268
expires: Wed, 08 May 2024 22:25:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7e014b1f568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| location.services.mozilla.com/v1/country?key=no-mozilla-api-key | 52.24.210.222 | | 48 B |
URL location.services.mozilla.com/v1/country?key=no-mozilla-api-key IP52.24.210.222:0
Hash94bc553225a6cddab963f4053273b388 57ffc8bd333dfe0bf3a05a5945ee15f9c15b0672 977bc9f6239939e6e0a2682325098f1bf0109e1450f040536670acf0f8798cb6
GET /v1/country?key=no-mozilla-api-key HTTP/1.1
Host: location.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 2592000
Cache-Control: private, no-cache, no-store, must-revalidate
Content-Security-Policy: default-src 'none'; report-uri /__cspreport__
Content-Type: application/json
Date: Wed, 08 May 2024 18:25:50 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
Content-Length: 48
Connection: keep-alive
|
|
| 1win-cdn.com/img/cool%20games.019d15340.svg | 154.197.121.128 | 200 OK | 3.6 kB |
URL GET HTTP/21win-cdn.com/img/cool%20games.019d15340.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hashc3efa9849696becabebca718837f0827 96c9a9ae1bcc9e9b7ca05f52c14a1dc0cd986653 ee6d141e322862aa269184cbe47e86f7e8882b13966a905121857502eaa1a8fa
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/cool%20games.019d15340.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:24 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-e13"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5268
expires: Wed, 08 May 2024 22:25:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7e00a9db568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| d16q5vvir3f28d.cloudfront.net/raffle-20240411/headerLink.png | 143.204.42.78 | 200 OK | 3.9 kB |
URL GET HTTP/2d16q5vvir3f28d.cloudfront.net/raffle-20240411/headerLink.png IP143.204.42.78:443
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerAmazon Subject*.cloudfront.net FingerprintFA:21:45:DC:4D:94:03:A3:09:77:51:78:4A:21:F2:C5:6D:94:BE:52 ValidityTue, 10 Oct 2023 00:00:00 GMT - Thu, 19 Sep 2024 23:59:59 GMT
File typePNG image data, 124 x 48, 8-bit colormap, non-interlaced Hash3219393f1efd01cf2db20820dff57cf2 ebdbcf916084a0d5a70680021d269680e9f41d41 8bb1195fc7bb92abd77f1a9bb21ce32e20e509d25d3aef4c412b50c8fae6ec06
GET /raffle-20240411/headerLink.png HTTP/1.1
Host: d16q5vvir3f28d.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: image/png
content-length: 3884
date: Wed, 08 May 2024 06:42:58 GMT
last-modified: Thu, 11 Apr 2024 12:20:45 GMT
etag: "3219393f1efd01cf2db20820dff57cf2"
x-amz-server-side-encryption: AES256
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 a6d89f7e2d55548b941f1ff5d5b3c8d4.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: B-O1xOpev6VWvxVxxwvc8Rdnjtj9jianHJlricucax6zadU63fZ4tg==
age: 42148
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/speed-and-cash.dffacd6c5.svg | 154.197.121.128 | 200 OK | 24 kB |
URL GET HTTP/21win-cdn.com/img/speed-and-cash.dffacd6c5.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash3c62bcde419e822cfa55d45a05fa112d 77631a7cbc25e1d4567b72cc5b8c4acb43c7eb38 feb59050cb394075bb3efee348121151a8a214d673e69b1a3b8021e85a46c5f0
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/speed-and-cash.dffacd6c5.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:23 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-5bb7"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6691
expires: Wed, 08 May 2024 22:25:23 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7df7d83a568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/8726.6a357273b.js | 154.197.121.128 | 200 OK | 664 B |
URL GET HTTP/21win-cdn.com/js/8726.6a357273b.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (682), with no line terminators Hash2e216c1b879ec285c8c32567174c9af4 e1e1af06fe2299d4a230eb5467395ef6bf3354cc 2e286b2372f85cadaa903f3189b912a18def9e9c561f6b4121af91682164cca2
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/8726.6a357273b.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:23 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-298"
expires: Sat, 06 May 2034 18:25:23 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 690367
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7df81915568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/bombay%20live.ab678ab94.svg | 154.197.121.128 | 200 OK | 1.5 kB |
URL GET HTTP/21win-cdn.com/img/bombay%20live.ab678ab94.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash291aed0c4eee33d7354cb7440283934c ed96adcc70c1f20adad6a9b7a4fa494c45a0d66e e74a67564e0b43deb9d4a6cf97c232567d7dc8111c457c32360d695c21692291
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/bombay%20live.ab678ab94.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:24 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-5b4"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5268
expires: Wed, 08 May 2024 22:25:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7e0099ac568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/1x2gaming.00302c7de.svg | 154.197.121.128 | 200 OK | 2.6 kB |
URL GET HTTP/21win-cdn.com/img/1x2gaming.00302c7de.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash113eb6d7137f5f70e8e824f5487e85bd 3d4d5852693e551b81b3d8106608e11bdb3a5080 72f4e464420bdd29f86767f770246a82e37d7d54e601f3f460fdcaf351339a0b
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/1x2gaming.00302c7de.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:24 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-9fb"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6058
expires: Wed, 08 May 2024 22:25:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7e0038d3568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/boomerang.413a98511.svg | 154.197.121.128 | 200 OK | 36 kB |
URL GET HTTP/21win-cdn.com/img/boomerang.413a98511.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hashd37b7a09c29c7e0179175433f4b9cff7 9c24e32b7e570cd294ee7400d7b6b96348a6a8f9 e9eaf42baf55a608a7663e6f63812bd1faf020d3d75d6c12ddec5ea4b945e53a
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/boomerang.413a98511.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:24 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-8c38"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6955
expires: Wed, 08 May 2024 22:25:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7e0099b4568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/onetouch.b026a50c5.svg | 154.197.121.128 | 200 OK | 2.4 kB |
URL GET HTTP/21win-cdn.com/img/onetouch.b026a50c5.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hashf04cb7d15621db8eda5af2216a4f824f a0aa7231bfbe4ddc48be81716c3b31ba5c1702ec de4ec671f76aa1afb93d074c5ea3b64d3d759cf404a142b359be0d9fccedb84e
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/onetouch.b026a50c5.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:24 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-95a"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5268
expires: Wed, 08 May 2024 22:25:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7e017b99568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/salsa.8d18d113d.svg | 154.197.121.128 | 200 OK | 4.5 kB |
URL GET HTTP/21win-cdn.com/img/salsa.8d18d113d.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash8ddc56d0a9c2b1ae996c3521eddfae36 db430c81bcb0d7090c4067b858c8d48f0ba5d320 08bcd575204796b49e6590b14d0aef61c53647132f039606f45957b971c37844
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/salsa.8d18d113d.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:24 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-1187"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5268
expires: Wed, 08 May 2024 22:25:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7e020cd7568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/boldplay.70a46bd71.svg | 154.197.121.128 | 200 OK | 4.7 kB |
URL GET HTTP/21win-cdn.com/img/boldplay.70a46bd71.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hashb9145dace81bbcbef7d60609e72c9c63 c182aef9dae96fe22563e38cf8ad0bd5cfb9f588 8efe8d59068c4a443da7fca222bf01d3a94a01db7c7ace4463c434ff0aa93235
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/boldplay.70a46bd71.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:24 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-123c"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5268
expires: Wed, 08 May 2024 22:25:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7e0099ab568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/100hp%20gaming.8352a77d8.svg | 154.197.121.128 | 200 OK | 2.4 kB |
URL GET HTTP/21win-cdn.com/img/100hp%20gaming.8352a77d8.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash4ed7fa45e0933ca6d981ea7fdd5e86ad 9da697d8f40394da2cc17c0c82e73cb1130023d3 619d6f72aec387dbde0c96adf91a96436c6c496d67a67841a4058fda6283210d
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/100hp%20gaming.8352a77d8.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:24 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-935"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6692
expires: Wed, 08 May 2024 22:25:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7e0018a2568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/bet2tech.41863da88.svg | 154.197.121.128 | 200 OK | 1.8 kB |
URL GET HTTP/21win-cdn.com/img/bet2tech.41863da88.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash37036b9327cf2f08f10c828a969255cc 110c9e121e3f79982f785db63213d01a94faf4b0 13efe39819f6ca0b2ae3ceba64c239738536fee39cd1d6a4a142079050975f2a
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/bet2tech.41863da88.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:24 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-71f"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6045
expires: Wed, 08 May 2024 22:25:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7e006960568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/oryx.ddc50c514.svg | 154.197.121.128 | 200 OK | 1.4 kB |
URL GET HTTP/21win-cdn.com/img/oryx.ddc50c514.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hashbe6fe09456c38389975b47be1d6e664c aa63088e5bb8604d301bf747e760f3fbb47cca9d f8822aadbf4cdec8d633d4b6e8e4928dde87a143cf57d6d9f018ffe50809f1b7
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/oryx.ddc50c514.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:24 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-557"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5268
expires: Wed, 08 May 2024 22:25:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7e017b9b568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/57652.297e4ecc2.js | 154.197.121.128 | 200 OK | 647 B |
URL GET HTTP/21win-cdn.com/js/57652.297e4ecc2.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (667), with no line terminators Hash53d580c5f29a2a838b6595fa6ff0f0a3 ab60adb7207a806d271778effe677ed01dc144b0 d09039f573818646e722fef48f6f9d999dc7382548877a5699e9b45be29ec6dc
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/57652.297e4ecc2.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:23 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-287"
expires: Sat, 06 May 2034 18:25:23 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 697557
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7df7e85f568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/relax/db263120-c8bc-4660-a79f-3e018e1b4c8c.png@png | 188.114.96.1 | 200 OK | 64 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/relax/db263120-c8bc-4660-a79f-3e018e1b4c8c.png@png IP188.114.96.1:443
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typePNG image data, 419 x 314, 8-bit colormap, non-interlaced Hash36667d2a890aec7c9bdfab3695c5a28d 4b274856fb338e65a155f39597fc73f1c061f80e 6d7ab9181b43b860cfeb5f2edccb8e9ff8e104c35ed3e844650481fc4fee9f27
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/relax/db263120-c8bc-4660-a79f-3e018e1b4c8c.png@png HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:23 GMT
content-type: image/png
content-length: 63847
cache-control: public, max-age=31536000
content-disposition: inline; filename="db263120-c8bc-4660-a79f-3e018e1b4c8c.png"
content-security-policy: script-src 'none'
etag: "YivgRLogmnYHS1cXPJjS1dpZXN4A7BZ3bWbLSqbfqjQ/RIjY2MzM1YWVhLTc3MmIyIg"
x-request-id: HfR4ulRa5-QJ80cXX0zJt
cf-cache-status: HIT
age: 546881
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WyHwWRKc%2F2E5Bf4RYovPVUtqgmBhnYO7d6jZFIMpwUGRJrctZjgaV4%2BzUG21tDDkkUwC8xQ1qzCx6DSXIj5wfa317Cdnu%2F9EeA0t8dqmkrpVbOjkP8daC7iJ%2FA7UnNAakkuvnmm6Tyc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7dfb3ebab50c-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/betgames.f9572e26f.svg | 154.197.121.128 | 200 OK | 3.1 kB |
URL GET HTTP/21win-cdn.com/img/betgames.f9572e26f.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash22c1b0dd1e37b9c443eda963fe76d96e 7cdb9b3ec3c095dd657c2bc18489b00fc8f5f7fd 058002db89099b878d2fceffc78b9bdc47a5c5e990ebab7af3d1a9bac806a4f6
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/betgames.f9572e26f.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:24 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-beb"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 3350
expires: Wed, 08 May 2024 22:25:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7e007966568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/infingames/b2994f98-b0bc-47f2-9e30-c9589458b956.png@png |  0.0.0.0 | | 0 B |
URL GET imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/infingames/b2994f98-b0bc-47f2-9e30-c9589458b956.png@png IP0.0.0.0:0
Requested byhttps://1wsxxy.life/casino/list/4#7s9r
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/infingames/b2994f98-b0bc-47f2-9e30-c9589458b956.png@png HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
|
|
| 1win-cdn.com/img/upgaming.242b9e921.svg | 154.197.121.128 | 200 OK | 4.8 kB |
URL GET HTTP/21win-cdn.com/img/upgaming.242b9e921.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hashaeb4cc1caa82c4f55b3598ea0c7003fd 8c1eec585578ba1c3803b2d6b724d67cb8e3de25 236f3b8b8aad7f6ad5e23aa1eaf555fb7420d9dd6eb1df70e7957b1707554982
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/upgaming.242b9e921.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:24 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-129c"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1817
expires: Wed, 08 May 2024 22:25:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7e024d5c568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/bfgames/504da159-fe8b-45f0-a2b5-90ac16e8263c.png@png | 0.0.0.0 | | 0 B |
URL GET imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/bfgames/504da159-fe8b-45f0-a2b5-90ac16e8263c.png@png IP0.0.0.0:0
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/bfgames/504da159-fe8b-45f0-a2b5-90ac16e8263c.png@png HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
|
|
| 1win-cdn.com/img/atmosfera.32402e33f.svg | 154.197.121.128 | 200 OK | 9.0 kB |
URL GET HTTP/21win-cdn.com/img/atmosfera.32402e33f.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash3ba4610ae40c2d70390afaa7cba36721 01eeff20113a096675d71c018a7f109c8e53da28 815ee6469c0e9ab67b094e7e529109be7cd887973cfa0d784ac1638e9e5b5637
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/atmosfera.32402e33f.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:24 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-230d"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6955
expires: Wed, 08 May 2024 22:25:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7e00592b568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/netgame.8e28ed366.svg | 154.197.121.128 | 200 OK | 2.9 kB |
URL GET HTTP/21win-cdn.com/img/netgame.8e28ed366.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hashf7a27f15353cbc6d80464cb321e6f7cd 8e9d03da3c5f00a3a228b545cb8759e837059323 c7829189320f0892562d94639b839e69ab98bc4148e5827a634127bcc2ba9740
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/netgame.8e28ed366.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:23 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-b65"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6503
expires: Wed, 08 May 2024 22:25:23 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7dfbc88a568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/9e004027-65c0-4d9a-a26e-2f0f48fbc6b9.jpg@avif | 188.114.96.1 | 200 OK | 8.9 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/9e004027-65c0-4d9a-a26e-2f0f48fbc6b9.jpg@avif IP188.114.96.1:443
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hashac0c0d08aea9196d9f5e20fae8267dea a2e155c3ae14804811df161020868a34a241e8b4 1d8720872fa3bb1436ce54331b8e9f6b1945bc353e01604cbb9def2a851ce482
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/9e004027-65c0-4d9a-a26e-2f0f48fbc6b9.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:24 GMT
content-type: image/avif
content-length: 8872
cache-control: public, max-age=31536000
content-disposition: inline; filename="9e004027-65c0-4d9a-a26e-2f0f48fbc6b9.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY2MmI5M2IzLTI0OTVkIg"
x-request-id: xH5L9YRIELAUAqycKtC5a
cf-cache-status: HIT
age: 42506
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=X9U7oi2SB0uieH%2BLJCp74HFuVTdXzjjObejFTpv1SO%2FiD20Q1Hr4dH6%2F13QxADkpHDE5xMZscrmUXsyNpyeVdr4%2BXQdJ8%2FSW0irC3f1nqyT1UYv2Jfjtk6v0NTLIgInY2t1sEskTQR4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7dfe7b0856c5-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| www.google.com/recaptcha/api.js | 142.250.74.132 | 200 OK | 850 B |
URL GET HTTP/2www.google.com/recaptcha/api.js IP142.250.74.132:443
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subjectwww.google.com FingerprintC6:A2:DC:31:5A:53:FA:DD:55:71:A3:F4:DD:43:3D:16:71:B8:B3:99 ValidityTue, 16 Apr 2024 04:20:32 GMT - Tue, 09 Jul 2024 04:20:31 GMT
File typeJavaScript source, ASCII text, with very long lines (850), with no line terminators Hashcc9da74bc51547f7da14aea584e7bd4e cb70339c904703d3a88777889e63b867a04ab2d1 9d640e16608a79d4f95372f1dd9c1edf1322993b6f0d6ec224ff0f01d2053d64
GET /recaptcha/api.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
expires: Wed, 08 May 2024 18:25:23 GMT
date: Wed, 08 May 2024 18:25:23 GMT
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/43f0df08-b4a6-4f93-aba3-5719ba5874ba.png@avif | 188.114.96.1 | 200 OK | 5.8 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/43f0df08-b4a6-4f93-aba3-5719ba5874ba.png@avif IP188.114.96.1:443
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hash5df86874b73ee88e7502862998d51a6c 8f971e240b106a405b226cc630aac91f68e65441 530a54b42ea94788526dbe50828df1fd3cb676dd857b1af4e101cf769ad1f05c
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/43f0df08-b4a6-4f93-aba3-5719ba5874ba.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:24 GMT
content-type: image/avif
content-length: 5777
cache-control: public, max-age=31536000
content-disposition: inline; filename="43f0df08-b4a6-4f93-aba3-5719ba5874ba.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY2MDEyZDViLTNkY2RhIg"
x-request-id: vCKlSJc_vFdtGoo2ZZvh7
cf-cache-status: HIT
age: 92005
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VKKqze0FiZ8nrMcWrWSSlP4dEnmHd%2F1vCUh6521I%2B0T709cA5yJCLQ46zPacdjbHYAyNJ2x9hV7Ft4Ahugsya9JCt6Is%2BqA1RSwqtZ6tdTFhswwbhjsdtqIx%2BL%2BlQyZ%2F0BOocIGa21U%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7dfe9b2956c5-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/b2994f98-b0bc-47f2-9e30-c9589458b956.png@avif | 188.114.96.1 | 200 OK | 8.2 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/b2994f98-b0bc-47f2-9e30-c9589458b956.png@avif IP188.114.96.1:443
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hashc9f80a2b67be40ab5401282dcb73de14 7a044c3c030282bb328dcb0e997f4a5f01a4ee31 22209941fc0d1004e53d884eb9e254bcdcb318600d97375fccf29f17d6e4892f
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/b2994f98-b0bc-47f2-9e30-c9589458b956.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:24 GMT
content-type: image/avif
content-length: 8235
cache-control: public, max-age=31536000
content-disposition: inline; filename="b2994f98-b0bc-47f2-9e30-c9589458b956.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY2MmI5ODQ1LTJmMGM3Ig"
x-request-id: -uqQjjJJokUe1gJl7Ejq_
cf-cache-status: HIT
age: 75865
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eSXB%2FqwzUHptjKHqIh5ESp7Pa%2F3jOpJyOWfiIRmzaTr4J7QcEkMZqXN1DSxtiQ8F7VlSMv1M%2F5C%2By2E9YQnp9rWgpfVf96dWI%2BGy7QZ%2FlVM7bD%2B%2F4bdqyrCg%2FaBKqaf0lO%2FbO6mPQX0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7dfecba556c5-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/1win-normal.34748aac6.svg | 154.197.121.128 | 200 OK | 4.6 kB |
URL GET HTTP/21win-cdn.com/img/1win-normal.34748aac6.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash6a657a7851fa92f791304f1cdb123e9a ae2def67a366ffe67578bf82e3c47b4f1966e784 8443e4838f78a5ad2efa628846e3337e1cec32b94cfce323eb25f2e97989a02f
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/1win-normal.34748aac6.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:23 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-1221"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 4574
expires: Wed, 08 May 2024 22:25:23 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7df7bfee568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/endorphina.20b721ba6.svg | 154.197.121.128 | 200 OK | 7.1 kB |
URL GET HTTP/21win-cdn.com/img/endorphina.20b721ba6.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hasha89aae2f962bcb01ecb8e3ddd113b797 706e09d5fa8312ec4cd3c7ca606ad19edca158d9 3a3f4f70b1c092a12634c8a8fbf3409fa001ee6d9a1eed7f0a3a5cfe5866dd6a
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/endorphina.20b721ba6.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:23 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-1bc9"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 4086
expires: Wed, 08 May 2024 22:25:23 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7dfbc872568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/common/banners/all-v2?lang=en&type=desktop&bannersType=casino&localeId=1 | 154.197.121.128 | 200 OK | 18 kB |
URL GET HTTP/21win-cdn.com/common/banners/all-v2?lang=en&type=desktop&bannersType=casino&localeId=1 IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /common/banners/all-v2?lang=en&type=desktop&bannersType=casino&localeId=1 HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1wsxxy.life
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:23 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: *
etag: W/"74b7-O5lLwIV3AVAG3EviqB76JwpSFrs"
vary: Origin
expires: Wed, 08 May 2024 18:25:23 GMT
cache-control: max-age=0
x-frame-options: DENY
cf-cache-status: DYNAMIC
set-cookie: __cf_bm=AxGWJe38R0ckNzevptPxMQpJVkivWk899ozkb3XFkUQ-1715192723-1.0.1.1-WaWeIHkIqFk6vpKhdJTM9HWTBiFtJWaYZYN0a5MmGURDeATWGTc4m.S6gQ8K9CBD5MdRZGR16QsIscgdGge3_w; path=/; expires=Wed, 08-May-24 18:55:23 GMT; domain=.1win-cdn.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 880b7df8a8db5699-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/quickspin.d9067a98a.svg | 154.197.121.128 | 200 OK | 2.4 kB |
URL GET HTTP/21win-cdn.com/img/quickspin.d9067a98a.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash2981087d9047df84f1f173886d7f2353 27ee3db1546e61fb1042fe15065f39266f85bcc8 5dcab82097da033050612cbf50989d6cc9d2fe6823af9c8ea82affdc504e5a3d
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/quickspin.d9067a98a.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:24 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-954"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6955
expires: Wed, 08 May 2024 22:25:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7e01ac1a568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/500_i18_bg.d251a9b83-1508.png | 0.0.0.0 | | 0 B |
URL GET 1win-cdn.com/img/500_i18_bg.d251a9b83-1508.png IP0.0.0.0:0
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/500_i18_bg.d251a9b83-1508.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/bfgames/504da159-fe8b-45f0-a2b5-90ac16e8263c.png@avif | 188.114.96.1 | 200 OK | 7.5 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/bfgames/504da159-fe8b-45f0-a2b5-90ac16e8263c.png@avif IP188.114.96.1:443
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hashcca7de2f4c0331203440d22d9e53025b 620b9e1260ada674b3c5c61224eee105d0ee03e8 fc6bed134e0eb89e96d392bcf35d1843f2dabdbf205aaf87925c2492931d8aa8
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/bfgames/504da159-fe8b-45f0-a2b5-90ac16e8263c.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:24 GMT
content-type: image/avif
content-length: 7546
cache-control: public, max-age=31536000
content-disposition: inline; filename="504da159-fe8b-45f0-a2b5-90ac16e8263c.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY2MjhiZDhhLTdiMGI3Ig"
x-request-id: q2V5Eq0PnZXH0zRCbB4eR
cf-cache-status: HIT
age: 85320
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ImKwWbIQJN0MxNgorn3UWdBQfRFksiZxggw4616wxESCzfToqrGHZRtq3DFLK2js4j7M7Jopw49muEHxtHjcb3fipI38m6OnjTYqHnzIaXaZ%2BHGT%2Fp7nwMy8YxzNHZxBHkTFRWk0pCE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7dfebb7156c5-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/edict.ca67383de.svg | 154.197.121.128 | 200 OK | 13 kB |
URL GET HTTP/21win-cdn.com/img/edict.ca67383de.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash7794e14088c92dc44e186b65dfd0782b f81ec0b93e38339b2e2f8f94d2f7c568b8943fff c7f35f1baf838b1d2df12f6f0c9ec002d9fc4f57fcee414b74fad3cabb71864a
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/edict.ca67383de.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:24 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-3206"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5268
expires: Wed, 08 May 2024 22:25:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7e00b9ed568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/spinmatic.f74cf69af.svg | 154.197.121.128 | 200 OK | 2.2 kB |
URL GET HTTP/21win-cdn.com/img/spinmatic.f74cf69af.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash12c6733c47b71d93b36447dcb999d080 f6440015ef35215d9009b4f08340145df1f7d9e1 fb365d3e4d36a26db4aae3e00690d0b35f5289b5e80c371ed687b7239be22f07
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/spinmatic.f74cf69af.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:24 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-86d"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6955
expires: Wed, 08 May 2024 22:25:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7e021d02568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/icons-pack-casino.fd47961dc.js | 154.197.121.128 | 200 OK | 91 kB |
URL GET HTTP/21win-cdn.com/js/icons-pack-casino.fd47961dc.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Hashcaf103b3719cd36e18dd18439deac2fe b2e498d23c374abbc8ccd46f2ca03cb2bb2f41a3 4b280d2612a827e6604aef233c91cfd79b359a47065c728a350d0646c5c8a68c
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/icons-pack-casino.fd47961dc.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:24 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-164f9"
expires: Sat, 06 May 2034 18:25:24 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 694649
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7dff4f0a568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/leap.f4cfad944.svg | 154.197.121.128 | 200 OK | 2.5 kB |
URL GET HTTP/21win-cdn.com/img/leap.f4cfad944.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash9129fc106fce1317a16bb3acbd708de8 64dead6ad9646ce68218ae82cf9d369811d3b88d 993824f1fe4aa4c5c4132998d9b0a11fb719a92494f86e32d015a980473a59af
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/leap.f4cfad944.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:24 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-99d"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6955
expires: Wed, 08 May 2024 22:25:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7e016b75568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| www.googletagmanager.com/gtm.js?id=GTM-KGKQDC7 | 142.250.74.168 | 200 OK | 366 kB |
URL GET HTTP/2www.googletagmanager.com/gtm.js?id=GTM-KGKQDC7 IP142.250.74.168:443
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT
Size366 kB (365772 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /gtm.js?id=GTM-KGKQDC7 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 08 May 2024 18:25:23 GMT
expires: Wed, 08 May 2024 18:25:23 GMT
cache-control: private, max-age=900
last-modified: Wed, 08 May 2024 18:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 106240
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/f51cce21-58c1-4eb1-9007-4479643090b3.png@avif | 188.114.96.1 | 200 OK | 8.8 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/f51cce21-58c1-4eb1-9007-4479643090b3.png@avif IP188.114.96.1:443
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hash49d2aff62a5f65af8f21520b8b5ad048 53daf9a734a49ef492e912c320d5ec7a16c69b74 1cd2f877a44df91f72bc7697fbbec47bb4f7b08545494a8985c4e45f3d491810
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/f51cce21-58c1-4eb1-9007-4479643090b3.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:24 GMT
content-type: image/avif
content-length: 8822
cache-control: public, max-age=31536000
content-disposition: inline; filename="f51cce21-58c1-4eb1-9007-4479643090b3.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY2M2ExZjA5LTJlMmRmIg"
x-request-id: DTGprLR6oKtjcbQSQ5vTF
cf-cache-status: HIT
age: 102048
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ELsJFTlVDoznHkGjLuPcFzXr99XCJpsKkx%2B7Mp91MxYGpc8RK%2Fck%2FKIQTklNhxs8NCTL7Ma7HrxTBnAnPwK4O6iE5jDqXVObVeSwiEroXHL4UIADZIFI4QKHWTn9JTFMEA2N2xIl%2BxU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7dfe9b4756c5-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/smartsoft.d4a2c90f3.svg | 154.197.121.128 | 200 OK | 4.4 kB |
URL GET HTTP/21win-cdn.com/img/smartsoft.d4a2c90f3.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hashe363d734db0fb177f2d082d5ec933b2e 21840bbc0a0843627d204818be4abba494436a12 ba8913cfda5417b5d2d8015dd340def1fc7cec97a5c875ba14590a044a5daa53
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/smartsoft.d4a2c90f3.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:24 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-112f"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 4066
expires: Wed, 08 May 2024 22:25:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7e020ce0568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/38209.ce0dbb534.js | 154.197.121.128 | 200 OK | 1.3 kB |
URL GET HTTP/21win-cdn.com/js/38209.ce0dbb534.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (1359), with no line terminators Hash8cac0a300131504f4cdf9de98e24c2bc c76c49c15203750221970fefea15fe0352bb9978 a213d9451b50ae86bd8e75883092b22dedfcdc6ae2e26f5dd9c7de3d8957c16d
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/38209.ce0dbb534.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:23 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-51f"
expires: Sat, 06 May 2034 18:25:23 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 684711
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7df6fdad568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/playson.2ff1c7d85.svg | 154.197.121.128 | 200 OK | 2.8 kB |
URL GET HTTP/21win-cdn.com/img/playson.2ff1c7d85.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash241ae7d1512148f38162202a1838bcf7 7937917d26b57052c052b0cce94f5d1697c8caa7 a6bbee3377db6138a13bd0bd2bc21f778d1f5744a38653efe4acb48d8078367e
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/playson.2ff1c7d85.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:24 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-ae5"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5268
expires: Wed, 08 May 2024 22:25:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7e01abf3568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/css/index.fd224ee8e.css | 154.197.121.128 | 200 OK | 6.2 kB |
URL GET HTTP/21win-cdn.com/css/index.fd224ee8e.css IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeASCII text, with very long lines (6186), with no line terminators Hashc218042c31114bc4c7a311d8b19cb43e c6e84556a091c219daf13d98091e46a6623b7b5d d9600b9cedc5ef763fc5d021974dede1a25f1449d2b42d496044932ed716edf5
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /css/index.fd224ee8e.css HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:21 GMT
content-type: text/css
last-modified: Thu, 04 Apr 2024 11:31:45 GMT
etag: W/"660e8fa1-1823"
expires: Sat, 06 May 2034 18:25:21 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 697956
set-cookie: __cf_bm=uroKH2vxmhZCCPyDG5cZ._BgfGwq8DcotNCdSfRbKYo-1715192721-1.0.1.1-Sq1BuD59QQ30I08.W0lph95AY8uVQlF_EToGZ3jc8pTTK0UcezqHND0bA2AGvK8kZFTh0FQpfCvlC87xONLEYA; path=/; expires=Wed, 08-May-24 18:55:21 GMT; domain=.1win-cdn.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7defe900568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/57460.093f52cba.js | 154.197.121.128 | 200 OK | 438 B |
URL GET HTTP/21win-cdn.com/js/57460.093f52cba.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (460), with no line terminators Hash6dec8ed713dfd3300ca7f2907fe2f259 a467664dd1f209c8b7360ae5088144073d4b6272 a359d5ee11e7b5c08922355687a9b639fb2d73f1a259db499e935d49dfba9386
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/57460.093f52cba.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:23 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-1b6"
expires: Sat, 06 May 2034 18:25:23 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 694687
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7dfb0efa568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/belatra.1e7508387.svg | 154.197.121.128 | 200 OK | 5.1 kB |
URL GET HTTP/21win-cdn.com/img/belatra.1e7508387.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash3a3db4a05ec45ff249ff2330cc6131d9 d4e82a85d11863ae6e91cf542676f8ed0dc5a130 356a6b1e0c2826d245756e52b8505d57e4cc1d2059957fe6fa4b4c37ce6754ff
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/belatra.1e7508387.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:24 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-13fa"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6045
expires: Wed, 08 May 2024 22:25:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7e006958568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/a9a10eb5-1f81-4bea-bdf4-8257caba9ca3.jpg@avif | 188.114.96.1 | 200 OK | 4.9 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/a9a10eb5-1f81-4bea-bdf4-8257caba9ca3.jpg@avif IP188.114.96.1:443
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hashd628c0ddaa84c22e5e28c7f05e2badd5 43a3d8aff9d0cc1ffb87c7f1ae6ea1a34b68e51e 46debe0231b7815549872a1a81e09374c40db5a3e6ff0d23cde4a1d5706e3be0
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/a9a10eb5-1f81-4bea-bdf4-8257caba9ca3.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:24 GMT
content-type: image/avif
content-length: 4938
cache-control: public, max-age=31536000
content-disposition: inline; filename="a9a10eb5-1f81-4bea-bdf4-8257caba9ca3.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY2MmI1YzY1LWJmMTgi"
x-request-id: hfX33J938_EHQRn2jKmaI
cf-cache-status: HIT
age: 76727
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=I%2FNjV%2BhIbHzY7Ir9N0yu9OVYAYXANGGyurYrOkWxwVFQeKvr23EIlx0gYq%2FbYA3tInAFQXq0rgqZYFk8SA2uZyPAVAnBdaiOqO5C4s5jAzsXuO3Dn3AcE6icWrYcpI9NXxHjfDtb7yY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7dff3c7c56c5-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/silverback.297288e25.svg | 154.197.121.128 | 200 OK | 42 kB |
URL GET HTTP/21win-cdn.com/img/silverback.297288e25.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash2910b9f6ba7f900a0246432d2777b217 86b09b58a3eb69c70f175e577cfefd4efe1dfa0c b5274849cf17745568ee5854a736f1ca11cf874511dc6554884c6083155fdde2
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/silverback.297288e25.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:24 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-a2dd"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5268
expires: Wed, 08 May 2024 22:25:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7e020cd9568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/flags/en.svg | 154.197.121.128 | 200 OK | 2.2 kB |
URL GET HTTP/21win-cdn.com/img/flags/en.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash79e4258317717cae7d54221d403e28d4 85a14a9c6aa03cf4c9ec9e942a06e5987cb61d0a 0b0d98ecb898886bc24f0a6859a7a76034f960374c9914370e69d3ac7467a697
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/flags/en.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:23 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-8ae"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 3577
expires: Wed, 08 May 2024 22:25:23 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7df7bfed568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/red%20tiger.157f419e2.svg | 154.197.121.128 | 200 OK | 15 kB |
URL GET HTTP/21win-cdn.com/img/red%20tiger.157f419e2.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hashf0a8d4ae6c95b6d6b2b0bbbaa62aad9d 9ea188283d324f5c87a802c14ec3386167e7e2a8 4572ee67d26acf1ccb35decf47651e67464a7dc0a438d79c721b9ba739f14d2e
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/red%20tiger.157f419e2.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:24 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-3990"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6955
expires: Wed, 08 May 2024 22:25:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7e01bc22568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/spadegaming.8dc1e9a8e.svg | 154.197.121.128 | 200 OK | 3.8 kB |
URL GET HTTP/21win-cdn.com/img/spadegaming.8dc1e9a8e.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash747a1c4577c4f0216b3c2312e11b1950 c38313a9fb030d29f16ed7bbc1dab939a874aff5 e6e69bc9af907311e8e0d47d368dc74a985349748dc05803b4717e4aa8a3f6c1
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/spadegaming.8dc1e9a8e.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:24 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-edd"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6955
expires: Wed, 08 May 2024 22:25:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7e021ceb568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/7mojos%20slots.c8ad63b4f.svg | 154.197.121.128 | 200 OK | 9.0 kB |
URL GET HTTP/21win-cdn.com/img/7mojos%20slots.c8ad63b4f.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hashee7f334d83ac78ee94aa7cb499a7d252 acaf3f1ec2dd643c920f036bceed9922c4398d9a eef20c5785f1ea1445bc5d54982011d999ae577a2d354eb7035465336ad1555b
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/7mojos%20slots.c8ad63b4f.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:24 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-233d"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6058
expires: Wed, 08 May 2024 22:25:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7e004905568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/playtech.cecac3222.svg | 154.197.121.128 | 200 OK | 2.6 kB |
URL GET HTTP/21win-cdn.com/img/playtech.cecac3222.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash54cb545ad750e3e670cc7cfaed81c2d4 f808d9b539d13d64c4b405da4dca9b0db732b87e 2bcda89b73c859c34d62c330205d603cb247ae31b00e987f3c3bfaaa3ba2a64e
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/playtech.cecac3222.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:24 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-a00"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 4669
expires: Wed, 08 May 2024 22:25:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7e01abfa568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/apollo%20play.610da8846.svg | 154.197.121.128 | 200 OK | 5.5 kB |
URL GET HTTP/21win-cdn.com/img/apollo%20play.610da8846.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash50314c7ffb9d11a02d2c58c66e124e29 3ebfb6e02132e3281c64e7866a621fc9ff43678e c6073fd4fbb0239b24f30fc4d2e90e2d34060adb4854b0b3eb34e5c0e363346d
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/apollo%20play.610da8846.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:24 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-158b"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 2098
expires: Wed, 08 May 2024 22:25:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7e004918568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/1x2%20multiplayer.00302c7de.svg | 154.197.121.128 | 200 OK | 2.6 kB |
URL GET HTTP/21win-cdn.com/img/1x2%20multiplayer.00302c7de.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash113eb6d7137f5f70e8e824f5487e85bd 3d4d5852693e551b81b3d8106608e11bdb3a5080 72f4e464420bdd29f86767f770246a82e37d7d54e601f3f460fdcaf351339a0b
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/1x2%20multiplayer.00302c7de.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:24 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-9fb"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6058
expires: Wed, 08 May 2024 22:25:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7e0038c5568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/css/21758.dae54c10d.css | 154.197.121.128 | 200 OK | 31 kB |
URL GET HTTP/21win-cdn.com/css/21758.dae54c10d.css IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeASCII text, with very long lines (31262) Hash042184ca7fa3adf2a29c3de64253e215 321e3142ce096f24515bf9c5699fda45dcc5e76c 672247ee69b11db439dc0db48c1b8115542d13a4c9c2f23af0a0433b453adc7a
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /css/21758.dae54c10d.css HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:22 GMT
content-type: text/css
last-modified: Mon, 06 May 2024 12:32:27 GMT
etag: W/"6638cddb-7a1f"
expires: Sat, 06 May 2034 18:25:22 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 193124
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7df26d2b568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/spinomenal/8b7e1b16-ec13-4974-937b-011e50d6d22e.png@png | 188.114.96.1 | 200 OK | 43 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/spinomenal/8b7e1b16-ec13-4974-937b-011e50d6d22e.png@png IP188.114.96.1:443
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typePNG image data, 300 x 225, 8-bit colormap, non-interlaced Hasha4184fca63a42e56210aa189e48bb456 157c657bd391974da91c75b5c8263e86ff7a3b04 cb01f6f90cb9b29b1d6953a4e8a7b77fffe5822a66fc8739588ae55eba360a7b
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/spinomenal/8b7e1b16-ec13-4974-937b-011e50d6d22e.png@png HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:23 GMT
content-type: image/png
content-length: 43212
cache-control: public, max-age=31536000
content-disposition: inline; filename="8b7e1b16-ec13-4974-937b-011e50d6d22e.png"
content-security-policy: script-src 'none'
etag: "YivgRLogmnYHS1cXPJjS1dpZXN4A7BZ3bWbLSqbfqjQ/RIjY2MzM3N2Q1LTJiZmI3Ig"
x-request-id: mJp6ixmPsKqDHbLc6UK6f
cf-cache-status: HIT
age: 541277
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2B%2BCJPgOJypTKzPI1sGzCCbPS8cpyUfFvN0on1qHSXRQBG1PxG2FfQtU%2F53VVG%2FKnjsBJ5ZM8mfkxHYmRDp%2BEeGeBcBy9%2BMAsJxBD1mCpGf4%2F6VdA%2B%2FKKZ6Gk5yosZgvrGzZHwmcdjkI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7dfb1e8fb50c-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/spinomenal/3d6e1cf8-4e03-4d43-959a-cc79927803e2.png@png | 188.114.96.1 | 200 OK | 60 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/spinomenal/3d6e1cf8-4e03-4d43-959a-cc79927803e2.png@png IP188.114.96.1:443
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typePNG image data, 419 x 314, 8-bit colormap, non-interlaced Hashb1114eaba3490c2714ed078040315300 b8c82810a527eb4687d0d31d3b01acfe5f2bf98d 615c9f25946b29cb04ada73d21687204757e576f1b4ec629ba9f92eed65cecd1
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/spinomenal/3d6e1cf8-4e03-4d43-959a-cc79927803e2.png@png HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:23 GMT
content-type: image/png
content-length: 60190
cache-control: public, max-age=31536000
content-disposition: inline; filename="3d6e1cf8-4e03-4d43-959a-cc79927803e2.png"
content-security-policy: script-src 'none'
etag: "YivgRLogmnYHS1cXPJjS1dpZXN4A7BZ3bWbLSqbfqjQ/RIjY2MzMzZDA4LTdhYWVjIg"
x-request-id: X5E8GxbH2cl0GfEc6zHbs
cf-cache-status: HIT
age: 39779
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BEatz7MepCM1KfUGp9htlIwiThavkuLar4Roeyh%2B1cEYfKSMLr97WT5dJsvTwOSyRoMwN%2Bs2g5IMgDoiHuw1mriSQSEoJPGf%2BYzIdM%2Bl5wKQiyE1JrFTN1O4ul4Pm4Y2QRhlxTl%2BhqM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7dfb5f02b50c-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/mrslotty/f2949b50-9afc-4594-826a-deb411c8ad55.png@png | 188.114.96.1 | 200 OK | 74 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/mrslotty/f2949b50-9afc-4594-826a-deb411c8ad55.png@png IP188.114.96.1:443
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typePNG image data, 419 x 314, 8-bit colormap, non-interlaced Hash99f30f8323bb56eace4c381612401d4e 543c33c70b694b08d96e7902dc8b94e248df1b27 a7dc00febfdf078256396b59cc0f386532763fd8c21d6a3091f9894297a88344
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/mrslotty/f2949b50-9afc-4594-826a-deb411c8ad55.png@png HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:23 GMT
content-type: image/png
content-length: 73517
cache-control: public, max-age=31536000
content-disposition: inline; filename="f2949b50-9afc-4594-826a-deb411c8ad55.png"
content-security-policy: script-src 'none'
etag: "YivgRLogmnYHS1cXPJjS1dpZXN4A7BZ3bWbLSqbfqjQ/RIjY2MzE0MDM5LTU0MmYzIg"
x-request-id: ckWQ_OEB_RCdcKE5-J8Uh
cf-cache-status: HIT
age: 39779
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uewSiH%2F%2FpF3eR3p4INI7D4dS0A7Fgikd1PMAyZJNvODdUzXqSxPdfVUZslht3xRIfnP6Mj6AVwkOna5hcp8MeTHvcNecD4jYIs%2BGXdHS7uX6bnBb8wzWmpFCrxI0vKKWWAmUKAbufYQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7dfb0e74b50c-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/20420.30b3c996e.js | 154.197.121.128 | 200 OK | 573 B |
URL GET HTTP/21win-cdn.com/js/20420.30b3c996e.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (591), with no line terminators Hash41330d1d45db0c752d96abc28dbb0644 3e716caf3e130d706d19fff163b8fda8b91574eb fbcbcecc2dd56e59b3e7ae495a64eafdbee9d493cd3b86ba0ebe14f75e031dc0
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/20420.30b3c996e.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:23 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-23d"
expires: Sat, 06 May 2034 18:25:23 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 697955
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7dfbe8c2568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/caleta.b1dc71f69.svg | 154.197.121.128 | 200 OK | 1.3 kB |
URL GET HTTP/21win-cdn.com/img/caleta.b1dc71f69.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hashbbba19a0f7e2c3b02a8ca7d7c833eb63 5dd340d9cc4c395174865b155829f3054fb29275 96061a9a0bc3a990d16e91b8c52ca6436dfde7223b3e9741bee8a772f4559ccd
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/caleta.b1dc71f69.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:24 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-518"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6955
expires: Wed, 08 May 2024 22:25:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7e0099c6568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/48430.9af74daeb.js | 154.197.121.128 | 200 OK | 1.2 kB |
URL GET HTTP/21win-cdn.com/js/48430.9af74daeb.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (1192), with no line terminators Hash13ee598a8e47be5a3df2543dc3171f75 630992d944c63ecf139694eb2e3e5ac0047bd23d 602ae541f8651417c75bee8a5666440303481bf090e791bad62894339350c339
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/48430.9af74daeb.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:23 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-496"
expires: Sat, 06 May 2034 18:25:23 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 689064
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7df71e1d568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/6f0dd2ec-e4c8-48ac-a74b-85446e788a97.png@avif | 188.114.96.1 | 200 OK | 8.6 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/6f0dd2ec-e4c8-48ac-a74b-85446e788a97.png@avif IP188.114.96.1:443
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hash851044354a677edd3f4a6c5a971ee6df e846f0d82a3ae1c3a677674778ab813f71394600 546d3217a882296bac2bb84ed23d35c4c07d5bcae8b97cff093aeb3ba4f32f2c
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/6f0dd2ec-e4c8-48ac-a74b-85446e788a97.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:24 GMT
content-type: image/avif
content-length: 8607
cache-control: public, max-age=31536000
content-disposition: inline; filename="6f0dd2ec-e4c8-48ac-a74b-85446e788a97.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY2MzhkMDhjLTRjYjlmIg"
x-request-id: 7UpLCZjPhEsINhBNkSQy1
cf-cache-status: HIT
age: 192882
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xN5BifgubuwvFtjvvRyVDXuSAhSiMDdR0Hv4Xsz9G0x2VDj6EGy8EzJWn7pSaNq3aUp1IkHz4YN%2FfaJs0OwqIlR5vc0tWLD8MgEtNEBb%2FoOHIXYu2Q4EkEzfAe5OouHXGqBVBSc%2BKM0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7dfe8b1656c5-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/elk.c0f58697d.svg | 154.197.121.128 | 200 OK | 983 B |
URL GET HTTP/21win-cdn.com/img/elk.c0f58697d.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash58995520e7430cd69b54d08c244aacc1 3db7918420563842879038fd5b4ba2050458ddeb 5110cb34328fe32430f0ef1a8a85709a1245aa2df8d876656a6dd74c8ed5accb
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/elk.c0f58697d.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:24 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-3d7"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5268
expires: Wed, 08 May 2024 22:25:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7e00b9f9568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/66512.d3b9afb82.js | 154.197.121.128 | 200 OK | 759 B |
URL GET HTTP/21win-cdn.com/js/66512.d3b9afb82.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (777), with no line terminators Hashcb6fca85eef64397cba0320543b40d92 8832706404854e9b78dda970c87d17a0629016bd 7bf26beea8948e6afad264491eb02a264a252fb30c6a620c178a27b2a1477a65
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/66512.d3b9afb82.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:23 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-2f7"
expires: Sat, 06 May 2034 18:25:23 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 689034
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7df818fb568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/4theplayer.f89265cdd.svg | 154.197.121.128 | 200 OK | 4.2 kB |
URL GET HTTP/21win-cdn.com/img/4theplayer.f89265cdd.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash5cb7cf2507e642be8dd905487dc5ab67 68ad93bac5948542dade50964d8384eb9bff3573 f5bc2b7e50f7ecad4b80ce6102973c2cba12fdbd502b64505788c6f82ba08b66
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/4theplayer.f89265cdd.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:24 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-1067"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6058
expires: Wed, 08 May 2024 22:25:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7e0038ed568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/habanero.92654c79c.svg | 154.197.121.128 | 200 OK | 3.6 kB |
URL GET HTTP/21win-cdn.com/img/habanero.92654c79c.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash9d25ca67fcccda561c314873654994a8 0e5592059d8c6114a25d0affd4af7e50e44d36af e43f0e0abd0ae12393dc2b91c459fdcf045669e63be099f9cb44cd37904bd761
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/habanero.92654c79c.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:24 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-de9"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6955
expires: Wed, 08 May 2024 22:25:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7e015b50568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/softswiss/4c1e97af-60e9-4cf4-a42b-25a52dc00c86.jpg@png | 0.0.0.0 | | 0 B |
URL GET imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/softswiss/4c1e97af-60e9-4cf4-a42b-25a52dc00c86.jpg@png IP0.0.0.0:0
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/softswiss/4c1e97af-60e9-4cf4-a42b-25a52dc00c86.jpg@png HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
|
|
| 1win-cdn.com/img/betsolutions.5d0a153ca.svg | 154.197.121.128 | 200 OK | 1.6 kB |
URL GET HTTP/21win-cdn.com/img/betsolutions.5d0a153ca.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash066b7782f9f8acb732cd85f2df1344ac 7bb3c193cb5dd835fec3e3ce7ed032be4200afc9 95ee3f610ca3eb081f9fd0b7c61dc40ea0e5f470b0ba72dee69c1a06a9198e35
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/betsolutions.5d0a153ca.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:24 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-61d"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5268
expires: Wed, 08 May 2024 22:25:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7e007977568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/1spin4win.bb21057a4.svg | 154.197.121.128 | 200 OK | 1.2 kB |
URL GET HTTP/21win-cdn.com/img/1spin4win.bb21057a4.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hashc7e582dcd4acb7d74e4065abbe28183e d04183d1e1dc6665f54a667c7977b6c6a3672791 671ef5f707012d29c043164d157ca7028d371107dca629046657198f1f0173c8
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/1spin4win.bb21057a4.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:24 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-4da"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6058
expires: Wed, 08 May 2024 22:25:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7e0028b8568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/spearhead.27c37f3dd.svg | 154.197.121.128 | 200 OK | 1.2 kB |
URL GET HTTP/21win-cdn.com/img/spearhead.27c37f3dd.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hashb7d0037b4b499acbf11a3a7d22d9f7e8 b4a122e841ea28158af2f35adaf0b802713ffda3 aaa2c2f064d9c7709062169ce8ef64c7e6158b89d6700351c1be538cb0bdc0fe
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/spearhead.27c37f3dd.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:24 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-4aa"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1817
expires: Wed, 08 May 2024 22:25:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7e021cee568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/zillion.c0e3dd6f0.svg | 154.197.121.128 | 200 OK | 684 B |
URL GET HTTP/21win-cdn.com/img/zillion.c0e3dd6f0.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hashd9e09ca4e933fc8dabb60c1335cb7cd6 37b3bb2ea200f88ae0f7c681547dfba6fcce1449 fb15bc779be9be33fbb41082ce8c6defe5cbeb6273b2a3cf620e40ef4416c177
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/zillion.c0e3dd6f0.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:24 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-2ac"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1817
expires: Wed, 08 May 2024 22:25:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7e026d91568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| www.googletagmanager.com/gtag/destination?id=DC-12688802&l=dataLayer&cx=c | 142.250.74.168 | 200 OK | 204 kB |
URL GET HTTP/3www.googletagmanager.com/gtag/destination?id=DC-12688802&l=dataLayer&cx=c IP142.250.74.168:443
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT
File typeJavaScript source, ASCII text, with very long lines (1822) Size204 kB (203501 bytes) Hashca337a5ea1228f0d2bd9e1998a40317f fd8ebfc0a31f49515714d3e75e0d3367f5f54e18 e5511669d8713e421ab7e218cfbd62c423fa1001d44491020a0308b8e03a7e91
GET /gtag/destination?id=DC-12688802&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 08 May 2024 18:25:25 GMT
expires: Wed, 08 May 2024 18:25:25 GMT
cache-control: private, max-age=900
last-modified: Wed, 08 May 2024 18:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 73881
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| imgproxy.1win-cdn.com/unsafe/banner_desktop_casino_1x/plain/https://1win-cdn.com/casino-images/game_of_week/b019bc91-5277-41df-811a-32da4215ae5d.png@avif | 188.114.96.1 | 200 OK | 16 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/banner_desktop_casino_1x/plain/https://1win-cdn.com/casino-images/game_of_week/b019bc91-5277-41df-811a-32da4215ae5d.png@avif IP188.114.96.1:443
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hash49373c5e183f23c97578f20822c9f29d 65426c38d19327505ec0a8a65d1587b3aa33a616 1902110c0d46c029edfd22f99a97ac7d267ea86ce53121b8c41fe895faf31176
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/banner_desktop_casino_1x/plain/https://1win-cdn.com/casino-images/game_of_week/b019bc91-5277-41df-811a-32da4215ae5d.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:23 GMT
content-type: image/avif
content-length: 16274
cache-control: public, max-age=31536000
content-disposition: inline; filename="b019bc91-5277-41df-811a-32da4215ae5d.avif"
content-security-policy: script-src 'none'
etag: "aAW6VDAor011uV9XSvPmkLd6FEDbuXicemelEDsn6Hk/RIjY2MzlkZTFiLWFlM2JmIg"
x-request-id: qHKP5yEE_G0C9p-m2JHU2
cf-cache-status: HIT
age: 124185
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xfqUEydcMrC4%2BDMJFuJFcYYcy3YU9GAkWq8DwKyXAp34S5mu5MgRUZMZbyggOZh6Fi5YuXUBMlXkGMSTC%2Ft6FnAo0nnCDzCP%2Fl5EvE70QFS4G9cQQslXZzRNXBJFfmVSEQzP%2F5pFqec%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7dfb0e70b50c-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/infingames/ada717cd-e63b-40b2-adbf-c1009964d6f0.png@png | 188.114.96.1 | 200 OK | 0 B |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/infingames/ada717cd-e63b-40b2-adbf-c1009964d6f0.png@png IP188.114.96.1:443
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/infingames/ada717cd-e63b-40b2-adbf-c1009964d6f0.png@png HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:23 GMT
content-type: image/png
content-length: 68585
cache-control: public, max-age=31536000
content-disposition: inline; filename="ada717cd-e63b-40b2-adbf-c1009964d6f0.png"
content-security-policy: script-src 'none'
etag: "YivgRLogmnYHS1cXPJjS1dpZXN4A7BZ3bWbLSqbfqjQ/RIjY2MWNlZTJkLTZiYjFhIg"
x-request-id: lpiw6FoYseqVjFN4ho_8-
cf-cache-status: HIT
age: 81175
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eShBaE3WYRjxQx7yshShtVxZgmS8TUWwG7m6rOYLPl%2BFzOYZ4fVFf0vI5fMnnFwsS462Rb6OppfPfN7PQ7z4lb1Z0TnN6y3sU1dsH5A5kpQV9IOVjJx0j21UcBenETA4UHYsHHKb6fo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7dfc48ffb50c-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/spinomenal/2515f2c0-ae9e-4f23-9457-5b35e6ff5705.png@avif | 188.114.96.1 | 200 OK | 9.8 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/spinomenal/2515f2c0-ae9e-4f23-9457-5b35e6ff5705.png@avif IP188.114.96.1:443
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hashb7da0c762e70d19be1e5aedcc005e7cf 91ef993f55204ce127d13e1b939cb9d1c783dea4 15cc8e315fa6d52455692d2896febcbac73fbfa666c2a0b9fb72920590604416
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/spinomenal/2515f2c0-ae9e-4f23-9457-5b35e6ff5705.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:24 GMT
content-type: image/avif
content-length: 9822
cache-control: public, max-age=31536000
content-disposition: inline; filename="2515f2c0-ae9e-4f23-9457-5b35e6ff5705.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY2MjBlMjM3LTMwMDJlIg"
x-request-id: oWf6X-IpO1pn5lPjjt7fI
cf-cache-status: HIT
age: 85449
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=O4rdp%2FNtq7lA6TL567EfJd%2FCZ2kdO%2Fm%2Fxfu9fVl5kv1jp42k8vnhQLKloNNrGGeJ8n%2FbBzmatndgr8cPDXbn3mij9I01iE0I5p%2FuiZTV39SsZOI5m%2FcOOE%2BF0Nhc9i%2BnjolTA611BEY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7dfe8b0e56c5-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/banner_desktop_casino_1x/plain/https://1win-cdn.com/casino-images/game_of_week/b019bc91-5277-41df-811a-32da4215ae5d.png@png | 0.0.0.0 | | 0 B |
URL GET imgproxy.1win-cdn.com/unsafe/banner_desktop_casino_1x/plain/https://1win-cdn.com/casino-images/game_of_week/b019bc91-5277-41df-811a-32da4215ae5d.png@png IP0.0.0.0:0
Requested byhttps://1wsxxy.life/casino/list/4#7s9r
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/banner_desktop_casino_1x/plain/https://1win-cdn.com/casino-images/game_of_week/b019bc91-5277-41df-811a-32da4215ae5d.png@png HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
|
|
| 1win-cdn.com/img/big%20time%20gaming.e2bd46001.svg | 154.197.121.128 | 200 OK | 5.6 kB |
URL GET HTTP/21win-cdn.com/img/big%20time%20gaming.e2bd46001.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash736482b909f3d90f4b87845b06343f95 05501f25bbd97642449a87b6113fbb3a2cf36f41 68f08269f37245370fb3122fa2c76f755644e1a9cce3e1abb1cda283aff2de62
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/big%20time%20gaming.e2bd46001.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:24 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-15e9"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5268
expires: Wed, 08 May 2024 22:25:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7e00897b568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/platipus.dd3b50ce6.svg | 154.197.121.128 | 200 OK | 3.7 kB |
URL GET HTTP/21win-cdn.com/img/platipus.dd3b50ce6.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash47208726d4dd191a03af9229fc538eb2 0ef7c3f6b3788794db7709213ecaee1b7558a5c2 b27442adef75a0afbde2ad9cacddd4d871e0a302390e6e860c59d627013b32f2
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/platipus.dd3b50ce6.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:24 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-e84"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5268
expires: Wed, 08 May 2024 22:25:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7e018bb9568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| | 104.21.31.189 | 303 See Other | 438 kB |
URL User Request GET HTTP/2IP104.21.31.189:443
CertificateIssuerLet's Encrypt Subject1wmfxs.top FingerprintD9:E2:9B:BD:08:1D:0A:B9:B1:07:65:50:67:32:C5:4C:B0:12:95:3A ValidityTue, 02 Apr 2024 21:20:20 GMT - Mon, 01 Jul 2024 21:20:19 GMT
Size438 kB (438354 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: 1wmfxs.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 303 See Other
date: Wed, 08 May 2024 18:25:21 GMT
content-type: text/html; charset=UTF-8
location: https://1wsxxy.life/casino/list/4#7s9r
referrer-policy: no-referrer
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1IIsBXdLKW8PwhigONHsvBz7DrmqDaQIzmFfDKKth0DjfX%2Bb0NrX%2BGEz77Zu3nlCmCKQ%2FN5OE1evzQ0yWsiYEeV%2BFusAk%2FTfUMQDYc482Kzfmu6nTUvROFo6Dbcz"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880b7dec1c2656cc-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1wsxxy.life/img/icons/favicon-16x16-darkmode.png | 190.115.24.78 | 200 OK | 344 B |
URL GET HTTP/21wsxxy.life/img/icons/favicon-16x16-darkmode.png IP190.115.24.78:443
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerLet's Encrypt Subject1wsxxy.life Fingerprint6C:F2:F1:6E:19:D6:B7:36:4D:06:B6:E4:4A:E8:7F:4A:72:88:B1:6C ValiditySat, 27 Apr 2024 11:51:31 GMT - Fri, 26 Jul 2024 11:51:30 GMT
File typePNG image data, 16 x 16, 8-bit colormap, non-interlaced Hash55101f46ace081073c98f0d75229ae94 384e813b0f35437de99eb269c7d5c76479e20886 e380e9db272a2b59fabadab58a1d0a0ba51fbba121eec2920d4ab7b239b85a5f
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/icons/favicon-16x16-darkmode.png HTTP/1.1
Host: 1wsxxy.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/casino/list/4
Cookie: __ddg1_=NUPB2r5wGQRpS38TTCB6; partner_key=7s9r; visit_domain=1wsxxy.life; core-sticky=http://10.233.84.234:80
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: ddos-guard
date: Thu, 02 May 2024 11:35:36 GMT
content-type: image/png
content-length: 344
last-modified: Thu, 02 May 2024 10:39:39 GMT
etag: "66336d6b-158"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: ALLOW-FROM ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan, ALLOW-FROM 1win-partner.com ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan
accept-ranges: bytes
age: 542986
ddg-cache-status: HIT
X-Firefox-Spdy: h2
|
|
| 1wsxxy.life/common/title?path=casino&lang=en | 190.115.24.78 | 200 OK | 29 B |
URL GET HTTP/21wsxxy.life/common/title?path=casino&lang=en IP190.115.24.78:443
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerLet's Encrypt Subject1wsxxy.life Fingerprint6C:F2:F1:6E:19:D6:B7:36:4D:06:B6:E4:4A:E8:7F:4A:72:88:B1:6C ValiditySat, 27 Apr 2024 11:51:31 GMT - Fri, 26 Jul 2024 11:51:30 GMT
File typetroff or preprocessor input, ASCII text, with no line terminators Hash55d138477f5d21b2864ed51b2aa3b446 f493c01dcf90c45f2334b9ca47839ce0a014222b 456ce42d8f0a396a6549e0fc1e00649162a0391884d40a887f013a53f681f37b
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /common/title?path=casino&lang=en HTTP/1.1
Host: 1wsxxy.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/casino/list/4
Cookie: __ddg1_=NUPB2r5wGQRpS38TTCB6; partner_key=7s9r; visit_domain=1wsxxy.life; core-sticky=http://10.233.84.234:80; 1w_lang=en; 1w_locale=1; AMP_494cccfe21=JTdCJTIyZGV2aWNlSWQlMjIlM0ElMjI5ZWY4OGNjYS0wMjRhLTRmNTMtYjIwOC03MjhmODk5OTBhMDglMjIlMkMlMjJzZXNzaW9uSWQlMjIlM0ExNzE1MTkyNzIyNTQzJTJDJTIyb3B0T3V0JTIyJTNBZmFsc2UlMkMlMjJsYXN0RXZlbnRUaW1lJTIyJTNBMTcxNTE5MjcyMjU3OSUyQyUyMmxhc3RFdmVudElkJTIyJTNBMCU3RA==; AMP_MKTG_494cccfe21=JTdCJTdE
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: ddos-guard
date: Wed, 08 May 2024 18:25:24 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=3600, stale-while-revalidate=300
etag: W/"25-bM/5z02X/xOkKbh8eZCiJpcKcd0"
vary: Origin, Accept-Encoding
x-frame-options: ALLOW-FROM ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan, ALLOW-FROM 1win-partner.com ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/fugaso.1a40d61ad.svg | 154.197.121.128 | 200 OK | 2.4 kB |
URL GET HTTP/21win-cdn.com/img/fugaso.1a40d61ad.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hashfbe83afa72fe7a858d1fcd467a7e3acb 5dc85aabeac449d7287662a7b6ffe2936e447b84 21f646343e711bc51884ff1699ff6dc11de867dd10a58fee0ad946c197d46cc0
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/fugaso.1a40d61ad.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:24 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-951"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 4266
expires: Wed, 08 May 2024 22:25:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7e00da33568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/max%20win%20gaming.00fa88483.svg | 154.197.121.128 | 200 OK | 763 B |
URL GET HTTP/21win-cdn.com/img/max%20win%20gaming.00fa88483.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash6887ef2393d55338db36ccf501d3b364 cada230cfe07fd9fda37cfde92abc048879815bf 9a8cda3aaf7794cfa521832e211f826e61a93bbe5c0105671dc790b6bed65732
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/max%20win%20gaming.00fa88483.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:24 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-2fb"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5268
expires: Wed, 08 May 2024 22:25:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7e017b83568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/reelplay.06dc7f4c0.svg | 154.197.121.128 | 200 OK | 25 kB |
URL GET HTTP/21win-cdn.com/img/reelplay.06dc7f4c0.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hashb322085b94eec118c20d5acba9ea8465 616f9440231bd629e6d2b6aea1d1baac51386151 542c8ac685d4bf37c20fe8c1b758db347c1300495f467ee0cf4d335239c42b26
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/reelplay.06dc7f4c0.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:24 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-60b9"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1817
expires: Wed, 08 May 2024 22:25:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7e01bc28568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| www.googletagmanager.com/gtag/js?id=AW-16482547739&l=dataLayer&cx=c | 142.250.74.168 | 200 OK | 253 kB |
URL GET HTTP/3www.googletagmanager.com/gtag/js?id=AW-16482547739&l=dataLayer&cx=c IP142.250.74.168:443
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT
File typeJavaScript source, ASCII text, with very long lines (4179) Size253 kB (252782 bytes) Hash3a459abcc00c750c2f5c0c9b4c223a81 60601bb193374c9c662f94b1a064945159fcbccc 8188f56fe943fad65d19ea21bfeb0e38ede0a7b49f210299ecd93dc4a4051c1c
GET /gtag/js?id=AW-16482547739&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 08 May 2024 18:25:25 GMT
expires: Wed, 08 May 2024 18:25:25 GMT
cache-control: private, max-age=900
last-modified: Wed, 08 May 2024 18:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 87601
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/relax/0e39274e-0fac-4af8-a59e-37a6d80e3e51.jpg@png | 0.0.0.0 | | 0 B |
URL GET imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/relax/0e39274e-0fac-4af8-a59e-37a6d80e3e51.jpg@png IP0.0.0.0:0
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/relax/0e39274e-0fac-4af8-a59e-37a6d80e3e51.jpg@png HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/ada717cd-e63b-40b2-adbf-c1009964d6f0.png@avif | 188.114.96.1 | 200 OK | 7.8 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/ada717cd-e63b-40b2-adbf-c1009964d6f0.png@avif IP188.114.96.1:443
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hash6a86c5bb3ff2902051c8a5b9212df604 4c871b9b1b0da3cb252977e3177d302cad6230fd 131c4194037afc4e0e990751d6b75b478eef845d855d2d20bc2722612ddf671c
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/ada717cd-e63b-40b2-adbf-c1009964d6f0.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:24 GMT
content-type: image/avif
content-length: 7785
cache-control: public, max-age=31536000
content-disposition: inline; filename="ada717cd-e63b-40b2-adbf-c1009964d6f0.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY2MWNlZTJkLTZiYjFhIg"
x-request-id: soAn6Cv9FDG1lRMNVYG9M
cf-cache-status: HIT
age: 85354
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NEQbOKMAeew2c6Z9g0qDJUg8eu8jQHPjBxeHVZXYvLypmiurY3dCtBsqRHreijvxMAYT4iHJiCEEso5Fq4vSQQiv7k65eZ2cYKealEHa9lpHsRmt7BS0Vge%2BqBgQW%2FogMMtuOF%2BTnME%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7dfe9b3d56c5-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/3%20oaks%20gaming.a6d146d58.svg | 154.197.121.128 | 200 OK | 2.7 kB |
URL GET HTTP/21win-cdn.com/img/3%20oaks%20gaming.a6d146d58.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash443b070227be618d0513c134be5b65f2 cea77f63f79f4a2406af9f75e29078e40c69f9e3 99766510c4cf78a018e87ef969b90f738755e653efa66e1b5f2f9e6ab7d41ed8
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/3%20oaks%20gaming.a6d146d58.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:24 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-aa2"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6058
expires: Wed, 08 May 2024 22:25:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7e0038e1568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/cyberslots.988fdd12e.svg | 154.197.121.128 | 200 OK | 2.3 kB |
URL GET HTTP/21win-cdn.com/img/cyberslots.988fdd12e.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hashaeeace00abaabb5ae6a47e900873f09b d6e4385ea3efcfbfba30b6f0a58ea08ec9a11a95 0c1fdd20cf809c07733b67a12eb0f3cdc88a57ebcbb2ba293a717b4b9b3865ab
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/cyberslots.988fdd12e.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:24 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-901"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5268
expires: Wed, 08 May 2024 22:25:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7e00a9ea568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/retrogames.bb592a878.svg | 154.197.121.128 | 200 OK | 7.3 kB |
URL GET HTTP/21win-cdn.com/img/retrogames.bb592a878.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash58c68473b3dd3ae2f45e31560e366dbf 577748dead61e9aff6756db3bade90442cde170f e4305fe1e258b0357e17b29825d8fcf96aa9e60f453118e4a69066eb2c955207
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/retrogames.bb592a878.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:24 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-1cb4"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5268
expires: Wed, 08 May 2024 22:25:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7e01cc45568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/tvbet.fea6d0222.svg | 154.197.121.128 | 200 OK | 9.4 kB |
URL GET HTTP/21win-cdn.com/img/tvbet.fea6d0222.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hashdaf98e0c0d45cb1db158d09bd07e4959 2c28a0c557fb1cf89267d49d2d5ff2a958f896c9 e3f1319aa5c6feb25f6b42156eda20d784b7a7fa6ed97488292a7f5e23b44ab4
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/tvbet.fea6d0222.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:24 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-24ca"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 4152
expires: Wed, 08 May 2024 22:25:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7e024d59568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/apparat.f7a706d8e.svg | 154.197.121.128 | 200 OK | 387 B |
URL GET HTTP/21win-cdn.com/img/apparat.f7a706d8e.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hashc263fae5892b9bdd3fa5e761a8aeb723 4646d9080fe51e04962c1f2dabf13119c6d71a41 2a333baf6e1f1e4d92fa73faae466563009d96e860c1423519b890b68153b70d
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/apparat.f7a706d8e.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:24 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-183"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6955
expires: Wed, 08 May 2024 22:25:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7dfd5b5c568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/23008.ba7ce1428.js | 154.197.121.128 | 200 OK | 6.2 kB |
URL GET HTTP/21win-cdn.com/js/23008.ba7ce1428.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (6332), with no line terminators Hash8e528f0e53a8e22e71a58d90ce158354 33d59d207f8a85df040005cd7f6bad526f5dcdce 466120c304cc1a252c3dfa73eba1e2c3aa722abd83562c89990ed4626ac8d17f
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/23008.ba7ce1428.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:22 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 06 May 2024 08:52:05 GMT
etag: W/"66389a35-1848"
expires: Sat, 06 May 2034 18:25:22 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 205449
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7df61c24568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| static-adm.1win-cdn.com/banner-files/9yYmJ2Tur3tt3XYtW2oVI8DGGkHjXl6mIxs4CN1HVley9FHORmApqK--Ba_jqSnNCnVpU7quGzIx6y3udjY5UnKYhEgasG11otA1.png | 188.114.96.1 | 200 OK | 8.3 kB |
URL GET HTTP/2static-adm.1win-cdn.com/banner-files/9yYmJ2Tur3tt3XYtW2oVI8DGGkHjXl6mIxs4CN1HVley9FHORmApqK--Ba_jqSnNCnVpU7quGzIx6y3udjY5UnKYhEgasG11otA1.png IP188.114.96.1:443
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typePNG image data, 1508 x 488, 8-bit colormap, non-interlaced Hashb7de3691fd1c1a6d6b09078011ffea54 b779cc6b081d228b5982d908fa4121bf89564bcb 8727bf47f35343854ef0783ad29be93c5ee9a73df60956ed43e3c60164bea567
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /banner-files/9yYmJ2Tur3tt3XYtW2oVI8DGGkHjXl6mIxs4CN1HVley9FHORmApqK--Ba_jqSnNCnVpU7quGzIx6y3udjY5UnKYhEgasG11otA1.png HTTP/1.1
Host: static-adm.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:42 GMT
content-type: image/png
content-length: 8313
last-modified: Tue, 13 Feb 2024 22:31:22 GMT
etag: "65cbedba-2079"
cache-control: max-age=14400
cf-cache-status: HIT
age: 1091
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=z5xzRXpOkTXN3l%2F0f6xKk30T%2B%2FshNWYID3O766049hQooGXnbdsTv3Y5eAcLY0bm6dr9fWNY24LMVFqPj5I8LS7S528cAkBTcdal4n1YT4uvL3%2F0Vd1ZBIsbUZXW2gVBAvoBPUw0Cfv%2BIw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7e6e5e6056c5-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/pragmatic/304789e6-5a8e-4b13-828f-c3504fe6e2d4.png@avif | 188.114.96.1 | 200 OK | 9.0 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/pragmatic/304789e6-5a8e-4b13-828f-c3504fe6e2d4.png@avif IP188.114.96.1:443
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hashea24c3b32fe9681c1d4aec12f8f275e3 e9b21c7677b41a27b76649bfaaa44a18c84520d9 6f553f090e8ba0e2cbb116b6b96643c0b89770f4fa950e2e62cdb79ac087c0ea
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/pragmatic/304789e6-5a8e-4b13-828f-c3504fe6e2d4.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:24 GMT
content-type: image/avif
content-length: 8963
cache-control: public, max-age=31536000
content-disposition: inline; filename="304789e6-5a8e-4b13-828f-c3504fe6e2d4.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY2MGU2OWY2LTcwMTk2Ig"
x-request-id: GrDkXLbFEgfeuuyv836W6
cf-cache-status: HIT
age: 76471
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8k8I9ueSI0rmfaMuq6OYXTCr%2BN%2BIr1h%2FSm5KPYhvY3jsETY7upvfOUggqb%2Fh9LIlg4d3f9G2Uz1jygBaJVYk2HSEs3GFiA2Ja68FApmtT%2FuNWzX0zEXWoahpAMhS%2F2gS6euawWduwsI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7dfe9b3256c5-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/e0019621-1e7d-40dc-bc1f-94cb8fd00ce2.jpg@avif | 188.114.96.1 | 200 OK | 6.5 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/e0019621-1e7d-40dc-bc1f-94cb8fd00ce2.jpg@avif IP188.114.96.1:443
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hashde9e62fc51ace3aaad55d5b46d7ed712 03fab1e0a1d54ba1fb67c8e259e23ec5f584215b bc698bf2e8d77bfb7cc5ef99bf1c767a6c6a598edde81d76d629058e371675bb
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/e0019621-1e7d-40dc-bc1f-94cb8fd00ce2.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:24 GMT
content-type: image/avif
content-length: 6494
cache-control: public, max-age=31536000
content-disposition: inline; filename="e0019621-1e7d-40dc-bc1f-94cb8fd00ce2.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY2MDgyOGUzLWViZjci"
x-request-id: Fr-ONARllqQnk3WbnRnJH
cf-cache-status: HIT
age: 74917
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=a7kCFrGVbSWq4%2Fzo7S8idd0GUx6r1cNAgKnzmyZonsEc6E6h%2FEr4gbilIZVvOXi9DYh%2FS0unTB%2Fu5MhpNvXpO58ygp%2BwpT8i0MzWX3vQp0bbYK03%2Fd8xpuPwaZrf89iRPpyBVYtqO3U%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7dfecba356c5-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/wazdan.1cf2cebcc.svg | 154.197.121.128 | 200 OK | 2.0 kB |
URL GET HTTP/21win-cdn.com/img/wazdan.1cf2cebcc.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hashf19410782a9e906c5987a9ec3dec0a8e 9df4dc8c8b7defde41a5caea964099dd1c882245 728bdcd00db7137c2e314ddf1f2dbe368b5a66d31ff5ccf0ca8e8ba83e3da5c9
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/wazdan.1cf2cebcc.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:24 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-7bd"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5268
expires: Wed, 08 May 2024 22:25:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7e025d69568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/electric%20elephant%20.dd56c804d.svg | 154.197.121.128 | 200 OK | 5.2 kB |
URL GET HTTP/21win-cdn.com/img/electric%20elephant%20.dd56c804d.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hashee4b076249d3d52c42ca2f59e03cae25 d072a4002835fbd0279757a42bed97a398e7adf7 9eeb2fb4664558d20a84cd82fb347d73ef91975eb4a5c5ee274b16f3ebd9c495
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/electric%20elephant%20.dd56c804d.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:24 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-143b"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5268
expires: Wed, 08 May 2024 22:25:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7e00b9f8568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| region1.analytics.google.com/g/collect?v=2&tid=G-548949LWLW>m=45je4510v894728184z8894400803za200&_p=1715192722841&_gaz=1&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=1929158001.1715192726&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&_s=1&dp=%2Fcasino%2Flist%2F4&sid=1715192725&sct=1&seg=0&dl=https%3A%2F%2F1wsxxy.life%2Fcasino%2Flist%2F4&dt=1win&en=page_view&_fv=1&_nsi=1&_ss=1&ep.page_url=https%3A%2F%2F1wsxxy.life%2Fcasino%2Flist%2F4&up.UserID=&up.platform_language=en&up.device_type=desktop&up.platform=web&up.os=other&tfd=4356 | 216.239.32.36 | 204 No Content | 0 B |
URL POST HTTP/2region1.analytics.google.com/g/collect?v=2&tid=G-548949LWLW>m=45je4510v894728184z8894400803za200&_p=1715192722841&_gaz=1&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=1929158001.1715192726&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&_s=1&dp=%2Fcasino%2Flist%2F4&sid=1715192725&sct=1&seg=0&dl=https%3A%2F%2F1wsxxy.life%2Fcasino%2Flist%2F4&dt=1win&en=page_view&_fv=1&_nsi=1&_ss=1&ep.page_url=https%3A%2F%2F1wsxxy.life%2Fcasino%2Flist%2F4&up.UserID=&up.platform_language=en&up.device_type=desktop&up.platform=web&up.os=other&tfd=4356 IP216.239.32.36:443
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-548949LWLW>m=45je4510v894728184z8894400803za200&_p=1715192722841&_gaz=1&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=1929158001.1715192726&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&_s=1&dp=%2Fcasino%2Flist%2F4&sid=1715192725&sct=1&seg=0&dl=https%3A%2F%2F1wsxxy.life%2Fcasino%2Flist%2F4&dt=1win&en=page_view&_fv=1&_nsi=1&_ss=1&ep.page_url=https%3A%2F%2F1wsxxy.life%2Fcasino%2Flist%2F4&up.UserID=&up.platform_language=en&up.device_type=desktop&up.platform=web&up.os=other&tfd=4356 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1wsxxy.life
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: https://1wsxxy.life
date: Wed, 08 May 2024 18:25:26 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/31310.c605a9b9f.js | 154.197.121.128 | 200 OK | 528 B |
URL GET HTTP/21win-cdn.com/js/31310.c605a9b9f.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (546), with no line terminators Hash819ea0d23f76434d7cf7bdad5c0dc71f 06f5a3c6cd80db3f5850633d2f868f55e7e92447 3fc29ff364ab40aadf6f25a1d6423b9d333cfecf786e3cfcc04175850357eedb
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/31310.c605a9b9f.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:23 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-210"
expires: Sat, 06 May 2034 18:25:23 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 697557
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7df7bfeb568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/gamomat.593230062.svg | 154.197.121.128 | 200 OK | 643 B |
URL GET HTTP/21win-cdn.com/img/gamomat.593230062.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hashbfaa3d42e6ab264b9080e74f867e85de 5026f5b14a42af9eaaf3d09468fa27728287cdae 9911098f481a732b6e8ae3ff8ce922ae03f087eba0d8359f1ad1a23b8a71e630
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/gamomat.593230062.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:24 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-283"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5268
expires: Wed, 08 May 2024 22:25:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7e011ac0568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-548949LWLW&cid=1929158001.1715192726>m=45je4510v894728184z8894400803za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3lPl2l1&npa=1&frm=0&z=71144101 | 216.58.207.227 | 200 OK | 42 B |
URL GET HTTP/2www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-548949LWLW&cid=1929158001.1715192726>m=45je4510v894728184z8894400803za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3lPl2l1&npa=1&frm=0&z=71144101 IP216.58.207.227:443
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject*.google.no Fingerprint7D:68:6D:B1:32:34:52:51:20:C9:53:FF:B9:B7:8F:7E:05:F9:F5:97 ValidityTue, 16 Apr 2024 04:31:00 GMT - Tue, 09 Jul 2024 04:30:59 GMT
File typeGIF image data, version 89a, 1 x 1 Hashd89746888da2d9510b64a9f031eaecd5 d5fceb6532643d0d84ffe09c40c481ecdf59e15a ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-548949LWLW&cid=1929158001.1715192726>m=45je4510v894728184z8894400803za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3lPl2l1&npa=1&frm=0&z=71144101 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 08 May 2024 18:25:25 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| 1win.direct/v4/socket.io/?Language=en&xorigin=1wsxxy.life&EIO=4&transport=websocket | 134.122.54.186 | 101 Switching Protocols | 0 B |
URL GET HTTP/1.11win.direct/v4/socket.io/?Language=en&xorigin=1wsxxy.life&EIO=4&transport=websocket IP134.122.54.186:443 ASN#14061 DIGITALOCEAN-ASN
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerLet's Encrypt Subject*.1win.direct Fingerprint52:A8:ED:F5:F8:3D:CF:F0:55:C1:2A:96:EA:32:49:27:6C:D8:26:27 ValiditySun, 17 Mar 2024 06:46:18 GMT - Sat, 15 Jun 2024 06:46:17 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /v4/socket.io/?Language=en&xorigin=1wsxxy.life&EIO=4&transport=websocket HTTP/1.1
Host: 1win.direct
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://1wsxxy.life
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 0QB5tvxzXXnE0UY0hno6+g==
DNT: 1
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Sec-Websocket-Accept: h1yMRxBPrycTgEOq16evX2gjS0E=
Sec-Websocket-Extensions: permessage-deflate
Set-Cookie: core-sticky=2d7acae8672f87dd; Path=/; HttpOnly
Upgrade: websocket
|
|
| 1win-cdn.com/img/agt.893343a61.svg | 154.197.121.128 | 200 OK | 1.2 kB |
URL GET HTTP/21win-cdn.com/img/agt.893343a61.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash7ad74db93c568d4ee26b28bd127cda5a 4ab7df3219bc8e68824c09c8f758159829875274 0a4c193bc9415878d304a5fc14e1e45c5390cf8648bb3d0c8ee4827663107f2a
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/agt.893343a61.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:23 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-4be"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 4085
expires: Wed, 08 May 2024 22:25:23 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7dfc08fc568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/aviatrix.b5fd712c8.svg | 154.197.121.128 | 200 OK | 14 kB |
URL GET HTTP/21win-cdn.com/img/aviatrix.b5fd712c8.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hashc92109aa9c320cc21b175481d4219bac 624606f9179e2fe695a087e64df63ec4cedf912b 8892810b3c337925e0e2a61199d9fee94a589789225f916bc9aa6d0b6c76b438
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/aviatrix.b5fd712c8.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:24 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-34fe"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6692
expires: Wed, 08 May 2024 22:25:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7e006952568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/90511.4bc374431.js | 154.197.121.128 | 200 OK | 637 B |
URL GET HTTP/21win-cdn.com/js/90511.4bc374431.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (655), with no line terminators Hasha148eff943a30bc50c489b0cf73349ca 757f5c140878aca4fd1e3c8936e54f6abe59f95f ce9597252bbb61b1a89d84ac59a501e64985510009e7521964cdbf9933e32c09
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/90511.4bc374431.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:23 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-27d"
expires: Sat, 06 May 2034 18:25:23 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 684288
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7df7e872568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/softswiss/e0019621-1e7d-40dc-bc1f-94cb8fd00ce2.jpg@png | 0.0.0.0 | | 0 B |
URL GET imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/softswiss/e0019621-1e7d-40dc-bc1f-94cb8fd00ce2.jpg@png IP0.0.0.0:0
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/softswiss/e0019621-1e7d-40dc-bc1f-94cb8fd00ce2.jpg@png HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
|
|
| 1win-cdn.com/img/slotmill.c42ddd447.svg | 154.197.121.128 | 200 OK | 13 kB |
URL GET HTTP/21win-cdn.com/img/slotmill.c42ddd447.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash39d48e4b982998cd10417bd09dcc0afc 541c60c508d7777db2cd0e49c18cf32219532dd8 3e18df680be6da9246c3675408ec0e7e107891281a863ab9b6377832b44ee48f
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/slotmill.c42ddd447.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:24 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-3313"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5268
expires: Wed, 08 May 2024 22:25:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7e020cdf568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/goldenrace.4bb50c89d.svg | 154.197.121.128 | 200 OK | 2.2 kB |
URL GET HTTP/21win-cdn.com/img/goldenrace.4bb50c89d.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash273a325a862af8a6f05811ac5a7c7f29 936efb3df57c80b5ee35a1ebed295fe90ec13145 0e9220c87c66f8eec886bcb17e5beb3242f287ea3099ff14d81e49c41d2c4d32
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/goldenrace.4bb50c89d.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:24 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-88a"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6955
expires: Wed, 08 May 2024 22:25:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7e014b34568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/liw.134f23084.svg | 154.197.121.128 | 200 OK | 7.8 kB |
URL GET HTTP/21win-cdn.com/img/liw.134f23084.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash264daa943330a145d35b4c46632ff260 9eb716994914e9640f1a2965a0cef6eeb6c2eba0 f0224d25386512226df690d731c56ff27c141f6c608684d2c3d67fa9e26594de
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/liw.134f23084.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:24 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-1e9e"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5268
expires: Wed, 08 May 2024 22:25:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7e016b7c568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/infingames/7b41418c-1d39-4aeb-b8ec-08fea832997e.png@png | 188.114.96.1 | 200 OK | 0 B |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/infingames/7b41418c-1d39-4aeb-b8ec-08fea832997e.png@png IP188.114.96.1:443
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/infingames/7b41418c-1d39-4aeb-b8ec-08fea832997e.png@png HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:23 GMT
content-type: image/png
content-length: 63011
cache-control: public, max-age=31536000
content-disposition: inline; filename="7b41418c-1d39-4aeb-b8ec-08fea832997e.png"
content-security-policy: script-src 'none'
etag: "YivgRLogmnYHS1cXPJjS1dpZXN4A7BZ3bWbLSqbfqjQ/RIjY2MzM5NGY2LTcxNGQyIg"
x-request-id: t2OWTR5TsMwQefUpRqYJE
cf-cache-status: HIT
age: 531662
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=P%2BbBOtkPlpPj66dcyfrC8ktPBtPSnXHQaSZmXiEDKu2G7xD3RTkVgmyXcpakmIox3qBt0SRrBElb1N0Vj9zjTrktbYu%2BmZA01gKP4qGpHFlciYb9OGQUH76wDokjmyck8Jg9dqUaT7I%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7dfc9986b50c-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/elbet.701d0b0cd.svg | 154.197.121.128 | 200 OK | 11 kB |
URL GET HTTP/21win-cdn.com/img/elbet.701d0b0cd.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hashbd34c45017a4b3fe3d0813abbe16f113 2177a96200b95aa21ece71bfcbeadd200904c279 2ac83316161088868fcb56ac9812110d94b73567efab5e25b7387089d1ba7624
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/elbet.701d0b0cd.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:24 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-2a4d"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5268
expires: Wed, 08 May 2024 22:25:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7e00b9f1568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/ezugi.a9c66babd.svg | 154.197.121.128 | 200 OK | 1.4 kB |
URL GET HTTP/21win-cdn.com/img/ezugi.a9c66babd.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash329b99ccd51d8cd3e1a5c8a1b83a84eb ad907259ddfcffb089829ad24a4411ff1cd4b1c0 96e851dca3bca1d7d99061ec91cab28bd2c037ce8732e80a4ed601e86c0e67c4
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/ezugi.a9c66babd.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:24 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-59f"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6955
expires: Wed, 08 May 2024 22:25:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7e00ba1a568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/pragmatic.2e7a96b71.svg | 154.197.121.128 | 200 OK | 2.4 kB |
URL GET HTTP/21win-cdn.com/img/pragmatic.2e7a96b71.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash0318d08339acfa9fb15b1f56bb22b145 caa87d78a9c14af0beeb66733294652e6b1627b8 24fe7388e4f3fc5ddea45e6369a02683ca4ecbe85d5e18c8f67d47a69709cea9
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/pragmatic.2e7a96b71.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:23 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-953"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6503
expires: Wed, 08 May 2024 22:25:23 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7dfc1915568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/7b41418c-1d39-4aeb-b8ec-08fea832997e.png@avif | 188.114.96.1 | 200 OK | 7.1 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/7b41418c-1d39-4aeb-b8ec-08fea832997e.png@avif IP188.114.96.1:443
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hash0527b91bd76161cb79dc36f7e7ae6f38 c04860ab5e32e3452799bbd630fda1128cd937b4 05f01889339ddfc655f7b242aea35246431b41552514a18c0c5188c1e32a2631
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/7b41418c-1d39-4aeb-b8ec-08fea832997e.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:24 GMT
content-type: image/avif
content-length: 7066
cache-control: public, max-age=31536000
content-disposition: inline; filename="7b41418c-1d39-4aeb-b8ec-08fea832997e.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY2MzM5NGY2LTcxNGQyIg"
x-request-id: wSo7Sf9DELyhyPx0CbKRP
cf-cache-status: HIT
age: 534016
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6dEa8Idr9o0iBb1bb2gh1SdVUn90ekxJZSscsx7r3kzf6KW8hK4pXPzv33%2FFgmwI6p%2BG0Aw1SSHcV8zq0d363rE9%2FuhzNes09UIV5qk9BcNsSz0dLThCyY65J8QFvJWn490K%2BvjBGoo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7dfebb6e56c5-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| www.googletagmanager.com/gtag/js?id=G-548949LWLW&l=dataLayer&cx=c | 142.250.74.168 | 200 OK | 263 kB |
URL GET HTTP/3www.googletagmanager.com/gtag/js?id=G-548949LWLW&l=dataLayer&cx=c IP142.250.74.168:443
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT
File typeJavaScript source, ASCII text, with very long lines (5955) Size263 kB (262567 bytes) Hashbee22105021b6bd0a3c5b08195d63846 53378226941cc3774860f676c479f830900a3fe4 6940a0a47b6296e2655596b636d018b6e6a69ee4db473d25567d50387949f6a3
GET /gtag/js?id=G-548949LWLW&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 08 May 2024 18:25:25 GMT
expires: Wed, 08 May 2024 18:25:25 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 91539
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| 1win-cdn.com/js/chunk-common.4d30f7085.js | 154.197.121.128 | 200 OK | 192 kB |
URL GET HTTP/21win-cdn.com/js/chunk-common.4d30f7085.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Size192 kB (191566 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/chunk-common.4d30f7085.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:21 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-2ec4e"
expires: Sat, 06 May 2034 18:25:21 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 22099
set-cookie: __cf_bm=yzhwdhrz9AtfVLroH8AXMaBbu7nHqOjp49ILnCwEFOg-1715192721-1.0.1.1-YHZf6onHDmpbibWccdPhtseVH8O6ulfMh5DoSOy7Y8bNdukufNoHC4NN0C5sMKdPmQjQIAdQ82JhQVFLxFkV7w; path=/; expires=Wed, 08-May-24 18:55:21 GMT; domain=.1win-cdn.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7defe906568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/css/32289.7a3cedfce.css | 154.197.121.128 | 200 OK | 25 kB |
URL GET HTTP/21win-cdn.com/css/32289.7a3cedfce.css IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeASCII text, with very long lines (24651) Hash98c68ebdf821bf8c9cf3f3b609890e8a 4d3623023c46d3e56287e072cf7c2fad01d5132a 9273b5e3c962179fe15426af191c7e722fe43b2bba08f22612bf6574b4b85fa1
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /css/32289.7a3cedfce.css HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:22 GMT
content-type: text/css
last-modified: Tue, 07 May 2024 13:17:22 GMT
etag: W/"663a29e2-604c"
expires: Sat, 06 May 2034 18:25:22 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 103823
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7df5fbdf568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/barbara%20bang.790acb7dc.svg | 154.197.121.128 | 200 OK | 27 kB |
URL GET HTTP/21win-cdn.com/img/barbara%20bang.790acb7dc.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash287d95b42ce0b42532a5c8caff190779 6d6b4d0d17c558215c719336d124ba53a7118083 739c17db57dc727e751e65cf1d4aed12fb371a1e40060a3b22c92e630219e945
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/barbara%20bang.790acb7dc.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:23 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-68da"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6844
expires: Wed, 08 May 2024 22:25:23 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7dfc69a0568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/playbro.9ed310f23.svg | 154.197.121.128 | 200 OK | 4.8 kB |
URL GET HTTP/21win-cdn.com/img/playbro.9ed310f23.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash221b773f0eb73aa28f7617e628f7fc2f 67e3b29f4a951351da5183dd7d6e083fbc991322 4ad7ef6a7e11897fa2b2830921fe86a3d878866c81c87d159f90732be0d30e9d
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/playbro.9ed310f23.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:24 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-12e7"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5268
expires: Wed, 08 May 2024 22:25:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7e019be6568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/betsoft.cc500155f.svg | 154.197.121.128 | 200 OK | 4.7 kB |
URL GET HTTP/21win-cdn.com/img/betsoft.cc500155f.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hashfa91200f1738243c9a1bf9ebf853c238 43a438416c285aaf55c7f2edb2676616ffa0c838 9235396681ab2e82a2b5ce89e4f2e711f69cde3f6fb83af4050e110c4a55d3c9
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/betsoft.cc500155f.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:24 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-1286"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1817
expires: Wed, 08 May 2024 22:25:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7e007974568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/cq9.5d5072e17.svg | 154.197.121.128 | 200 OK | 4.6 kB |
URL GET HTTP/21win-cdn.com/img/cq9.5d5072e17.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash47469c2cd9d79b1305e3e02f76d0dc24 d63ca4b97bbdd2533e5c1ac86bacd621a4150410 cbdced2050313c54915ec2417995b7de59675fffbbedf861202570a6e4ad5536
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/cq9.5d5072e17.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:24 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-120b"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6955
expires: Wed, 08 May 2024 22:25:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7e00a9de568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/truelab.ec113fba7.svg | 154.197.121.128 | 200 OK | 2.0 kB |
URL GET HTTP/21win-cdn.com/img/truelab.ec113fba7.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hashedd84be1aaadcb0b503864bea380f168 af4583fc1079d7d5e07cc6ca22b56f9eeaab7418 d73eced8792c2507b075c7a7a313f1e228700fda1108d4ab44d707b36b241e06
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/truelab.ec113fba7.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:24 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-7b0"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6955
expires: Wed, 08 May 2024 22:25:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7e023d3f568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/kalamba.6e06f7faa.svg | 154.197.121.128 | 200 OK | 2.7 kB |
URL GET HTTP/21win-cdn.com/img/kalamba.6e06f7faa.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash7c40c808f85699562366c94d8075727c daba803ead149eec52b19b82e57afa940922e3c1 8b130bc8c17d44e469cdaabdb68bf8bd4fd819a3763227a6c5601b28a637b8d1
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/kalamba.6e06f7faa.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:24 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-a9c"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6955
expires: Wed, 08 May 2024 22:25:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7e016b6c568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/21758.91f05a98e.js | 154.197.121.128 | 200 OK | 415 kB |
URL GET HTTP/21win-cdn.com/js/21758.91f05a98e.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Size415 kB (415100 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/21758.91f05a98e.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:22 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-6557c"
expires: Sat, 06 May 2034 18:25:22 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 22099
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7df26d35568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/spinomenal/2515f2c0-ae9e-4f23-9457-5b35e6ff5705.png@png | 188.114.96.1 | 200 OK | 46 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/spinomenal/2515f2c0-ae9e-4f23-9457-5b35e6ff5705.png@png IP188.114.96.1:443
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typePNG image data, 300 x 225, 8-bit colormap, non-interlaced Hash572a2bf74bddd58b78beee28d10c833f f92e352eb7099765c23e501dcc6a593082f031c7 f6bf12e993ed561149f9cf046e5076ebf7bd11416726918a1b2acaa029df0f9f
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/spinomenal/2515f2c0-ae9e-4f23-9457-5b35e6ff5705.png@png HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:23 GMT
content-type: image/png
content-length: 45911
cache-control: public, max-age=31536000
content-disposition: inline; filename="2515f2c0-ae9e-4f23-9457-5b35e6ff5705.png"
content-security-policy: script-src 'none'
etag: "YivgRLogmnYHS1cXPJjS1dpZXN4A7BZ3bWbLSqbfqjQ/RIjY2MjBlMjM3LTMwMDJlIg"
x-request-id: amqqZlARA5GdPoUJYG2cF
cf-cache-status: HIT
age: 91263
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YTr06lQWq9X12NmoD0MGAUDxJMn13%2Bd6brKLDAbZBeiLWB0RYSl255Xne3asHmrAX8%2F9o%2BP9gAb7GJWQWXtu4ZVWMjTufbD5LklNo8MxPUuGvzzX8ITXsje99uNudsOCBUuplFnkOhA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7dfb6f11b50c-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/ct%20interactive.74b20dbc3.svg | 154.197.121.128 | 200 OK | 2.2 kB |
URL GET HTTP/21win-cdn.com/img/ct%20interactive.74b20dbc3.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hashe709608dd45ff01d7f75d21bc3534e1e d45bc1ea2a957ab8113ecf7da9564be00207c6d4 d3909007c8efcbb7e2d3fdabe0dde74063c3efcd76d989f83f6d128b89494b2f
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/ct%20interactive.74b20dbc3.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:24 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-889"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6955
expires: Wed, 08 May 2024 22:25:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7e00a9e3568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/yggdrasil.a6bc350dc.svg | 154.197.121.128 | 200 OK | 5.8 kB |
URL GET HTTP/21win-cdn.com/img/yggdrasil.a6bc350dc.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash1156d7b0c16ee989276ab38995b5e316 2efca22c943534eec487d1441efc9c1280c0ce62 05a95300234033b2ad7ffbf88873540ae90bfb3b849dc207666d8deed966d24d
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/yggdrasil.a6bc350dc.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:24 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-1697"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5903
expires: Wed, 08 May 2024 22:25:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7e025d6d568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/18860.cc0fd1e0e.js | 154.197.121.128 | 200 OK | 28 kB |
URL GET HTTP/21win-cdn.com/js/18860.cc0fd1e0e.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeJavaScript source, ASCII text, with very long lines (27990), with no line terminators Hash4b143001b05330bb316fe6b48531dbb6 ffa1e8fc89a58cf47350481057028603fe7fff91 d2384a77cb70880903f3d1b81d47cdaf69af5bfb006fd23fb938c512ee2f486e
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/18860.cc0fd1e0e.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:22 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 06 May 2024 12:32:27 GMT
etag: W/"6638cddb-6d56"
expires: Sat, 06 May 2034 18:25:22 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 193124
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7df25d1b568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/softswiss/03840bc2-5b70-4d27-88f1-01637c30885a.png@png | 188.114.96.1 | 200 OK | 55 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/softswiss/03840bc2-5b70-4d27-88f1-01637c30885a.png@png IP188.114.96.1:443
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typePNG image data, 419 x 314, 8-bit colormap, non-interlaced Hasha31187fe4c4cb8452d4c5863ea4d029f 5d4e0f9b156ad63dac6e9811c4718ab260b29eea bde636b3a529befa72d36949b72dd98fc25b537bce178eac90e7cb0308336166
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/softswiss/03840bc2-5b70-4d27-88f1-01637c30885a.png@png HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:23 GMT
content-type: image/png
content-length: 55020
cache-control: public, max-age=31536000
content-disposition: inline; filename="03840bc2-5b70-4d27-88f1-01637c30885a.png"
content-security-policy: script-src 'none'
etag: "YivgRLogmnYHS1cXPJjS1dpZXN4A7BZ3bWbLSqbfqjQ/RIjY2M2I2ODY0LTViZjUzIg"
x-request-id: 2DgpmW2_Y-bQrJBv3o9eu
cf-cache-status: HIT
age: 10769
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sgOycjXhZ4TfnaVMSyk459NHnIjShwbTSf6cc9aP5ww5lZz4z0nDim5qI89htiSR4GjIuDQ%2FSPXFuwXzZ%2BAbpx6tTw%2FgDj86wN3RjL9ebyjiqeqkOlZ3MPWnUbBiXVZ9N7F7WGensuI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7dfbbfb3b50c-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/12d788e0-6878-4e93-aa06-f535d954efa0.jpg@avif | 188.114.96.1 | 200 OK | 7.7 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/12d788e0-6878-4e93-aa06-f535d954efa0.jpg@avif IP188.114.96.1:443
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hash0d98f4a51c1b6cdad5a55ccd27c135a9 e2baa8cbcdc005d7c966fa225028b0429d580007 5512dc3fb2749e52dc4ab0251d567274416546587b1327c3488ebc958d18537d
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/12d788e0-6878-4e93-aa06-f535d954efa0.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:24 GMT
content-type: image/avif
content-length: 7747
cache-control: public, max-age=31536000
content-disposition: inline; filename="12d788e0-6878-4e93-aa06-f535d954efa0.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY2MzRhMWE5LTEwZWFjIg"
x-request-id: PMs5__Aozb8RDYs1wEa8_
cf-cache-status: HIT
age: 465346
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=i6nYHUz6xWksJmC1O%2BHWIXBe8cwqiggYGoXRWbrpV6lwR6VZMnNQIu4LT2UjH9TD%2FXYp4mgVST3o14A3UtaTLTIIvevszwDILC1vC7Gl6u%2BE3km7ZjatInVk%2BPFLOpOBP8E5oKPH3LI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7dfebb7056c5-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/fazi.19d7f4b72.svg | 154.197.121.128 | 200 OK | 645 B |
URL GET HTTP/21win-cdn.com/img/fazi.19d7f4b72.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hashc2948d97afb6d8e1cf8e7b50b62a9272 a1607553e252407e35addae9b48c1cedfeebd048 309347ec479f691cb02b9aaac9c06aea9cbefa075c591a35b0651e8928e64792
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/fazi.19d7f4b72.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:24 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-285"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5268
expires: Wed, 08 May 2024 22:25:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7e00ca2a568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/relax/db263120-c8bc-4660-a79f-3e018e1b4c8c.png@avif | 188.114.96.1 | 200 OK | 8.2 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/relax/db263120-c8bc-4660-a79f-3e018e1b4c8c.png@avif IP188.114.96.1:443
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hashcf0599e3b9d287ec2a58f1bf828e880a 46320b19b97b640e7c49c622218788b129245e78 9389333d23f4cf68627436a5bdfdb8e1a1e1b3652c86cc38f8ea54ef0de65ef2
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/relax/db263120-c8bc-4660-a79f-3e018e1b4c8c.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:24 GMT
content-type: image/avif
content-length: 8184
cache-control: public, max-age=31536000
content-disposition: inline; filename="db263120-c8bc-4660-a79f-3e018e1b4c8c.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY2MzM1YWVhLTc3MmIyIg"
x-request-id: A15NT3h42XD1uhFJYRbWh
cf-cache-status: HIT
age: 550782
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZqJDvb4IC93rP8b0DBcoi5WTz9WBxE%2F5lvPbkEAWsxVjMUURm1yeh6ISG%2F925ADzEZ0EYnOlwuscGHebI6hkhzuLN9NtzW3Wxwz6Ps3m0SPQjZY0GVlShI7G5Rg5X9KlmIGnDSJ%2BqTo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7dfe7b0a56c5-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/32005.5701eb106.js | 154.197.121.128 | 200 OK | 9.3 kB |
URL GET HTTP/21win-cdn.com/js/32005.5701eb106.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typetroff or preprocessor input, Unicode text, UTF-8 text, with very long lines (9505), with no line terminators Hash4a79fbedaadd34c9dd7b5f01247cbe93 82fd41837bf0bbfeb081566a10661a0731dc3490 5fe762deb09b396f532a4ec03c23b0b25f616393dc7fd44ba7256065ee9d9e92
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/32005.5701eb106.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:22 GMT
content-type: application/javascript; charset=utf-8
last-modified: Tue, 07 May 2024 13:17:22 GMT
etag: W/"663a29e2-2428"
expires: Sat, 06 May 2034 18:25:22 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 104550
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7df5fbda568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/1279.7681fe15f.js | 154.197.121.128 | 200 OK | 911 B |
URL GET HTTP/21win-cdn.com/js/1279.7681fe15f.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (929), with no line terminators Hash3a0fd7772f5d3cd77c17b49876743f78 3eb84478f6c0ac3009e81576caf8fa6ddf4e2c5a 5d5a4e691e8df7115cff0e7b2b76131b7b633ce30509dc61fdf36c9ab36989a6
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/1279.7681fe15f.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:23 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-38f"
expires: Sat, 06 May 2034 18:25:23 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 697557
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7df82919568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/mancala%20gaming.441ae5f23.svg | 154.197.121.128 | 200 OK | 3.2 kB |
URL GET HTTP/21win-cdn.com/img/mancala%20gaming.441ae5f23.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hashfecafa12f578f5ced554ed31aba5c852 7e1f6f044c0508f11d1c5a58a41c3d1423bd7069 77c790b43104ff72a4363c886ef16e2716f2de4bd9b8a870b1228aec39924fe7
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/mancala%20gaming.441ae5f23.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:23 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-c90"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6844
expires: Wed, 08 May 2024 22:25:23 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7dfc497d568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/500_i18_img.22f56ee2b-1508.png | 0.0.0.0 | | 0 B |
URL GET 1win-cdn.com/img/500_i18_img.22f56ee2b-1508.png IP0.0.0.0:0
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/500_i18_img.22f56ee2b-1508.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/d2bc0793-34a9-4f39-9bd1-81da5fdde131.png@avif | 188.114.96.1 | 200 OK | 11 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/d2bc0793-34a9-4f39-9bd1-81da5fdde131.png@avif IP188.114.96.1:443
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hash98156eedfdfe913966ebe070d8a8801d 185e11034785b9ebb322975cf90f00db4e7bdc56 4f567120e49a075efb0d8a5704916f801b0465c10cec6a871c6d924410e4e3a9
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/d2bc0793-34a9-4f39-9bd1-81da5fdde131.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:24 GMT
content-type: image/avif
content-length: 10879
cache-control: public, max-age=31536000
content-disposition: inline; filename="d2bc0793-34a9-4f39-9bd1-81da5fdde131.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY2MzRhNjliLTMxYjJhIg"
x-request-id: C5jIT1zcXCfT7cnGGbo6T
cf-cache-status: HIT
age: 465346
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kk83Cb8qhtXqDTSsBbd01B75ywbfFHA%2Bhjmyj8CP7VwvktmKD5ZWqvMojAXUZqBDor3Y7%2BUntJOzc5XUsj55UycknQeA7OnE6gEntYhCNiXKHHz6BwNiOctxB%2FRe3qelGcIRoyaubZY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7dfeab5c56c5-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/font/SFNSText-cyrillic.211c5c35c.woff2 | 154.197.121.128 | 200 OK | 22 kB |
URL GET HTTP/21win-cdn.com/font/SFNSText-cyrillic.211c5c35c.woff2 IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 21916, version 1.0 Hash6396986c711f0dfc793140885fb00d41 6199282046b142fd34d950a274769b56cc85c87c 5d30f3756e0a53b580ebd92d46e748a7f51331f4637b6eb594f2b7a79f64245b
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /font/SFNSText-cyrillic.211c5c35c.woff2 HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1wsxxy.life
DNT: 1
Connection: keep-alive
Referer: https://1win-cdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:24 GMT
content-type: application/octet-stream
content-length: 21916
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: "660d5374-559c"
expires: Sat, 06 May 2034 18:25:24 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 48912
accept-ranges: bytes
set-cookie: __cf_bm=mZ8FrtRfhyaNM1gcbmTROIn1rQkV_Bhg.kKo8ICzoxw-1715192724-1.0.1.1-0DSohmNwqM95RXnKKudK6psIDtpdVjwOLbsgwdt.0gzW8Euu8q_oFZs8zu2CeiA9msrrb9EsN2cwrWPiw8M2qg; path=/; expires=Wed, 08-May-24 18:55:24 GMT; domain=.1win-cdn.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7dff2c545699-OSL
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/games%20inc.64fb099a0.svg | 154.197.121.128 | 200 OK | 695 B |
URL GET HTTP/21win-cdn.com/img/games%20inc.64fb099a0.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash3d90ca2a78e19006ff1926510ed316d4 0becc591fcf773fa9e56396884dfd0f963a46e73 e7d7da9c1e3909de31009cba4f854e960403196039b489c7e42d4d6ad3acec0c
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/games%20inc.64fb099a0.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:24 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-2b7"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5268
expires: Wed, 08 May 2024 22:25:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7e011ab2568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/46665.703cfe1de.js | 154.197.121.128 | 200 OK | 1.0 kB |
URL GET HTTP/21win-cdn.com/js/46665.703cfe1de.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (1042), with no line terminators Hash530c1fc3208b67ba84edf563465386ad d2ae074df39f95da703f5a582a2dadec59962e2c 82df31a277f44a4f8045b7081e23b00003dcadb0f695354354559aaff26a392a
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/46665.703cfe1de.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:23 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-3fe"
expires: Sat, 06 May 2034 18:25:23 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 697955
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7dfb1f03568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/7mojos%20live.cb6749a25.svg | 154.197.121.128 | 200 OK | 6.6 kB |
URL GET HTTP/21win-cdn.com/img/7mojos%20live.cb6749a25.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash63dcbe9ebaa3f238a8c0152142b06a03 cac36df8800a2f72b9b51f9eeffd74e82be4ae7e c22e31035811334913ddbd32cfc1881c38c08fdd4d4b4c1c5362ecb6ee23a316
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/7mojos%20live.cb6749a25.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:24 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-19ef"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6058
expires: Wed, 08 May 2024 22:25:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7e004901568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/infingames/9e004027-65c0-4d9a-a26e-2f0f48fbc6b9.jpg@png | 188.114.96.1 | 200 OK | 86 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/infingames/9e004027-65c0-4d9a-a26e-2f0f48fbc6b9.jpg@png IP188.114.96.1:443
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typePNG image data, 419 x 314, 8-bit colormap, non-interlaced Hash60514606ecdc8e0b1a14a12daba122fe 4ad1b2f19067517653fdb9ddfa0623c47897e88a 163ebeebc326eff1e5a31ff58e28e424153fce81ed75ed344ba300b0d6809aa1
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/infingames/9e004027-65c0-4d9a-a26e-2f0f48fbc6b9.jpg@png HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:23 GMT
content-type: image/png
content-length: 85829
cache-control: public, max-age=31536000
content-disposition: inline; filename="9e004027-65c0-4d9a-a26e-2f0f48fbc6b9.png"
content-security-policy: script-src 'none'
etag: "YivgRLogmnYHS1cXPJjS1dpZXN4A7BZ3bWbLSqbfqjQ/RIjY2MmI5M2IzLTI0OTVkIg"
x-request-id: mUdb1BdAZTD9i2shkJKwN
cf-cache-status: HIT
age: 81175
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aSi%2FTo8yVtRNP5xRamVZhgJX9l5Odx2hNBNy8hV%2F5tGKEx6fhP8edYKb5ABt9nuimOImUJmcffwd7b3b2WGauZm4wVQ8hYcLj4ZPxO4XdmcH1wTVagBMNKUbT25uuo3FLyJCA%2B0Gsp0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7dfb1e8bb50c-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/amatic.1ad22f1f0.svg | 154.197.121.128 | 200 OK | 1.0 kB |
URL GET HTTP/21win-cdn.com/img/amatic.1ad22f1f0.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hashbeaad3ec246cc02d25e05017a1e1739a 391c594a7f9ff5db52bfbd1c41e6577e6ac49dc7 184333dfcbe0cc2997b77991da69552dd91fe8d480186f8a8b76187e11e00a84
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/amatic.1ad22f1f0.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:24 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-400"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6053
expires: Wed, 08 May 2024 22:25:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7e00490a568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1wsxxy.life/casino/list/4 | 190.115.24.78 | 200 OK | 438 kB |
URL User Request GET HTTP/21wsxxy.life/casino/list/4 IP190.115.24.78:443
CertificateIssuerLet's Encrypt Subject1wsxxy.life Fingerprint6C:F2:F1:6E:19:D6:B7:36:4D:06:B6:E4:4A:E8:7F:4A:72:88:B1:6C ValiditySat, 27 Apr 2024 11:51:31 GMT - Fri, 26 Jul 2024 11:51:30 GMT
Size438 kB (438354 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /casino/list/4 HTTP/1.1
Host: 1wsxxy.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg1_=NUPB2r5wGQRpS38TTCB6; Domain=.1wsxxy.life; HttpOnly; Path=/; Expires=Thu, 08-May-2025 18:25:21 GMT
date: Wed, 08 May 2024 18:25:21 GMT
content-type: text/html; charset=utf-8
x-request-id: LOqMSAmrl56TsEjf
vary: Origin
access-control-allow-origin: *
x-match-domain: 1wsxxy.life
x-frame-options: ALLOW-FROM ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan, ALLOW-FROM 1win-partner.com ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/skywind.9cd4f870b.svg | 154.197.121.128 | 200 OK | 1.5 kB |
URL GET HTTP/21win-cdn.com/img/skywind.9cd4f870b.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash6133bd0ec680372c4b1478cca75bd999 852e07d884235f5b480657590f2cba1ce4d53d7f 6e09ca60ae8119229bdebf17f96b69ea481296cf4da7dbd9c2d27ee8111d30f0
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/skywind.9cd4f870b.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:24 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-5e3"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 4152
expires: Wed, 08 May 2024 22:25:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7e020cdb568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/swintt.7c851d380.svg | 154.197.121.128 | 200 OK | 427 B |
URL GET HTTP/21win-cdn.com/img/swintt.7c851d380.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash90e9054f87471fee18244fbfaa5c2434 e4f14ab709714096c57f1e9941c4f28aacdae8f0 b0bec97d4b607d5aafa8a013b13b9cd75579c41d514ddba2caa53070867e95ef
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/swintt.7c851d380.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:24 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-1ab"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5268
expires: Wed, 08 May 2024 22:25:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7e023d2d568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/revolver.25aaacada.svg | 154.197.121.128 | 200 OK | 3.9 kB |
URL GET HTTP/21win-cdn.com/img/revolver.25aaacada.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash49db2026a7b56b5525113dde1df88e5f 145eaf3e89aaa41bc641b6cfd321d900f74065d6 6f0a14e96df44350c7101bb3382f02983f1eb98fced9d4309cf99b2210a96adc
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/revolver.25aaacada.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:24 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-f28"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5268
expires: Wed, 08 May 2024 22:25:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7e01cc49568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/sa%20gaming.396c34ca4.svg | 154.197.121.128 | 200 OK | 2.4 kB |
URL GET HTTP/21win-cdn.com/img/sa%20gaming.396c34ca4.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hasheec27b0a30619e016eae50d11f9a53b9 ff3da2add15102d508e5f361ba5fef6c01bafcc4 d980864e2bbbbf04843596ec55869200f0fb749ae5113b85b17d377bc8acbab8
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/sa%20gaming.396c34ca4.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:24 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-948"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5268
expires: Wed, 08 May 2024 22:25:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7e01eca6568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/bgaming.ae3573ff9.svg | 154.197.121.128 | 200 OK | 4.0 kB |
URL GET HTTP/21win-cdn.com/img/bgaming.ae3573ff9.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hashf2081caf12b5dad178e766a8bd906e19 5ffdd19030dd7868b979fa8c19243e62b70eabb8 ac0b648f44a2ab64ba3f4e7517ebbe6ba9ff28082268f67b9afebc0d8d38e884
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/bgaming.ae3573ff9.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:23 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-f9d"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 4085
expires: Wed, 08 May 2024 22:25:23 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7dfade83568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/6a554770-dcd0-452d-a5ec-3582dddf7e85.jpg@avif | 188.114.96.1 | 200 OK | 7.6 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/6a554770-dcd0-452d-a5ec-3582dddf7e85.jpg@avif IP188.114.96.1:443
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hashad696e3c6f6d100cd5ea6df458bfe2b1 7b8ef4facf37a64e9d7cbfa4e093f71c4c910aab 226868959e85631a7d6cd655ab224914a9903971d1a644d54109e5405d7b468c
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/6a554770-dcd0-452d-a5ec-3582dddf7e85.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:24 GMT
content-type: image/avif
content-length: 7562
cache-control: public, max-age=31536000
content-disposition: inline; filename="6a554770-dcd0-452d-a5ec-3582dddf7e85.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY2MzM5Njc4LTFlNmRhIg"
x-request-id: IhXku7VVSLfIb775hOeDA
cf-cache-status: HIT
age: 534016
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gLkB3W2iLbLwdUf45IlIeZ5RNQUDXe9bPPBUUVTy2%2FRm%2FIZPm6zDoM0CJesfjhnbmiJbKbBE1U3lTzupZmgAEyjFaJOkF38X2Is1Vi7qGsFSF5IquoJYFGJbSNyhbcf8DC6g72g4%2FdY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7dfeab6056c5-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/1win%20games.9b8574150.svg | 154.197.121.128 | 200 OK | 1.6 kB |
URL GET HTTP/21win-cdn.com/img/1win%20games.9b8574150.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash50dad4fc2924bcfbb1745e9351fc32bd e71c68d2d20f197e3d4645e4d791436496b4528d 98974ebbc36d921b989f19beb197990dec088ab52912315b8a7854f4a8a871a2
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/1win%20games.9b8574150.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:24 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-643"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 4152
expires: Wed, 08 May 2024 22:25:24 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7e0028be568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/32289.86db3b21b.js | 154.197.121.128 | 200 OK | 11 kB |
URL GET HTTP/21win-cdn.com/js/32289.86db3b21b.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeJavaScript source, ASCII text, with very long lines (10739), with no line terminators Hasha237088d74dfdd0627bb10058ff81bb6 a1e14801b95707ef5e1b6fb2fcb85a47b1b75523 4902e0fab0861e35e3fe084e0d4e8a1555417570dc88a753b1e14735219cf31b
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/32289.86db3b21b.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:22 GMT
content-type: application/javascript; charset=utf-8
last-modified: Tue, 07 May 2024 13:17:22 GMT
etag: W/"663a29e2-29f3"
expires: Sat, 06 May 2034 18:25:22 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 103823
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7df60bff568e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/free-money-link-image.1ada0c9e1-120.png | 154.197.121.128 | 200 OK | 5.3 kB |
URL GET HTTP/21win-cdn.com/img/free-money-link-image.1ada0c9e1-120.png IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wsxxy.life/casino/list/4#7s9r CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typePNG image data, 120 x 97, 8-bit colormap, non-interlaced Hash911fa68d94dd3f2bc8ceff2671e87bdd 9bca43449cf32e95c62291a802cad6e6c4493025 9d652f09af7a4abeaa6cd6a77f32598dd33e3b7b8a55c032409cd2ecacd11db7
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/free-money-link-image.1ada0c9e1-120.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wsxxy.life/
Cookie: __cf_bm=z5He.XSutEN1vxyCMb8p7cE2gE9IgXLODaKndAscsEo-1715192721-1.0.1.1-o9RksR5vpvCqu85YuSyoDPsoJQUivLzjw9uI1F3o52u1n43ltT.XMjMuE8xWpZAKn9gAKApkThfWV1JNu0Eqag
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 18:25:23 GMT
content-type: image/png
content-length: 5274
cf-bgj: imgq:100,h2pri
cf-polished: origSize=6354
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "663b6aff-18d2"
last-modified: Wed, 08 May 2024 12:07:27 GMT
cf-cache-status: HIT
age: 2386
expires: Wed, 08 May 2024 22:25:23 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b7df83942568e-OSL
X-Firefox-Spdy: h2
|
|
0.0.0.0