| 1w-jp-ftend-pp.top/ed?en=fe_page_mounted&pgi=ed |  186.2.162.102 | 204 No Content | 0 B |
URL POST 1w-jp-ftend-pp.top/ed?en=fe_page_mounted&pgi=ed IP186.2.162.102:443
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerLet's Encrypt Subject1w-jp-ftend-pp.top FingerprintD8:19:54:6C:72:76:2A:9F:4D:9C:E8:D4:AB:99:90:76:B0:36:E2:3D ValiditySun, 01 Jun 2025 03:16:50 GMT - Sat, 30 Aug 2025 03:16:49 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
POST /ed?en=fe_page_mounted&pgi=ed HTTP/1.1
Host: 1w-jp-ftend-pp.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1w-jp-ftend-pp.top/
Content-Type: text/plain;charset=UTF-8
Content-Length: 450
Origin: https://1w-jp-ftend-pp.top
DNT: 1
Connection: keep-alive
Cookie: __ddg8_=Lxj0OFsL0Gae2Ypd; __ddg10_=1749261681; __ddg9_=91.90.42.154; __ddg1_=KSoY9uwf9i8O4qnFOkqt; visit_domain=1w-jp-ftend-pp.top; 1w_lang=en; fvt=2025-06-07T02:01:20.009Z; AMP_494cccfe21=JTdCJTIyZGV2aWNlSWQlMjIlM0ElMjJjYjAwMWU5ZS1kODg3LTRmNzEtOWIyMy1kYjc2MTNjYTM5Y2ElMjIlMkMlMjJzZXNzaW9uSWQlMjIlM0ExNzQ5MjYxNjgwMDIzJTJDJTIyb3B0T3V0JTIyJTNBZmFsc2UlMkMlMjJsYXN0RXZlbnRUaW1lJTIyJTNBMTc0OTI2MTY4MTAzMSUyQyUyMmxhc3RFdmVudElkJTIyJTNBMCUyQyUyMnBhZ2VDb3VudGVyJTIyJTNBMCU3RA==; 1w_locale=1; _ftv=1749261680
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 204 No Content
server: ddos-guard
set-cookie: __ddg8_=m1599kMCTYzQwK0G; Domain=.1w-jp-ftend-pp.top; Path=/; Expires=Sat, 07-Jun-2025 02:21:21 GMT
__ddg10_=1749261681; Domain=.1w-jp-ftend-pp.top; Path=/; Expires=Sat, 07-Jun-2025 02:21:21 GMT
__ddg9_=91.90.42.154; Domain=.1w-jp-ftend-pp.top; Path=/; Expires=Sat, 07-Jun-2025 02:21:21 GMT
date: Sat, 07 Jun 2025 02:01:22 GMT
X-Firefox-Spdy: h2
|
|
| v1.bundlecdn.com/casino-images/prov_softswiss_Skywind/41823283-8bf4-4478-b46f-e25e680e3911_0.svg |  154.197.121.128 | 200 OK | 2.0 kB |
URL GET v1.bundlecdn.com/casino-images/prov_softswiss_Skywind/41823283-8bf4-4478-b46f-e25e680e3911_0.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hashb7852d0b8eaea6dcffa406696707e689 73900cca0711b4c981b29d946a3d73486fc65f91 1e3e41fdf25cae73925de8d4a6f6f027c7b2a50189a81b753ab3abb385350f6a
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /casino-images/prov_softswiss_Skywind/41823283-8bf4-4478-b46f-e25e680e3911_0.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:23 GMT
content-type: image/svg+xml
etag: W/"67ed2ed9-7f0"
last-modified: Wed, 02 Apr 2025 12:34:33 GMT
expires: Tue, 05 Jun 2035 02:01:23 GMT
cache-control: public, max-age=315360000
x-cache-status: HIT
cf-cache-status: HIT
age: 5659496
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fb1fca892f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/casino-images/prov_infingames_Vibragaming/01dbffdd-35a7-45af-8ba6-accd316c05b0_0.svg | 154.197.121.128 | 200 OK | 2.5 kB |
URL GET v1.bundlecdn.com/casino-images/prov_infingames_Vibragaming/01dbffdd-35a7-45af-8ba6-accd316c05b0_0.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hasha1a8bd7ddaf0aab1bdceb120b9c154d2 041bb385fe554d0e3f5d1adcd85a159a5aebfae1 f045c720d741913b160b077189ad6f00bff07f2ca85bfa0fcfb2f3dafd782032
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /casino-images/prov_infingames_Vibragaming/01dbffdd-35a7-45af-8ba6-accd316c05b0_0.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:23 GMT
content-type: image/svg+xml
etag: W/"67ed2a55-9c8"
last-modified: Wed, 02 Apr 2025 12:15:17 GMT
expires: Tue, 05 Jun 2035 02:01:23 GMT
cache-control: public, max-age=315360000
x-cache-status: HIT
cf-cache-status: HIT
age: 5659496
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fb28ce892f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| 1w-jp-ftend-pp.top/affiliate:link_visit | 186.2.162.102 | 200 OK | 37 B |
URL POST 1w-jp-ftend-pp.top/affiliate:link_visit IP186.2.162.102:443
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerLet's Encrypt Subject1w-jp-ftend-pp.top FingerprintD8:19:54:6C:72:76:2A:9F:4D:9C:E8:D4:AB:99:90:76:B0:36:E2:3D ValiditySun, 01 Jun 2025 03:16:50 GMT - Sat, 30 Aug 2025 03:16:49 GMT
Hashffd908939b60f1154b33016c6d2e9c6b 663ebb986e784df674df5ab579ad90c05517597e 9c3b25f260defd6991608963a30a67cad0981ecce13e5975b1a6304887514d7f
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
POST /affiliate:link_visit HTTP/1.1
Host: 1w-jp-ftend-pp.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 160
Origin: https://1w-jp-ftend-pp.top
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Cookie: __ddg8_=m1599kMCTYzQwK0G; __ddg10_=1749261681; __ddg9_=91.90.42.154; __ddg1_=KSoY9uwf9i8O4qnFOkqt; visit_domain=1w-jp-ftend-pp.top; 1w_lang=en; fvt=2025-06-07T02:01:20.009Z; AMP_494cccfe21=JTdCJTIyZGV2aWNlSWQlMjIlM0ElMjJjYjAwMWU5ZS1kODg3LTRmNzEtOWIyMy1kYjc2MTNjYTM5Y2ElMjIlMkMlMjJzZXNzaW9uSWQlMjIlM0ExNzQ5MjYxNjgwMDIzJTJDJTIyb3B0T3V0JTIyJTNBZmFsc2UlMkMlMjJsYXN0RXZlbnRUaW1lJTIyJTNBMTc0OTI2MTY4MTAzMSUyQyUyMmxhc3RFdmVudElkJTIyJTNBMCUyQyUyMnBhZ2VDb3VudGVyJTIyJTNBMCU3RA==; 1w_locale=1; _ftv=1749261680; click_id=a6ddd5b3-e9db-402e-8792-053a060e33bb
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=O5hr6fiXw0wzaE19; Domain=.1w-jp-ftend-pp.top; Path=/; Expires=Sat, 07-Jun-2025 02:21:24 GMT
__ddg10_=1749261684; Domain=.1w-jp-ftend-pp.top; Path=/; Expires=Sat, 07-Jun-2025 02:21:24 GMT
__ddg9_=91.90.42.154; Domain=.1w-jp-ftend-pp.top; Path=/; Expires=Sat, 07-Jun-2025 02:21:24 GMT
core-sticky=a8a9ce735354173d; Path=/; HttpOnly
date: Sat, 07 Jun 2025 02:01:24 GMT
content-type: application/json; charset=utf-8
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Authorization, X-Origin
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin: https://1w-jp-ftend-pp.top
access-control-expose-headers: Authorization
access-control-max-age: 7200
etag: W/"25-Zj67mG54TfZ031q1ea2QwFUXWX4"
x-powered-by: Express
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
|
|
| www.google.com/ccm/collect?tid=AW-16482547739&en=page_view&dl=https%3A%2F%2F1w-jp-ftend-pp.top%2F&scrsrc=www.googletagmanager.com&frm=0&rnd=1990735129.1749261686&dt=1win%20-%20%D1%81%D1%82%D0%B0%D0%B2%D0%BA%D0%B8%20%D0%BD%D0%B0%20%D1%81%D0%BF%D0%BE%D1%80%D1%82%20-%201327338.2479150598&auid=813207091.1749261686&navt=n&npa=1>m=45be5641h1v9181323879z8894400803za200zb894400803&gcd=13l3l3l2l1l1&dma_cps=syphamo&dma=1&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104617979~104617981~104653070~104653072~104661466~104661468~104698127~104698129&tft=1749261685897&tfd=8074&apve=1&apvf=f&img=1 |  142.250.74.68 | 200 OK | 0 B |
URL GET www.google.com/ccm/collect?tid=AW-16482547739&en=page_view&dl=https%3A%2F%2F1w-jp-ftend-pp.top%2F&scrsrc=www.googletagmanager.com&frm=0&rnd=1990735129.1749261686&dt=1win%20-%20%D1%81%D1%82%D0%B0%D0%B2%D0%BA%D0%B8%20%D0%BD%D0%B0%20%D1%81%D0%BF%D0%BE%D1%80%D1%82%20-%201327338.2479150598&auid=813207091.1749261686&navt=n&npa=1>m=45be5641h1v9181323879z8894400803za200zb894400803&gcd=13l3l3l2l1l1&dma_cps=syphamo&dma=1&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104617979~104617981~104653070~104653072~104661466~104661468~104698127~104698129&tft=1749261685897&tfd=8074&apve=1&apvf=f&img=1 IP142.250.74.68:443
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subject*.google.com Fingerprint7B:D2:02:FC:58:D9:E6:6C:DB:4E:0A:85:10:91:65:A5:9A:9C:5D:12 ValidityMon, 12 May 2025 08:42:58 GMT - Mon, 04 Aug 2025 08:42:57 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ccm/collect?tid=AW-16482547739&en=page_view&dl=https%3A%2F%2F1w-jp-ftend-pp.top%2F&scrsrc=www.googletagmanager.com&frm=0&rnd=1990735129.1749261686&dt=1win%20-%20%D1%81%D1%82%D0%B0%D0%B2%D0%BA%D0%B8%20%D0%BD%D0%B0%20%D1%81%D0%BF%D0%BE%D1%80%D1%82%20-%201327338.2479150598&auid=813207091.1749261686&navt=n&npa=1>m=45be5641h1v9181323879z8894400803za200zb894400803&gcd=13l3l3l2l1l1&dma_cps=syphamo&dma=1&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104617979~104617981~104653070~104653072~104661466~104661468~104698127~104698129&tft=1749261685897&tfd=8074&apve=1&apvf=f&img=1 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
content-type: text/plain
date: Sat, 07 Jun 2025 02:01:27 GMT
cache-control: no-cache, no-store, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
vary: Origin, X-Origin, Referer
server: scaffolding on HTTPServer2
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| v1.bundlecdn.com/js/desktop.bba5536be.js | 154.197.121.128 | 200 OK | 132 kB |
URL GET v1.bundlecdn.com/js/desktop.bba5536be.js IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size132 kB (131809 bytes) Hashcba0b1927d83c075c647dea03c6b5cd4 37ad783284fded030ced8559728cf0dbb27e94c5 f5cbc68bf306fa325c3446eb634b3b698e3d50e4d4088a3e37b5684613a6df5d
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/desktop.bba5536be.js HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:19 GMT
content-type: application/javascript; charset=utf-8
last-modified: Fri, 06 Jun 2025 14:00:10 GMT
etag: W/"6842f46a-202e1"
expires: Tue, 05 Jun 2035 02:01:19 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 41701
priority: u=3,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8f981d8392f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/js/82369.150ad412b.js | 154.197.121.128 | 200 OK | 31 kB |
URL GET v1.bundlecdn.com/js/82369.150ad412b.js IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (31184), with no line terminators Hash9f334207fe4c001b45e152d530a17920 e208c65e495f49e2c98f54f7de815ae28988f15c e3a4a75182c002f5abc4e77594195664e198c9100591010606314a11928ec9e8
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/82369.150ad412b.js HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:21 GMT
content-type: application/javascript; charset=utf-8
last-modified: Tue, 27 May 2025 09:47:33 GMT
etag: W/"68358a35-79d4"
expires: Tue, 05 Jun 2035 02:01:21 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 921505
priority: u=3,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fa2afc592f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/img/lucky-jet.f927485da.svg | 154.197.121.128 | 200 OK | 4.0 kB |
URL GET v1.bundlecdn.com/img/lucky-jet.f927485da.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hashdb207e7dd57f347f3fbf9652d78cd69a e7d2a0236bc2b6353d78efae6bf74967d8f65c54 5a1205b79227d9b03dd600b656575aa7b036053d42a56ed6098002231f67f598
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/lucky-jet.f927485da.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:21 GMT
content-type: image/svg+xml
last-modified: Fri, 06 Jun 2025 15:37:18 GMT
etag: W/"68430b2e-f8d"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6633
expires: Sat, 07 Jun 2025 06:01:21 GMT
cache-control: public, max-age=14400
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fa568a792f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/casino-images/prov_aviatrix_aviatrix/e3d3918f-2011-40b3-9caf-ab9930a46c57_0.svg | 154.197.121.128 | 200 OK | 14 kB |
URL GET v1.bundlecdn.com/casino-images/prov_aviatrix_aviatrix/e3d3918f-2011-40b3-9caf-ab9930a46c57_0.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hash77b5642cd6ec7241ae1374550a703a36 7a22b024dfdcf2110a0898a635cd6c892869edf3 bc0b71023c0a0a38d47a27db5000235a8488a8db762162a308f3ccde4de5016f
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /casino-images/prov_aviatrix_aviatrix/e3d3918f-2011-40b3-9caf-ab9930a46c57_0.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:23 GMT
content-type: image/svg+xml
etag: W/"67ed3024-35b3"
last-modified: Wed, 02 Apr 2025 12:40:04 GMT
expires: Tue, 05 Jun 2035 02:01:22 GMT
cache-control: public, max-age=315360000
x-cache-status: HIT
cf-cache-status: HIT
age: 5663145
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8faebb6d92f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/casino-images/prov_fundist_Novomatic/4c5aba0a-23dc-4563-896a-f4c7ab45b630_0.svg | 154.197.121.128 | 200 OK | 5.2 kB |
URL GET v1.bundlecdn.com/casino-images/prov_fundist_Novomatic/4c5aba0a-23dc-4563-896a-f4c7ab45b630_0.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hasheccfc2928b409bfe9dcd0daf5b311070 50eb149806db09b7e2f82747566011995f9b603f 4ce7f69c3105607dd5f86596f0e1c05d733f01ca3d0ccbe7cee6d21ab73549b7
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /casino-images/prov_fundist_Novomatic/4c5aba0a-23dc-4563-896a-f4c7ab45b630_0.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:23 GMT
content-type: image/svg+xml
etag: W/"67ed2191-1444"
last-modified: Wed, 02 Apr 2025 11:37:53 GMT
expires: Tue, 05 Jun 2035 02:01:23 GMT
cache-control: public, max-age=315360000
x-cache-status: HIT
cf-cache-status: HIT
age: 5665016
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fb17c5c92f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/casino-images/prov_fundist_SAGaming/863a4949-b530-4551-95f1-fcc08a1b0213_0.svg | 154.197.121.128 | 200 OK | 2.6 kB |
URL GET v1.bundlecdn.com/casino-images/prov_fundist_SAGaming/863a4949-b530-4551-95f1-fcc08a1b0213_0.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hash4d400744d8c2282e327cecc9987ef8d5 021c382b5ee450adbaaad1946b857d88292f9d79 a8cab9a97b619390f764e8e4ffdebc570bac95bc9777ac0e6405bbf8b784c02d
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /casino-images/prov_fundist_SAGaming/863a4949-b530-4551-95f1-fcc08a1b0213_0.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:23 GMT
content-type: image/svg+xml
etag: W/"67ed206c-a1f"
last-modified: Wed, 02 Apr 2025 11:33:00 GMT
expires: Tue, 05 Jun 2035 02:01:23 GMT
cache-control: public, max-age=315360000
x-cache-status: HIT
cf-cache-status: HIT
age: 1928299
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fb1fca492f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/casino-images/prov_fundist_Thunderkick/c2b5d6f9-004e-4006-8f54-ba9bff495d8c_0.webp | 154.197.121.128 | 200 OK | 13 kB |
URL GET v1.bundlecdn.com/casino-images/prov_fundist_Thunderkick/c2b5d6f9-004e-4006-8f54-ba9bff495d8c_0.webp IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeRIFF (little-endian) data, Web/P image Hash95a581e3bc828db97010f0496db9b05f 2e22046e12078dd408ce649f36e280069def66b3 73adc6642c90ce1b05fca3d995aabcbc6fede93ceb36eb92600365d855239d94
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /casino-images/prov_fundist_Thunderkick/c2b5d6f9-004e-4006-8f54-ba9bff495d8c_0.webp HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:23 GMT
content-type: image/webp
content-length: 13242
etag: "67ed2ba8-33ba"
last-modified: Wed, 02 Apr 2025 12:20:56 GMT
expires: Tue, 05 Jun 2035 02:01:23 GMT
cache-control: public, max-age=315360000
x-cache-status: HIT
cf-cache-status: HIT
age: 5659496
accept-ranges: bytes
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fb21cb892f4-CPH
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/casino-images/1/categories/10/4cd82f8d-1339-49b5-9cef-84f7fe33d272_horizontal.svg | 154.197.121.128 | 200 OK | 5.1 kB |
URL GET v1.bundlecdn.com/casino-images/1/categories/10/4cd82f8d-1339-49b5-9cef-84f7fe33d272_horizontal.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hashce8efe23171bfb162a2e96781d940d86 96b132fa1669998f8ae0bfa74159177d27badfe4 1c971fe3d0b03de98da61eab69eb465c0ef345de9c50b42853b70d4178abc752
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /casino-images/1/categories/10/4cd82f8d-1339-49b5-9cef-84f7fe33d272_horizontal.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:24 GMT
content-type: image/svg+xml
etag: W/"67642d35-1406"
last-modified: Thu, 19 Dec 2024 14:27:01 GMT
expires: Tue, 05 Jun 2035 02:01:24 GMT
cache-control: public, max-age=315360000
x-cache-status: HIT
cf-cache-status: HIT
age: 8252214
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fb5add992f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/js/32845.91ab0ba42.js | 154.197.121.128 | 200 OK | 14 kB |
URL GET v1.bundlecdn.com/js/32845.91ab0ba42.js IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeJavaScript source, ASCII text, with very long lines (13518), with no line terminators Hasha3fcd3a264cd36776a814d3562701d24 a63968885dddbc85cd243c8d741ace6f7ff5cd51 dd41d4080777e1bb2fc05ac8516d1c05d8da6deb4d8c436ca011a12760f644dd
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/32845.91ab0ba42.js HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:21 GMT
content-type: application/javascript; charset=utf-8
last-modified: Fri, 06 Jun 2025 14:00:10 GMT
etag: W/"6842f46a-34ce"
expires: Tue, 05 Jun 2035 02:01:21 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 40968
priority: u=3,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fa2cfd192f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/js/34237.b0c3474ea.js | 154.197.121.128 | 200 OK | 1.2 kB |
URL GET v1.bundlecdn.com/js/34237.b0c3474ea.js IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeJavaScript source, ASCII text, with very long lines (1176), with no line terminators Hashb147bd1fac0590c93943dc863936a56a 1efecb024896a80f3d8f0b3e7b3a38e25b6d31f8 6959d0b08791f00bd19a47b21e8a7df8a62cf5114ebed2218828ddec0626d83a
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/34237.b0c3474ea.js HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:21 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 19 May 2025 09:46:11 GMT
etag: W/"682afde3-498"
expires: Tue, 05 Jun 2035 02:01:21 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1612000
priority: u=3,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fa4683e92f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-548949LWLW&cid=961746610.1749261686>m=45je5641h1v894728184z8894400803za200zb894400803&aip=1&dma=1&dma_cps=syphamo&gcd=13l3lPl2l1l1&npa=1&frm=0&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104653070~104653072~104661466~104661468~104684204~104684207~104698127~104698129&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104653070~104653072~104661466~104661468~104684204~104684207~104698127~104698129&z=1290139630 | 142.250.178.35 | 200 OK | 42 B |
URL GET www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-548949LWLW&cid=961746610.1749261686>m=45je5641h1v894728184z8894400803za200zb894400803&aip=1&dma=1&dma_cps=syphamo&gcd=13l3lPl2l1l1&npa=1&frm=0&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104653070~104653072~104661466~104661468~104684204~104684207~104698127~104698129&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104653070~104653072~104661466~104661468~104684204~104684207~104698127~104698129&z=1290139630 IP142.250.178.35:443
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subject*.google.no FingerprintF5:F3:C1:C0:97:D6:3B:FC:0B:FD:36:B3:3B:83:88:FF:EA:FE:D1:1E ValidityMon, 12 May 2025 08:45:40 GMT - Mon, 04 Aug 2025 08:45:39 GMT
File typeGIF image data, version 89a, 1 x 1 Hashd89746888da2d9510b64a9f031eaecd5 d5fceb6532643d0d84ffe09c40c481ecdf59e15a ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-548949LWLW&cid=961746610.1749261686>m=45je5641h1v894728184z8894400803za200zb894400803&aip=1&dma=1&dma_cps=syphamo&gcd=13l3lPl2l1l1&npa=1&frm=0&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104653070~104653072~104661466~104661468~104684204~104684207~104698127~104698129&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104653070~104653072~104661466~104661468~104684204~104684207~104698127~104698129&z=1290139630 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 07 Jun 2025 02:01:26 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| res.1wcommon.com/ZaKYanaVtBQ6QQFe?c376a0c036cc4d51=gTtpeP6MM7HyOYEaXUVvk2_IrHogxqrdysQ4LOwY3mlQeF8IBek4uob-u2FKcBKo3w4XIr9q731OKuzj50cfkxBY1CYhOh2TZC5EO-iI4x5gZLxfhYZnag5E5iCD6Mx2tOPv-GOTyH4MT-wErFyWAydiJGDQ576KPsZ-6cQZGmhyirB6Yj13v4tfY42dAr69DBl44LFvFZ6Lpmen3mkqbL6ewx0&sera_parametere=X0FZAl5QAVFbBwcBCQFSA1hVBQMLV1YAWgUEVFUFUwkABVAEDVYCAQ8MWEVDRlhZV0ERR0sXAyEcAyNGB3FAAglbF1ZUV10AV0ASRgNxQAd7AUEEfBcCVVFbEhdDEFZ0HAYmFg92FgFQCQdXBwAGBF0IVAYPAVIDXQ1SVgBTAFQOUlUEWwcIAQkGVgIDAFUHCQBCXVdcUwAEDVAHAw1XAFwIUFJbAgUACRILEA0FHVZfVAUGDARTBgsHWVJVBgMFX1MBCl4DBQYIUFJXVFBTUw1TBwoJUFRDWF1cUgICUwUfWA0OFQMWFVAJWFoJDF0WUVpZFVoPdgxLUQcMSBMHRgQAVwceUF8WBHgIDUVNQ1NbDBBXQm1TBFVYAwJTXkNVTQxVBgo%3D&count=0&max=0 | 91.235.132.77 | 200 OK | 35 B |
URL GET res.1wcommon.com/ZaKYanaVtBQ6QQFe?c376a0c036cc4d51=gTtpeP6MM7HyOYEaXUVvk2_IrHogxqrdysQ4LOwY3mlQeF8IBek4uob-u2FKcBKo3w4XIr9q731OKuzj50cfkxBY1CYhOh2TZC5EO-iI4x5gZLxfhYZnag5E5iCD6Mx2tOPv-GOTyH4MT-wErFyWAydiJGDQ576KPsZ-6cQZGmhyirB6Yj13v4tfY42dAr69DBl44LFvFZ6Lpmen3mkqbL6ewx0&sera_parametere=X0FZAl5QAVFbBwcBCQFSA1hVBQMLV1YAWgUEVFUFUwkABVAEDVYCAQ8MWEVDRlhZV0ERR0sXAyEcAyNGB3FAAglbF1ZUV10AV0ASRgNxQAd7AUEEfBcCVVFbEhdDEFZ0HAYmFg92FgFQCQdXBwAGBF0IVAYPAVIDXQ1SVgBTAFQOUlUEWwcIAQkGVgIDAFUHCQBCXVdcUwAEDVAHAw1XAFwIUFJbAgUACRILEA0FHVZfVAUGDARTBgsHWVJVBgMFX1MBCl4DBQYIUFJXVFBTUw1TBwoJUFRDWF1cUgICUwUfWA0OFQMWFVAJWFoJDF0WUVpZFVoPdgxLUQcMSBMHRgQAVwceUF8WBHgIDUVNQ1NbDBBXQm1TBFVYAwJTXkNVTQxVBgo%3D&count=0&max=0 IP91.235.132.77:443
Requested byhttps://res.1wcommon.com/F5u2SVjfitTp99fW?e89a8b0e0925a104=F_-MzJrI8a7yKwXeOU_bcV2ElVv_YJ9Ej3Z9W5x-WpsCoWVArFn7FcGSqZRSTpntvsVL_44reSsbEbvk_dqWEuKxgrla5mv6RNduoMLnKmSc8trkka1g-wTUcWfu7VL2E6IsR5cT6hHinoIYBJRzg2PLNRA&hp=.co-operativebank.co.uk/CBIBSWeb/login.do.co-operativebank.co.uk/CBIBSWeb/start.do.de/portal/portal/x.entropay.com/basemenu/prot/x.facebook.comx.nationet.com/x.netbank.commbank.com.au/netbank/bankmainx.npbs.co.uk/netmastergoldbanking/x.nwolb.xlogin.aspx?refereridentx.rbsdigital.xAccountSummaryx.smile.co.uk/SmileWeb/login.do.smile.co.uk/SmileWeb/start.do.yandex.rux/CapitalOne_Consumer/x/easypay.by/x/sbank.ru/x53.com/servlet/efsonlinex://online.wellsfargo.com/x://secure.assist.ru/assistid/protected/main.doxabbeynational.co.uk/EBAN_ENS/BtoChannelDriverxalliance-leicesterxaltergold.com/login.phpxamericanexpress.com/myca/intl/acctsumm/emea/accountSummaryxbancaintesa.it/xbankcardservices.co.ukxbankofamerica.com/xbanquepopulaire.fr/xbnpparibas.net/xcahoot.comxcapitaloneonline.co.uk/CapitalOne_Consumer/Transactionsxcbonline.co.uk/ralu/reglm-web/setupSecurityQuestionPagexcibc.comxPreSignOnxcibc.comxSignOnxcitibank.ru/xclient.uralsibbank.ruxco-operativebank.co.uk/CBIBSWeb/loginSpixcommerceonlinebanking.comxcoventrybuildingsociety.co.ukxdeutsche-bank.dexdiscovercard.com/cardmembersvcs/strongauth/app/sa_mainxebanking.bawag.comxebc_ebc1961xegg.com/customer/movemoneyxegg.com/customer/yourmoneyxfacebook.com/xhalifax-online.co.ukxMyAccountsxhalifax-online.co.uk/x/Mhalifax-online.co.uk/personalxhsbc.co.uk/1/2/personal/internet-banking/xhsbc.comxhttps://banking.postbank.de/app/finanzstatus.init.do;jsessionidxib.fineco.it/FinecoWeb/BonificiServletxib.fineco.it/FinecoWeb/jsp/Main/HBFineco.jspxib.fineco.it/FinecoWeb/jsp/Main/Principale.jspxibank.alfabank.ruxin-biz.it/xipko.plxlibertyreserve.com/x/historylibertyreserve.com/x/loginwww.libertyreserve.com/x/Core.jswww.libertyreserve.com/x/transfer.libertyreserve.com/x/commonscript.jslloydstsb.co.uk/personal/a/account_overview/xmbna.co.ukxmenyala.ruxmoney.yandex.ruxmoneybookers.com/app/login.plxmoneymail.ruxmy.ebay.co.uk/ws/eBayISAPI.dll?MyEbayxmy.ebay.com/ws/eBayISAPI.dll?MyEbayxmy.ebay.fr/ws/eBayISAPI.dll?MyEbayxmybusinessbank.co.ukxnationet.com/AppServices/SignOn/SignOnProcess/RcaSignOnxnpbs.co.ukxnwolb.com/AccountSummaryxnwolb.com/Statementsxnwolb.com/TransfersLandingPagexoltx.fidelity.com/x/x/ofsummary/summaryxonline.lloydstsb.co.ukxonlinebanking.mandtbank.com/summary/AccountSummaryxpassport.yandex.ruxpaypal.com/x/cgi-bin/webscr?cmd=_accountxpaypal.com/x/cgi-bin/webscr?cmd=_login-done&login_access=xpaypal.com/us/cgi-bin/webscr?cmd=_login-done&login_access=xposte.it/xpsk.co.at/xsecure.lloydstsb.co.uk/personal/a/account_overviewxsmile.co.uk/SmileWeb/passcodexusaa.com/xusbank.com/internetBanking/RequestRouter?requestCmdId=Gxwachovia.comxybonline.co.uk/ralu/reglm-web/setupSecurityQuestionPagex.amazon.fr/xhistory/orders/view.htmlx.banquepopulaire.frxShowPortal.dox.bnpparibasfortis.bexHome_Logon.aspx.cdiscount.com/Account/Home.aspxx.cmb.frxaccueil.jspx.credit-agricole.frxentreeBam?sessionSAGx.labanquepostale.fr/xreleveCPP-releve_ccp.eax.secure.bnpparibas.net/NSFR?Actionx.secure.lcl.frxAccueilxcredem.it/OneToOne/ebank/functionsxmijn.ing.nl/xonline.ybs.co.ukxwww.discover.com/xorder.cdiscount.comxCustomer.aspxxsealinfo.verisign.com/splash?form_filexvos-comptes.credit-du-nord.fr/CDC_TableauDeBord_0.asp?xvoscomptesenligne.labanquepostale.frxwww.x.caisse-epargne.fr/Portail.aspxxwww.exabanque.netxonglet.phpxdeutsche-bank.de/xnorisbank.de/xpostbank.de/xtargobank.de/x.x.de/portal/x.bankofamerica.com/x/commonscript.js.bmo.com/OLB?id=x.bmo.com/RMC?id=x.chase.com/x.aspxx.chase.com/js/Reporting.jsx.koodomobile.com/account/selfserve/x/xaccountId=x.payment.ru/x.scotiabank.com/portal/index.jsp?xbancopopular.es/empresasxcreval.it/login2007/loginSiciliano.aspxfirst-direct.com/xipko.plxmybusinessbank.co.ukxsanpaoloimi.com/xulsterbankanytimebanking.x/login.aspxx CertificateIssuerSectigo Limited Subjectres.1wcommon.com FingerprintCA:57:9A:79:5A:DA:C3:1F:13:79:8E:6D:47:D3:CE:AC:9B:E3:07:28 ValidityWed, 04 Dec 2024 00:00:00 GMT - Sun, 04 Jan 2026 23:59:59 GMT
File typeASCII text, with no line terminators Hashc85ce669f74605e6281702d5151e95cf ea7ea590e02a1f5ba658ed869854aa2bfe6389bb c7bbbb324a80dcc09f1dc3818aab57929aab1266f93851590573f49cb712ffd3
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /ZaKYanaVtBQ6QQFe?c376a0c036cc4d51=gTtpeP6MM7HyOYEaXUVvk2_IrHogxqrdysQ4LOwY3mlQeF8IBek4uob-u2FKcBKo3w4XIr9q731OKuzj50cfkxBY1CYhOh2TZC5EO-iI4x5gZLxfhYZnag5E5iCD6Mx2tOPv-GOTyH4MT-wErFyWAydiJGDQ576KPsZ-6cQZGmhyirB6Yj13v4tfY42dAr69DBl44LFvFZ6Lpmen3mkqbL6ewx0&sera_parametere=X0FZAl5QAVFbBwcBCQFSA1hVBQMLV1YAWgUEVFUFUwkABVAEDVYCAQ8MWEVDRlhZV0ERR0sXAyEcAyNGB3FAAglbF1ZUV10AV0ASRgNxQAd7AUEEfBcCVVFbEhdDEFZ0HAYmFg92FgFQCQdXBwAGBF0IVAYPAVIDXQ1SVgBTAFQOUlUEWwcIAQkGVgIDAFUHCQBCXVdcUwAEDVAHAw1XAFwIUFJbAgUACRILEA0FHVZfVAUGDARTBgsHWVJVBgMFX1MBCl4DBQYIUFJXVFBTUw1TBwoJUFRDWF1cUgICUwUfWA0OFQMWFVAJWFoJDF0WUVpZFVoPdgxLUQcMSBMHRgQAVwceUF8WBHgIDUVNQ1NbDBBXQm1TBFVYAwJTXkNVTQxVBgo%3D&count=0&max=0 HTTP/1.1
Host: res.1wcommon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://res.1wcommon.com/F5u2SVjfitTp99fW?e89a8b0e0925a104=F_-MzJrI8a7yKwXeOU_bcV2ElVv_YJ9Ej3Z9W5x-WpsCoWVArFn7FcGSqZRSTpntvsVL_44reSsbEbvk_dqWEuKxgrla5mv6RNduoMLnKmSc8trkka1g-wTUcWfu7VL2E6IsR5cT6hHinoIYBJRzg2PLNRA&hp=.co-operativebank.co.uk/CBIBSWeb/login.do.co-operativebank.co.uk/CBIBSWeb/start.do.de/portal/portal/x.entropay.com/basemenu/prot/x.facebook.comx.nationet.com/x.netbank.commbank.com.au/netbank/bankmainx.npbs.co.uk/netmastergoldbanking/x.nwolb.xlogin.aspx?refereridentx.rbsdigital.xAccountSummaryx.smile.co.uk/SmileWeb/login.do.smile.co.uk/SmileWeb/start.do.yandex.rux/CapitalOne_Consumer/x/easypay.by/x/sbank.ru/x53.com/servlet/efsonlinex://online.wellsfargo.com/x://secure.assist.ru/assistid/protected/main.doxabbeynational.co.uk/EBAN_ENS/BtoChannelDriverxalliance-leicesterxaltergold.com/login.phpxamericanexpress.com/myca/intl/acctsumm/emea/accountSummaryxbancaintesa.it/xbankcardservices.co.ukxbankofamerica.com/xbanquepopulaire.fr/xbnpparibas.net/xcahoot.comxcapitaloneonline.co.uk/CapitalOne_Consumer/Transactionsxcbonline.co.uk/ralu/reglm-web/setupSecurityQuestionPagexcibc.comxPreSignOnxcibc.comxSignOnxcitibank.ru/xclient.uralsibbank.ruxco-operativebank.co.uk/CBIBSWeb/loginSpixcommerceonlinebanking.comxcoventrybuildingsociety.co.ukxdeutsche-bank.dexdiscovercard.com/cardmembersvcs/strongauth/app/sa_mainxebanking.bawag.comxebc_ebc1961xegg.com/customer/movemoneyxegg.com/customer/yourmoneyxfacebook.com/xhalifax-online.co.ukxMyAccountsxhalifax-online.co.uk/x/Mhalifax-online.co.uk/personalxhsbc.co.uk/1/2/personal/internet-banking/xhsbc.comxhttps://banking.postbank.de/app/finanzstatus.init.do;jsessionidxib.fineco.it/FinecoWeb/BonificiServletxib.fineco.it/FinecoWeb/jsp/Main/HBFineco.jspxib.fineco.it/FinecoWeb/jsp/Main/Principale.jspxibank.alfabank.ruxin-biz.it/xipko.plxlibertyreserve.com/x/historylibertyreserve.com/x/loginwww.libertyreserve.com/x/Core.jswww.libertyreserve.com/x/transfer.libertyreserve.com/x/commonscript.jslloydstsb.co.uk/personal/a/account_overview/xmbna.co.ukxmenyala.ruxmoney.yandex.ruxmoneybookers.com/app/login.plxmoneymail.ruxmy.ebay.co.uk/ws/eBayISAPI.dll?MyEbayxmy.ebay.com/ws/eBayISAPI.dll?MyEbayxmy.ebay.fr/ws/eBayISAPI.dll?MyEbayxmybusinessbank.co.ukxnationet.com/AppServices/SignOn/SignOnProcess/RcaSignOnxnpbs.co.ukxnwolb.com/AccountSummaryxnwolb.com/Statementsxnwolb.com/TransfersLandingPagexoltx.fidelity.com/x/x/ofsummary/summaryxonline.lloydstsb.co.ukxonlinebanking.mandtbank.com/summary/AccountSummaryxpassport.yandex.ruxpaypal.com/x/cgi-bin/webscr?cmd=_accountxpaypal.com/x/cgi-bin/webscr?cmd=_login-done&login_access=xpaypal.com/us/cgi-bin/webscr?cmd=_login-done&login_access=xposte.it/xpsk.co.at/xsecure.lloydstsb.co.uk/personal/a/account_overviewxsmile.co.uk/SmileWeb/passcodexusaa.com/xusbank.com/internetBanking/RequestRouter?requestCmdId=Gxwachovia.comxybonline.co.uk/ralu/reglm-web/setupSecurityQuestionPagex.amazon.fr/xhistory/orders/view.htmlx.banquepopulaire.frxShowPortal.dox.bnpparibasfortis.bexHome_Logon.aspx.cdiscount.com/Account/Home.aspxx.cmb.frxaccueil.jspx.credit-agricole.frxentreeBam?sessionSAGx.labanquepostale.fr/xreleveCPP-releve_ccp.eax.secure.bnpparibas.net/NSFR?Actionx.secure.lcl.frxAccueilxcredem.it/OneToOne/ebank/functionsxmijn.ing.nl/xonline.ybs.co.ukxwww.discover.com/xorder.cdiscount.comxCustomer.aspxxsealinfo.verisign.com/splash?form_filexvos-comptes.credit-du-nord.fr/CDC_TableauDeBord_0.asp?xvoscomptesenligne.labanquepostale.frxwww.x.caisse-epargne.fr/Portail.aspxxwww.exabanque.netxonglet.phpxdeutsche-bank.de/xnorisbank.de/xpostbank.de/xtargobank.de/x.x.de/portal/x.bankofamerica.com/x/commonscript.js.bmo.com/OLB?id=x.bmo.com/RMC?id=x.chase.com/x.aspxx.chase.com/js/Reporting.jsx.koodomobile.com/account/selfserve/x/xaccountId=x.payment.ru/x.scotiabank.com/portal/index.jsp?xbancopopular.es/empresasxcreval.it/login2007/loginSiciliano.aspxfirst-direct.com/xipko.plxmybusinessbank.co.ukxsanpaoloimi.com/xulsterbankanytimebanking.x/login.aspxx
Cookie: thx_guid=1822d361c68f65cff7bbe04c52d309b0; tmx_guid=AAw6PUcB4sg64sibo0iD2O5yGB-Oy3QS8DpTK0nCRRr0Og_jbqsd-37Hw33OnpttNR1AnAp7gqKK7mAqYxMK8J7RMAEPzg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 07 Jun 2025 02:01:28 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Connection: Keep-Alive, Keep-Alive
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/javascript;charset=UTF-8
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=2, max=93
Transfer-Encoding: chunked
|
|
| 1w-jp-ftend-pp.top/core-js/3.33.3/minified.js | 186.2.162.102 | 200 OK | 244 kB |
URL GET 1w-jp-ftend-pp.top/core-js/3.33.3/minified.js IP186.2.162.102:443
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerLet's Encrypt Subject1w-jp-ftend-pp.top FingerprintD8:19:54:6C:72:76:2A:9F:4D:9C:E8:D4:AB:99:90:76:B0:36:E2:3D ValiditySun, 01 Jun 2025 03:16:50 GMT - Sat, 30 Aug 2025 03:16:49 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (31998) Size244 kB (244105 bytes) Hash97ef15810bfd714fbb6955466693fa81 c33a9988b77ff3a02fd14874f2308ccf1739f8c4 e150f69a7ae98980592fe81f0f664c242834976066cb0fc326331d8983b63515
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /core-js/3.33.3/minified.js HTTP/1.1
Host: 1w-jp-ftend-pp.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Cookie: __ddg8_=FVB36ypd0IIeggw9; __ddg10_=1749261678; __ddg9_=91.90.42.154; __ddg1_=KSoY9uwf9i8O4qnFOkqt
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=d9Itq7Jg2jOMi3fs; Domain=.1w-jp-ftend-pp.top; Path=/; Expires=Sat, 07-Jun-2025 02:21:18 GMT
__ddg10_=1749261678; Domain=.1w-jp-ftend-pp.top; Path=/; Expires=Sat, 07-Jun-2025 02:21:18 GMT
__ddg9_=91.90.42.154; Domain=.1w-jp-ftend-pp.top; Path=/; Expires=Sat, 07-Jun-2025 02:21:18 GMT
date: Sat, 07 Jun 2025 02:01:18 GMT
content-type: application/javascript
last-modified: Fri, 06 Jun 2025 15:37:18 GMT
etag: W/"68430b2e-3b989"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
content-encoding: br
vary: Accept-Encoding
age: 0
ddg-cache-status: MISS,MISS
X-Firefox-Spdy: h2
|
|
| v1.bundlecdn.com/casino-images/1/categories/210248/979f8b3c-c22f-4bc5-b857-39ed2ca14ef7.svg | 154.197.121.128 | 200 OK | 3.5 kB |
URL GET v1.bundlecdn.com/casino-images/1/categories/210248/979f8b3c-c22f-4bc5-b857-39ed2ca14ef7.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hash468df0cd9546410a3d003671a9f67a01 abc3dbd74f54ace9a886b92ccecbf715b8e9f04f c916072fd5a5ceaa3ea42af7f003e5b7ba05b3a9b85e03e9724ecf9acece5758
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /casino-images/1/categories/210248/979f8b3c-c22f-4bc5-b857-39ed2ca14ef7.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:24 GMT
content-type: image/svg+xml
etag: W/"683d98d7-d8c"
last-modified: Mon, 02 Jun 2025 12:28:07 GMT
expires: Tue, 05 Jun 2035 02:01:24 GMT
cache-control: public, max-age=315360000
x-cache-status: HIT
cf-cache-status: HIT
age: 315799
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fb5add692f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/casino-images/prov_v_Pixmove/f1eb0cb0-d81e-4900-8217-fb51389bfb75.svg | 154.197.121.128 | 200 OK | 7.6 kB |
URL GET v1.bundlecdn.com/casino-images/prov_v_Pixmove/f1eb0cb0-d81e-4900-8217-fb51389bfb75.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hashb49febb128b9ab2212e3e8c6ed6cdb83 61b4fefa5d71b9020d9db1c544d72a8a3d0c7abf 97069243415623b89f1981187a45a8e491603f1d5516d7c8e6163ab6dc83d0e4
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /casino-images/prov_v_Pixmove/f1eb0cb0-d81e-4900-8217-fb51389bfb75.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:23 GMT
content-type: image/svg+xml
etag: W/"6841fe41-1dce"
last-modified: Thu, 05 Jun 2025 20:29:53 GMT
expires: Tue, 05 Jun 2035 02:01:23 GMT
cache-control: public, max-age=315360000
x-cache-status: HIT
cf-cache-status: HIT
age: 105791
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fb19c6a92f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/casino-images/prov_relax_Revolver/bcc3a1c0-2abd-4946-bf3c-f3c0f0c575a8_0.svg | 154.197.121.128 | 200 OK | 1.9 kB |
URL GET v1.bundlecdn.com/casino-images/prov_relax_Revolver/bcc3a1c0-2abd-4946-bf3c-f3c0f0c575a8_0.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hash95aa450dc725ff39875235344c39bea4 313f5f3b06fee589af05c3d82abb4fa36d4594fa 94c7304d3158796ca106608fff4316273e317bca8b8524b96af3346eb70b51bb
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /casino-images/prov_relax_Revolver/bcc3a1c0-2abd-4946-bf3c-f3c0f0c575a8_0.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:23 GMT
content-type: image/svg+xml
etag: W/"67ed2baa-76b"
last-modified: Wed, 02 Apr 2025 12:20:58 GMT
expires: Tue, 05 Jun 2035 02:01:23 GMT
cache-control: public, max-age=315360000
x-cache-status: HIT
cf-cache-status: HIT
age: 5659496
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fb1fca292f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/casino-images/1/categories/17/6019d544-4e2a-498c-9aa5-28564808c82f_horizontal.svg | 154.197.121.128 | 200 OK | 1.7 kB |
URL GET v1.bundlecdn.com/casino-images/1/categories/17/6019d544-4e2a-498c-9aa5-28564808c82f_horizontal.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hashe31aaed3afaa86bee871da3bff92ec8a 7cd0c181d0bba3ce0804e699e392d2a58748df22 bb9a3ea9ddddaab53cbfe10276c2708319929e4eb269d603ed12d5107fb0fe4f
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /casino-images/1/categories/17/6019d544-4e2a-498c-9aa5-28564808c82f_horizontal.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:24 GMT
content-type: image/svg+xml
etag: W/"67642c90-6c4"
last-modified: Thu, 19 Dec 2024 14:24:16 GMT
expires: Tue, 05 Jun 2035 02:01:24 GMT
cache-control: public, max-age=315360000
x-cache-status: MISS
cf-cache-status: HIT
age: 289212
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fb54db592f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| imgproxy.v1.bundlecdn.com/unsafe/casino_list_big_1x/plain/https://v1.bundlecdn.com/casino-images/pragmatic/292.png@avif | 154.197.121.128 | 200 OK | 6.4 kB |
URL GET imgproxy.v1.bundlecdn.com/unsafe/casino_list_big_1x/plain/https://v1.bundlecdn.com/casino-images/pragmatic/292.png@avif IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
Hashc1e973fbc654ad61e932583fd4fb4566 4c09f0530608974b62ded6d76c3d6a4e89e89896 1b58689a16efc8f7ccec23e4272eaa15cb2579247e0422bec8b42c04b25224ce
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://v1.bundlecdn.com/casino-images/pragmatic/292.png@avif HTTP/1.1
Host: imgproxy.v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:24 GMT
content-type: image/avif
content-length: 6368
cache-control: public, max-age=31536000
content-disposition: inline; filename="292.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY3YWM1MTBkLTI3M2ZhIg"
expires: Sun, 07 Jun 2026 02:01:24 GMT
x-request-id: tXsMCfozgPj79tT43ie9E
cf-cache-status: HIT
age: 997545
accept-ranges: bytes
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fb89ed292f4-CPH
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| res.1wcommon.com/FsZcD_ItT6cZfWL2?5841e00f7af11834=RTTBdNDKivAAawTETHDhfxb80DQOtL5U_VpCiUbIho1wz1JsjyD0ZfdEJcZCmHNw7vmD9tehHXWMRkxAKXZZBl4_KCnslbgUsukMNqzDwYiZjPw8fZTEUZPhNO0ohma67tjgYCdK0GHgjP1pVknGI1zucn_xFKM3tt-a_zs | 91.235.132.77 | 200 OK | 81 B |
URL GET res.1wcommon.com/FsZcD_ItT6cZfWL2?5841e00f7af11834=RTTBdNDKivAAawTETHDhfxb80DQOtL5U_VpCiUbIho1wz1JsjyD0ZfdEJcZCmHNw7vmD9tehHXWMRkxAKXZZBl4_KCnslbgUsukMNqzDwYiZjPw8fZTEUZPhNO0ohma67tjgYCdK0GHgjP1pVknGI1zucn_xFKM3tt-a_zs IP91.235.132.77:443
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerSectigo Limited Subjectres.1wcommon.com FingerprintCA:57:9A:79:5A:DA:C3:1F:13:79:8E:6D:47:D3:CE:AC:9B:E3:07:28 ValidityWed, 04 Dec 2024 00:00:00 GMT - Sun, 04 Jan 2026 23:59:59 GMT
File typePNG image data, 2 x 1, 8-bit/color RGBA, non-interlaced Hash1b6d2de2867a3e11063ba25aa1cd4209 bd20b0e089f31f35cba4d0fa7277e73aa74d944c 95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /FsZcD_ItT6cZfWL2?5841e00f7af11834=RTTBdNDKivAAawTETHDhfxb80DQOtL5U_VpCiUbIho1wz1JsjyD0ZfdEJcZCmHNw7vmD9tehHXWMRkxAKXZZBl4_KCnslbgUsukMNqzDwYiZjPw8fZTEUZPhNO0ohma67tjgYCdK0GHgjP1pVknGI1zucn_xFKM3tt-a_zs HTTP/1.1
Host: res.1wcommon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Cookie: thx_guid=1822d361c68f65cff7bbe04c52d309b0; tmx_guid=AAw6PUcB4sg64sibo0iD2O5yGB-Oy3QS8DpTK0nCRRr0Og_jbqsd-37Hw33OnpttNR1AnAp7gqKK7mAqYxMK8J7RMAEPzg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 07 Jun 2025 02:01:25 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Pragma: no-cache
Cache-Control: no-cache, no-store, must-revalidate
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Length: 81
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: image/png
|
|
| res.1wcommon.com/8caPTk3me7vOpTSQ?63e7d9c1dd015527=q3of5nTtONcHOEG7QyYrRv19C16GbyGR3h5rxWT9LvgslzqVQEyq3MobQ4PKDBkO0I8TEsyAZNO_v9dQv9mZ6YjOxENxsFRCWeG_RcUpZyTqvTEH7YBTVCS_RDGq-sBG3SYTKEoAq8H5scuat09DrInyiit5bCrCqjmcri7eo7GbPvYEAJS6_3HHD27WIZwUzn2oXj3sP8Xa9W-j&jb=31392426687b6d77354e696c77702668716d3544616e75702668736235446b7265666d7a27323231313c | 91.235.132.77 | 200 OK | 411 kB |
URL GET res.1wcommon.com/8caPTk3me7vOpTSQ?63e7d9c1dd015527=q3of5nTtONcHOEG7QyYrRv19C16GbyGR3h5rxWT9LvgslzqVQEyq3MobQ4PKDBkO0I8TEsyAZNO_v9dQv9mZ6YjOxENxsFRCWeG_RcUpZyTqvTEH7YBTVCS_RDGq-sBG3SYTKEoAq8H5scuat09DrInyiit5bCrCqjmcri7eo7GbPvYEAJS6_3HHD27WIZwUzn2oXj3sP8Xa9W-j&jb=31392426687b6d77354e696c77702668716d3544616e75702668736235446b7265666d7a27323231313c IP91.235.132.77:443
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerSectigo Limited Subjectres.1wcommon.com FingerprintCA:57:9A:79:5A:DA:C3:1F:13:79:8E:6D:47:D3:CE:AC:9B:E3:07:28 ValidityWed, 04 Dec 2024 00:00:00 GMT - Sun, 04 Jan 2026 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (17216) Size411 kB (411163 bytes) Hash290413fe29fcba337d6daa1e3a78b774 67f90d23fc23468671b32eceae7b5866a29d2ba2 ea9c542e3623e227376415e2c8504850d15a2c7701ceab0a7bae535e68506eca
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /8caPTk3me7vOpTSQ?63e7d9c1dd015527=q3of5nTtONcHOEG7QyYrRv19C16GbyGR3h5rxWT9LvgslzqVQEyq3MobQ4PKDBkO0I8TEsyAZNO_v9dQv9mZ6YjOxENxsFRCWeG_RcUpZyTqvTEH7YBTVCS_RDGq-sBG3SYTKEoAq8H5scuat09DrInyiit5bCrCqjmcri7eo7GbPvYEAJS6_3HHD27WIZwUzn2oXj3sP8Xa9W-j&jb=31392426687b6d77354e696c77702668716d3544616e75702668736235446b7265666d7a27323231313c HTTP/1.1
Host: res.1wcommon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Cookie: thx_guid=1822d361c68f65cff7bbe04c52d309b0; tmx_guid=AAw6PUcB4sg64sibo0iD2O5yGB-Oy3QS8DpTK0nCRRr0Og_jbqsd-37Hw33OnpttNR1AnAp7gqKK7mAqYxMK8J7RMAEPzg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 07 Jun 2025 02:01:25 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Connection: Keep-Alive, Keep-Alive
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT
tmx-nonce: 91d3820e94ac05e0
X-Robots-Tag: noindex, nofollow
Content-Type: text/javascript;charset=UTF-8
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=2, max=100
Transfer-Encoding: chunked
|
|
| v1.bundlecdn.com/casino-images/prov_fundist_BetSoft/a4adbabe-d868-4119-9c04-8e313c521858_0.svg | 154.197.121.128 | 200 OK | 1.9 kB |
URL GET v1.bundlecdn.com/casino-images/prov_fundist_BetSoft/a4adbabe-d868-4119-9c04-8e313c521858_0.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hash2acd9a4b0ad2cc9cadcc4d3a15821df6 d5e8fed315846b72a5d11d4529a132ea679af8b3 2629bc7a17e5af0cd50c110ae3f948b6c5501a5675365fadf7086b657bf9c2f0
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /casino-images/prov_fundist_BetSoft/a4adbabe-d868-4119-9c04-8e313c521858_0.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:23 GMT
content-type: image/svg+xml
etag: W/"67ed20a5-79a"
last-modified: Wed, 02 Apr 2025 11:33:57 GMT
expires: Tue, 05 Jun 2035 02:01:23 GMT
cache-control: public, max-age=315360000
x-cache-status: HIT
cf-cache-status: HIT
age: 5667815
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8faf1b8892f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/casino-images/prov_softswiss_Lucky%20Streak/4324ba23-ecd6-44a3-a08b-4187dbfc0fd9_0.png | 154.197.121.128 | 200 OK | 20 kB |
URL GET v1.bundlecdn.com/casino-images/prov_softswiss_Lucky%20Streak/4324ba23-ecd6-44a3-a08b-4187dbfc0fd9_0.png IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typePNG image data, 1040 x 686, 8-bit colormap, non-interlaced Hashc0c744f7c36cd8d52f75559a0da893b3 11e7fbcb46bd5fddd3e6eb9ac63106f23a3148cf 8a475db8531da60394aa881403bc24cd8e900c6489507d0d4db54bf85efa1c58
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /casino-images/prov_softswiss_Lucky%20Streak/4324ba23-ecd6-44a3-a08b-4187dbfc0fd9_0.png HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:23 GMT
content-type: image/png
content-length: 20159
cache-control: public, max-age=315360000
cf-bgj: imgq:100,h2pri
cf-polished: origSize=41905
etag: "67efe361-a3b1"
expires: Tue, 05 Jun 2035 02:01:23 GMT
last-modified: Fri, 04 Apr 2025 13:49:21 GMT
x-cache-status: MISS
cf-cache-status: HIT
age: 2144289
accept-ranges: bytes
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fb12c3392f4-CPH
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/img/100hp%20gaming.8352a77d8.svg | 154.197.121.128 | 200 OK | 2.4 kB |
URL GET v1.bundlecdn.com/img/100hp%20gaming.8352a77d8.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hashf3ccf531b6e4bdda509ab58342186924 3474930aa1c128202a9ff17d1d4141cfb9d4206d dd37b79a4849eb26ff9cc1fea1617b7d0729e9668c53a9e2c9b053cc615e2576
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/100hp%20gaming.8352a77d8.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:22 GMT
content-type: image/svg+xml
last-modified: Fri, 06 Jun 2025 15:37:18 GMT
etag: W/"68430b2e-935"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 4406
expires: Sat, 07 Jun 2025 06:01:22 GMT
cache-control: public, max-age=14400
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8facfad992f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| imgproxy.v1.bundlecdn.com/unsafe/casino_list_big_1x/plain/https://v1.bundlecdn.com/casino-images/1play/ddab8f2c-09e4-4501-8d94-fa786cd3fc2d.png@avif | 154.197.121.128 | 200 OK | 7.5 kB |
URL GET imgproxy.v1.bundlecdn.com/unsafe/casino_list_big_1x/plain/https://v1.bundlecdn.com/casino-images/1play/ddab8f2c-09e4-4501-8d94-fa786cd3fc2d.png@avif IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
Hash0f1de85c92c2f52d45d2b0178e889a95 781e597cfda51b7ff63d00d2c7365d6a7051a294 ee9143069b2ff6b331b830cf850abae2edeccc2ea4a7f3c67ad25319b3364607
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://v1.bundlecdn.com/casino-images/1play/ddab8f2c-09e4-4501-8d94-fa786cd3fc2d.png@avif HTTP/1.1
Host: imgproxy.v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:24 GMT
content-type: image/avif
content-length: 7499
cache-control: public, max-age=31536000
content-disposition: inline; filename="ddab8f2c-09e4-4501-8d94-fa786cd3fc2d.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY3MjBkZGQ4LTJhM2VmIg"
expires: Sun, 07 Jun 2026 02:01:24 GMT
x-request-id: 3LBc8PEOmpIZ1MImPtbcd
cf-cache-status: HIT
age: 1742078
accept-ranges: bytes
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fb7de8292f4-CPH
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/js/80372.2b9a732dd.js | 154.197.121.128 | 200 OK | 636 B |
URL GET v1.bundlecdn.com/js/80372.2b9a732dd.js IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeJavaScript source, ASCII text, with very long lines (636), with no line terminators Hash3fde8203fa923b83449a981209fb76c9 dbdc16c7fd06a0375baae361bf3cddeb56d141a6 3597e2562e16dcd0ad8fd48bd393d754ea1206023de582d5d92e0b1dcc1cf253
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/80372.2b9a732dd.js HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:21 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 19 May 2025 09:46:12 GMT
etag: W/"682afde4-27c"
expires: Tue, 05 Jun 2035 02:01:21 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1612000
priority: u=3,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fa4683b92f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/casino-images/prov_infingames_AGT/81aec389-bff5-403d-bb30-10de18c20a1a_0.svg | 154.197.121.128 | 200 OK | 1.5 kB |
URL GET v1.bundlecdn.com/casino-images/prov_infingames_AGT/81aec389-bff5-403d-bb30-10de18c20a1a_0.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hashfbea555573376e17f426b0f3e6dd98a9 b895355376d613970c3d58be2693c033814a8b91 afc573e6593e8bed719e783fca7b0cec1ec55c0be4205ca5bb644187efd26d4d
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /casino-images/prov_infingames_AGT/81aec389-bff5-403d-bb30-10de18c20a1a_0.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:22 GMT
content-type: image/svg+xml
etag: W/"67ed2848-5e0"
last-modified: Wed, 02 Apr 2025 12:06:32 GMT
expires: Tue, 05 Jun 2035 02:01:22 GMT
cache-control: public, max-age=315360000
x-cache-status: HIT
cf-cache-status: HIT
age: 4849534
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fad9b1d92f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/font/SFNSDisplay-latin.50a4eaff3.woff2 | 154.197.121.128 | 200 OK | 33 kB |
URL GET v1.bundlecdn.com/font/SFNSDisplay-latin.50a4eaff3.woff2 IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 33064, version 1.0 Hashde175cbf569bb3ccf1f761c845cbd896 8d93663b858bae157ba5fc40e1400177104d71bd df3772666587111462634070c47969ad9687bbf80d0694bb2e6c33be39434d68
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /font/SFNSDisplay-latin.50a4eaff3.woff2 HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1w-jp-ftend-pp.top/
Origin: https://1w-jp-ftend-pp.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 07 Jun 2025 02:01:18 GMT
content-type: application/octet-stream
content-length: 33064
last-modified: Fri, 06 Jun 2025 15:37:17 GMT
etag: "68430b2d-8128"
expires: Tue, 05 Jun 2035 02:01:18 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8f950af4be44-CPH
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1w-jp-ftend-pp.top/common/banners/allv4?localeId=1&lang=en&tzOffset=0 | 186.2.162.102 | 200 OK | 33 kB |
URL GET 1w-jp-ftend-pp.top/common/banners/allv4?localeId=1&lang=en&tzOffset=0 IP186.2.162.102:443
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerLet's Encrypt Subject1w-jp-ftend-pp.top FingerprintD8:19:54:6C:72:76:2A:9F:4D:9C:E8:D4:AB:99:90:76:B0:36:E2:3D ValiditySun, 01 Jun 2025 03:16:50 GMT - Sat, 30 Aug 2025 03:16:49 GMT
File typeUnicode text, UTF-8 text, with very long lines (31741), with no line terminators Hashff709f02d90a05a0d89b49983a6de097 1b1160b41c21d91e95eb0f267b11d74675cabd57 7729c80fd8760d91c25da9a2b2a017413849e0da137c2f776a845c5abb2f17a0
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /common/banners/allv4?localeId=1&lang=en&tzOffset=0 HTTP/1.1
Host: 1w-jp-ftend-pp.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Origin: 1w-jp-ftend-pp.top
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Cookie: __ddg8_=tamrv30qvnn0f2Hd; __ddg10_=1749261680; __ddg9_=91.90.42.154; __ddg1_=KSoY9uwf9i8O4qnFOkqt; visit_domain=1w-jp-ftend-pp.top; 1w_lang=en; fvt=2025-06-07T02:01:20.009Z; AMP_494cccfe21=JTdCJTIyZGV2aWNlSWQlMjIlM0ElMjJjYjAwMWU5ZS1kODg3LTRmNzEtOWIyMy1kYjc2MTNjYTM5Y2ElMjIlMkMlMjJzZXNzaW9uSWQlMjIlM0ExNzQ5MjYxNjgwMDIzJTJDJTIyb3B0T3V0JTIyJTNBZmFsc2UlMkMlMjJwYWdlQ291bnRlciUyMiUzQTAlN0Q=; 1w_locale=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=f6NyB86jEHcxT8H1; Domain=.1w-jp-ftend-pp.top; Path=/; Expires=Sat, 07-Jun-2025 02:21:20 GMT
__ddg10_=1749261680; Domain=.1w-jp-ftend-pp.top; Path=/; Expires=Sat, 07-Jun-2025 02:21:20 GMT
__ddg9_=91.90.42.154; Domain=.1w-jp-ftend-pp.top; Path=/; Expires=Sat, 07-Jun-2025 02:21:20 GMT
date: Sat, 07 Jun 2025 02:01:21 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=3600, stale-while-revalidate=300
etag: W/"a763-ayXKuRyznvwpekYnL5C3zoaNkpg"
vary: Accept-Encoding, Origin
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| v1.bundlecdn.com/casino-images/prov_mrslotty_Fazi/f42a1101-a4fa-40b1-982d-809d405c91be_0.svg | 154.197.121.128 | 200 OK | 1.0 kB |
URL GET v1.bundlecdn.com/casino-images/prov_mrslotty_Fazi/f42a1101-a4fa-40b1-982d-809d405c91be_0.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hashe68d44141cc3d25fdf3a177bf44782bb 99f1b4dae279e9358e4e8f030296fb19165f3dd2 d450c9edc8a41204dd9a2abfe7d9fc09142bd511b95d85e6e165030751fe700c
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /casino-images/prov_mrslotty_Fazi/f42a1101-a4fa-40b1-982d-809d405c91be_0.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:23 GMT
content-type: image/svg+xml
etag: W/"67ed2491-416"
last-modified: Wed, 02 Apr 2025 11:50:41 GMT
expires: Tue, 05 Jun 2035 02:01:23 GMT
cache-control: public, max-age=315360000
x-cache-status: HIT
cf-cache-status: HIT
age: 5664974
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fafbbc792f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/casino-images/prov_fundist_Mascot%20Gaming/aab5066e-b1a1-4a61-8aaf-b06574af34bb_0.png | 154.197.121.128 | 200 OK | 5.4 kB |
URL GET v1.bundlecdn.com/casino-images/prov_fundist_Mascot%20Gaming/aab5066e-b1a1-4a61-8aaf-b06574af34bb_0.png IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typePNG image data, 350 x 312, 8-bit colormap, non-interlaced Hash0c7ac072069402b15343b8ac7d637d25 66c8f6eeabf4952e7886448ff661f8e096028542 325cbf9a62941104878fad2c5b007cbfa603af83c339350099de0b4633c2e910
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /casino-images/prov_fundist_Mascot%20Gaming/aab5066e-b1a1-4a61-8aaf-b06574af34bb_0.png HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:23 GMT
content-type: image/png
content-length: 5403
cache-control: public, max-age=315360000
cf-bgj: imgq:100,h2pri
cf-polished: origSize=11546
etag: "67ed368e-2d1a"
expires: Tue, 05 Jun 2035 02:01:23 GMT
last-modified: Wed, 02 Apr 2025 13:07:26 GMT
x-cache-status: HIT
cf-cache-status: HIT
age: 2242031
accept-ranges: bytes
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fb12c3692f4-CPH
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/img/home-poker-banner-bg.a77f0d650-600.webp | 154.197.121.128 | 200 OK | 12 kB |
URL GET v1.bundlecdn.com/img/home-poker-banner-bg.a77f0d650-600.webp IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeRIFF (little-endian) data, Web/P image Hash45df6c11399190f031e9db37f9f4e785 a8a641e38f707a584b72a5ad5c010e7bbcd7920c 121521ac13372efb3f1ab4c324432d8660fbea196e96df7916ce7457699705a3
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/home-poker-banner-bg.a77f0d650-600.webp HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:21 GMT
content-type: image/webp
content-length: 12264
last-modified: Fri, 06 Jun 2025 15:37:18 GMT
etag: "68430b2e-2fe8"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 4053
expires: Sat, 07 Jun 2025 06:01:21 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fa849a192f4-CPH
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/img/uefa.093dd4fef.svg | 154.197.121.128 | 200 OK | 1.9 kB |
URL GET v1.bundlecdn.com/img/uefa.093dd4fef.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hash95fe3247e059ae471de18dbe8fcc72db ac51ff399d46d882b7da6148d8453779aa7fa9ef a1f1ea7dda21e168e0851c1feb4f3c5ecca6cba80bed227a20a850033499207b
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/uefa.093dd4fef.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:22 GMT
content-type: image/svg+xml
last-modified: Fri, 06 Jun 2025 15:37:18 GMT
etag: W/"68430b2e-782"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 7180
expires: Sat, 07 Jun 2025 06:01:22 GMT
cache-control: public, max-age=14400
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fab9a5c92f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/font/SFNSText-latin-ext.7b2e9f978.woff2 | 154.197.121.128 | 200 OK | 66 kB |
URL GET v1.bundlecdn.com/font/SFNSText-latin-ext.7b2e9f978.woff2 IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 66380, version 1.0 Hash596f2ad6f5c9fb3a33ac4de1e6bf0f94 c62868912f7734be8d11557afb4a097639b3056d 81031d43b18adffe1f1b35bf4478f743740e8a36c5fde38ffccad79fcb479c30
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /font/SFNSText-latin-ext.7b2e9f978.woff2 HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1w-jp-ftend-pp.top
DNT: 1
Connection: keep-alive
Referer: https://v1.bundlecdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:24 GMT
content-type: application/octet-stream
content-length: 66380
last-modified: Fri, 06 Jun 2025 15:37:17 GMT
etag: "68430b2d-1034c"
expires: Tue, 05 Jun 2035 02:01:24 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: MISS
accept-ranges: bytes
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fb5bdec92f4-CPH
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| www.googletagmanager.com/gtag/js?id=AW-16482547739&cx=c>m=45He5641h1v894400803za200&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104617979~104617981~104653070~104653072~104661466~104661468~104698127~104698129 | 142.250.178.104 | 200 OK | 345 kB |
URL GET www.googletagmanager.com/gtag/js?id=AW-16482547739&cx=c>m=45He5641h1v894400803za200&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104617979~104617981~104653070~104653072~104661466~104661468~104698127~104698129 IP142.250.178.104:443
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subject*.google-analytics.com Fingerprint10:76:57:2F:C3:21:F2:5F:71:E4:85:A5:DB:F7:65:3F:51:03:55:07 ValidityMon, 12 May 2025 08:42:57 GMT - Mon, 04 Aug 2025 08:42:56 GMT
File typeJavaScript source, ASCII text, with very long lines (5359) Size345 kB (345362 bytes) Hashcb8565544c8e96ad72a2120f0df82972 9b672d0a0909ca004966c69e93b00c5c2c6e34cf 84aa3331e5859a18d72d4c831118c0c616e8d10f86ac4258a8090212bb55fceb
GET /gtag/js?id=AW-16482547739&cx=c>m=45He5641h1v894400803za200&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104617979~104617981~104653070~104653072~104661466~104661468~104698127~104698129 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 07 Jun 2025 02:01:24 GMT
expires: Sat, 07 Jun 2025 02:01:24 GMT
cache-control: private, max-age=900
last-modified: Sat, 07 Jun 2025 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1077:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascgcycc:1077:0
report-to: {"group":"ascgcycc:1077:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1077:0"}],}
server: Google Tag Manager
content-length: 118163
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| v1.bundlecdn.com/casino-images/prov_softswiss_PG%20SOFT/60330c8f-8e27-4359-a22e-bab209dcfe11_0.svg | 154.197.121.128 | 200 OK | 831 B |
URL GET v1.bundlecdn.com/casino-images/prov_softswiss_PG%20SOFT/60330c8f-8e27-4359-a22e-bab209dcfe11_0.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hashce5aa850e55d03b19ad89305547baafc 4271459eac2bff8554aaa3ecfc6ca45598da20fc 21f7f3038864969860abb1c53bac286bb065f0ca61e70acc88576a30d61c140f
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /casino-images/prov_softswiss_PG%20SOFT/60330c8f-8e27-4359-a22e-bab209dcfe11_0.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:23 GMT
content-type: image/svg+xml
etag: W/"67ed2e9f-33f"
last-modified: Wed, 02 Apr 2025 12:33:35 GMT
expires: Tue, 05 Jun 2035 02:01:23 GMT
cache-control: public, max-age=315360000
x-cache-status: MISS
cf-cache-status: HIT
age: 5659496
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fb19c6892f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/casino-images/1/categories/210204/2a438aaa-cc97-4ee5-9f19-032b3b8d6319.svg | 154.197.121.128 | 200 OK | 3.5 kB |
URL GET v1.bundlecdn.com/casino-images/1/categories/210204/2a438aaa-cc97-4ee5-9f19-032b3b8d6319.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hash468df0cd9546410a3d003671a9f67a01 abc3dbd74f54ace9a886b92ccecbf715b8e9f04f c916072fd5a5ceaa3ea42af7f003e5b7ba05b3a9b85e03e9724ecf9acece5758
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /casino-images/1/categories/210204/2a438aaa-cc97-4ee5-9f19-032b3b8d6319.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:24 GMT
content-type: image/svg+xml
etag: W/"6828939a-d8c"
last-modified: Sat, 17 May 2025 13:48:10 GMT
expires: Tue, 05 Jun 2035 02:01:24 GMT
cache-control: public, max-age=315360000
x-cache-status: HIT
cf-cache-status: HIT
age: 56478
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fb5add592f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/img/fiba.4b405b699.svg | 154.197.121.128 | 200 OK | 1.2 kB |
URL GET v1.bundlecdn.com/img/fiba.4b405b699.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hash7a971452f9ae445e506e4b83cabc6bea 9b8824ee2755c4bc481d423b8a72a0977db1a594 004bbca5dd3b9ff874a9c79d424e3ae62d43d7195bbe73b1ab5ef1b3631bbee6
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/fiba.4b405b699.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:22 GMT
content-type: image/svg+xml
last-modified: Fri, 06 Jun 2025 15:37:18 GMT
etag: W/"68430b2e-4ce"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 7180
expires: Sat, 07 Jun 2025 06:01:22 GMT
cache-control: public, max-age=14400
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fabba6692f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/img/upgaming.f46450101.svg | 154.197.121.128 | 200 OK | 2.3 kB |
URL GET v1.bundlecdn.com/img/upgaming.f46450101.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hasha9ca5eb0d54f37daf195fcf05481ef75 c8cbc94b3461512e5ae21070f19473aafe44dd43 2bfd8eba11465e340d416fcdc0ecc47c2d0df1a7f63b316b109254e90d8ec349
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/upgaming.f46450101.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:23 GMT
content-type: image/svg+xml
last-modified: Fri, 06 Jun 2025 15:37:18 GMT
etag: W/"68430b2e-8fb"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 4053
expires: Sat, 07 Jun 2025 06:01:23 GMT
cache-control: public, max-age=14400
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fb28ce792f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/casino-images/prov_fundist_Yggdrasil/6f29615b-8812-42dd-9e75-090bc5ee047e_0.svg | 154.197.121.128 | 200 OK | 5.7 kB |
URL GET v1.bundlecdn.com/casino-images/prov_fundist_Yggdrasil/6f29615b-8812-42dd-9e75-090bc5ee047e_0.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hash6ec127ecaf09beb5a8a4028faadec571 b44380525f207bd2f8003e250b2bc565d37d1231 a838cd5c4c718aeae4f1bf463115fe6bd4f32b2d7d7fdedd2ccaf6f48871bf51
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /casino-images/prov_fundist_Yggdrasil/6f29615b-8812-42dd-9e75-090bc5ee047e_0.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:23 GMT
content-type: image/svg+xml
etag: W/"67ed2236-166e"
last-modified: Wed, 02 Apr 2025 11:40:38 GMT
expires: Tue, 05 Jun 2035 02:01:23 GMT
cache-control: public, max-age=315360000
x-cache-status: HIT
cf-cache-status: HIT
age: 5666561
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fb29cee92f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/casino-images/1/categories/5/f5034c16-290a-4d3d-a2f0-adeb2a9943a4_horizontal.svg | 154.197.121.128 | 200 OK | 4.3 kB |
URL GET v1.bundlecdn.com/casino-images/1/categories/5/f5034c16-290a-4d3d-a2f0-adeb2a9943a4_horizontal.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hash9ffc49f2a3e70581ccc585b411fba2bf d88b12944efb3ca65cae63fed1c73feee4ef8b40 da24a72c168ca7d8df33c67000312363bfb91eab919ebca8ad261ab26bf18200
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /casino-images/1/categories/5/f5034c16-290a-4d3d-a2f0-adeb2a9943a4_horizontal.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:24 GMT
content-type: image/svg+xml
etag: W/"67642c47-109b"
last-modified: Thu, 19 Dec 2024 14:23:03 GMT
expires: Tue, 05 Jun 2035 02:01:24 GMT
cache-control: public, max-age=315360000
x-cache-status: HIT
cf-cache-status: HIT
age: 8252215
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fb57dc792f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| region1.analytics.google.com/g/collect?v=2&tid=G-548949LWLW>m=45je5641h1v894728184z8894400803za200zb894400803&_p=1749261681012&_gaz=1&gcd=13l3lPl2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104653070~104653072~104661466~104661468~104684204~104684207~104698127~104698129&cid=961746610.1749261686&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&_s=1&sid=1749261686&sct=1&seg=0&dl=https%3A%2F%2F1w-jp-ftend-pp.top%2F&dt=1win%20-%20%D1%81%D1%82%D0%B0%D0%B2%D0%BA%D0%B8%20%D0%BD%D0%B0%20%D1%81%D0%BF%D0%BE%D1%80%D1%82%20-%201327338.2479150598&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=8291 | 216.239.34.36 | 204 No Content | 0 B |
URL POST region1.analytics.google.com/g/collect?v=2&tid=G-548949LWLW>m=45je5641h1v894728184z8894400803za200zb894400803&_p=1749261681012&_gaz=1&gcd=13l3lPl2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104653070~104653072~104661466~104661468~104684204~104684207~104698127~104698129&cid=961746610.1749261686&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&_s=1&sid=1749261686&sct=1&seg=0&dl=https%3A%2F%2F1w-jp-ftend-pp.top%2F&dt=1win%20-%20%D1%81%D1%82%D0%B0%D0%B2%D0%BA%D0%B8%20%D0%BD%D0%B0%20%D1%81%D0%BF%D0%BE%D1%80%D1%82%20-%201327338.2479150598&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=8291 IP216.239.34.36:443
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subject*.google-analytics.com Fingerprint10:76:57:2F:C3:21:F2:5F:71:E4:85:A5:DB:F7:65:3F:51:03:55:07 ValidityMon, 12 May 2025 08:42:57 GMT - Mon, 04 Aug 2025 08:42:56 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-548949LWLW>m=45je5641h1v894728184z8894400803za200zb894400803&_p=1749261681012&_gaz=1&gcd=13l3lPl2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104653070~104653072~104661466~104661468~104684204~104684207~104698127~104698129&cid=961746610.1749261686&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&_s=1&sid=1749261686&sct=1&seg=0&dl=https%3A%2F%2F1w-jp-ftend-pp.top%2F&dt=1win%20-%20%D1%81%D1%82%D0%B0%D0%B2%D0%BA%D0%B8%20%D0%BD%D0%B0%20%D1%81%D0%BF%D0%BE%D1%80%D1%82%20-%201327338.2479150598&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=8291 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1w-jp-ftend-pp.top/
Origin: https://1w-jp-ftend-pp.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: https://1w-jp-ftend-pp.top
date: Sat, 07 Jun 2025 02:01:26 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:158:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascnsrsggc:158:0
report-to: {"group":"ascnsrsggc:158:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:158:0"}],}
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| v1.bundlecdn.com/js/85631.479db9c04.js | 154.197.121.128 | 200 OK | 389 kB |
URL GET v1.bundlecdn.com/js/85631.479db9c04.js IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size389 kB (388786 bytes) Hasha3fd8bd636988bd49ad78fb4a61d883f a06c9c52a600f1774130af1b3fb277578df052d7 7fda6d7d03d3e8901119f19783674b703b555b437adca8966d62e4c135f32b2e
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/85631.479db9c04.js HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:19 GMT
content-type: application/javascript; charset=utf-8
last-modified: Fri, 06 Jun 2025 15:37:18 GMT
etag: W/"68430b2e-5eeb2"
expires: Tue, 05 Jun 2035 02:01:19 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 36803
priority: u=3,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8f9a2de592f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/js/20026.b6b66356b.js | 154.197.121.128 | 200 OK | 531 B |
URL GET v1.bundlecdn.com/js/20026.b6b66356b.js IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeJavaScript source, ASCII text, with very long lines (531), with no line terminators Hash96624cc1d36c39aa05d99133af4fb0bd c7eb816005163dff269035d9076429740c05a389 d7457552ce0ad66015868f8237f61fc81351f1b4ac494af6c4c8c5ef8c3be12a
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/20026.b6b66356b.js HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:21 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 19 May 2025 09:46:11 GMT
etag: W/"682afde3-213"
expires: Tue, 05 Jun 2035 02:01:21 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
priority: u=3,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fa5f8d292f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/casino-images/prov_infingames_Gaming%20Corps/e9a1fabc-1cda-4d79-80f5-f0752e342c0e_0.svg | 154.197.121.128 | 200 OK | 1.3 kB |
URL GET v1.bundlecdn.com/casino-images/prov_infingames_Gaming%20Corps/e9a1fabc-1cda-4d79-80f5-f0752e342c0e_0.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hashf93a4c48e60f625fcc971ac5c060c556 e15d92d8cbd38db29715790c36d5d10cd3b4de6b ba84b54ea03e8763dd63a6d5aeea561391b959ba882ec318d3b16e1904d7e857
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /casino-images/prov_infingames_Gaming%20Corps/e9a1fabc-1cda-4d79-80f5-f0752e342c0e_0.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:23 GMT
content-type: image/svg+xml
etag: W/"67ed2a24-53f"
last-modified: Wed, 02 Apr 2025 12:14:28 GMT
expires: Tue, 05 Jun 2035 02:01:23 GMT
cache-control: public, max-age=315360000
x-cache-status: HIT
cf-cache-status: HIT
age: 5659496
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fafebde92f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/casino-images/prov_infingames_Thunderspin/d6dd9be7-86a4-4477-909d-b1f0f3f379ed_0.svg | 154.197.121.128 | 200 OK | 2.5 kB |
URL GET v1.bundlecdn.com/casino-images/prov_infingames_Thunderspin/d6dd9be7-86a4-4477-909d-b1f0f3f379ed_0.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hasha180a2d26c80b24843eb8d15615cfe93 7b1504abaab49109afd99fea0b90514223bae25f d293497106482b47ded159b63ddb3ee67b3bd5e7b5aff545b48d4f2898877aad
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /casino-images/prov_infingames_Thunderspin/d6dd9be7-86a4-4477-909d-b1f0f3f379ed_0.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:23 GMT
content-type: image/svg+xml
etag: W/"67ed2a47-9d9"
last-modified: Wed, 02 Apr 2025 12:15:03 GMT
expires: Tue, 05 Jun 2035 02:01:23 GMT
cache-control: public, max-age=315360000
x-cache-status: HIT
cf-cache-status: HIT
age: 2011488
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fb21cba92f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/casino-images/prov_mrslotty_7777%20Gaming/f6ad346a-a998-4656-9eeb-6f7ea9c2f41e_0.svg | 154.197.121.128 | 200 OK | 922 B |
URL GET v1.bundlecdn.com/casino-images/prov_mrslotty_7777%20Gaming/f6ad346a-a998-4656-9eeb-6f7ea9c2f41e_0.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hash38059529c7df5b05d321754c2df47875 913ef63eef202158c39b6f05c488c179cef7cf04 82abca1f78fc7c2ca17bc60bbce17a2d65abffeb584b2b5db0b68a1f1c6cc3f6
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /casino-images/prov_mrslotty_7777%20Gaming/f6ad346a-a998-4656-9eeb-6f7ea9c2f41e_0.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:22 GMT
content-type: image/svg+xml
etag: W/"67ed2410-39a"
last-modified: Wed, 02 Apr 2025 11:48:32 GMT
expires: Tue, 05 Jun 2035 02:01:22 GMT
cache-control: public, max-age=315360000
x-cache-status: HIT
cf-cache-status: HIT
age: 5664846
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fad5b0092f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/casino-images/prov_relax_Big%20Time%20Gaming/d6383507-dc13-4fc0-983c-10a819b2a1d6_0.svg | 154.197.121.128 | 200 OK | 5.8 kB |
URL GET v1.bundlecdn.com/casino-images/prov_relax_Big%20Time%20Gaming/d6383507-dc13-4fc0-983c-10a819b2a1d6_0.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hasha456ffb420d790c4914ca7494b10190e 20550f927b7483c0b9291db51a806239da52c7b7 4197cd1cd1ae31be1922509886c0940eac9e4c42e52b2f33eae795b3097fa335
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /casino-images/prov_relax_Big%20Time%20Gaming/d6383507-dc13-4fc0-983c-10a819b2a1d6_0.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:23 GMT
content-type: image/svg+xml
etag: W/"67ed2b00-16cc"
last-modified: Wed, 02 Apr 2025 12:18:08 GMT
expires: Tue, 05 Jun 2035 02:01:23 GMT
cache-control: public, max-age=315360000
x-cache-status: HIT
cf-cache-status: HIT
age: 5659496
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8faf5b9d92f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/casino-images/prov_fundist_NetEnt/0a0c1d63-65c2-4aac-b95c-508ad7c39da0_0.svg | 154.197.121.128 | 200 OK | 1.4 kB |
URL GET v1.bundlecdn.com/casino-images/prov_fundist_NetEnt/0a0c1d63-65c2-4aac-b95c-508ad7c39da0_0.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hash6a63488e230905d2fbc6f017ad9630fe 04d3f857b7f8b102c69bcc34dc7744c2cf9479fe 921db6d951871a4f99f38a46d63e4c66ccb439fdbc8adb094faa6c1b1fed240a
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /casino-images/prov_fundist_NetEnt/0a0c1d63-65c2-4aac-b95c-508ad7c39da0_0.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:23 GMT
content-type: image/svg+xml
etag: W/"67ed2095-573"
last-modified: Wed, 02 Apr 2025 11:33:41 GMT
expires: Tue, 05 Jun 2035 02:01:23 GMT
cache-control: public, max-age=315360000
x-cache-status: MISS
cf-cache-status: HIT
age: 5666566
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fb17c5392f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/casino-images/prov_softswiss_Winfinity/5222c1ba-481f-4784-90a7-ccfe9d57f6a5_0.svg | 154.197.121.128 | 200 OK | 6.6 kB |
URL GET v1.bundlecdn.com/casino-images/prov_softswiss_Winfinity/5222c1ba-481f-4784-90a7-ccfe9d57f6a5_0.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hash987b9bea3216d15565068429c39dfc6c 029c0c8d5d303aa8045969eb5436e0095c4790b8 f87aad1ea525764d17ea711b9a1edf8558b78a14e5d8e2431c7e104b9cce6909
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /casino-images/prov_softswiss_Winfinity/5222c1ba-481f-4784-90a7-ccfe9d57f6a5_0.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:23 GMT
content-type: image/svg+xml
etag: W/"67ed3b0b-19cd"
last-modified: Wed, 02 Apr 2025 13:26:35 GMT
expires: Tue, 05 Jun 2035 02:01:23 GMT
cache-control: public, max-age=315360000
x-cache-status: MISS
cf-cache-status: HIT
age: 5660015
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fb29cec92f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/casino-images/prov_wm_WorldMatch/0d0955d0-3d70-4850-afa5-4cb2bedb8419_0.svg | 154.197.121.128 | 200 OK | 783 B |
URL GET v1.bundlecdn.com/casino-images/prov_wm_WorldMatch/0d0955d0-3d70-4850-afa5-4cb2bedb8419_0.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hashd19079511750ef4a285b506e190e1c27 8b16cae4992b858ed7cb6927d3e66f70b14f7bdb 5a48deddbe592b45a7097ce37078c6c0544f5eda56c56c146837951d697cedd9
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /casino-images/prov_wm_WorldMatch/0d0955d0-3d70-4850-afa5-4cb2bedb8419_0.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:23 GMT
content-type: image/svg+xml
etag: W/"67ed2ac7-30f"
last-modified: Wed, 02 Apr 2025 12:17:11 GMT
expires: Tue, 05 Jun 2035 02:01:23 GMT
cache-control: public, max-age=315360000
x-cache-status: HIT
cf-cache-status: HIT
age: 2040205
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fb29ced92f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/casino-images/1/categories/338/b9391c3b-f5c7-4750-a2c5-f46b03cb4874_horizontal.svg | 154.197.121.128 | 200 OK | 3.5 kB |
URL GET v1.bundlecdn.com/casino-images/1/categories/338/b9391c3b-f5c7-4750-a2c5-f46b03cb4874_horizontal.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hash468df0cd9546410a3d003671a9f67a01 abc3dbd74f54ace9a886b92ccecbf715b8e9f04f c916072fd5a5ceaa3ea42af7f003e5b7ba05b3a9b85e03e9724ecf9acece5758
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /casino-images/1/categories/338/b9391c3b-f5c7-4750-a2c5-f46b03cb4874_horizontal.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:24 GMT
content-type: image/svg+xml
etag: W/"67642e17-d8c"
last-modified: Thu, 19 Dec 2024 14:30:47 GMT
expires: Tue, 05 Jun 2035 02:01:24 GMT
cache-control: public, max-age=315360000
x-cache-status: MISS
cf-cache-status: HIT
age: 8236027
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fb57dcb92f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/js/18860.bf1e147fc.js | 154.197.121.128 | 200 OK | 28 kB |
URL GET v1.bundlecdn.com/js/18860.bf1e147fc.js IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeJavaScript source, ASCII text, with very long lines (28518), with no line terminators Hash4605a2d29b53042b0c8f928be1452c17 ed32eb7c53f7941783e5bd4123f771e2bbf7d3e7 41643d32f70b8f9b41e7210f32774691374cfcbc9ade897ac598939bf16b88f7
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/18860.bf1e147fc.js HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:19 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 19 May 2025 09:46:12 GMT
etag: W/"682afde4-6f66"
expires: Tue, 05 Jun 2035 02:01:19 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1613346
priority: u=3,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8f9a0ddc92f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/js/61505.8f0b047d5.js | 154.197.121.128 | 200 OK | 994 B |
URL GET v1.bundlecdn.com/js/61505.8f0b047d5.js IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeJavaScript source, ASCII text, with very long lines (994), with no line terminators Hash5b5d05007698ed5cb734994b44a5bb58 7d0782719468a058a5514ee405140f4995bc45ce b0016d253792d67545f2eacb675b12fb052a8fdac176b044b703944dfcc9ca44
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/61505.8f0b047d5.js HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:21 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 19 May 2025 09:46:12 GMT
etag: W/"682afde4-3e2"
expires: Tue, 05 Jun 2035 02:01:21 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1613296
priority: u=3,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fa5f8d692f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| imgproxy.v1.bundlecdn.com/unsafe/banner_desktop_main_2x/plain/https://d1x0nzb6t1pnx3.cloudfront.net/banner-files/v3ibi4YGFi2AxGgL7FnM81C5AJz29AKFWUyywmibh9F3iLUjIR4P7u995ggcUg8_8LycGVlXqEpGZhXDWQIgJL8CQ_WBFd_CixsC.jpg@avif | 154.197.121.128 | 200 OK | 50 kB |
URL GET imgproxy.v1.bundlecdn.com/unsafe/banner_desktop_main_2x/plain/https://d1x0nzb6t1pnx3.cloudfront.net/banner-files/v3ibi4YGFi2AxGgL7FnM81C5AJz29AKFWUyywmibh9F3iLUjIR4P7u995ggcUg8_8LycGVlXqEpGZhXDWQIgJL8CQ_WBFd_CixsC.jpg@avif IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
Hash7fbf54f42171234faf77762118d4dc24 01b6c1c71b4d0820ea3f9a99bac5b4d8d7ff9ac8 c4116bc935c5d99a799020e38b55d93350b7898b351169244645e36fec38cc49
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/banner_desktop_main_2x/plain/https://d1x0nzb6t1pnx3.cloudfront.net/banner-files/v3ibi4YGFi2AxGgL7FnM81C5AJz29AKFWUyywmibh9F3iLUjIR4P7u995ggcUg8_8LycGVlXqEpGZhXDWQIgJL8CQ_WBFd_CixsC.jpg@avif HTTP/1.1
Host: imgproxy.v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:21 GMT
content-type: image/avif
content-length: 50094
cache-control: public, max-age=31536000
content-disposition: inline; filename="v3ibi4YGFi2AxGgL7FnM81C5AJz29AKFWUyywmibh9F3iLUjIR4P7u995ggcUg8_8LycGVlXqEpGZhXDWQIgJL8CQ_WBFd_CixsC.avif"
content-security-policy: script-src 'none'
etag: "xlg5b1aJN0wEm5fM9W-pwGes5IuQ2UVu2WSuFNlmdfI/RIjVkYmQ5OTE2MmE0MDQ1OGNiNTlkNTFmYzc0ZWJhYTk5Ig"
expires: Sun, 07 Jun 2026 02:01:21 GMT
x-request-id: 8VtM1ekhAHKCJNfkujaHV
cf-cache-status: HIT
age: 1247995
accept-ranges: bytes
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fa8399992f4-CPH
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/casino-images/prov_fundist_Playson/29f18673-bb72-49db-87fd-36cdebcfce2a_0.svg | 154.197.121.128 | 200 OK | 1.4 kB |
URL GET v1.bundlecdn.com/casino-images/prov_fundist_Playson/29f18673-bb72-49db-87fd-36cdebcfce2a_0.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hash0906b6102de9218b3436d7cbdefd9daa 0f167c95454930fc791503e8a6679d0c705925b8 1446b73b10949107cb35d11930f6ea626fb004d4a94e18be306b699e20beb230
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /casino-images/prov_fundist_Playson/29f18673-bb72-49db-87fd-36cdebcfce2a_0.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:23 GMT
content-type: image/svg+xml
etag: W/"67ed2085-5a4"
last-modified: Wed, 02 Apr 2025 11:33:25 GMT
expires: Tue, 05 Jun 2035 02:01:23 GMT
cache-control: public, max-age=315360000
x-cache-status: MISS
cf-cache-status: HIT
age: 5666854
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fb1bc8292f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| 1w-jp-ftend-pp.top/ed?en=fe_bundle_loaded&pgi=ed | 186.2.162.102 | 204 No Content | 0 B |
URL POST 1w-jp-ftend-pp.top/ed?en=fe_bundle_loaded&pgi=ed IP186.2.162.102:443
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerLet's Encrypt Subject1w-jp-ftend-pp.top FingerprintD8:19:54:6C:72:76:2A:9F:4D:9C:E8:D4:AB:99:90:76:B0:36:E2:3D ValiditySun, 01 Jun 2025 03:16:50 GMT - Sat, 30 Aug 2025 03:16:49 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
POST /ed?en=fe_bundle_loaded&pgi=ed HTTP/1.1
Host: 1w-jp-ftend-pp.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1w-jp-ftend-pp.top/
Content-Type: text/plain;charset=UTF-8
Content-Length: 451
Origin: https://1w-jp-ftend-pp.top
DNT: 1
Connection: keep-alive
Cookie: __ddg8_=Hkr46mXAItQSjTSh; __ddg10_=1749261678; __ddg9_=91.90.42.154; __ddg1_=KSoY9uwf9i8O4qnFOkqt; visit_domain=1w-jp-ftend-pp.top
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 204 No Content
server: ddos-guard
set-cookie: __ddg8_=HaikxEFyvudnBesn; Domain=.1w-jp-ftend-pp.top; Path=/; Expires=Sat, 07-Jun-2025 02:21:19 GMT
__ddg10_=1749261679; Domain=.1w-jp-ftend-pp.top; Path=/; Expires=Sat, 07-Jun-2025 02:21:19 GMT
__ddg9_=91.90.42.154; Domain=.1w-jp-ftend-pp.top; Path=/; Expires=Sat, 07-Jun-2025 02:21:19 GMT
date: Sat, 07 Jun 2025 02:01:19 GMT
X-Firefox-Spdy: h2
|
|
| v1.bundlecdn.com/img/sprite-dice@2.6e1ac0ed1-256.webp | 154.197.121.128 | 200 OK | 430 kB |
URL GET v1.bundlecdn.com/img/sprite-dice@2.6e1ac0ed1-256.webp IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeRIFF (little-endian) data, Web/P image Size430 kB (429680 bytes) Hashabaa6833958bdc5427e6fa573cbfa70a d43989916cc382e4e3d983933d9cd52a7d1dbeb2 51ba8ea694483e38020360731af53be7cd411671786008119b70b2a320e3bd92
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/sprite-dice@2.6e1ac0ed1-256.webp HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:21 GMT
content-type: image/webp
content-length: 429680
last-modified: Fri, 06 Jun 2025 15:37:17 GMT
etag: "68430b2d-68e70"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 4053
expires: Sat, 07 Jun 2025 06:01:21 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fa7896992f4-CPH
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/casino-images/1/categories/210165/267cc75c-f615-41f3-9309-c51fc7830d6a.svg | 154.197.121.128 | 200 OK | 3.5 kB |
URL GET v1.bundlecdn.com/casino-images/1/categories/210165/267cc75c-f615-41f3-9309-c51fc7830d6a.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hash468df0cd9546410a3d003671a9f67a01 abc3dbd74f54ace9a886b92ccecbf715b8e9f04f c916072fd5a5ceaa3ea42af7f003e5b7ba05b3a9b85e03e9724ecf9acece5758
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /casino-images/1/categories/210165/267cc75c-f615-41f3-9309-c51fc7830d6a.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:24 GMT
content-type: image/svg+xml
etag: W/"6836c752-d8c"
last-modified: Wed, 28 May 2025 08:20:34 GMT
expires: Tue, 05 Jun 2035 02:01:24 GMT
cache-control: public, max-age=315360000
x-cache-status: HIT
cf-cache-status: HIT
age: 828857
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fb59dd292f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| imgproxy.v1.bundlecdn.com/unsafe/casino_list_big_1x/plain/https://v1.bundlecdn.com/casino-images/v/h_nolimitxwayshoarder2dx1_xwayshoarder2dx1.png@avif | 154.197.121.128 | 200 OK | 4.7 kB |
URL GET imgproxy.v1.bundlecdn.com/unsafe/casino_list_big_1x/plain/https://v1.bundlecdn.com/casino-images/v/h_nolimitxwayshoarder2dx1_xwayshoarder2dx1.png@avif IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
Hash277c8285b82ef5f7ceb0b295d32a3a41 71039fc39ca049af88dd33a1c0bbd0c42c494d47 3d1a024000fe5bb5d75550bed44ab23b4d2156eafab2b799b5fe013352e4a6a8
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://v1.bundlecdn.com/casino-images/v/h_nolimitxwayshoarder2dx1_xwayshoarder2dx1.png@avif HTTP/1.1
Host: imgproxy.v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:24 GMT
content-type: image/avif
content-length: 4722
cache-control: public, max-age=31536000
content-disposition: inline; filename="h_nolimitxwayshoarder2dx1_xwayshoarder2dx1.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY4MjVkNGFjLTc0YWMi"
expires: Sun, 07 Jun 2026 02:01:24 GMT
x-request-id: F82l3kVIraqMilIXtKhO-
cf-cache-status: HIT
age: 688074
accept-ranges: bytes
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fb7ee8e92f4-CPH
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/casino-images/prov_fundist_Igrosoft/98409bab-eead-4f9a-a601-f11ae4a28ae4_0.svg | 154.197.121.128 | 200 OK | 10 kB |
URL GET v1.bundlecdn.com/casino-images/prov_fundist_Igrosoft/98409bab-eead-4f9a-a601-f11ae4a28ae4_0.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hashb667e753cf494a6aa5ed4e9dfa91b069 b62c7ed5d35dd9b93b31beff11459492c571106b 85bda264695ce9f0003d1a96968dceea4f93fb6f07d5720de41c7df206eb9836
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /casino-images/prov_fundist_Igrosoft/98409bab-eead-4f9a-a601-f11ae4a28ae4_0.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:23 GMT
content-type: image/svg+xml
etag: W/"67ed20d8-2908"
last-modified: Wed, 02 Apr 2025 11:34:48 GMT
expires: Tue, 05 Jun 2035 02:01:23 GMT
cache-control: public, max-age=315360000
x-cache-status: MISS
cf-cache-status: HIT
age: 5666765
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fb0dc1a92f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/casino-images/1/categories/19/4e334bfb-a20c-4f94-a07d-88ffd83412bb_horizontal.svg | 154.197.121.128 | 200 OK | 2.2 kB |
URL GET v1.bundlecdn.com/casino-images/1/categories/19/4e334bfb-a20c-4f94-a07d-88ffd83412bb_horizontal.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hashf8e76e0aeb22f18b3a6961baf031628f 8e87103c2b373ca2947f5bbefa11ce471201cf53 9278a96c6b8913ba12c2b211c5f99be5c37547827a3605ddc4bf2ad13fc9cb2b
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /casino-images/1/categories/19/4e334bfb-a20c-4f94-a07d-88ffd83412bb_horizontal.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:24 GMT
content-type: image/svg+xml
etag: W/"67642cc5-875"
last-modified: Thu, 19 Dec 2024 14:25:09 GMT
expires: Tue, 05 Jun 2035 02:01:24 GMT
cache-control: public, max-age=315360000
x-cache-status: HIT
cf-cache-status: HIT
age: 8252215
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fb56dc292f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/js/89521.0b3c982d5.js | 154.197.121.128 | 200 OK | 575 B |
URL GET v1.bundlecdn.com/js/89521.0b3c982d5.js IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeJavaScript source, ASCII text, with very long lines (575), with no line terminators Hash1a0125c8ab12586024787e2620a6efb6 cc72b705d693ec840e0f329e2b7a22706991d77c fa2635f66da4ce2cdda06a244dad44d57ad95944ce082a1eede444f0d23c8c69
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/89521.0b3c982d5.js HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:23 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 19 May 2025 09:46:12 GMT
etag: W/"682afde4-23f"
expires: Tue, 05 Jun 2035 02:01:23 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1613300
priority: u=3,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fafcbcb92f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/casino-images/prov_1x2_Iron%20dog%20studios/dc2ee0dc-e157-44db-8512-91138d95ede7_0.svg | 154.197.121.128 | 200 OK | 15 kB |
URL GET v1.bundlecdn.com/casino-images/prov_1x2_Iron%20dog%20studios/dc2ee0dc-e157-44db-8512-91138d95ede7_0.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hashfc3c871943d1e576b537012e5b66dcf7 0ee967d53f59459d2c3ff2233d3e3d81a4dbcd31 29c5b7fe553941a1b18d77aa374568a63521dbbbf4216d32333d5ee572200bfd
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /casino-images/prov_1x2_Iron%20dog%20studios/dc2ee0dc-e157-44db-8512-91138d95ede7_0.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:23 GMT
content-type: image/svg+xml
etag: W/"67ed2335-3aa8"
last-modified: Wed, 02 Apr 2025 11:44:53 GMT
expires: Tue, 05 Jun 2035 02:01:23 GMT
cache-control: public, max-age=315360000
x-cache-status: HIT
cf-cache-status: HIT
age: 1525284
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fb0dc1c92f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/casino-images/1/categories/3/d4ef7daf-259b-41db-9c4c-c1bd56bd725d_horizontal.svg | 154.197.121.128 | 200 OK | 872 B |
URL GET v1.bundlecdn.com/casino-images/1/categories/3/d4ef7daf-259b-41db-9c4c-c1bd56bd725d_horizontal.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hash0263e6f957b74336c3af8595b72780dd ef63bcb517287e6dcb8628166ec24a27ef4a8234 e411ecb7eaa4323492f11d55ad0af54d6ffc219784f885192b33a0b8a5d9ba48
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /casino-images/1/categories/3/d4ef7daf-259b-41db-9c4c-c1bd56bd725d_horizontal.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:24 GMT
content-type: image/svg+xml
etag: W/"67642c5b-368"
last-modified: Thu, 19 Dec 2024 14:23:23 GMT
expires: Tue, 05 Jun 2035 02:01:24 GMT
cache-control: public, max-age=315360000
x-cache-status: HIT
cf-cache-status: HIT
age: 6239173
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fb57dca92f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| imgproxy.v1.bundlecdn.com/unsafe/casino_list_big_1x/plain/https://v1.bundlecdn.com/casino-images/v/h_truelabgunslovetherapy_gunslovetherapy.png@avif | 154.197.121.128 | 200 OK | 4.3 kB |
URL GET imgproxy.v1.bundlecdn.com/unsafe/casino_list_big_1x/plain/https://v1.bundlecdn.com/casino-images/v/h_truelabgunslovetherapy_gunslovetherapy.png@avif IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
Hash96c6458174d36cc822e59723f443d1ce 29533097d36c90593a3ad784622a70449a86c023 336276f3b8a0c921cb0d67e8698a207650bb88005d1885b1e7c13c59bcfd9d49
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://v1.bundlecdn.com/casino-images/v/h_truelabgunslovetherapy_gunslovetherapy.png@avif HTTP/1.1
Host: imgproxy.v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:24 GMT
content-type: image/avif
content-length: 4311
cache-control: public, max-age=31536000
content-disposition: inline; filename="h_truelabgunslovetherapy_gunslovetherapy.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY4MjVlNDEyLTdkMDEi"
expires: Sun, 07 Jun 2026 02:01:24 GMT
x-request-id: 6RHHlOYCwZBlUvxJcvPl_
cf-cache-status: HIT
age: 688073
accept-ranges: bytes
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fb7de8992f4-CPH
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/img/fifa.604717ea7.svg | 154.197.121.128 | 200 OK | 924 B |
URL GET v1.bundlecdn.com/img/fifa.604717ea7.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hashe649390c51eab376f47830e5711ebe91 80679331cec6865f66ce4a733606c558ac9f76a3 13aa38340bc69c9eb4b36a9e2d6d36010a19e63f17d434ddc93cd799cefe115f
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/fifa.604717ea7.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:22 GMT
content-type: image/svg+xml
last-modified: Fri, 06 Jun 2025 15:37:18 GMT
etag: W/"68430b2e-39c"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 7180
expires: Sat, 07 Jun 2025 06:01:22 GMT
cache-control: public, max-age=14400
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fabea7792f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/casino-images/prov_softswiss_1spin4win/b4e1e902-2e4d-4d6c-bbff-d45d4acc3769_0.svg | 154.197.121.128 | 200 OK | 1.3 kB |
URL GET v1.bundlecdn.com/casino-images/prov_softswiss_1spin4win/b4e1e902-2e4d-4d6c-bbff-d45d4acc3769_0.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hash0bb499b9d12513248a26c8193e77095b 52fefeb4bbe4425875f845fe3ed353c41d2bb207 b07670917e352501aa4406e36a20421818e425caab0c510d80a29a59a1bdf96d
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /casino-images/prov_softswiss_1spin4win/b4e1e902-2e4d-4d6c-bbff-d45d4acc3769_0.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:22 GMT
content-type: image/svg+xml
etag: W/"67ed2f10-52a"
last-modified: Wed, 02 Apr 2025 12:35:28 GMT
expires: Tue, 05 Jun 2035 02:01:22 GMT
cache-control: public, max-age=315360000
x-cache-status: HIT
cf-cache-status: HIT
age: 5662741
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8facfada92f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/casino-images/prov_softswiss_Gamzix/6945f142-9c2e-4740-b376-e10f114d3003_0.svg | 154.197.121.128 | 200 OK | 4.0 kB |
URL GET v1.bundlecdn.com/casino-images/prov_softswiss_Gamzix/6945f142-9c2e-4740-b376-e10f114d3003_0.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hash9687325c642720dcc38ca11bf61af3a2 538c295a923ad6441a4e62f1a5460d2edacfddad d30aa5f0c2c25fd34c24a4028161c22ed97e0dc988e5cc4f6b19d38e45c121a0
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /casino-images/prov_softswiss_Gamzix/6945f142-9c2e-4740-b376-e10f114d3003_0.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:23 GMT
content-type: image/svg+xml
etag: W/"67ed2d13-f9a"
last-modified: Wed, 02 Apr 2025 12:26:59 GMT
expires: Tue, 05 Jun 2035 02:01:23 GMT
cache-control: public, max-age=315360000
x-cache-status: MISS
cf-cache-status: HIT
age: 5663743
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fb00bea92f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/casino-images/prov_softswiss_Nucleus%20Gaming/5dd1a8bb-29a4-4d9f-a1ac-1252d8369b23_0.svg | 154.197.121.128 | 200 OK | 7.8 kB |
URL GET v1.bundlecdn.com/casino-images/prov_softswiss_Nucleus%20Gaming/5dd1a8bb-29a4-4d9f-a1ac-1252d8369b23_0.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hashe357caf18b9bf8c912057e752473d2bb 90783e39a88a9412a5733602a6abe23d3b85fc6e 1e143612f66bbcdde6edc931d9fc1b0a8ab09e40b626b8a64fca72409f6a8bb9
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /casino-images/prov_softswiss_Nucleus%20Gaming/5dd1a8bb-29a4-4d9f-a1ac-1252d8369b23_0.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:23 GMT
content-type: image/svg+xml
etag: W/"67ed2f3d-1ea4"
last-modified: Wed, 02 Apr 2025 12:36:13 GMT
expires: Tue, 05 Jun 2035 02:01:23 GMT
cache-control: public, max-age=315360000
x-cache-status: MISS
cf-cache-status: HIT
age: 1464
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fb18c5e92f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/casino-images/prov_softswiss_Smartsoft/671e1799-3fbb-4420-8efc-f012df5a7cc4_0.svg | 154.197.121.128 | 200 OK | 5.0 kB |
URL GET v1.bundlecdn.com/casino-images/prov_softswiss_Smartsoft/671e1799-3fbb-4420-8efc-f012df5a7cc4_0.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hash069559fa16778231ed29164fd9556d5b 3031ac4fc629e8b30eb13397adad7c13c6e6db97 00cd7041cff3e57943b9bf7ebd1d523ecb5687b6244cab99c6cc09ff1bc4086e
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /casino-images/prov_softswiss_Smartsoft/671e1799-3fbb-4420-8efc-f012df5a7cc4_0.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:23 GMT
content-type: image/svg+xml
etag: W/"67ed2e4e-1375"
last-modified: Wed, 02 Apr 2025 12:32:14 GMT
expires: Tue, 05 Jun 2035 02:01:23 GMT
cache-control: public, max-age=315360000
x-cache-status: HIT
cf-cache-status: HIT
age: 2665107
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fb20cad92f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/js/index.65f8058b0.js | 154.197.121.128 | 200 OK | 294 kB |
URL GET v1.bundlecdn.com/js/index.65f8058b0.js IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (65504), with no line terminators Size294 kB (294049 bytes) Hash563fd95ac978f68a52b38fe2be267b3e f335b0b73e710a523681ba902588b94c1313cbd7 032d21f0e9550f9bcc3b1e8f3ae23e2c7ba7206afccb99f5b2579f99ea151614
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/index.65f8058b0.js HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 07 Jun 2025 02:01:18 GMT
content-type: application/javascript; charset=utf-8
last-modified: Fri, 06 Jun 2025 15:37:18 GMT
etag: W/"68430b2e-47ca1"
expires: Tue, 05 Jun 2035 02:01:18 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1736
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8f950a632533-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| d16q5vvir3f28d.cloudfront.net/raffle-20250507-timer7/headerLink.png | 108.156.24.169 | 200 OK | 3.4 kB |
URL GET d16q5vvir3f28d.cloudfront.net/raffle-20250507-timer7/headerLink.png IP108.156.24.169:443
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerAmazon Subject*.cloudfront.net Fingerprint8F:00:F1:34:A7:1E:27:1C:CF:CD:A6:53:8B:C4:82:B0:68:BC:C8:72 ValidityMon, 05 May 2025 00:00:00 GMT - Thu, 23 Apr 2026 23:59:59 GMT
File typePNG image data, 124 x 49, 8-bit colormap, non-interlaced Hashe7af4486cc5c98918b4c7119a100982c 335db647fa8999581a1b102d08a0d124e7e0a944 2d073dce0e7fb0a6fafab66eb1218c3f8174e970fcbeb1cc30ac7cf7feed129f
GET /raffle-20250507-timer7/headerLink.png HTTP/1.1
Host: d16q5vvir3f28d.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: image/png
content-length: 3382
last-modified: Tue, 27 May 2025 12:12:06 GMT
x-amz-server-side-encryption: AES256
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
date: Fri, 06 Jun 2025 18:40:39 GMT
etag: "e7af4486cc5c98918b4c7119a100982c"
vary: accept-encoding
x-cache: Hit from cloudfront
via: 1.1 c5986ba12cee41e584b5d9b9a9b15446.cloudfront.net (CloudFront)
x-amz-cf-pop: HEL51-P1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: _HqUlz_-n-jFCHJ62I0vd_kgPRFSV8GfI_cg2kymdSlfFhErVR-zOg==
age: 26444
X-Firefox-Spdy: h2
|
|
| v1.bundlecdn.com/js/48166.f12fc1a11.js | 154.197.121.128 | 200 OK | 60 kB |
URL GET v1.bundlecdn.com/js/48166.f12fc1a11.js IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (59636), with no line terminators Hashba86fcc7e0f3c67b440e0d445d4e42f5 1123343cecd59486509ca12acc3346a55e32b556 c56e1713d0d1a160d7fb8dc631592458bb572b2b81ca97a2d6e054aabf62ad96
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/48166.f12fc1a11.js HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:21 GMT
content-type: application/javascript; charset=utf-8
last-modified: Fri, 06 Jun 2025 14:00:10 GMT
etag: W/"6842f46a-e8f5"
expires: Tue, 05 Jun 2035 02:01:21 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 40968
priority: u=3,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fa2cfd592f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/img/casino-mentor.f6b6387ac-172.png | 154.197.121.128 | 200 OK | 1.9 kB |
URL GET v1.bundlecdn.com/img/casino-mentor.f6b6387ac-172.png IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typePNG image data, 172 x 50, 8-bit colormap, non-interlaced Hash3ec6ec7d9016e953c300249c2af5704f e7b2ec568a2118a744cdd1fabe6fa8959c637532 135d5b6cdac55c8f3598b1d5d04bcf737608501709df2567d270fd30ba02b25a
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/casino-mentor.f6b6387ac-172.png HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:22 GMT
content-type: image/png
content-length: 1857
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cf-bgj: imgq:100,h2pri
cf-polished: origSize=1976
etag: "68430b2e-7b8"
last-modified: Fri, 06 Jun 2025 15:37:18 GMT
cf-cache-status: HIT
age: 7180
expires: Sat, 07 Jun 2025 06:01:22 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fabea7e92f4-CPH
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/js/73693.81c6168b2.js | 154.197.121.128 | 200 OK | 1.3 kB |
URL GET v1.bundlecdn.com/js/73693.81c6168b2.js IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeJavaScript source, ASCII text, with very long lines (1326), with no line terminators Hash72741b042c6c24c0547a3027f7ddacfd 8f5e6f5fa5ce7ac6b240c9b057a10b0c3bc62dd5 7c6aa642c1b24c535f02261828ff58a074445cc80d7f23e9173f631eee6f9dd2
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/73693.81c6168b2.js HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:22 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 19 May 2025 09:46:12 GMT
etag: W/"682afde4-52e"
expires: Tue, 05 Jun 2035 02:01:22 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1613300
priority: u=3,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fac4abb92f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/img/betsolutions.5d0a153ca.svg | 154.197.121.128 | 200 OK | 1.6 kB |
URL GET v1.bundlecdn.com/img/betsolutions.5d0a153ca.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hash8f8ddbc4a117c8e2c33b39e231dbf99c 67b133156b4aa1a4ef8e3125e34632a17d3e672f 7a027c5c201927f5cbcf962ae0e857a3e8ef44ef14b08c1f0746e1cea8bc709c
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/betsolutions.5d0a153ca.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:23 GMT
content-type: image/svg+xml
last-modified: Fri, 06 Jun 2025 15:37:18 GMT
etag: W/"68430b2e-61d"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 4053
expires: Sat, 07 Jun 2025 06:01:23 GMT
cache-control: public, max-age=14400
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8faf4b9492f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/casino-images/prov_spinmatic_SPINMATIC/3bac6157-969b-4d5b-a0ad-67910d595062_0.svg | 154.197.121.128 | 200 OK | 1.9 kB |
URL GET v1.bundlecdn.com/casino-images/prov_spinmatic_SPINMATIC/3bac6157-969b-4d5b-a0ad-67910d595062_0.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hash9097a591f5801f0a9298efa1743fbacf c3022b4bbb6c7c1335d44540bd2072a72199ee6b 3e5c7cfa71c447dd2218aee412e0b04277e3e3b11c7a4eeb24cde46c84234394
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /casino-images/prov_spinmatic_SPINMATIC/3bac6157-969b-4d5b-a0ad-67910d595062_0.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:23 GMT
content-type: image/svg+xml
etag: W/"67ed2729-73e"
last-modified: Wed, 02 Apr 2025 12:01:45 GMT
expires: Tue, 05 Jun 2035 02:01:23 GMT
cache-control: public, max-age=315360000
x-cache-status: MISS
cf-cache-status: HIT
age: 2690679
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fb20cb192f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| imgproxy.v1.bundlecdn.com/unsafe/casino_list_big_1x/plain/https://v1.bundlecdn.com/casino-images/pragmatic/801.png@avif | 154.197.121.128 | 200 OK | 10 kB |
URL GET imgproxy.v1.bundlecdn.com/unsafe/casino_list_big_1x/plain/https://v1.bundlecdn.com/casino-images/pragmatic/801.png@avif IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
Hash595ddeab339c367baa7987395f712f7f 4b17716abec2cc28689258b630a0d7c86e7cba4f f541aa433fa7612bfbdb985ac262a9ded62c60b5cad84fdb3221ddd8ef21e6d8
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://v1.bundlecdn.com/casino-images/pragmatic/801.png@avif HTTP/1.1
Host: imgproxy.v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:24 GMT
content-type: image/avif
content-length: 10071
cache-control: public, max-age=31536000
content-disposition: inline; filename="801.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY3MjBlNmYwLTI2ZTM5Ig"
expires: Sun, 07 Jun 2026 02:01:24 GMT
x-request-id: 0xpoKnvnET4dbsj9UXsx7
cf-cache-status: HIT
age: 997545
accept-ranges: bytes
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fb85ec092f4-CPH
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/js/desktop.bba5536be.js | 154.197.121.128 | 200 OK | 132 kB |
URL GET v1.bundlecdn.com/js/desktop.bba5536be.js IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size132 kB (131809 bytes) Hashcba0b1927d83c075c647dea03c6b5cd4 37ad783284fded030ced8559728cf0dbb27e94c5 f5cbc68bf306fa325c3446eb634b3b698e3d50e4d4088a3e37b5684613a6df5d
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/desktop.bba5536be.js HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:19 GMT
content-type: application/javascript; charset=utf-8
last-modified: Fri, 06 Jun 2025 14:00:10 GMT
etag: W/"6842f46a-202e1"
expires: Tue, 05 Jun 2035 02:01:19 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 41701
priority: u=3,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8f9a3de992f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/js/39631.e7f6ddbc7.js | 154.197.121.128 | 200 OK | 8.4 kB |
URL GET v1.bundlecdn.com/js/39631.e7f6ddbc7.js IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeJavaScript source, ASCII text, with very long lines (8359), with no line terminators Hashb72b6b3a22168108d77c676106891a3b 77cd051b1833b98ac93b483a8edb5fd3ccb9f8b1 7510973bcba9251b7115e7b0eeea4ee43f6795b796b69f012452066dfa29e316
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/39631.e7f6ddbc7.js HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:21 GMT
content-type: application/javascript; charset=utf-8
last-modified: Fri, 06 Jun 2025 14:00:10 GMT
etag: W/"6842f46a-20a7"
expires: Tue, 05 Jun 2035 02:01:21 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 41702
priority: u=3,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fa2afca92f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/casino-images/1/categories/144/24e35038-5b35-4928-993c-3a80b32136ea_horizontal.svg | 154.197.121.128 | 200 OK | 646 B |
URL GET v1.bundlecdn.com/casino-images/1/categories/144/24e35038-5b35-4928-993c-3a80b32136ea_horizontal.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hash9a1f09d5236aaf4472e990f0209c57be 1b5103609b3769ec4368389f78d7ba4f40479178 a1237efbf51a618ec782de771e559a6f84c4a4a4e7e8d1d42921f2b5b701c9d2
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /casino-images/1/categories/144/24e35038-5b35-4928-993c-3a80b32136ea_horizontal.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:24 GMT
content-type: image/svg+xml
etag: W/"67ee86d8-286"
last-modified: Thu, 03 Apr 2025 13:02:16 GMT
expires: Tue, 05 Jun 2035 02:01:24 GMT
cache-control: public, max-age=315360000
x-cache-status: HIT
cf-cache-status: HIT
age: 5574189
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fb58dcd92f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| imgproxy.v1.bundlecdn.com/unsafe/casino_list_big_1x/plain/https://v1.bundlecdn.com/casino-images/v/h_nolimithighwaytohelldx2_highwaytohelldx2.png@avif | 154.197.121.128 | 200 OK | 4.9 kB |
URL GET imgproxy.v1.bundlecdn.com/unsafe/casino_list_big_1x/plain/https://v1.bundlecdn.com/casino-images/v/h_nolimithighwaytohelldx2_highwaytohelldx2.png@avif IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
Hash9198f8692551661c9118b67a54b02d02 88168ea3517bf04d841d6c452c9fddaf79eb4db6 f3b688c694b96efe7df6832c31eb20e30a89236092875751933193cf56de002e
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://v1.bundlecdn.com/casino-images/v/h_nolimithighwaytohelldx2_highwaytohelldx2.png@avif HTTP/1.1
Host: imgproxy.v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:24 GMT
content-type: image/avif
content-length: 4896
cache-control: public, max-age=31536000
content-disposition: inline; filename="h_nolimithighwaytohelldx2_highwaytohelldx2.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY4MjVkNDZiLTdkYzYi"
expires: Sun, 07 Jun 2026 02:01:24 GMT
x-request-id: VfSPNDFJNXGycLsfzC2bt
cf-cache-status: HIT
age: 688073
accept-ranges: bytes
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fb7ee9392f4-CPH
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| 1w-jp-ftend-pp.top/img/logo/main/1win-normal.svg | 186.2.162.102 | 200 OK | 2.5 kB |
URL GET 1w-jp-ftend-pp.top/img/logo/main/1win-normal.svg IP186.2.162.102:443
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerLet's Encrypt Subject1w-jp-ftend-pp.top FingerprintD8:19:54:6C:72:76:2A:9F:4D:9C:E8:D4:AB:99:90:76:B0:36:E2:3D ValiditySun, 01 Jun 2025 03:16:50 GMT - Sat, 30 Aug 2025 03:16:49 GMT
File typeSVG Scalable Vector Graphics image Hash939fae16a92f03e3b581a6bd6ee6e138 40e3f11fee676ca2411af431bfb9bdf152c7c905 5704fb70783a0f90824b41cda3803f7fc987d02f9c4450d7f3839db249bd72c3
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/logo/main/1win-normal.svg HTTP/1.1
Host: 1w-jp-ftend-pp.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Cookie: __ddg8_=FVB36ypd0IIeggw9; __ddg10_=1749261678; __ddg9_=91.90.42.154; __ddg1_=KSoY9uwf9i8O4qnFOkqt
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=Hkr46mXAItQSjTSh; Domain=.1w-jp-ftend-pp.top; Path=/; Expires=Sat, 07-Jun-2025 02:21:18 GMT
__ddg10_=1749261678; Domain=.1w-jp-ftend-pp.top; Path=/; Expires=Sat, 07-Jun-2025 02:21:18 GMT
__ddg9_=91.90.42.154; Domain=.1w-jp-ftend-pp.top; Path=/; Expires=Sat, 07-Jun-2025 02:21:18 GMT
date: Sat, 07 Jun 2025 02:01:18 GMT
content-type: image/svg+xml
vary: Accept-Encoding
last-modified: Fri, 06 Jun 2025 15:37:18 GMT
etag: W/"68430b2e-9b0"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
content-encoding: br
age: 0
ddg-cache-status: MISS,MISS
X-Firefox-Spdy: h2
|
|
| v1.bundlecdn.com/img/flags/en.svg | 154.197.121.128 | 200 OK | 2.2 kB |
URL GET v1.bundlecdn.com/img/flags/en.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hash265ca14ad6f2cdce0f69fe837714888f b944a918a1916d4fa9bd34eb75005516ea19efa8 458e6464f41e97599b5499b4d8fb90cfd3f2332a80a881fb1d16fcdca510c914
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/flags/en.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:21 GMT
content-type: image/svg+xml
last-modified: Fri, 06 Jun 2025 15:37:18 GMT
etag: W/"68430b2e-8ae"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 4406
expires: Sat, 07 Jun 2025 06:01:21 GMT
cache-control: public, max-age=14400
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fa4985292f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/font/SFNSText-latin.f09aa5229.woff2 | 154.197.121.128 | 200 OK | 44 kB |
URL GET v1.bundlecdn.com/font/SFNSText-latin.f09aa5229.woff2 IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 43512, version 1.0 Hash426f20bb65ea80d35f3f2a999d5d7d1e 85f211a450f26d7f0822d718fc61085a506fa455 06e02d3d2d01bb2c88786b0a2dd2d692f6659c0159ec4754f7db49c12e03b0d6
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /font/SFNSText-latin.f09aa5229.woff2 HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1w-jp-ftend-pp.top/
Origin: https://1w-jp-ftend-pp.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 07 Jun 2025 02:01:18 GMT
content-type: application/octet-stream
content-length: 43512
last-modified: Fri, 06 Jun 2025 15:37:17 GMT
etag: "68430b2d-a9f8"
expires: Tue, 05 Jun 2035 02:01:18 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8f94badcbe44-CPH
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| v1.bundlecdn.com/casino-images/1/categories/233/26fc5eb8-15ea-488b-adca-285e9213f59e_horizontal.svg | 154.197.121.128 | 200 OK | 1.7 kB |
URL GET v1.bundlecdn.com/casino-images/1/categories/233/26fc5eb8-15ea-488b-adca-285e9213f59e_horizontal.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hash9bb335f567a0950a815e9f55e367da09 9333169f35f69b11d7a9007cac62c0995d849106 2e39f36f128622043de0f7f2ec9097d13c90307bf3407392eb4a6bb1d7625b27
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /casino-images/1/categories/233/26fc5eb8-15ea-488b-adca-285e9213f59e_horizontal.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:24 GMT
content-type: image/svg+xml
etag: W/"676428d2-680"
last-modified: Thu, 19 Dec 2024 14:08:18 GMT
expires: Tue, 05 Jun 2035 02:01:24 GMT
cache-control: public, max-age=315360000
x-cache-status: HIT
cf-cache-status: HIT
age: 8252214
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fb55dbc92f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| 1w-jp-ftend-pp.top/img/icons/favicon-16x16-darkmode.png | 186.2.162.102 | 200 OK | 454 B |
URL GET 1w-jp-ftend-pp.top/img/icons/favicon-16x16-darkmode.png IP186.2.162.102:443
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerLet's Encrypt Subject1w-jp-ftend-pp.top FingerprintD8:19:54:6C:72:76:2A:9F:4D:9C:E8:D4:AB:99:90:76:B0:36:E2:3D ValiditySun, 01 Jun 2025 03:16:50 GMT - Sat, 30 Aug 2025 03:16:49 GMT
File typePNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced Hashd7f32a620b3977e7eee0415e7292983d 70504865814f06c2f17c2d2f13ba314d0eae4b06 db2e299337b92d3968704bbd633df325e01328181b6a469555cbc092b0002f6c
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/icons/favicon-16x16-darkmode.png HTTP/1.1
Host: 1w-jp-ftend-pp.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Cookie: __ddg8_=HaikxEFyvudnBesn; __ddg10_=1749261679; __ddg9_=91.90.42.154; __ddg1_=KSoY9uwf9i8O4qnFOkqt; visit_domain=1w-jp-ftend-pp.top
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=q2nK6e0yZOOnO0iZ; Domain=.1w-jp-ftend-pp.top; Path=/; Expires=Sat, 07-Jun-2025 02:21:19 GMT
__ddg10_=1749261679; Domain=.1w-jp-ftend-pp.top; Path=/; Expires=Sat, 07-Jun-2025 02:21:19 GMT
__ddg9_=91.90.42.154; Domain=.1w-jp-ftend-pp.top; Path=/; Expires=Sat, 07-Jun-2025 02:21:19 GMT
date: Sat, 07 Jun 2025 02:01:20 GMT
content-type: image/png
content-length: 454
last-modified: Fri, 06 Jun 2025 15:37:18 GMT
etag: "68430b2e-1c6"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
age: 2
ddg-cache-status: MISS,MISS
X-Firefox-Spdy: h2
|
|
| imgproxy.v1.bundlecdn.com/unsafe/casino_list_big_1x/plain/https://v1.bundlecdn.com/casino-images/pragmatic/203.png@avif | 154.197.121.128 | 200 OK | 8.3 kB |
URL GET imgproxy.v1.bundlecdn.com/unsafe/casino_list_big_1x/plain/https://v1.bundlecdn.com/casino-images/pragmatic/203.png@avif IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
Hashbb300678b98124e323bceb8f1dcae6b2 8d9597114e070bc3bc9284ed87a56f7fe2ef8fc3 7cad02940a0dc879a66c4842c293be2af9f4a3d30267049d4fba7fc92f3e9ac5
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://v1.bundlecdn.com/casino-images/pragmatic/203.png@avif HTTP/1.1
Host: imgproxy.v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:24 GMT
content-type: image/avif
content-length: 8305
cache-control: public, max-age=31536000
content-disposition: inline; filename="203.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY3MjBlNjk2LTljODAi"
expires: Sun, 07 Jun 2026 02:01:24 GMT
x-request-id: kQBgy_da6JuCPi7BprSNr
cf-cache-status: HIT
age: 2117857
accept-ranges: bytes
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fb86ec592f4-CPH
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/casino-images/prov_fundist_Play'n%20GO/a6c3710e-c00c-4ace-8495-f32b8f93f3b3_0.svg | 154.197.121.128 | 200 OK | 4.4 kB |
URL GET v1.bundlecdn.com/casino-images/prov_fundist_Play'n%20GO/a6c3710e-c00c-4ace-8495-f32b8f93f3b3_0.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hashfffce6e9177d3ce8edee1acb45a7ee14 147b56beb84f691ec89872d58e2692fe9fead9ee 34e903d4be5b1b003368009bb062bddaceaf7d264224e75bd744d9324729b573
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /casino-images/prov_fundist_Play'n%20GO/a6c3710e-c00c-4ace-8495-f32b8f93f3b3_0.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:23 GMT
content-type: image/svg+xml
etag: W/"67ed1d32-1107"
last-modified: Wed, 02 Apr 2025 11:19:14 GMT
expires: Tue, 05 Jun 2035 02:01:23 GMT
cache-control: public, max-age=315360000
x-cache-status: MISS
cf-cache-status: HIT
age: 1465
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fb1ac6f92f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/casino-images/prov_relax_Relax/5fc29b37-acec-4a9f-a18a-9ae7342fb628_0.svg | 154.197.121.128 | 200 OK | 5.0 kB |
URL GET v1.bundlecdn.com/casino-images/prov_relax_Relax/5fc29b37-acec-4a9f-a18a-9ae7342fb628_0.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hash1f6028b1f21c1f2966e2786eadcde322 1f39b043331c5bd09026419a00574993e106127c 6443bc47ed73469911fd7a2ddb8009b77a0fd2781d8b5faf8b65129c7a8e8a26
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /casino-images/prov_relax_Relax/5fc29b37-acec-4a9f-a18a-9ae7342fb628_0.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:23 GMT
content-type: image/svg+xml
etag: W/"67ed3826-139c"
last-modified: Wed, 02 Apr 2025 13:14:14 GMT
expires: Tue, 05 Jun 2035 02:01:23 GMT
cache-control: public, max-age=315360000
x-cache-status: HIT
cf-cache-status: HIT
age: 289951
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fb1ec9c92f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| res.1wcommon.com/yYj_JBkOeLgxvDmw?2ded977582b616b3=wJuakHCnX-EE7VxqhM9lH7rRbkIFFlLsjyj6r445m73EZ4O4ovUfYvAtVEvVNoE8tGSivBvChXRVrgFtjMKPd7zjghjGApM7MI7JGDPqQZhDfjEs_h1bNGvt-QjLlwEMmy02kvnVlaNjbNuS5rzrrmikbts&jac=1&je=33323637242e6864663f31372462666a3f30696a3a636369303535306c32366261313b3435623539633f63363b3b3037662e6a64766c35383231363e3a3335267f676b3d39312c3b322e36322c3937362e726d3f7b6d732463776c603564663d34603534383a323535636637676234303b6b61676c616137343f323467613d393836633e383736323061673964303b353b363433333c32303b336466302e657a313f313d3a66623d633b65353e3733313039373737353135303f63663c363535313038323460303a6b65266d78363d316b61606236616430636237306630633b3d303060303e65606630693a3830302e657a353d3c3a32646463313b376632366431373b3130353335693930323a6a6d3836623f26656c5f6b3f756562676e556762454c273a323326325767604f4c2730324f445b4c253a304753253a32332e304d6d786b6c6e616e64746f786b70674346474e475d61667b7461666367645f6970706179732731402530304750565d6a6e656c66576d6b6c6f69702d33422d323245585c5d616f6c6f705d60756466677a5d6a696e665d64646f6376273b4a2d32304d58565f66646d63745f626e676c642733402d30324d5a545d647a61655d666d787c68253b422732304d5a565f7368636667725d74677076777a675f6e6d6c253140273a384d585457735047422d3140253230475a565f76657a7c77706d5d636d6f78726771716167665f6278746125334a2730304558565d76657a74777a675d6b6d6d72706d73716b6d66577a67746b253142253a324758545f76677a7477726757646b647665705d696e6b716d7c7a6770696b253142253a324d45535f676e676d676e76576b6c6c67785d77616e7627314a2d3a304f4d535d6662675d70656e6467705d6d6b706f6972273b402530324745515d717c696664617a645d64657a6b74617469746771253142273a324d4d515f76677074777067576e646f617c253142253a324d45535f76677a7477726757646e6763745d6e616e6763702d3b4a2532384f47535f7c677a747572675d6a616e665d6e6e6d69762531402d32324d475b577c65787c7570655f60636e665f666e6d63745d6c6b6667637a273340273a304d4751577e6d72746d785d61727a637b5f6f62686761742733402d30325f4742454e57636d6e6d7a576a75666e65705f66646d63742533402730305545404f4e5d6b6d6d72706d73716766577c6d78747d72675f617b766125334227303257474245445d61676f7070677b7367665d7c6d7074757a655d65746b273142253232554742454c5d6b6d6f78706571716d645d7667707c7d726557733174632d3140253230554740474e5f61676f727a677371676c5f76677a7c7d7a655f7b3376635f7b7065622533402730305545404f4e5d6c676277655772676c666d7a6d725f616e646f253b40273230574740454c5d64676a776557716863666d727127314a2d3a30574d42454c5f6c677274685f76677a747772672d31402d303055474a474e5d667a697f5f627d666465727b273142253232554742454c5d646d716d5d636d6c7c657a76333e2e6f6c5f603d3264363c67336563653161353067303a6a37353a35373a3338633264376e696e38613c363737616d2475676c763f4f67736326756f6e70356e6c746f78697267246f64605f6835383034366c6164633964323a61386334313d61366b603234313a32333b3239396b33303837646365 | 91.235.132.77 | 200 OK | 0 B |
URL GET res.1wcommon.com/yYj_JBkOeLgxvDmw?2ded977582b616b3=wJuakHCnX-EE7VxqhM9lH7rRbkIFFlLsjyj6r445m73EZ4O4ovUfYvAtVEvVNoE8tGSivBvChXRVrgFtjMKPd7zjghjGApM7MI7JGDPqQZhDfjEs_h1bNGvt-QjLlwEMmy02kvnVlaNjbNuS5rzrrmikbts&jac=1&je=33323637242e6864663f31372462666a3f30696a3a636369303535306c32366261313b3435623539633f63363b3b3037662e6a64766c35383231363e3a3335267f676b3d39312c3b322e36322c3937362e726d3f7b6d732463776c603564663d34603534383a323535636637676234303b6b61676c616137343f323467613d393836633e383736323061673964303b353b363433333c32303b336466302e657a313f313d3a66623d633b65353e3733313039373737353135303f63663c363535313038323460303a6b65266d78363d316b61606236616430636237306630633b3d303060303e65606630693a3830302e657a353d3c3a32646463313b376632366431373b3130353335693930323a6a6d3836623f26656c5f6b3f756562676e556762454c273a323326325767604f4c2730324f445b4c253a304753253a32332e304d6d786b6c6e616e64746f786b70674346474e475d61667b7461666367645f6970706179732731402530304750565d6a6e656c66576d6b6c6f69702d33422d323245585c5d616f6c6f705d60756466677a5d6a696e665d64646f6376273b4a2d32304d58565f66646d63745f626e676c642733402d30324d5a545d647a61655d666d787c68253b422732304d5a565f7368636667725d74677076777a675f6e6d6c253140273a384d585457735047422d3140253230475a565f76657a7c77706d5d636d6f78726771716167665f6278746125334a2730304558565d76657a74777a675d6b6d6d72706d73716b6d66577a67746b253142253a324758545f76677a7477726757646b647665705d696e6b716d7c7a6770696b253142253a324d45535f676e676d676e76576b6c6c67785d77616e7627314a2d3a304f4d535d6662675d70656e6467705d6d6b706f6972273b402530324745515d717c696664617a645d64657a6b74617469746771253142273a324d4d515f76677074777067576e646f617c253142253a324d45535f76677a7477726757646e6763745d6e616e6763702d3b4a2532384f47535f7c677a747572675d6a616e665d6e6e6d69762531402d32324d475b577c65787c7570655f60636e665f666e6d63745d6c6b6667637a273340273a304d4751577e6d72746d785d61727a637b5f6f62686761742733402d30325f4742454e57636d6e6d7a576a75666e65705f66646d63742533402730305545404f4e5d6b6d6d72706d73716766577c6d78747d72675f617b766125334227303257474245445d61676f7070677b7367665d7c6d7074757a655d65746b273142253232554742454c5d6b6d6f78706571716d645d7667707c7d726557733174632d3140253230554740474e5f61676f727a677371676c5f76677a7c7d7a655f7b3376635f7b7065622533402730305545404f4e5d6c676277655772676c666d7a6d725f616e646f253b40273230574740454c5d64676a776557716863666d727127314a2d3a30574d42454c5f6c677274685f76677a747772672d31402d303055474a474e5d667a697f5f627d666465727b273142253232554742454c5d646d716d5d636d6c7c657a76333e2e6f6c5f603d3264363c67336563653161353067303a6a37353a35373a3338633264376e696e38613c363737616d2475676c763f4f67736326756f6e70356e6c746f78697267246f64605f6835383034366c6164633964323a61386334313d61366b603234313a32333b3239396b33303837646365 IP91.235.132.77:443
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerSectigo Limited Subjectres.1wcommon.com FingerprintCA:57:9A:79:5A:DA:C3:1F:13:79:8E:6D:47:D3:CE:AC:9B:E3:07:28 ValidityWed, 04 Dec 2024 00:00:00 GMT - Sun, 04 Jan 2026 23:59:59 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /yYj_JBkOeLgxvDmw?2ded977582b616b3=wJuakHCnX-EE7VxqhM9lH7rRbkIFFlLsjyj6r445m73EZ4O4ovUfYvAtVEvVNoE8tGSivBvChXRVrgFtjMKPd7zjghjGApM7MI7JGDPqQZhDfjEs_h1bNGvt-QjLlwEMmy02kvnVlaNjbNuS5rzrrmikbts&jac=1&je=33323637242e6864663f31372462666a3f30696a3a636369303535306c32366261313b3435623539633f63363b3b3037662e6a64766c35383231363e3a3335267f676b3d39312c3b322e36322c3937362e726d3f7b6d732463776c603564663d34603534383a323535636637676234303b6b61676c616137343f323467613d393836633e383736323061673964303b353b363433333c32303b336466302e657a313f313d3a66623d633b65353e3733313039373737353135303f63663c363535313038323460303a6b65266d78363d316b61606236616430636237306630633b3d303060303e65606630693a3830302e657a353d3c3a32646463313b376632366431373b3130353335693930323a6a6d3836623f26656c5f6b3f756562676e556762454c273a323326325767604f4c2730324f445b4c253a304753253a32332e304d6d786b6c6e616e64746f786b70674346474e475d61667b7461666367645f6970706179732731402530304750565d6a6e656c66576d6b6c6f69702d33422d323245585c5d616f6c6f705d60756466677a5d6a696e665d64646f6376273b4a2d32304d58565f66646d63745f626e676c642733402d30324d5a545d647a61655d666d787c68253b422732304d5a565f7368636667725d74677076777a675f6e6d6c253140273a384d585457735047422d3140253230475a565f76657a7c77706d5d636d6f78726771716167665f6278746125334a2730304558565d76657a74777a675d6b6d6d72706d73716b6d66577a67746b253142253a324758545f76677a7477726757646b647665705d696e6b716d7c7a6770696b253142253a324d45535f676e676d676e76576b6c6c67785d77616e7627314a2d3a304f4d535d6662675d70656e6467705d6d6b706f6972273b402530324745515d717c696664617a645d64657a6b74617469746771253142273a324d4d515f76677074777067576e646f617c253142253a324d45535f76677a7477726757646e6763745d6e616e6763702d3b4a2532384f47535f7c677a747572675d6a616e665d6e6e6d69762531402d32324d475b577c65787c7570655f60636e665f666e6d63745d6c6b6667637a273340273a304d4751577e6d72746d785d61727a637b5f6f62686761742733402d30325f4742454e57636d6e6d7a576a75666e65705f66646d63742533402730305545404f4e5d6b6d6d72706d73716766577c6d78747d72675f617b766125334227303257474245445d61676f7070677b7367665d7c6d7074757a655d65746b273142253232554742454c5d6b6d6f78706571716d645d7667707c7d726557733174632d3140253230554740474e5f61676f727a677371676c5f76677a7c7d7a655f7b3376635f7b7065622533402730305545404f4e5d6c676277655772676c666d7a6d725f616e646f253b40273230574740454c5d64676a776557716863666d727127314a2d3a30574d42454c5f6c677274685f76677a747772672d31402d303055474a474e5d667a697f5f627d666465727b273142253232554742454c5d646d716d5d636d6c7c657a76333e2e6f6c5f603d3264363c67336563653161353067303a6a37353a35373a3338633264376e696e38613c363737616d2475676c763f4f67736326756f6e70356e6c746f78697267246f64605f6835383034366c6164633964323a61386334313d61366b603234313a32333b3239396b33303837646365 HTTP/1.1
Host: res.1wcommon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Cookie: thx_guid=1822d361c68f65cff7bbe04c52d309b0; tmx_guid=AAw6PUcB4sg64sibo0iD2O5yGB-Oy3QS8DpTK0nCRRr0Og_jbqsd-37Hw33OnpttNR1AnAp7gqKK7mAqYxMK8J7RMAEPzg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 07 Jun 2025 02:01:29 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Pragma: no-cache
Cache-Control: no-cache, no-store, must-revalidate
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Length: 0
Keep-Alive: timeout=2, max=92
Connection: Keep-Alive
Content-Type: text/javascript
|
|
| v1.bundlecdn.com/img/sprite-tvbet@2.888adc8ee-256.webp | 154.197.121.128 | 200 OK | 354 kB |
URL GET v1.bundlecdn.com/img/sprite-tvbet@2.888adc8ee-256.webp IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeRIFF (little-endian) data, Web/P image Size354 kB (353842 bytes) Hash8df817e5ef0af5dc8279d3f20cae9bc3 12c85bcc74a48053c92f3f75ce3c14e1a19e46d3 61a0f98511e6c60430ab044d1f80e1c9eff83f577064d465cc5f893ba3ce0fee
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/sprite-tvbet@2.888adc8ee-256.webp HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:21 GMT
content-type: image/webp
content-length: 353842
last-modified: Fri, 06 Jun 2025 15:37:17 GMT
etag: "68430b2d-56632"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 4053
expires: Sat, 07 Jun 2025 06:01:21 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fa7595892f4-CPH
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/casino-images/prov_betgames_BetGames/e5d72714-bd3e-40d7-a022-5d33404f2303_0.svg | 154.197.121.128 | 200 OK | 2.4 kB |
URL GET v1.bundlecdn.com/casino-images/prov_betgames_BetGames/e5d72714-bd3e-40d7-a022-5d33404f2303_0.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hash7fe3b995ef33c9aa37d40a01d2e21b12 1d9cfa2b5999ebd7d129787105973c32e4abcfa5 d09aef50aa19395b035289c30e57a85e8d84d790b1c830b3137e46ae70c22051
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /casino-images/prov_betgames_BetGames/e5d72714-bd3e-40d7-a022-5d33404f2303_0.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:23 GMT
content-type: image/svg+xml
etag: W/"67ed2bf4-98c"
last-modified: Wed, 02 Apr 2025 12:22:12 GMT
expires: Tue, 05 Jun 2035 02:01:23 GMT
cache-control: public, max-age=315360000
x-cache-status: MISS
cf-cache-status: HIT
age: 2628132
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8faf0b8692f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/casino-images/1/categories/210093/e3766598-f5f0-469c-a374-10b7272b22f9_horizontal.svg | 154.197.121.128 | 200 OK | 3.5 kB |
URL GET v1.bundlecdn.com/casino-images/1/categories/210093/e3766598-f5f0-469c-a374-10b7272b22f9_horizontal.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hash468df0cd9546410a3d003671a9f67a01 abc3dbd74f54ace9a886b92ccecbf715b8e9f04f c916072fd5a5ceaa3ea42af7f003e5b7ba05b3a9b85e03e9724ecf9acece5758
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /casino-images/1/categories/210093/e3766598-f5f0-469c-a374-10b7272b22f9_horizontal.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:24 GMT
content-type: image/svg+xml
etag: W/"67d2b111-d8c"
last-modified: Thu, 13 Mar 2025 10:18:57 GMT
expires: Tue, 05 Jun 2035 02:01:24 GMT
cache-control: public, max-age=315360000
x-cache-status: HIT
cf-cache-status: HIT
age: 7398332
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fb59dd492f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| 1w-jp-ftend-pp.top/analytics/events?event_name=slider_banner_view&pgi=GTM-KGKQDC7 | 186.2.162.102 | 204 No Content | 0 B |
URL POST 1w-jp-ftend-pp.top/analytics/events?event_name=slider_banner_view&pgi=GTM-KGKQDC7 IP186.2.162.102:443
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerLet's Encrypt Subject1w-jp-ftend-pp.top FingerprintD8:19:54:6C:72:76:2A:9F:4D:9C:E8:D4:AB:99:90:76:B0:36:E2:3D ValiditySun, 01 Jun 2025 03:16:50 GMT - Sat, 30 Aug 2025 03:16:49 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
POST /analytics/events?event_name=slider_banner_view&pgi=GTM-KGKQDC7 HTTP/1.1
Host: 1w-jp-ftend-pp.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 838
Origin: https://1w-jp-ftend-pp.top
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Cookie: __ddg8_=ji79n4944wiM6W0E; __ddg10_=1749261688; __ddg9_=91.90.42.154; __ddg1_=KSoY9uwf9i8O4qnFOkqt; visit_domain=1w-jp-ftend-pp.top; 1w_lang=en; fvt=2025-06-07T02:01:20.009Z; AMP_494cccfe21=JTdCJTIyZGV2aWNlSWQlMjIlM0ElMjJjYjAwMWU5ZS1kODg3LTRmNzEtOWIyMy1kYjc2MTNjYTM5Y2ElMjIlMkMlMjJzZXNzaW9uSWQlMjIlM0ExNzQ5MjYxNjgwMDIzJTJDJTIyb3B0T3V0JTIyJTNBZmFsc2UlMkMlMjJsYXN0RXZlbnRUaW1lJTIyJTNBMTc0OTI2MTY5MDgxNyUyQyUyMmxhc3RFdmVudElkJTIyJTNBMiUyQyUyMnBhZ2VDb3VudGVyJTIyJTNBMCU3RA==; 1w_locale=1; _ftv=1749261680; click_id=a6ddd5b3-e9db-402e-8792-053a060e33bb; core-sticky=a8a9ce735354173d; _gcl_au=1.1.813207091.1749261686; _ga_548949LWLW=GS2.1.s1749261686$o1$g0$t1749261690$j56$l0$h0; _ga=GA1.1.961746610.1749261686; _ga_0GFT8ZSQGY=GS2.1.s1749261686$o1$g0$t1749261690$j56$l0$h0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/2 204 No Content
server: ddos-guard
set-cookie: __ddg8_=XEIZHT5QNI9vzgQI; Domain=.1w-jp-ftend-pp.top; Path=/; Expires=Sat, 07-Jun-2025 02:21:30 GMT
__ddg10_=1749261690; Domain=.1w-jp-ftend-pp.top; Path=/; Expires=Sat, 07-Jun-2025 02:21:30 GMT
__ddg9_=91.90.42.154; Domain=.1w-jp-ftend-pp.top; Path=/; Expires=Sat, 07-Jun-2025 02:21:30 GMT
date: Sat, 07 Jun 2025 02:01:30 GMT
X-Firefox-Spdy: h2
|
|
| region1.analytics.google.com/g/collect?v=2&tid=G-548949LWLW>m=45je5641h1v894728184z8894400803za200zb894400803&_p=1749261681012&gcd=13l3lPl2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104653070~104653072~104661466~104661468~104684204~104684207~104698127~104698129&cid=961746610.1749261686&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&_eu=AAAAAAQ&_s=4&sid=1749261686&sct=1&seg=0&dl=https%3A%2F%2F1w-jp-ftend-pp.top%2F&dt=1win%20-%20%D1%81%D1%82%D0%B0%D0%B2%D0%BA%D0%B8%20%D0%BD%D0%B0%20%D1%81%D0%BF%D0%BE%D1%80%D1%82%20-%201327338.2479150598&en=slider_banner_view&tfd=17900 | 216.239.34.36 | 204 No Content | 0 B |
URL POST region1.analytics.google.com/g/collect?v=2&tid=G-548949LWLW>m=45je5641h1v894728184z8894400803za200zb894400803&_p=1749261681012&gcd=13l3lPl2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104653070~104653072~104661466~104661468~104684204~104684207~104698127~104698129&cid=961746610.1749261686&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&_eu=AAAAAAQ&_s=4&sid=1749261686&sct=1&seg=0&dl=https%3A%2F%2F1w-jp-ftend-pp.top%2F&dt=1win%20-%20%D1%81%D1%82%D0%B0%D0%B2%D0%BA%D0%B8%20%D0%BD%D0%B0%20%D1%81%D0%BF%D0%BE%D1%80%D1%82%20-%201327338.2479150598&en=slider_banner_view&tfd=17900 IP216.239.34.36:443
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subject*.google-analytics.com Fingerprint10:76:57:2F:C3:21:F2:5F:71:E4:85:A5:DB:F7:65:3F:51:03:55:07 ValidityMon, 12 May 2025 08:42:57 GMT - Mon, 04 Aug 2025 08:42:56 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-548949LWLW>m=45je5641h1v894728184z8894400803za200zb894400803&_p=1749261681012&gcd=13l3lPl2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104653070~104653072~104661466~104661468~104684204~104684207~104698127~104698129&cid=961746610.1749261686&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&_eu=AAAAAAQ&_s=4&sid=1749261686&sct=1&seg=0&dl=https%3A%2F%2F1w-jp-ftend-pp.top%2F&dt=1win%20-%20%D1%81%D1%82%D0%B0%D0%B2%D0%BA%D0%B8%20%D0%BD%D0%B0%20%D1%81%D0%BF%D0%BE%D1%80%D1%82%20-%201327338.2479150598&en=slider_banner_view&tfd=17900 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1w-jp-ftend-pp.top/
Origin: https://1w-jp-ftend-pp.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0
HTTP/3 204 No Content
access-control-allow-origin: https://1w-jp-ftend-pp.top
date: Sat, 07 Jun 2025 02:01:35 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:158:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascnsrsggc:158:0
report-to: {"group":"ascnsrsggc:158:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:158:0"}],}
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| 1w-jp-ftend-pp.top/ed?en=fe_html_loaded&pgi=ed | 186.2.162.102 | 204 No Content | 0 B |
URL POST 1w-jp-ftend-pp.top/ed?en=fe_html_loaded&pgi=ed IP186.2.162.102:443
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerLet's Encrypt Subject1w-jp-ftend-pp.top FingerprintD8:19:54:6C:72:76:2A:9F:4D:9C:E8:D4:AB:99:90:76:B0:36:E2:3D ValiditySun, 01 Jun 2025 03:16:50 GMT - Sat, 30 Aug 2025 03:16:49 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
POST /ed?en=fe_html_loaded&pgi=ed HTTP/1.1
Host: 1w-jp-ftend-pp.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1w-jp-ftend-pp.top/
Content-Type: text/plain;charset=UTF-8
Content-Length: 449
Origin: https://1w-jp-ftend-pp.top
DNT: 1
Connection: keep-alive
Cookie: __ddg8_=FVB36ypd0IIeggw9; __ddg10_=1749261678; __ddg9_=91.90.42.154; __ddg1_=KSoY9uwf9i8O4qnFOkqt
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 204 No Content
server: ddos-guard
set-cookie: __ddg8_=QGSvbdX8QpgJIaEA; Domain=.1w-jp-ftend-pp.top; Path=/; Expires=Sat, 07-Jun-2025 02:21:18 GMT
__ddg10_=1749261678; Domain=.1w-jp-ftend-pp.top; Path=/; Expires=Sat, 07-Jun-2025 02:21:18 GMT
__ddg9_=91.90.42.154; Domain=.1w-jp-ftend-pp.top; Path=/; Expires=Sat, 07-Jun-2025 02:21:18 GMT
date: Sat, 07 Jun 2025 02:01:18 GMT
X-Firefox-Spdy: h2
|
|
| v1.bundlecdn.com/casino-images/prov_softswiss_Apparat/38cbca5c-b143-4381-a956-878427dc5ee5_0.svg | 154.197.121.128 | 200 OK | 1.3 kB |
URL GET v1.bundlecdn.com/casino-images/prov_softswiss_Apparat/38cbca5c-b143-4381-a956-878427dc5ee5_0.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hash1fab8257b4123c38bd12004b795956b9 d0e94b73e52d32b7e34b5a22aad6bc9758f47c8f e5b73124ecd2665cb2e1629e33762383412a4c9def1d3b899e4ccb6f3af80fef
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /casino-images/prov_softswiss_Apparat/38cbca5c-b143-4381-a956-878427dc5ee5_0.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:22 GMT
content-type: image/svg+xml
etag: W/"67ed2ed1-535"
last-modified: Wed, 02 Apr 2025 12:34:25 GMT
expires: Tue, 05 Jun 2035 02:01:22 GMT
cache-control: public, max-age=315360000
x-cache-status: HIT
cf-cache-status: HIT
age: 5662741
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8faeab6992f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/casino-images/1/categories/210066/8aa90a4a-cb66-4ae2-8450-7cd9f266c57f_horizontal.svg | 154.197.121.128 | 200 OK | 3.5 kB |
URL GET v1.bundlecdn.com/casino-images/1/categories/210066/8aa90a4a-cb66-4ae2-8450-7cd9f266c57f_horizontal.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hash468df0cd9546410a3d003671a9f67a01 abc3dbd74f54ace9a886b92ccecbf715b8e9f04f c916072fd5a5ceaa3ea42af7f003e5b7ba05b3a9b85e03e9724ecf9acece5758
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /casino-images/1/categories/210066/8aa90a4a-cb66-4ae2-8450-7cd9f266c57f_horizontal.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:24 GMT
content-type: image/svg+xml
etag: W/"67c6edf2-d8c"
last-modified: Tue, 04 Mar 2025 12:11:30 GMT
expires: Tue, 05 Jun 2035 02:01:24 GMT
cache-control: public, max-age=315360000
x-cache-status: HIT
cf-cache-status: HIT
age: 8168395
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fb5addd92f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| imgproxy.v1.bundlecdn.com/unsafe/casino_list_big_1x/plain/https://v1.bundlecdn.com/casino-images/v/h_truelabmicropiratesthekrakenofthecaribbean_micropiratesthekrakenofthecaribbean.png@avif | 154.197.121.128 | 200 OK | 7.2 kB |
URL GET imgproxy.v1.bundlecdn.com/unsafe/casino_list_big_1x/plain/https://v1.bundlecdn.com/casino-images/v/h_truelabmicropiratesthekrakenofthecaribbean_micropiratesthekrakenofthecaribbean.png@avif IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
Hash4431882c3ddec090fab57c9aa6b6ba84 a9241b310c183270f2e1f0eb43174b8e82ec4fcf 530b1213736e06e463dcbb8039892a8c8769df449906e14a0ea89798da9d2300
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://v1.bundlecdn.com/casino-images/v/h_truelabmicropiratesthekrakenofthecaribbean_micropiratesthekrakenofthecaribbean.png@avif HTTP/1.1
Host: imgproxy.v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:24 GMT
content-type: image/avif
content-length: 7237
cache-control: public, max-age=31536000
content-disposition: inline; filename="h_truelabmicropiratesthekrakenofthecaribbean_micropiratesthekrakenofthecaribbean.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY4MjVlNDE5LTk4YjAi"
expires: Sun, 07 Jun 2026 02:01:24 GMT
x-request-id: c47AKFM5cZnTm7RpUMYvY
cf-cache-status: HIT
age: 688073
accept-ranges: bytes
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fb7ee8f92f4-CPH
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| res.1wcommon.com/Vz-Kmv0gz8_hQd_S?efbc8fc5036cbe8f=ODoZk_O0M7QjJjxDphnx-NYaXFhbTC2bzeRuf0r6oVG4epnvu-QGuWxix4ckTBSdxGsUBhRzh31ufr-jq96_uVUOXgEg3-nWMmLgFlID9NtvH5IkrLKdL0UnaGMfsrdSH4BbZoI15uhxunPserrpdcUSnLYV507XuZ37MCb8nWNNDag7eANty91-Sehd-cvHN-Oi6y2htI8v465RXZo&je=303524266869613f3924626a71793d5959363e303a2c323e34375d5d | 91.235.132.77 | 204 204 | 0 B |
URL GET res.1wcommon.com/Vz-Kmv0gz8_hQd_S?efbc8fc5036cbe8f=ODoZk_O0M7QjJjxDphnx-NYaXFhbTC2bzeRuf0r6oVG4epnvu-QGuWxix4ckTBSdxGsUBhRzh31ufr-jq96_uVUOXgEg3-nWMmLgFlID9NtvH5IkrLKdL0UnaGMfsrdSH4BbZoI15uhxunPserrpdcUSnLYV507XuZ37MCb8nWNNDag7eANty91-Sehd-cvHN-Oi6y2htI8v465RXZo&je=303524266869613f3924626a71793d5959363e303a2c323e34375d5d IP91.235.132.77:443
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerSectigo Limited Subjectres.1wcommon.com FingerprintCA:57:9A:79:5A:DA:C3:1F:13:79:8E:6D:47:D3:CE:AC:9B:E3:07:28 ValidityWed, 04 Dec 2024 00:00:00 GMT - Sun, 04 Jan 2026 23:59:59 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /Vz-Kmv0gz8_hQd_S?efbc8fc5036cbe8f=ODoZk_O0M7QjJjxDphnx-NYaXFhbTC2bzeRuf0r6oVG4epnvu-QGuWxix4ckTBSdxGsUBhRzh31ufr-jq96_uVUOXgEg3-nWMmLgFlID9NtvH5IkrLKdL0UnaGMfsrdSH4BbZoI15uhxunPserrpdcUSnLYV507XuZ37MCb8nWNNDag7eANty91-Sehd-cvHN-Oi6y2htI8v465RXZo&je=303524266869613f3924626a71793d5959363e303a2c323e34375d5d HTTP/1.1
Host: res.1wcommon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Cookie: thx_guid=1822d361c68f65cff7bbe04c52d309b0; tmx_guid=AAw6PUcB4sg64sibo0iD2O5yGB-Oy3QS8DpTK0nCRRr0Og_jbqsd-37Hw33OnpttNR1AnAp7gqKK7mAqYxMK8J7RMAEPzg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 204 204
Date: Sat, 07 Jun 2025 02:01:29 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Connection: Keep-Alive, Keep-Alive
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/javascript;charset=UTF-8
Keep-Alive: timeout=2, max=97
|
|
| v1.bundlecdn.com/casino-images/prov_mrslotty_Live88/bbb6f97d-528c-465b-82db-f25854b23cc6_0.svg | 154.197.121.128 | 200 OK | 2.0 kB |
URL GET v1.bundlecdn.com/casino-images/prov_mrslotty_Live88/bbb6f97d-528c-465b-82db-f25854b23cc6_0.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hashe25c1eacb346b696350c87dff1bcbc53 25d1ce4e1c2c60ba2b2ced16b188b6a94facf4b6 08ff8b493eb592abf3e652efe62d211c99a1354b2b405844b7b17f84cd838998
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /casino-images/prov_mrslotty_Live88/bbb6f97d-528c-465b-82db-f25854b23cc6_0.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:23 GMT
content-type: image/svg+xml
etag: W/"67ed26c4-7c2"
last-modified: Wed, 02 Apr 2025 12:00:04 GMT
expires: Tue, 05 Jun 2035 02:01:23 GMT
cache-control: public, max-age=315360000
x-cache-status: HIT
cf-cache-status: HIT
age: 5659496
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fb10c2b92f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/casino-images/prov_softswiss_PopiPlay/80e3864d-7015-48ff-be73-a835e6f354b7_0.svg | 154.197.121.128 | 200 OK | 1.4 kB |
URL GET v1.bundlecdn.com/casino-images/prov_softswiss_PopiPlay/80e3864d-7015-48ff-be73-a835e6f354b7_0.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hash2a0bcb17159aa1342bd4372b5c6ed7e1 b5fea9115b64c2d8aff4e3cdc7193f44a96ff145 b3f9c149106e43cae8decf8524170d8ff761c8d0eeb804ddb498a3797a93cf7b
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /casino-images/prov_softswiss_PopiPlay/80e3864d-7015-48ff-be73-a835e6f354b7_0.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:23 GMT
content-type: image/svg+xml
etag: W/"67ed2fc5-554"
last-modified: Wed, 02 Apr 2025 12:38:29 GMT
expires: Tue, 05 Jun 2035 02:01:23 GMT
cache-control: public, max-age=315360000
x-cache-status: HIT
cf-cache-status: HIT
age: 5660825
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fb1cc8892f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/casino-images/prov_infingames_F*Bastards/03f64e3d-41cb-458e-84fd-bea21eac31ad_0.svg | 154.197.121.128 | 200 OK | 15 kB |
URL GET v1.bundlecdn.com/casino-images/prov_infingames_F*Bastards/03f64e3d-41cb-458e-84fd-bea21eac31ad_0.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hash9f797413289cee9b3805519d72be03cd df07c22bbff708836a048adb3e346b63c2f9ccac 5ff92be48f14e4edc09801d6ae11a57b570e9202efc91d3de762def682490fde
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /casino-images/prov_infingames_F*Bastards/03f64e3d-41cb-458e-84fd-bea21eac31ad_0.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:23 GMT
content-type: image/svg+xml
etag: W/"67ed29f8-3a66"
last-modified: Wed, 02 Apr 2025 12:13:44 GMT
expires: Tue, 05 Jun 2035 02:01:23 GMT
cache-control: public, max-age=315360000
x-cache-status: HIT
cf-cache-status: HIT
age: 5659496
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fafbbc592f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| res.1wcommon.com/qC7wBNsjPgphCxrp?aab362e69f78dd81=0Ua8XCYe5OMz3oyfPA4erDHhDA6jJlFFTM2CXFFSzylJDMZbfm9AzB2-UOEtlWsQYbHJ8_IfCM2sv43E0YwsxhcHPvuRzQkKDMcTG-yZcRcoRbEr7ZNyieVdTsqx1ved4Q0P2_IRknyNjzFioZBJTg&fr | 91.235.132.77 | 200 OK | 134 B |
URL GET res.1wcommon.com/qC7wBNsjPgphCxrp?aab362e69f78dd81=0Ua8XCYe5OMz3oyfPA4erDHhDA6jJlFFTM2CXFFSzylJDMZbfm9AzB2-UOEtlWsQYbHJ8_IfCM2sv43E0YwsxhcHPvuRzQkKDMcTG-yZcRcoRbEr7ZNyieVdTsqx1ved4Q0P2_IRknyNjzFioZBJTg&fr IP91.235.132.77:443
Requested byhttps://res.1wcommon.com/yr7BspoRnWAkeL10?f47807dca10ea169=W_EuJ4VeNuwVyo1yPn5bTioolSCXkg4YGmgphRlNfSilmYt1nIAyemcFXeGhzpqF6gJjszzlb2q6d_5cYALX5TPhHhmlSky8fAnQxf5pv9jktj3XKnpAYkN5kjNBdLdGbDNKLPQor5_uEGHvEm15OeU46QzzXeqc4lso5EOqJ06T4jBTAOIMgi06jlOTnQNcEG7NcMATtTZLT2yQpg8 CertificateIssuerSectigo Limited Subjectres.1wcommon.com FingerprintCA:57:9A:79:5A:DA:C3:1F:13:79:8E:6D:47:D3:CE:AC:9B:E3:07:28 ValidityWed, 04 Dec 2024 00:00:00 GMT - Sun, 04 Jan 2026 23:59:59 GMT
File typeASCII text, with no line terminators Hash5dd1488e9c6261438f3f66645681e3ed 9ff063715d3ae039d7d5d8d04e4209cdbf7ba047 a079b1791d47ba8e050136820f97283f6f693c8712b7b343d3ae3385f8ed5fb8
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /qC7wBNsjPgphCxrp?aab362e69f78dd81=0Ua8XCYe5OMz3oyfPA4erDHhDA6jJlFFTM2CXFFSzylJDMZbfm9AzB2-UOEtlWsQYbHJ8_IfCM2sv43E0YwsxhcHPvuRzQkKDMcTG-yZcRcoRbEr7ZNyieVdTsqx1ved4Q0P2_IRknyNjzFioZBJTg&fr HTTP/1.1
Host: res.1wcommon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://res.1wcommon.com/yr7BspoRnWAkeL10?f47807dca10ea169=W_EuJ4VeNuwVyo1yPn5bTioolSCXkg4YGmgphRlNfSilmYt1nIAyemcFXeGhzpqF6gJjszzlb2q6d_5cYALX5TPhHhmlSky8fAnQxf5pv9jktj3XKnpAYkN5kjNBdLdGbDNKLPQor5_uEGHvEm15OeU46QzzXeqc4lso5EOqJ06T4jBTAOIMgi06jlOTnQNcEG7NcMATtTZLT2yQpg8
Cookie: thx_guid=1822d361c68f65cff7bbe04c52d309b0; tmx_guid=AAw6PUcB4sg64sibo0iD2O5yGB-Oy3QS8DpTK0nCRRr0Og_jbqsd-37Hw33OnpttNR1AnAp7gqKK7mAqYxMK8J7RMAEPzg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 07 Jun 2025 02:01:27 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Connection: Keep-Alive, Keep-Alive
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/javascript;charset=UTF-8
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=2, max=98
Transfer-Encoding: chunked
|
|
| v1.bundlecdn.com/js/80523.eb6cb3165.js | 154.197.121.128 | 200 OK | 529 B |
URL GET v1.bundlecdn.com/js/80523.eb6cb3165.js IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeJavaScript source, ASCII text, with very long lines (529), with no line terminators Hash5c5b34f65d063ec8567ab6dd10bc4b1f 800613146c536b9dd7440fe0f573cfa12a3a18d6 6cddf1e979e2a26a1fafe7f933926a48f65a1414c3e3fe814742a9f8bbdbd60f
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/80523.eb6cb3165.js HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:21 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 19 May 2025 09:46:11 GMT
etag: W/"682afde3-211"
expires: Tue, 05 Jun 2035 02:01:21 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1609365
priority: u=3,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fa5f8d192f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/casino-images/prov_softswiss_Amusnet/57b0a7c8-c68e-48f2-ac31-340bb34f1d74_0.svg | 154.197.121.128 | 200 OK | 871 B |
URL GET v1.bundlecdn.com/casino-images/prov_softswiss_Amusnet/57b0a7c8-c68e-48f2-ac31-340bb34f1d74_0.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hashe6b4f8044bc702750aa430266d0820fa a9853b8d91593e1721653f5418314a441148cf55 21326590945f18da33096d0b96912f9cb6f84401f77bf2d0471fea77c245cebc
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /casino-images/prov_softswiss_Amusnet/57b0a7c8-c68e-48f2-ac31-340bb34f1d74_0.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:22 GMT
content-type: image/svg+xml
etag: W/"67ed2e20-367"
last-modified: Wed, 02 Apr 2025 12:31:28 GMT
expires: Tue, 05 Jun 2035 02:01:22 GMT
cache-control: public, max-age=315360000
x-cache-status: HIT
cf-cache-status: HIT
age: 5662743
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8faeab6592f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/js/9925.5c86904b3.js | 154.197.121.128 | 200 OK | 907 B |
URL GET v1.bundlecdn.com/js/9925.5c86904b3.js IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeJavaScript source, ASCII text, with very long lines (907), with no line terminators Hash11df054c630827a64c3d0629d6eb029b 602cf721129039cc034a34dba3d23d5151e345c8 f310af28f35f83946a9c499e9aecb61ea251a7b9d61f922372658ebc54f95d8f
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/9925.5c86904b3.js HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:21 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 19 May 2025 09:46:12 GMT
etag: W/"682afde4-38b"
expires: Tue, 05 Jun 2035 02:01:21 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1613299
priority: u=3,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fa4784592f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| imgproxy.v1.bundlecdn.com/unsafe/banner_desktop_main_2x/plain/https://v1.bundlecdn.com/img/bonus.8be9e8f98-362.png@avif | 154.197.121.128 | 200 OK | 5.3 kB |
URL GET imgproxy.v1.bundlecdn.com/unsafe/banner_desktop_main_2x/plain/https://v1.bundlecdn.com/img/bonus.8be9e8f98-362.png@avif IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
Hash2644fa31ed595bed0cb922c0c7539272 de9318bf140b0f2ea79f367170734ff434917747 8b139975393524fcf487dbb870a640733d99cfb4352c679c7449baf2ca2babcd
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/banner_desktop_main_2x/plain/https://v1.bundlecdn.com/img/bonus.8be9e8f98-362.png@avif HTTP/1.1
Host: imgproxy.v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:21 GMT
content-type: image/avif
content-length: 5298
cache-control: public, max-age=31536000
content-disposition: inline; filename="bonus.8be9e8f98-362.avif"
content-security-policy: script-src 'none'
etag: "xlg5b1aJN0wEm5fM9W-pwGes5IuQ2UVu2WSuFNlmdfI/RIjY2YTM4MzhmLWMyMGQi"
x-request-id: fYqFVOXgRnehZo4EYv0_G
cf-cache-status: HIT
age: 27259422
expires: Sun, 07 Jun 2026 02:01:21 GMT
accept-ranges: bytes
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fa849a092f4-CPH
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| imgproxy.v1.bundlecdn.com/unsafe/casino_list_big_1x/plain/https://v1.bundlecdn.com/casino-images/v/h_nolimitsanquentin2dx1_sanquentin2dx1.png@avif | 154.197.121.128 | 200 OK | 3.5 kB |
URL GET imgproxy.v1.bundlecdn.com/unsafe/casino_list_big_1x/plain/https://v1.bundlecdn.com/casino-images/v/h_nolimitsanquentin2dx1_sanquentin2dx1.png@avif IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
Hashea59a5d0f138a5ef130e71514b41209d 428daf3e5637fa67d4af506105d2195a9c2e25e9 fafd0dcbaa7cc259be49648a9b9eeabca13c4b8de3236536860fb0a543dcfa03
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://v1.bundlecdn.com/casino-images/v/h_nolimitsanquentin2dx1_sanquentin2dx1.png@avif HTTP/1.1
Host: imgproxy.v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:24 GMT
content-type: image/avif
content-length: 3509
cache-control: public, max-age=31536000
content-disposition: inline; filename="h_nolimitsanquentin2dx1_sanquentin2dx1.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY4MjVkNDkzLTc4NjUi"
expires: Sun, 07 Jun 2026 02:01:24 GMT
x-request-id: qHianjlmuCT1KwHdOUdWG
cf-cache-status: HIT
age: 688073
accept-ranges: bytes
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fb7ee9192f4-CPH
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| imgproxy.v1.bundlecdn.com/unsafe/casino_list_big_1x/plain/https://v1.bundlecdn.com/casino-images/betgames/c39a1a90-02f6-4bda-8a55-193aa8079764.png@avif | 154.197.121.128 | 200 OK | 5.8 kB |
URL GET imgproxy.v1.bundlecdn.com/unsafe/casino_list_big_1x/plain/https://v1.bundlecdn.com/casino-images/betgames/c39a1a90-02f6-4bda-8a55-193aa8079764.png@avif IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
Hashd5ca0260423693092ff34a092b6d2155 faa350ba537904a779e9c62700069add7d044828 3c95ce5862d3d8293f500f674b859846837c32683a8f8a4ec5259c776a8b6f6c
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://v1.bundlecdn.com/casino-images/betgames/c39a1a90-02f6-4bda-8a55-193aa8079764.png@avif HTTP/1.1
Host: imgproxy.v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:24 GMT
content-type: image/avif
content-length: 5841
cache-control: public, max-age=31536000
content-disposition: inline; filename="c39a1a90-02f6-4bda-8a55-193aa8079764.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY3MjBkZDQwLTc5YWUwIg"
expires: Sun, 07 Jun 2026 02:01:24 GMT
x-request-id: cnveMaAia6wlqj609NU2w
cf-cache-status: HIT
age: 1401528
accept-ranges: bytes
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fb87ecb92f4-CPH
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| 1w-jp-ftend-pp.top/firebase/8.1.1/firebase-app.js | 186.2.162.102 | 200 OK | 20 kB |
URL GET 1w-jp-ftend-pp.top/firebase/8.1.1/firebase-app.js IP186.2.162.102:443
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerLet's Encrypt Subject1w-jp-ftend-pp.top FingerprintD8:19:54:6C:72:76:2A:9F:4D:9C:E8:D4:AB:99:90:76:B0:36:E2:3D ValiditySun, 01 Jun 2025 03:16:50 GMT - Sat, 30 Aug 2025 03:16:49 GMT
File typeJavaScript source, ASCII text, with very long lines (19927) Hash5b9dcee25dd464bbf914b48e05e770c7 3f4e99ad6ce1fb6eb6be51dbd50ffab375eb0533 01a87f9f8138f66274cfedb855c0bfbe1529600a65ed26b0c863533e1e94abce
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /firebase/8.1.1/firebase-app.js HTTP/1.1
Host: 1w-jp-ftend-pp.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Cookie: __ddg8_=tamrv30qvnn0f2Hd; __ddg10_=1749261680; __ddg9_=91.90.42.154; __ddg1_=KSoY9uwf9i8O4qnFOkqt; visit_domain=1w-jp-ftend-pp.top; 1w_lang=en; fvt=2025-06-07T02:01:20.009Z; AMP_494cccfe21=JTdCJTIyZGV2aWNlSWQlMjIlM0ElMjJjYjAwMWU5ZS1kODg3LTRmNzEtOWIyMy1kYjc2MTNjYTM5Y2ElMjIlMkMlMjJzZXNzaW9uSWQlMjIlM0ExNzQ5MjYxNjgwMDIzJTJDJTIyb3B0T3V0JTIyJTNBZmFsc2UlMkMlMjJwYWdlQ291bnRlciUyMiUzQTAlN0Q=; 1w_locale=1; _ftv=1749261680
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=kBZ2I3IHwaL8GovF; Domain=.1w-jp-ftend-pp.top; Path=/; Expires=Sat, 07-Jun-2025 02:21:21 GMT
__ddg10_=1749261681; Domain=.1w-jp-ftend-pp.top; Path=/; Expires=Sat, 07-Jun-2025 02:21:21 GMT
__ddg9_=91.90.42.154; Domain=.1w-jp-ftend-pp.top; Path=/; Expires=Sat, 07-Jun-2025 02:21:21 GMT
date: Sat, 07 Jun 2025 02:01:21 GMT
content-type: application/javascript
last-modified: Fri, 06 Jun 2025 15:37:18 GMT
etag: W/"68430b2e-4ded"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
content-encoding: br
vary: Accept-Encoding
age: 0
ddg-cache-status: MISS,MISS
X-Firefox-Spdy: h2
|
|
| 1w-jp-ftend-pp.top/threatmetrix/v5/fp-clientlib-v5.js | 186.2.162.102 | 200 OK | 3.7 kB |
URL GET 1w-jp-ftend-pp.top/threatmetrix/v5/fp-clientlib-v5.js IP186.2.162.102:443
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerLet's Encrypt Subject1w-jp-ftend-pp.top FingerprintD8:19:54:6C:72:76:2A:9F:4D:9C:E8:D4:AB:99:90:76:B0:36:E2:3D ValiditySun, 01 Jun 2025 03:16:50 GMT - Sat, 30 Aug 2025 03:16:49 GMT
File typeJavaScript source, ASCII text, with very long lines (803) Hash8d7b42488d8e07f4c327a051f32bd7ba 135803741bb9f5795e79aa8126343dcfe56c3b7d 3c1d850e89fe08fa1120435a91f4a011d2bbb9e696549f2099b154724b20e399
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /threatmetrix/v5/fp-clientlib-v5.js HTTP/1.1
Host: 1w-jp-ftend-pp.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Cookie: __ddg8_=tamrv30qvnn0f2Hd; __ddg10_=1749261680; __ddg9_=91.90.42.154; __ddg1_=KSoY9uwf9i8O4qnFOkqt; visit_domain=1w-jp-ftend-pp.top; 1w_lang=en; fvt=2025-06-07T02:01:20.009Z; AMP_494cccfe21=JTdCJTIyZGV2aWNlSWQlMjIlM0ElMjJjYjAwMWU5ZS1kODg3LTRmNzEtOWIyMy1kYjc2MTNjYTM5Y2ElMjIlMkMlMjJzZXNzaW9uSWQlMjIlM0ExNzQ5MjYxNjgwMDIzJTJDJTIyb3B0T3V0JTIyJTNBZmFsc2UlMkMlMjJwYWdlQ291bnRlciUyMiUzQTAlN0Q=; 1w_locale=1; _ftv=1749261680
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=067ZHoGzbBA8oDUf; Domain=.1w-jp-ftend-pp.top; Path=/; Expires=Sat, 07-Jun-2025 02:21:21 GMT
__ddg10_=1749261681; Domain=.1w-jp-ftend-pp.top; Path=/; Expires=Sat, 07-Jun-2025 02:21:21 GMT
__ddg9_=91.90.42.154; Domain=.1w-jp-ftend-pp.top; Path=/; Expires=Sat, 07-Jun-2025 02:21:21 GMT
date: Sat, 07 Jun 2025 02:01:21 GMT
content-type: application/javascript
last-modified: Fri, 06 Jun 2025 15:37:18 GMT
etag: W/"68430b2e-e7a"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
content-encoding: br
vary: Accept-Encoding
age: 0
ddg-cache-status: MISS,MISS
X-Firefox-Spdy: h2
|
|
| v1.bundlecdn.com/casino-images/prov_fundist_Merkur/692cb8fc-79e4-4066-837a-63e2256c985d_0.svg | 154.197.121.128 | 200 OK | 4.8 kB |
URL GET v1.bundlecdn.com/casino-images/prov_fundist_Merkur/692cb8fc-79e4-4066-837a-63e2256c985d_0.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hasha5264828e8e552f44675dc1a26a35885 cc72e8f9b4c182789822f1c259af4e098a1627c2 99c2f2f896c8f50f8fc9eb66691cb133943cf93e96192e057af533d4920d59af
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /casino-images/prov_fundist_Merkur/692cb8fc-79e4-4066-837a-63e2256c985d_0.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:23 GMT
content-type: image/svg+xml
etag: W/"67ed217c-12e2"
last-modified: Wed, 02 Apr 2025 11:37:32 GMT
expires: Tue, 05 Jun 2035 02:01:23 GMT
cache-control: public, max-age=315360000
x-cache-status: HIT
cf-cache-status: HIT
age: 5659565
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fb13c3992f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| imgproxy.v1.bundlecdn.com/unsafe/casino_list_big_1x/plain/https://v1.bundlecdn.com/casino-images/pragmatic/5d49bc18-e99e-4f92-ab05-9ac5a8cebfb9_horizontal.png@avif | 154.197.121.128 | 200 OK | 5.9 kB |
URL GET imgproxy.v1.bundlecdn.com/unsafe/casino_list_big_1x/plain/https://v1.bundlecdn.com/casino-images/pragmatic/5d49bc18-e99e-4f92-ab05-9ac5a8cebfb9_horizontal.png@avif IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
Hashe87f96e642eb405ad3f21870ed9b5b73 131255b71398f9922f0a7e80ccf0733245ec6b05 ff6900ec5f5d1aecb64448e1425aea280d9aa7f7bcc0f5b8f87027dd84683258
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://v1.bundlecdn.com/casino-images/pragmatic/5d49bc18-e99e-4f92-ab05-9ac5a8cebfb9_horizontal.png@avif HTTP/1.1
Host: imgproxy.v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:24 GMT
content-type: image/avif
content-length: 5949
cache-control: public, max-age=31536000
content-disposition: inline; filename="5d49bc18-e99e-4f92-ab05-9ac5a8cebfb9_horizontal.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY4MjMxMGQ0LTNmNzYzIg"
expires: Sun, 07 Jun 2026 02:01:24 GMT
x-request-id: LJ1isDvVsC7cDUkYfGNkx
cf-cache-status: HIT
age: 2103485
accept-ranges: bytes
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fb83eae92f4-CPH
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| imgproxy.v1.bundlecdn.com/unsafe/banner_desktop_main_2x/plain/https://d1x0nzb6t1pnx3.cloudfront.net/banner-files/tHxlNjOC53JFs-y4KeEvKiAZYR_OyerY_8dAMsI3f-yvsMCFnUp3hQ_FLoxUvpPNWiGwd4o5hcXQPr605Oi6eVLJM5vrMQn8p_3n.jpg@avif | 154.197.121.128 | 200 OK | 21 kB |
URL GET imgproxy.v1.bundlecdn.com/unsafe/banner_desktop_main_2x/plain/https://d1x0nzb6t1pnx3.cloudfront.net/banner-files/tHxlNjOC53JFs-y4KeEvKiAZYR_OyerY_8dAMsI3f-yvsMCFnUp3hQ_FLoxUvpPNWiGwd4o5hcXQPr605Oi6eVLJM5vrMQn8p_3n.jpg@avif IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
Hash3786e7c797e525e21e012211689f8c2d ef11bbb93ad8a736c40e6a4817ac48aab7d838f2 02f617c540e3323c8bb077f0be9c32cf8637186f4b4cddf1cb88d03303263710
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/banner_desktop_main_2x/plain/https://d1x0nzb6t1pnx3.cloudfront.net/banner-files/tHxlNjOC53JFs-y4KeEvKiAZYR_OyerY_8dAMsI3f-yvsMCFnUp3hQ_FLoxUvpPNWiGwd4o5hcXQPr605Oi6eVLJM5vrMQn8p_3n.jpg@avif HTTP/1.1
Host: imgproxy.v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:21 GMT
content-type: image/avif
content-length: 21323
cache-control: public, max-age=31536000
content-disposition: inline; filename="tHxlNjOC53JFs-y4KeEvKiAZYR_OyerY_8dAMsI3f-yvsMCFnUp3hQ_FLoxUvpPNWiGwd4o5hcXQPr605Oi6eVLJM5vrMQn8p_3n.avif"
content-security-policy: script-src 'none'
etag: "xlg5b1aJN0wEm5fM9W-pwGes5IuQ2UVu2WSuFNlmdfI/RImY4ZWM3MWIyZTJiZmM2Zjg2NWY0MWQ3ZDE3NTNhN2QyIg"
expires: Sun, 07 Jun 2026 02:01:21 GMT
x-request-id: a3MWmG1uh-XCbVxa8OEf8
cf-cache-status: HIT
age: 1246257
accept-ranges: bytes
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fa8299692f4-CPH
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/img/ufc.0ef6261ee.svg | 154.197.121.128 | 200 OK | 1.3 kB |
URL GET v1.bundlecdn.com/img/ufc.0ef6261ee.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hash7f7a64221e8005568964b559ae63bd25 d5e5da3ba93ffa4e5f2e529b7a97d1955d468eff 874d06e3e6b0d8daf439a51c6230bf53adb81647ae49eb775f9278ab34b5c1f4
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/ufc.0ef6261ee.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:22 GMT
content-type: image/svg+xml
last-modified: Fri, 06 Jun 2025 15:37:18 GMT
etag: W/"68430b2e-527"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 7180
expires: Sat, 07 Jun 2025 06:01:22 GMT
cache-control: public, max-age=14400
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fabaa5e92f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/js/9622.6f3f00045.js | 154.197.121.128 | 200 OK | 1.3 kB |
URL GET v1.bundlecdn.com/js/9622.6f3f00045.js IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeJavaScript source, ASCII text, with very long lines (1308), with no line terminators Hash508b9a8aafc97ee21069f33709642bae 1bab31ed7b802050d6fd35fbd1c7e7790366914c 2a46a4a26d223ed1662773ef6aea1aa9973ec35af54dd7034f5389eb0d3937ae
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/9622.6f3f00045.js HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:21 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 19 May 2025 09:46:12 GMT
etag: W/"682afde4-51c"
expires: Tue, 05 Jun 2035 02:01:21 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1471
priority: u=3,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fa4683792f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/img/pwa_android_en.b229a444a-690.png | 154.197.121.128 | 200 OK | 33 kB |
URL GET v1.bundlecdn.com/img/pwa_android_en.b229a444a-690.png IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typePNG image data, 690 x 450, 8-bit colormap, non-interlaced Hash43e03a24e305838eac0629c5cbf85550 85c71568d1008a17b928ac548987911daf187020 368a53c990be07280c5f3d3a726f0365f24befd9da404e98c139d88d8b5bf10b
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/pwa_android_en.b229a444a-690.png HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:21 GMT
content-type: image/png
content-length: 33278
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cf-bgj: imgq:100,h2pri
cf-polished: origSize=37637
etag: "68430b2d-9305"
last-modified: Fri, 06 Jun 2025 15:37:17 GMT
cf-cache-status: HIT
age: 5566
expires: Sat, 07 Jun 2025 06:01:21 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fa849a392f4-CPH
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/casino-images/prov_fundist_Platipus/ae3831d9-1f1a-4285-a4c0-14dd56972bed_0.svg | 154.197.121.128 | 200 OK | 2.0 kB |
URL GET v1.bundlecdn.com/casino-images/prov_fundist_Platipus/ae3831d9-1f1a-4285-a4c0-14dd56972bed_0.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hash39a002058b8ccf5f3a72ecf74df4a333 1d4259043ceccd88a3b8967b809202b16a22b9ed ced6b42a03ab16322dd863cf9c4b5b1c1c42aae6a9b9a4ec48394d6cd43a8c8f
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /casino-images/prov_fundist_Platipus/ae3831d9-1f1a-4285-a4c0-14dd56972bed_0.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:23 GMT
content-type: image/svg+xml
etag: W/"67ed219e-7fe"
last-modified: Wed, 02 Apr 2025 11:38:06 GMT
expires: Tue, 05 Jun 2035 02:01:23 GMT
cache-control: public, max-age=315360000
x-cache-status: HIT
cf-cache-status: HIT
age: 5666775
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fb19c6c92f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| imgproxy.v1.bundlecdn.com/unsafe/casino_list_big_1x/plain/https://v1.bundlecdn.com/casino-images/pragmatic/1101.png@avif | 154.197.121.128 | 200 OK | 10 kB |
URL GET imgproxy.v1.bundlecdn.com/unsafe/casino_list_big_1x/plain/https://v1.bundlecdn.com/casino-images/pragmatic/1101.png@avif IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
Hash996a49bf4527211120d512b0ae7f9436 7a89ce36ca91289285f18a935616cb07d14c185a 09302818e97c1aad3d9677b28366748f9eca409a49b98aeb405e867c41a21fb2
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://v1.bundlecdn.com/casino-images/pragmatic/1101.png@avif HTTP/1.1
Host: imgproxy.v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:24 GMT
content-type: image/avif
content-length: 10337
cache-control: public, max-age=31536000
content-disposition: inline; filename="1101.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY3MjBlNjhjLTI4MTk5Ig"
expires: Sun, 07 Jun 2026 02:01:24 GMT
x-request-id: eljOfFzzBmvl11HdNSnxg
cf-cache-status: HIT
age: 2184467
accept-ranges: bytes
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fb84eb892f4-CPH
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/css/desktop.c2d2a8bf7.css | 154.197.121.128 | 200 OK | 68 kB |
URL GET v1.bundlecdn.com/css/desktop.c2d2a8bf7.css IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeASCII text, with very long lines (65536), with no line terminators Hash56ec6c5e560aa74a17dc9fbc641c2eb5 0f3167e938c33a6334bdb46d49f83b8ba4ba3160 f8d732372c0137599c11bb308f5ac04c873c0a9468493c9314a712546c06a506
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /css/desktop.c2d2a8bf7.css HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:19 GMT
content-type: text/css
last-modified: Thu, 05 Jun 2025 09:12:50 GMT
etag: W/"68415f92-10acd"
expires: Tue, 05 Jun 2035 02:01:19 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 144356
priority: u=2,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8f982d8792f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/css/48166.b614ee07e.css | 154.197.121.128 | 200 OK | 47 kB |
URL GET v1.bundlecdn.com/css/48166.b614ee07e.css IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeASCII text, with very long lines (46645) Hash3ffa8359888a71cdc7f292a570edd0db 581e02e3a8379d2d50044a09a34cc21851005c9c ebce599e7b139872c24e8e651870178a32aed3b42426eff8ef254201216ca846
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /css/48166.b614ee07e.css HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:21 GMT
content-type: text/css
last-modified: Mon, 12 May 2025 10:14:48 GMT
etag: W/"6821ca18-b636"
expires: Tue, 05 Jun 2035 02:01:21 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 2214011
priority: u=2,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fa2cfd292f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/casino-images/prov_fundist_CQ9/cfbc3631-0023-4b3d-8c5f-dc0d9e05d51d_0.svg | 154.197.121.128 | 200 OK | 3.5 kB |
URL GET v1.bundlecdn.com/casino-images/prov_fundist_CQ9/cfbc3631-0023-4b3d-8c5f-dc0d9e05d51d_0.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hash8bec2a39123a4536deb57815ecde686b 543cb91eafd0eb75de6641979683e483ee352658 ca3ad8506b1b6a30485ffdb025b74571d161406f76f9d3850e188705d62fc9bc
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /casino-images/prov_fundist_CQ9/cfbc3631-0023-4b3d-8c5f-dc0d9e05d51d_0.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:23 GMT
content-type: image/svg+xml
etag: W/"67ed2021-da0"
last-modified: Wed, 02 Apr 2025 11:31:45 GMT
expires: Tue, 05 Jun 2035 02:01:23 GMT
cache-control: public, max-age=315360000
x-cache-status: MISS
cf-cache-status: HIT
age: 5659566
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8faf9bb992f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| res.1wcommon.com/fp/clear.png | 91.235.132.77 | 200 OK | 81 B |
URL GET res.1wcommon.com/fp/clear.png IP91.235.132.77:443
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerSectigo Limited Subjectres.1wcommon.com FingerprintCA:57:9A:79:5A:DA:C3:1F:13:79:8E:6D:47:D3:CE:AC:9B:E3:07:28 ValidityWed, 04 Dec 2024 00:00:00 GMT - Sun, 04 Jan 2026 23:59:59 GMT
File typePNG image data, 2 x 1, 8-bit/color RGBA, non-interlaced Hash1b6d2de2867a3e11063ba25aa1cd4209 bd20b0e089f31f35cba4d0fa7277e73aa74d944c 95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /fp/clear.png HTTP/1.1
Host: res.1wcommon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*, 3fb27s7b/91d3820e94ac05e0fa65c867-c5c2-4fcc-9954-5fe49c341eb3
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1w-jp-ftend-pp.top
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 07 Jun 2025 02:01:27 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Last-Modified: Sat, 07 Jun 2025 02:01:27 GMT
Expires: Thu, 06 Jun 2030 02:01:27 GMT
Etag: 16be717bfa15486abd323b204bc3a635
Cache-Control: private, must-revalidate, max-age=0
Access-Control-Allow-Origin: https://1w-jp-ftend-pp.top
Content-Length: 81
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: image/png
|
|
| region1.analytics.google.com/g/collect?v=2&tid=G-548949LWLW>m=45je5641h1v894728184z8894400803za200zb894400803&_p=1749261681012&gcd=13l3lPl2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104653070~104653072~104661466~104661468~104684204~104684207~104698127~104698129&ni=true&cid=961746610.1749261686&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&_eu=AAAAAAQ&sid=1749261686&sct=1&seg=0&dl=https%3A%2F%2F1w-jp-ftend-pp.top%2F&dt=1win%20-%20%D1%81%D1%82%D0%B0%D0%B2%D0%BA%D0%B8%20%D0%BD%D0%B0%20%D1%81%D0%BF%D0%BE%D1%80%D1%82%20-%201327338.2479150598&_s=3&tfd=12882 | 216.239.34.36 | 204 No Content | 0 B |
URL POST region1.analytics.google.com/g/collect?v=2&tid=G-548949LWLW>m=45je5641h1v894728184z8894400803za200zb894400803&_p=1749261681012&gcd=13l3lPl2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104653070~104653072~104661466~104661468~104684204~104684207~104698127~104698129&ni=true&cid=961746610.1749261686&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&_eu=AAAAAAQ&sid=1749261686&sct=1&seg=0&dl=https%3A%2F%2F1w-jp-ftend-pp.top%2F&dt=1win%20-%20%D1%81%D1%82%D0%B0%D0%B2%D0%BA%D0%B8%20%D0%BD%D0%B0%20%D1%81%D0%BF%D0%BE%D1%80%D1%82%20-%201327338.2479150598&_s=3&tfd=12882 IP216.239.34.36:443
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subject*.google-analytics.com Fingerprint10:76:57:2F:C3:21:F2:5F:71:E4:85:A5:DB:F7:65:3F:51:03:55:07 ValidityMon, 12 May 2025 08:42:57 GMT - Mon, 04 Aug 2025 08:42:56 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-548949LWLW>m=45je5641h1v894728184z8894400803za200zb894400803&_p=1749261681012&gcd=13l3lPl2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104653070~104653072~104661466~104661468~104684204~104684207~104698127~104698129&ni=true&cid=961746610.1749261686&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&_eu=AAAAAAQ&sid=1749261686&sct=1&seg=0&dl=https%3A%2F%2F1w-jp-ftend-pp.top%2F&dt=1win%20-%20%D1%81%D1%82%D0%B0%D0%B2%D0%BA%D0%B8%20%D0%BD%D0%B0%20%D1%81%D0%BF%D0%BE%D1%80%D1%82%20-%201327338.2479150598&_s=3&tfd=12882 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1w-jp-ftend-pp.top/
Content-Type: text/plain;charset=UTF-8
Content-Length: 247
Origin: https://1w-jp-ftend-pp.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 204 No Content
access-control-allow-origin: https://1w-jp-ftend-pp.top
date: Sat, 07 Jun 2025 02:01:30 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:158:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascnsrsggc:158:0
report-to: {"group":"ascnsrsggc:158:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:158:0"}],}
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| v1.bundlecdn.com/js/93490.e7e2d1500.js | 154.197.121.128 | 200 OK | 956 B |
URL GET v1.bundlecdn.com/js/93490.e7e2d1500.js IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeJavaScript source, ASCII text, with very long lines (956), with no line terminators Hash6d463b259c78146e4d1d6a79ed4c4f4b 5a271b6861e45f2744680395a68602adada2bffc 2e84bda20ee0ea2dd530c919988877ef07f764f0e4b8b536034ce22f607c223f
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/93490.e7e2d1500.js HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:21 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 19 May 2025 09:46:12 GMT
etag: W/"682afde4-3bc"
expires: Tue, 05 Jun 2035 02:01:21 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1525283
priority: u=3,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fa6690592f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/img/atp.e87cf2801.svg | 154.197.121.128 | 200 OK | 12 kB |
URL GET v1.bundlecdn.com/img/atp.e87cf2801.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hash3fc6d0c6036c51b4dfe66e116e849214 86ce1aaadafc27a3777f00411012d449f3ae9637 8f671c058e48d1614f577f5acae1f1c27c7ce6af1cc2bcebb8cdacc1280f5207
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/atp.e87cf2801.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:22 GMT
content-type: image/svg+xml
last-modified: Fri, 06 Jun 2025 15:37:18 GMT
etag: W/"68430b2e-2f1a"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 7180
expires: Sat, 07 Jun 2025 06:01:22 GMT
cache-control: public, max-age=14400
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fabda6e92f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| res.1wcommon.com/yYj_JBkOeLgxvDmw?2ded977582b616b3=wJuakHCnX-EE7VxqhM9lH7rRbkIFFlLsjyj6r445m73EZ4O4ovUfYvAtVEvVNoE8tGSivBvChXRVrgFtjMKPd7zjghjGApM7MI7JGDPqQZhDfjEs_h1bNGvt-QjLlwEMmy02kvnVlaNjbNuS5rzrrmikbts&ja=34353526246b3f322e783d32246e3d33303a38703930323c2663663d39303a3078313230362671787b35327a382464727035312e333030382431303a342e313230322e313032362e33323a302e3932303c2e31303a382c3332303c24382c302e6d763d323f643731643333363b653462643a323b6a343660663b38356032696e3b63342e6d6c3d322e7161643d3236246e683f68767c72712d314127304e253044337f2562702d6e74676e642572722e746f7227304624706e353724786a3d673a38326664633d3d3d31393b663665626d3a3b393365603663393b323b386624606a3d67343c66633b303e6e3b39336b386666326e356061336261353b666362673f372462716f3f4e616e777a24627b6a3d46617267666f702730303133362468736d753f446b6c7d7a266c6a6b3d363a2466657c703d3826767a6435575643266d63766a723f37336e373630673460313e303a60646c6e6a38396b393b36666e6636663730643330616733663e34636c6434303b3b3534603b6e3b6a63363f376032666d306426703d726e77676b6e5d6e6e637b6a2537476e616e71672978647567616e5d776966666d77735f6f676669635f7264637b6d702537476e616e71672978647567616e5d61646760675f6163706d60617625374d646364716523726475656b6c57797d696363746b6d652d374766616c716723706e7565616c5d7b6a6f61697f617467273d4d6e616c7b6523706c7d656b6e5f7267636e706e617b6d70273d4766636e7b6523726e7d6f616e5f7e6c615f7064637b657225374764616e736729726e7d65696c5d6c6574636e7e7a2d35456e616e736529726e7567696c5d7176655f746167756d702537476e616e71672978647567616e5d6a617e6327354566636e71652463616c3f31303b303635&jb=333131266e793f4f6778696e6e692530443726382d323020576b6e646775712532304c5627323231322632273b402530325f696c34362d3b4a253238783434253b40273230727427314133333626322b2d303045676b6b6d27304e3a38313038313231253a3244697265646d7a253046333b362c38 | 91.235.132.77 | 204 204 | 0 B |
URL GET res.1wcommon.com/yYj_JBkOeLgxvDmw?2ded977582b616b3=wJuakHCnX-EE7VxqhM9lH7rRbkIFFlLsjyj6r445m73EZ4O4ovUfYvAtVEvVNoE8tGSivBvChXRVrgFtjMKPd7zjghjGApM7MI7JGDPqQZhDfjEs_h1bNGvt-QjLlwEMmy02kvnVlaNjbNuS5rzrrmikbts&ja=34353526246b3f322e783d32246e3d33303a38703930323c2663663d39303a3078313230362671787b35327a382464727035312e333030382431303a342e313230322e313032362e33323a302e3932303c2e31303a382c3332303c24382c302e6d763d323f643731643333363b653462643a323b6a343660663b38356032696e3b63342e6d6c3d322e7161643d3236246e683f68767c72712d314127304e253044337f2562702d6e74676e642572722e746f7227304624706e353724786a3d673a38326664633d3d3d31393b663665626d3a3b393365603663393b323b386624606a3d67343c66633b303e6e3b39336b386666326e356061336261353b666362673f372462716f3f4e616e777a24627b6a3d46617267666f702730303133362468736d753f446b6c7d7a266c6a6b3d363a2466657c703d3826767a6435575643266d63766a723f37336e373630673460313e303a60646c6e6a38396b393b36666e6636663730643330616733663e34636c6434303b3b3534603b6e3b6a63363f376032666d306426703d726e77676b6e5d6e6e637b6a2537476e616e71672978647567616e5d776966666d77735f6f676669635f7264637b6d702537476e616e71672978647567616e5d61646760675f6163706d60617625374d646364716523726475656b6c57797d696363746b6d652d374766616c716723706e7565616c5d7b6a6f61697f617467273d4d6e616c7b6523706c7d656b6e5f7267636e706e617b6d70273d4766636e7b6523726e7d6f616e5f7e6c615f7064637b657225374764616e736729726e7d65696c5d6c6574636e7e7a2d35456e616e736529726e7567696c5d7176655f746167756d702537476e616e71672978647567616e5d6a617e6327354566636e71652463616c3f31303b303635&jb=333131266e793f4f6778696e6e692530443726382d323020576b6e646775712532304c5627323231322632273b402530325f696c34362d3b4a253238783434253b40273230727427314133333626322b2d303045676b6b6d27304e3a38313038313231253a3244697265646d7a253046333b362c38 IP91.235.132.77:443
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerSectigo Limited Subjectres.1wcommon.com FingerprintCA:57:9A:79:5A:DA:C3:1F:13:79:8E:6D:47:D3:CE:AC:9B:E3:07:28 ValidityWed, 04 Dec 2024 00:00:00 GMT - Sun, 04 Jan 2026 23:59:59 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /yYj_JBkOeLgxvDmw?2ded977582b616b3=wJuakHCnX-EE7VxqhM9lH7rRbkIFFlLsjyj6r445m73EZ4O4ovUfYvAtVEvVNoE8tGSivBvChXRVrgFtjMKPd7zjghjGApM7MI7JGDPqQZhDfjEs_h1bNGvt-QjLlwEMmy02kvnVlaNjbNuS5rzrrmikbts&ja=34353526246b3f322e783d32246e3d33303a38703930323c2663663d39303a3078313230362671787b35327a382464727035312e333030382431303a342e313230322e313032362e33323a302e3932303c2e31303a382c3332303c24382c302e6d763d323f643731643333363b653462643a323b6a343660663b38356032696e3b63342e6d6c3d322e7161643d3236246e683f68767c72712d314127304e253044337f2562702d6e74676e642572722e746f7227304624706e353724786a3d673a38326664633d3d3d31393b663665626d3a3b393365603663393b323b386624606a3d67343c66633b303e6e3b39336b386666326e356061336261353b666362673f372462716f3f4e616e777a24627b6a3d46617267666f702730303133362468736d753f446b6c7d7a266c6a6b3d363a2466657c703d3826767a6435575643266d63766a723f37336e373630673460313e303a60646c6e6a38396b393b36666e6636663730643330616733663e34636c6434303b3b3534603b6e3b6a63363f376032666d306426703d726e77676b6e5d6e6e637b6a2537476e616e71672978647567616e5d776966666d77735f6f676669635f7264637b6d702537476e616e71672978647567616e5d61646760675f6163706d60617625374d646364716523726475656b6c57797d696363746b6d652d374766616c716723706e7565616c5d7b6a6f61697f617467273d4d6e616c7b6523706c7d656b6e5f7267636e706e617b6d70273d4766636e7b6523726e7d6f616e5f7e6c615f7064637b657225374764616e736729726e7d65696c5d6c6574636e7e7a2d35456e616e736529726e7567696c5d7176655f746167756d702537476e616e71672978647567616e5d6a617e6327354566636e71652463616c3f31303b303635&jb=333131266e793f4f6778696e6e692530443726382d323020576b6e646775712532304c5627323231322632273b402530325f696c34362d3b4a253238783434253b40273230727427314133333626322b2d303045676b6b6d27304e3a38313038313231253a3244697265646d7a253046333b362c38 HTTP/1.1
Host: res.1wcommon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Cookie: thx_guid=1822d361c68f65cff7bbe04c52d309b0; tmx_guid=AAw6PUcB4sg64sibo0iD2O5yGB-Oy3QS8DpTK0nCRRr0Og_jbqsd-37Hw33OnpttNR1AnAp7gqKK7mAqYxMK8J7RMAEPzg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 204 204
Date: Sat, 07 Jun 2025 02:01:27 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Connection: Keep-Alive, Keep-Alive
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/javascript;charset=UTF-8
Keep-Alive: timeout=2, max=95
|
|
| v1.bundlecdn.com/img/bookmaker-rating-en.e5dcc84dd.svg | 154.197.121.128 | 200 OK | 19 kB |
URL GET v1.bundlecdn.com/img/bookmaker-rating-en.e5dcc84dd.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hash6cc20c3ddeede7970b09582754e1fe3e 343b04db5d2d9bc03ccdbbe914c61b2a41245ba6 11419071480a1e574e8e7d0b7bcbd505c2e3f0506233b781cd4e1e3965e95816
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/bookmaker-rating-en.e5dcc84dd.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:22 GMT
content-type: image/svg+xml
last-modified: Fri, 06 Jun 2025 15:37:18 GMT
etag: W/"68430b2e-4ab4"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 4407
expires: Sat, 07 Jun 2025 06:01:22 GMT
cache-control: public, max-age=14400
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fabea7892f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/casino-images/prov_infingames_Turbo%20Games/be1001e2-f50f-421a-8566-985c87bc160e_0.svg | 154.197.121.128 | 200 OK | 961 B |
URL GET v1.bundlecdn.com/casino-images/prov_infingames_Turbo%20Games/be1001e2-f50f-421a-8566-985c87bc160e_0.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hashd30f1c4e29e26dbd7cae00ccedfa6527 187182950ec91c757c44b8f652422c5165a86ac8 ef9a79fc95458d2ea956d16d4770deef9ba1443072ae3133470458788e34c8ff
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /casino-images/prov_infingames_Turbo%20Games/be1001e2-f50f-421a-8566-985c87bc160e_0.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:23 GMT
content-type: image/svg+xml
etag: W/"67ed287b-3c1"
last-modified: Wed, 02 Apr 2025 12:07:23 GMT
expires: Tue, 05 Jun 2035 02:01:23 GMT
cache-control: public, max-age=315360000
x-cache-status: HIT
cf-cache-status: HIT
age: 5665077
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fb27ce392f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/casino-images/prov_endorphina_Endorphina/e38d9b4a-4688-4b31-9d54-7c4624f6d37c_0.svg | 154.197.121.128 | 200 OK | 6.4 kB |
URL GET v1.bundlecdn.com/casino-images/prov_endorphina_Endorphina/e38d9b4a-4688-4b31-9d54-7c4624f6d37c_0.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hash571a01537da38425e13fcea9410691e9 c2e7d1bcb19178e2cb22910869b109b6f49c849e d774540cba88572f8d6d6926ed0a6c1e6b765692399fc6e8b96cbb6c1b3216e2
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /casino-images/prov_endorphina_Endorphina/e38d9b4a-4688-4b31-9d54-7c4624f6d37c_0.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:23 GMT
content-type: image/svg+xml
etag: W/"67ed2ab4-18f0"
last-modified: Wed, 02 Apr 2025 12:16:52 GMT
expires: Tue, 05 Jun 2035 02:01:23 GMT
cache-control: public, max-age=315360000
x-cache-status: HIT
cf-cache-status: HIT
age: 1998679
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8faf9bbb92f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/casino-images/prov_fundist_Ezugi/a433a739-e269-43c1-92db-94b460d9501d_0.svg | 154.197.121.128 | 200 OK | 1.8 kB |
URL GET v1.bundlecdn.com/casino-images/prov_fundist_Ezugi/a433a739-e269-43c1-92db-94b460d9501d_0.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hash3ebd55deb88efcf86c76970003cba3ab b005808bf481d106ff9122b251d1b762a3c7de68 e6f034f354b0189fd3d4cea97051afbfdf3f05d715ccebdc024b57770113df07
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /casino-images/prov_fundist_Ezugi/a433a739-e269-43c1-92db-94b460d9501d_0.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:23 GMT
content-type: image/svg+xml
etag: W/"67ed2042-725"
last-modified: Wed, 02 Apr 2025 11:32:18 GMT
expires: Tue, 05 Jun 2035 02:01:23 GMT
cache-control: public, max-age=315360000
x-cache-status: HIT
cf-cache-status: HIT
age: 5662742
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fafbbc492f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/casino-images/prov_fundist_Quickspin/7a289cda-f738-49f5-be20-8d26d13e01c1_0.svg | 154.197.121.128 | 200 OK | 2.6 kB |
URL GET v1.bundlecdn.com/casino-images/prov_fundist_Quickspin/7a289cda-f738-49f5-be20-8d26d13e01c1_0.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hash38b9bcada888f9211de40e7932241d16 5e1c424848098b259e7cb738fc48486ba4c2faaf 9dc9debe200300b897945197c8f31e9912608102c2cf2d029c92dc009b13e82c
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /casino-images/prov_fundist_Quickspin/7a289cda-f738-49f5-be20-8d26d13e01c1_0.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:23 GMT
content-type: image/svg+xml
etag: W/"67ed21b2-a3c"
last-modified: Wed, 02 Apr 2025 11:38:26 GMT
expires: Tue, 05 Jun 2035 02:01:23 GMT
cache-control: public, max-age=315360000
x-cache-status: HIT
cf-cache-status: HIT
age: 5659496
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fb1ec9492f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/casino-images/1/categories/4/a6361215-0434-4d78-8f40-e4ab8042417d_horizontal.svg | 154.197.121.128 | 200 OK | 1.7 kB |
URL GET v1.bundlecdn.com/casino-images/1/categories/4/a6361215-0434-4d78-8f40-e4ab8042417d_horizontal.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hashe6a2ad8c4852f66079938df7fda1a948 10ec5ed3f7095a4b12fb48b37d1ad3d57763bc09 32f6042b85a3e81bb5812cc03bfed27dedd9d0ed8bd91937ee264deddc9168e5
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /casino-images/1/categories/4/a6361215-0434-4d78-8f40-e4ab8042417d_horizontal.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:24 GMT
content-type: image/svg+xml
etag: W/"67642a62-6b3"
last-modified: Thu, 19 Dec 2024 14:14:58 GMT
expires: Tue, 05 Jun 2035 02:01:24 GMT
cache-control: public, max-age=315360000
x-cache-status: HIT
cf-cache-status: HIT
age: 1924048
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fb54db892f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| res.1wcommon.com/1XT4BnC_NII1YVRt?11c52ffe608101fd=lQRSM4JN3AGmudlpkx2zfIJo3Tv1pLVT3D00Pn8_pgFZDhjJVIGtex7tHRW3tzRmYMudYRpWEgS898m8EBZNVSmutlTz-UYb17srNmpp3Nqv2hY5xbiZmLdY7DFAxkYW4-Suhd6au-hQo6ATyRsbZP6UPNE&jf=3136246c716a3f3b30603266673165673761313c3e613769613563363e36303133303b66353064 | 91.235.132.77 | 200 OK | 0 B |
URL GET res.1wcommon.com/1XT4BnC_NII1YVRt?11c52ffe608101fd=lQRSM4JN3AGmudlpkx2zfIJo3Tv1pLVT3D00Pn8_pgFZDhjJVIGtex7tHRW3tzRmYMudYRpWEgS898m8EBZNVSmutlTz-UYb17srNmpp3Nqv2hY5xbiZmLdY7DFAxkYW4-Suhd6au-hQo6ATyRsbZP6UPNE&jf=3136246c716a3f3b30603266673165673761313c3e613769613563363e36303133303b66353064 IP91.235.132.77:443
Requested byhttps://res.1wcommon.com/yr7BspoRnWAkeL10?f47807dca10ea169=W_EuJ4VeNuwVyo1yPn5bTioolSCXkg4YGmgphRlNfSilmYt1nIAyemcFXeGhzpqF6gJjszzlb2q6d_5cYALX5TPhHhmlSky8fAnQxf5pv9jktj3XKnpAYkN5kjNBdLdGbDNKLPQor5_uEGHvEm15OeU46QzzXeqc4lso5EOqJ06T4jBTAOIMgi06jlOTnQNcEG7NcMATtTZLT2yQpg8 CertificateIssuerSectigo Limited Subjectres.1wcommon.com FingerprintCA:57:9A:79:5A:DA:C3:1F:13:79:8E:6D:47:D3:CE:AC:9B:E3:07:28 ValidityWed, 04 Dec 2024 00:00:00 GMT - Sun, 04 Jan 2026 23:59:59 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /1XT4BnC_NII1YVRt?11c52ffe608101fd=lQRSM4JN3AGmudlpkx2zfIJo3Tv1pLVT3D00Pn8_pgFZDhjJVIGtex7tHRW3tzRmYMudYRpWEgS898m8EBZNVSmutlTz-UYb17srNmpp3Nqv2hY5xbiZmLdY7DFAxkYW4-Suhd6au-hQo6ATyRsbZP6UPNE&jf=3136246c716a3f3b30603266673165673761313c3e613769613563363e36303133303b66353064 HTTP/1.1
Host: res.1wcommon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://res.1wcommon.com/yr7BspoRnWAkeL10?f47807dca10ea169=W_EuJ4VeNuwVyo1yPn5bTioolSCXkg4YGmgphRlNfSilmYt1nIAyemcFXeGhzpqF6gJjszzlb2q6d_5cYALX5TPhHhmlSky8fAnQxf5pv9jktj3XKnpAYkN5kjNBdLdGbDNKLPQor5_uEGHvEm15OeU46QzzXeqc4lso5EOqJ06T4jBTAOIMgi06jlOTnQNcEG7NcMATtTZLT2yQpg8
Cookie: thx_guid=1822d361c68f65cff7bbe04c52d309b0; tmx_guid=AAw6PUcB4sg64sibo0iD2O5yGB-Oy3QS8DpTK0nCRRr0Og_jbqsd-37Hw33OnpttNR1AnAp7gqKK7mAqYxMK8J7RMAEPzg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 07 Jun 2025 02:01:27 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Pragma: no-cache
Cache-Control: no-cache, no-store, must-revalidate
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Length: 0
Keep-Alive: timeout=2, max=94
Connection: Keep-Alive
Content-Type: text/javascript
|
|
| 1w-jp-ftend-pp.top/analytics/pv?pgi=GTM-KGKQDC7 | 186.2.162.102 | 204 No Content | 0 B |
URL POST 1w-jp-ftend-pp.top/analytics/pv?pgi=GTM-KGKQDC7 IP186.2.162.102:443
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerLet's Encrypt Subject1w-jp-ftend-pp.top FingerprintD8:19:54:6C:72:76:2A:9F:4D:9C:E8:D4:AB:99:90:76:B0:36:E2:3D ValiditySun, 01 Jun 2025 03:16:50 GMT - Sat, 30 Aug 2025 03:16:49 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
POST /analytics/pv?pgi=GTM-KGKQDC7 HTTP/1.1
Host: 1w-jp-ftend-pp.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 790
Origin: https://1w-jp-ftend-pp.top
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Cookie: __ddg8_=O5hr6fiXw0wzaE19; __ddg10_=1749261684; __ddg9_=91.90.42.154; __ddg1_=KSoY9uwf9i8O4qnFOkqt; visit_domain=1w-jp-ftend-pp.top; 1w_lang=en; fvt=2025-06-07T02:01:20.009Z; AMP_494cccfe21=JTdCJTIyZGV2aWNlSWQlMjIlM0ElMjJjYjAwMWU5ZS1kODg3LTRmNzEtOWIyMy1kYjc2MTNjYTM5Y2ElMjIlMkMlMjJzZXNzaW9uSWQlMjIlM0ExNzQ5MjYxNjgwMDIzJTJDJTIyb3B0T3V0JTIyJTNBZmFsc2UlMkMlMjJsYXN0RXZlbnRUaW1lJTIyJTNBMTc0OTI2MTY4NzcyNyUyQyUyMmxhc3RFdmVudElkJTIyJTNBMSUyQyUyMnBhZ2VDb3VudGVyJTIyJTNBMCU3RA==; 1w_locale=1; _ftv=1749261680; click_id=a6ddd5b3-e9db-402e-8792-053a060e33bb; core-sticky=a8a9ce735354173d; _gcl_au=1.1.813207091.1749261686; _ga_548949LWLW=GS2.1.s1749261686$o1$g0$t1749261686$j60$l0$h0; _ga=GA1.1.961746610.1749261686; _ga_0GFT8ZSQGY=GS2.1.s1749261686$o1$g0$t1749261686$j60$l0$h0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/2 204 No Content
server: ddos-guard
set-cookie: __ddg8_=qytao1SyvwdcDN14; Domain=.1w-jp-ftend-pp.top; Path=/; Expires=Sat, 07-Jun-2025 02:21:28 GMT
__ddg10_=1749261688; Domain=.1w-jp-ftend-pp.top; Path=/; Expires=Sat, 07-Jun-2025 02:21:28 GMT
__ddg9_=91.90.42.154; Domain=.1w-jp-ftend-pp.top; Path=/; Expires=Sat, 07-Jun-2025 02:21:28 GMT
date: Sat, 07 Jun 2025 02:01:28 GMT
X-Firefox-Spdy: h2
|
|
| v1.bundlecdn.com/js/chunk-vendors.74f8df16c.js | 154.197.121.128 | 200 OK | 357 kB |
URL GET v1.bundlecdn.com/js/chunk-vendors.74f8df16c.js IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeJavaScript source, ASCII text, with very long lines (34381) Size357 kB (356832 bytes) Hashe9210e00dd52ae6f446ac80b8864ab3a e924d7d95ab59223148f3f7bec96d7f2adb73cc7 7466c26319081e1772c45e605cfcfe1385fabf2fe931c9e045b6dd04fa90d36e
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/chunk-vendors.74f8df16c.js HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 07 Jun 2025 02:01:18 GMT
content-type: application/javascript; charset=utf-8
last-modified: Tue, 27 May 2025 13:25:35 GMT
etag: W/"6835bd4f-571e0"
expires: Tue, 05 Jun 2035 02:01:18 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 908838
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8f950a642533-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| v1.bundlecdn.com/img/jetx.64787fc5c.svg | 154.197.121.128 | 200 OK | 13 kB |
URL GET v1.bundlecdn.com/img/jetx.64787fc5c.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hash0046061bb77d38094cc0f71b7371d406 1fd7894d0117251f1eeec1a343b85532d7864a05 bac9b1ac206602f5369235b21d6373b9b6f7980ff55c4e851d8a40f00db4d0fa
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/jetx.64787fc5c.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:21 GMT
content-type: image/svg+xml
last-modified: Fri, 06 Jun 2025 15:37:18 GMT
etag: W/"68430b2e-33f5"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6633
expires: Sat, 07 Jun 2025 06:01:21 GMT
cache-control: public, max-age=14400
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fa568aa92f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/casino-images/1/categories/14/49b6b662-b418-4732-bf23-3628686130ff_horizontal.svg | 154.197.121.128 | 200 OK | 583 B |
URL GET v1.bundlecdn.com/casino-images/1/categories/14/49b6b662-b418-4732-bf23-3628686130ff_horizontal.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hash35630f8aa2bb923be1f2532f24e84a1d 3911a26af45b9d7dbf1b66161599322f4a49ec7f 10d7f146108dd116060d42a3fa9779eee465db274a74900aeed5a04ff88f89b8
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /casino-images/1/categories/14/49b6b662-b418-4732-bf23-3628686130ff_horizontal.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:24 GMT
content-type: image/svg+xml
etag: W/"67642abc-247"
last-modified: Thu, 19 Dec 2024 14:16:28 GMT
expires: Tue, 05 Jun 2035 02:01:24 GMT
cache-control: public, max-age=315360000
x-cache-status: HIT
cf-cache-status: HIT
age: 4849264
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fb55dbf92f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| res.1wcommon.com/v4QukoLmuaaDwWUk?9d58e15aa84dcd9f=0WcUZ-VD-BFn9WRKLH0vWfsYkYNFOwpNMhm4A4ot1JteN3-0SLdA4r71sZzi3tn5ZKlmS-Gziy6vYWBWILCp60ABJ54rVmC2c2Igg_ktpVzyIRap2nGGLxIHELEM5CNWI9t9vsEzD6065hd-1B478QdfqddiYQMWv8BkaR4 | 91.235.132.77 | 200 OK | 81 B |
URL GET res.1wcommon.com/v4QukoLmuaaDwWUk?9d58e15aa84dcd9f=0WcUZ-VD-BFn9WRKLH0vWfsYkYNFOwpNMhm4A4ot1JteN3-0SLdA4r71sZzi3tn5ZKlmS-Gziy6vYWBWILCp60ABJ54rVmC2c2Igg_ktpVzyIRap2nGGLxIHELEM5CNWI9t9vsEzD6065hd-1B478QdfqddiYQMWv8BkaR4 IP91.235.132.77:443
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerSectigo Limited Subjectres.1wcommon.com FingerprintCA:57:9A:79:5A:DA:C3:1F:13:79:8E:6D:47:D3:CE:AC:9B:E3:07:28 ValidityWed, 04 Dec 2024 00:00:00 GMT - Sun, 04 Jan 2026 23:59:59 GMT
File typePNG image data, 2 x 1, 8-bit/color RGBA, non-interlaced Hash1b6d2de2867a3e11063ba25aa1cd4209 bd20b0e089f31f35cba4d0fa7277e73aa74d944c 95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /v4QukoLmuaaDwWUk?9d58e15aa84dcd9f=0WcUZ-VD-BFn9WRKLH0vWfsYkYNFOwpNMhm4A4ot1JteN3-0SLdA4r71sZzi3tn5ZKlmS-Gziy6vYWBWILCp60ABJ54rVmC2c2Igg_ktpVzyIRap2nGGLxIHELEM5CNWI9t9vsEzD6065hd-1B478QdfqddiYQMWv8BkaR4 HTTP/1.1
Host: res.1wcommon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Cookie: thx_guid=1822d361c68f65cff7bbe04c52d309b0; tmx_guid=AAw6PUcB4sg64sibo0iD2O5yGB-Oy3QS8DpTK0nCRRr0Og_jbqsd-37Hw33OnpttNR1AnAp7gqKK7mAqYxMK8J7RMAEPzg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 07 Jun 2025 02:01:25 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Pragma: no-cache
Cache-Control: no-cache, no-store, must-revalidate
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Length: 81
Keep-Alive: timeout=2, max=99
Connection: Keep-Alive
Content-Type: image/png
|
|
| www.google.com/ccm/collect?tid=AW-16482547739&en=page_view&dl=https%3A%2F%2F1w-jp-ftend-pp.top%2F&scrsrc=www.googletagmanager.com&frm=0&rnd=1990735129.1749261686&dt=1win%20-%20%D1%81%D1%82%D0%B0%D0%B2%D0%BA%D0%B8%20%D0%BD%D0%B0%20%D1%81%D0%BF%D0%BE%D1%80%D1%82%20-%201327338.2479150598&auid=813207091.1749261686&navt=n&npa=1>m=45be5641h1v9181323879z8894400803za200zb894400803&gcd=13l3l3l2l1l1&dma_cps=syphamo&dma=1&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104617979~104617981~104653070~104653072~104661466~104661468~104698127~104698129&tft=1749261685897&tfd=8074&apve=1&apvf=f | 142.250.74.68 | 200 OK | 0 B |
URL POST www.google.com/ccm/collect?tid=AW-16482547739&en=page_view&dl=https%3A%2F%2F1w-jp-ftend-pp.top%2F&scrsrc=www.googletagmanager.com&frm=0&rnd=1990735129.1749261686&dt=1win%20-%20%D1%81%D1%82%D0%B0%D0%B2%D0%BA%D0%B8%20%D0%BD%D0%B0%20%D1%81%D0%BF%D0%BE%D1%80%D1%82%20-%201327338.2479150598&auid=813207091.1749261686&navt=n&npa=1>m=45be5641h1v9181323879z8894400803za200zb894400803&gcd=13l3l3l2l1l1&dma_cps=syphamo&dma=1&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104617979~104617981~104653070~104653072~104661466~104661468~104698127~104698129&tft=1749261685897&tfd=8074&apve=1&apvf=f IP142.250.74.68:443
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subject*.google.com Fingerprint7B:D2:02:FC:58:D9:E6:6C:DB:4E:0A:85:10:91:65:A5:9A:9C:5D:12 ValidityMon, 12 May 2025 08:42:58 GMT - Mon, 04 Aug 2025 08:42:57 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /ccm/collect?tid=AW-16482547739&en=page_view&dl=https%3A%2F%2F1w-jp-ftend-pp.top%2F&scrsrc=www.googletagmanager.com&frm=0&rnd=1990735129.1749261686&dt=1win%20-%20%D1%81%D1%82%D0%B0%D0%B2%D0%BA%D0%B8%20%D0%BD%D0%B0%20%D1%81%D0%BF%D0%BE%D1%80%D1%82%20-%201327338.2479150598&auid=813207091.1749261686&navt=n&npa=1>m=45be5641h1v9181323879z8894400803za200zb894400803&gcd=13l3l3l2l1l1&dma_cps=syphamo&dma=1&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104617979~104617981~104653070~104653072~104661466~104661468~104698127~104698129&tft=1749261685897&tfd=8074&apve=1&apvf=f HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1w-jp-ftend-pp.top/
Origin: https://1w-jp-ftend-pp.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0
HTTP/3 200 OK
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: text/plain
date: Sat, 07 Jun 2025 02:01:25 GMT
pragma: no-cache
vary: Origin, X-Origin, Referer
server: scaffolding on HTTPServer2
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: https://1w-jp-ftend-pp.top
access-control-expose-headers: date,vary,vary,vary,server,content-length
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| v1.bundlecdn.com/js/96594.f8d826c8e.js | 154.197.121.128 | 200 OK | 960 B |
URL GET v1.bundlecdn.com/js/96594.f8d826c8e.js IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeJavaScript source, ASCII text, with very long lines (960), with no line terminators Hash84f1164a72cbce464ae3e59e88f677ae 082010a37a128441c4b8758ebcdb9d93ad577bb4 82fd8ee61934488ddac77ef280e13b18a586013aee51080b8b2dfbfede6e642a
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/96594.f8d826c8e.js HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:21 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 19 May 2025 09:46:12 GMT
etag: W/"682afde4-3c0"
expires: Tue, 05 Jun 2035 02:01:21 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1613316
priority: u=3,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fa648f892f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/img/cricket-betting-guru.cfe7d4265-500.png | 154.197.121.128 | 200 OK | 8.1 kB |
URL GET v1.bundlecdn.com/img/cricket-betting-guru.cfe7d4265-500.png IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typePNG image data, 500 x 500, 8-bit colormap, non-interlaced Hash953b3b7e0c94ed3c3af678f19b076c5a 993c897eadbd5f11f4fa712cda067ea633c8e68f d996933d2daf078f08f1460583730af70894c8e2317c273661c10aa3affc5acd
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/cricket-betting-guru.cfe7d4265-500.png HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:22 GMT
content-type: image/png
content-length: 8067
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cf-bgj: imgq:100,h2pri
cf-polished: origSize=9249
etag: "68430b2e-2421"
last-modified: Fri, 06 Jun 2025 15:37:18 GMT
cf-cache-status: HIT
age: 7180
expires: Sat, 07 Jun 2025 06:01:22 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fabfa8392f4-CPH
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/js/82436.3e7ca6f13.js | 154.197.121.128 | 200 OK | 849 B |
URL GET v1.bundlecdn.com/js/82436.3e7ca6f13.js IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeJavaScript source, ASCII text, with very long lines (849), with no line terminators Hash2132e3d037287c891e9700e688d9a252 c51b6d26560154882c782ab6cdeec55c6c9a9fba a4a17497d8b180c775ad25f052886d4b1fb124c8e479a09cea848392968d637a
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/82436.3e7ca6f13.js HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:21 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 19 May 2025 09:46:12 GMT
etag: W/"682afde4-351"
expires: Tue, 05 Jun 2035 02:01:21 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1612000
priority: u=3,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fa4282892f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/casino-images/prov_softswiss_Amatic/c918400f-b2ca-4ded-9215-9a26726c60d1_0.svg | 154.197.121.128 | 200 OK | 1.0 kB |
URL GET v1.bundlecdn.com/casino-images/prov_softswiss_Amatic/c918400f-b2ca-4ded-9215-9a26726c60d1_0.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hash0a8fdc5520b6fbbae096bc6d5e3870bc b96abf36f2fc7f020109f26f67d385baa30accf8 7393b8af1ef98e319f27a21cddaf9ad2ec6b51f87b6c8e094a41de3655015311
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /casino-images/prov_softswiss_Amatic/c918400f-b2ca-4ded-9215-9a26726c60d1_0.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:22 GMT
content-type: image/svg+xml
etag: W/"67ed2ef7-409"
last-modified: Wed, 02 Apr 2025 12:35:03 GMT
expires: Tue, 05 Jun 2035 02:01:22 GMT
cache-control: public, max-age=315360000
x-cache-status: HIT
cf-cache-status: HIT
age: 4848918
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fadbb2692f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/casino-images/prov_softswiss_Amusnetlive/3bef7145-0c66-4dcb-a923-e77133075046_0.svg | 154.197.121.128 | 200 OK | 871 B |
URL GET v1.bundlecdn.com/casino-images/prov_softswiss_Amusnetlive/3bef7145-0c66-4dcb-a923-e77133075046_0.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hashe6b4f8044bc702750aa430266d0820fa a9853b8d91593e1721653f5418314a441148cf55 21326590945f18da33096d0b96912f9cb6f84401f77bf2d0471fea77c245cebc
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /casino-images/prov_softswiss_Amusnetlive/3bef7145-0c66-4dcb-a923-e77133075046_0.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:22 GMT
content-type: image/svg+xml
etag: W/"67ed2e1c-367"
last-modified: Wed, 02 Apr 2025 12:31:24 GMT
expires: Tue, 05 Jun 2035 02:01:22 GMT
cache-control: public, max-age=315360000
x-cache-status: HIT
cf-cache-status: HIT
age: 5663742
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8faeab6692f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/casino-images/prov_infingames_Salsa/4e511171-672a-455c-a269-a02aa5d4d115_0.svg | 154.197.121.128 | 200 OK | 5.9 kB |
URL GET v1.bundlecdn.com/casino-images/prov_infingames_Salsa/4e511171-672a-455c-a269-a02aa5d4d115_0.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hash2935f6b05168f75ba9c9dac78381178d fccfd2b65b253c669164bb4866ae5f388302ccf0 d86e8f50915a9eb891df5b28cffa106d593e8cf8979dade8aa1c27fcf02399a0
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /casino-images/prov_infingames_Salsa/4e511171-672a-455c-a269-a02aa5d4d115_0.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:23 GMT
content-type: image/svg+xml
etag: W/"67ed2a39-16f4"
last-modified: Wed, 02 Apr 2025 12:14:49 GMT
expires: Tue, 05 Jun 2035 02:01:23 GMT
cache-control: public, max-age=315360000
x-cache-status: MISS
cf-cache-status: HIT
age: 997522
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fb1fca592f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/js/88627.cb22cdafb.js | 154.197.121.128 | 200 OK | 95 kB |
URL GET v1.bundlecdn.com/js/88627.cb22cdafb.js IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Hash99e206630819f9d437fa7c6be8dee116 e6c68bef05635be67815f6a1352c4fdaf7fe2e79 3fff20a3ff0f5b3ccd613237b43e6cfff59c74821cea4625c654df49cb5b88c9
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/88627.cb22cdafb.js HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:21 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 19 May 2025 09:46:12 GMT
etag: W/"682afde4-17334"
expires: Tue, 05 Jun 2035 02:01:21 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1613317
priority: u=3,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fa2afcb92f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/casino-images/prov_infingames_Galaxsys/1deaf727-a4a1-4dcb-a8e9-02d84f5ef51f_0.svg | 154.197.121.128 | 200 OK | 850 B |
URL GET v1.bundlecdn.com/casino-images/prov_infingames_Galaxsys/1deaf727-a4a1-4dcb-a8e9-02d84f5ef51f_0.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hash7d342e4240f3722de389826647bcb1ca 344a08ae3c35e9be6094543bc41b2e64c2f29b0b 449e7707c5b580086546e0a575cd4d55a89e7dbb634fba08d6767a20b53ebaf7
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /casino-images/prov_infingames_Galaxsys/1deaf727-a4a1-4dcb-a8e9-02d84f5ef51f_0.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:23 GMT
content-type: image/svg+xml
etag: W/"67ed2a0b-352"
last-modified: Wed, 02 Apr 2025 12:14:03 GMT
expires: Tue, 05 Jun 2035 02:01:23 GMT
cache-control: public, max-age=315360000
x-cache-status: HIT
cf-cache-status: HIT
age: 260361
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fafdbd492f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/casino-images/prov_mrslotty_Games%20Inc/a1292670-4fd9-4a0a-9e8f-e7f2761641ee_0.svg | 154.197.121.128 | 200 OK | 784 B |
URL GET v1.bundlecdn.com/casino-images/prov_mrslotty_Games%20Inc/a1292670-4fd9-4a0a-9e8f-e7f2761641ee_0.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hash6f1056333fe8581085bdf3325dd1cdc3 c31c34b55e6ead0023981d220fed5bf6e52c60f0 396c5b2c4311d20ea91e9e6d4609e24b6559840a39e8317fd6c6e67265b8d66c
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /casino-images/prov_mrslotty_Games%20Inc/a1292670-4fd9-4a0a-9e8f-e7f2761641ee_0.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:23 GMT
content-type: image/svg+xml
etag: W/"67ed26ac-310"
last-modified: Wed, 02 Apr 2025 11:59:40 GMT
expires: Tue, 05 Jun 2035 02:01:23 GMT
cache-control: public, max-age=315360000
x-cache-status: MISS
cf-cache-status: HIT
age: 5659496
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fafebda92f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/img/wta.c6d5e2ef3.svg | 154.197.121.128 | 200 OK | 3.3 kB |
URL GET v1.bundlecdn.com/img/wta.c6d5e2ef3.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hasha76c6f313f101f45ed8fa72e41d3ac60 afa7e4fea49cbf0399d3e8d488d79761859fabeb e5d0fce36be31aaecfb4ffe607a0d90e0613caf47684504a41e06bc164ef8897
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/wta.c6d5e2ef3.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:22 GMT
content-type: image/svg+xml
last-modified: Fri, 06 Jun 2025 15:37:18 GMT
etag: W/"68430b2e-d04"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 7180
expires: Sat, 07 Jun 2025 06:01:22 GMT
cache-control: public, max-age=14400
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fabaa6092f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/casino-images/prov_relax_4ThePlayer/cf07d291-9a13-4824-9910-4f270983264f_0.svg | 154.197.121.128 | 200 OK | 3.6 kB |
URL GET v1.bundlecdn.com/casino-images/prov_relax_4ThePlayer/cf07d291-9a13-4824-9910-4f270983264f_0.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hashb3ab9151c36d6228cadff765dc68dc5e 76dab51567ef375fa648f6f9b3fc1e7354f76ab8 d5a7f97108d2bcd28d4005a305a3188fc41c700d367c0789d36d1b0ed954e259
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /casino-images/prov_relax_4ThePlayer/cf07d291-9a13-4824-9910-4f270983264f_0.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:22 GMT
content-type: image/svg+xml
etag: W/"67ed2b0b-df7"
last-modified: Wed, 02 Apr 2025 12:18:19 GMT
expires: Tue, 05 Jun 2035 02:01:22 GMT
cache-control: public, max-age=315360000
x-cache-status: HIT
cf-cache-status: HIT
age: 5664846
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fad5aff92f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/casino-images/prov_mrslotty_7Mojos%20Live/db471c47-f48f-4e1a-912a-a294bf289ded_0.svg | 154.197.121.128 | 200 OK | 6.9 kB |
URL GET v1.bundlecdn.com/casino-images/prov_mrslotty_7Mojos%20Live/db471c47-f48f-4e1a-912a-a294bf289ded_0.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hash8f5e3a79a9fda37e486302a17c162158 de3b58c5c0a965449ea3835aedc137ea1f4eb329 5fa22c0f430eb3a280d170a7201dbc2724add084738e798dbc20c31ee38a7848
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /casino-images/prov_mrslotty_7Mojos%20Live/db471c47-f48f-4e1a-912a-a294bf289ded_0.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:22 GMT
content-type: image/svg+xml
etag: W/"67ed3522-1ae9"
last-modified: Wed, 02 Apr 2025 13:01:22 GMT
expires: Tue, 05 Jun 2035 02:01:22 GMT
cache-control: public, max-age=315360000
x-cache-status: HIT
cf-cache-status: HIT
age: 5660871
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fad7b1192f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/casino-images/prov_mrslotty_GameArt/1fd2225d-dc5a-46f6-80d8-9aeb741ff583_0.svg | 154.197.121.128 | 200 OK | 2.9 kB |
URL GET v1.bundlecdn.com/casino-images/prov_mrslotty_GameArt/1fd2225d-dc5a-46f6-80d8-9aeb741ff583_0.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hash19ce24519257fe8466a5f1954006067d 4f53f8c7a515553dfc39202eb1440b9610ab483a 0f539cc2423acd7288a607d89448eea4221a5130163e0653153a9385dbd87d9f
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /casino-images/prov_mrslotty_GameArt/1fd2225d-dc5a-46f6-80d8-9aeb741ff583_0.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:23 GMT
content-type: image/svg+xml
etag: W/"67ed269f-b72"
last-modified: Wed, 02 Apr 2025 11:59:27 GMT
expires: Tue, 05 Jun 2035 02:01:23 GMT
cache-control: public, max-age=315360000
x-cache-status: HIT
cf-cache-status: HIT
age: 5664974
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fafdbd592f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/casino-images/prov_fundist_BetradarVS/c9d81bee-2abe-4dfc-ace0-06d111850bb3_0.svg | 154.197.121.128 | 200 OK | 917 B |
URL GET v1.bundlecdn.com/casino-images/prov_fundist_BetradarVS/c9d81bee-2abe-4dfc-ace0-06d111850bb3_0.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hashdb6e8c2ae7a14d46ad4587b8f2ad5122 a7d766c2886714422be294c38160d2bfeb399eef 67bf4b0465271dc6c40eabbfab3d0161cca83424a75d5c1122ae806463072a75
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /casino-images/prov_fundist_BetradarVS/c9d81bee-2abe-4dfc-ace0-06d111850bb3_0.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:23 GMT
content-type: image/svg+xml
etag: W/"67ed20cd-395"
last-modified: Wed, 02 Apr 2025 11:34:37 GMT
expires: Tue, 05 Jun 2035 02:01:23 GMT
cache-control: public, max-age=315360000
x-cache-status: MISS
cf-cache-status: HIT
age: 1919067
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8faf1b8792f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/casino-images/prov_fundist_ImagineLive/d03d8875-66eb-4bb8-9ff8-5b0a60e14731_0.svg | 154.197.121.128 | 200 OK | 4.1 kB |
URL GET v1.bundlecdn.com/casino-images/prov_fundist_ImagineLive/d03d8875-66eb-4bb8-9ff8-5b0a60e14731_0.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hash590eef4475c53a0b668d2012f1332eb7 51d235307b1a0cf76d8f21ef134772e874463853 39b5771060f28ddeaca8b5395a1828e3477cf8af5a28d586edf23dc27bd0611e
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /casino-images/prov_fundist_ImagineLive/d03d8875-66eb-4bb8-9ff8-5b0a60e14731_0.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:23 GMT
content-type: image/svg+xml
etag: W/"67ed29c7-1022"
last-modified: Wed, 02 Apr 2025 12:12:55 GMT
expires: Tue, 05 Jun 2035 02:01:23 GMT
cache-control: public, max-age=315360000
x-cache-status: HIT
cf-cache-status: HIT
age: 5665077
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fb0dc1b92f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| imgproxy.v1.bundlecdn.com/unsafe/casino_list_big_1x/plain/https://v1.bundlecdn.com/casino-images/v/h_popiplaymoneyfest_moneyfest.png@avif | 154.197.121.128 | 200 OK | 3.8 kB |
URL GET imgproxy.v1.bundlecdn.com/unsafe/casino_list_big_1x/plain/https://v1.bundlecdn.com/casino-images/v/h_popiplaymoneyfest_moneyfest.png@avif IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
Hashfae8bb06dbd4e4aaa14388d4e4d635dc 693c4572a5015df245e0799c3bfaed2e27de915f 6d4f37f7aa16a4aa31229e31df65a55b60d3e43ca18393b2fb3ddf9a0cf9ab45
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://v1.bundlecdn.com/casino-images/v/h_popiplaymoneyfest_moneyfest.png@avif HTTP/1.1
Host: imgproxy.v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:24 GMT
content-type: image/avif
content-length: 3792
cache-control: public, max-age=31536000
content-disposition: inline; filename="h_popiplaymoneyfest_moneyfest.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY4MjVkODJlLTdjOWMi"
expires: Sun, 07 Jun 2026 02:01:24 GMT
x-request-id: Jxp_Ak8l2k0MqZ3kWTjmw
cf-cache-status: HIT
age: 233410
accept-ranges: bytes
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fb7ee9092f4-CPH
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| imgproxy.v1.bundlecdn.com/unsafe/casino_list_big_1x/plain/https://v1.bundlecdn.com/casino-images/fundist/f13b8617-cf3e-48bb-8b97-8119ffa3568e_horizontal.png@avif | 154.197.121.128 | 200 OK | 6.2 kB |
URL GET imgproxy.v1.bundlecdn.com/unsafe/casino_list_big_1x/plain/https://v1.bundlecdn.com/casino-images/fundist/f13b8617-cf3e-48bb-8b97-8119ffa3568e_horizontal.png@avif IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
Hash68e4ef7091cea38d5a36de9c44423f0a 9e8b39c210e70575853bec3a31e1e47d1fb2a715 087c3b6fce629fb573050c63d5f753f0f149c020109a22294cd82a7522421d27
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://v1.bundlecdn.com/casino-images/fundist/f13b8617-cf3e-48bb-8b97-8119ffa3568e_horizontal.png@avif HTTP/1.1
Host: imgproxy.v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:24 GMT
content-type: image/avif
content-length: 6190
cache-control: public, max-age=31536000
content-disposition: inline; filename="f13b8617-cf3e-48bb-8b97-8119ffa3568e_horizontal.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY3NTg5ZTcyLTI2MDQwIg"
expires: Sun, 07 Jun 2026 02:01:24 GMT
x-request-id: LWwWlmmxU_W4QYAQJ1Qud
cf-cache-status: HIT
age: 2958404
accept-ranges: bytes
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fb84eb992f4-CPH
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/js/40482.34212db5f.js | 154.197.121.128 | 200 OK | 82 kB |
URL GET v1.bundlecdn.com/js/40482.34212db5f.js IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Hash686fc05e1b90ff05a74e9e0b2741e65a db8b2c43acbb6dab016cf74f38bd3df2c1f8eccc f0722396786faff1120804a891ea67bd2c6a019fe33716c46e1358958d2cbfe8
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/40482.34212db5f.js HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:19 GMT
content-type: application/javascript; charset=utf-8
last-modified: Fri, 06 Jun 2025 14:00:10 GMT
etag: W/"6842f46a-1401e"
expires: Tue, 05 Jun 2035 02:01:19 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 41734
priority: u=3,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8f9a1de192f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/img/best-bitcoin-casino.9c1716b1a-50.png | 154.197.121.128 | 200 OK | 972 B |
URL GET v1.bundlecdn.com/img/best-bitcoin-casino.9c1716b1a-50.png IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typePNG image data, 50 x 50, 8-bit colormap, non-interlaced Hashd75b75efec83a2230764a8fed9d1dd3e ee4318789396290da2017d433fe622b9a005aff2 24397ec04f26d6b7c9465094a088ab89e4a4216accd5cb45e8563f694dd3fcd5
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/best-bitcoin-casino.9c1716b1a-50.png HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:22 GMT
content-type: image/png
content-length: 972
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cf-bgj: imgq:100,h2pri
cf-polished: origSize=1035
etag: "68430b2e-40b"
last-modified: Fri, 06 Jun 2025 15:37:18 GMT
cf-cache-status: HIT
age: 7180
expires: Sat, 07 Jun 2025 06:01:22 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fabfa8192f4-CPH
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/casino-images/prov_softswiss_Belatra/09e8fae7-fbe8-4945-997b-6e3fb2d64c63_0.svg | 154.197.121.128 | 200 OK | 4.2 kB |
URL GET v1.bundlecdn.com/casino-images/prov_softswiss_Belatra/09e8fae7-fbe8-4945-997b-6e3fb2d64c63_0.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hash9679b0ab7187f8b4d60ca8626222263e 0156b17a1c1a4ca4e04ab4d5c695dfb2e715088c a290986ce68db7a353e86aee2efbdb6ca5cba8c5825d342f8f36411d3a42e5ef
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /casino-images/prov_softswiss_Belatra/09e8fae7-fbe8-4945-997b-6e3fb2d64c63_0.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:23 GMT
content-type: image/svg+xml
etag: W/"67ed2e09-1054"
last-modified: Wed, 02 Apr 2025 12:31:05 GMT
expires: Tue, 05 Jun 2035 02:01:23 GMT
cache-control: public, max-age=315360000
x-cache-status: MISS
cf-cache-status: HIT
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8faefb7f92f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/casino-images/prov_softswiss_BGaming/66764bba-6769-4572-af96-177ca45541a2_0.svg | 154.197.121.128 | 200 OK | 4.4 kB |
URL GET v1.bundlecdn.com/casino-images/prov_softswiss_BGaming/66764bba-6769-4572-af96-177ca45541a2_0.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hash69773379306131229f9455a3caf0bcee cfaa5d9c47e706a00119703a4e5c56ac0cd19bc1 ffd129ea802d11d8d012b14136a1e4092278a2e4352589e4344ce30f09a7ad79
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /casino-images/prov_softswiss_BGaming/66764bba-6769-4572-af96-177ca45541a2_0.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:23 GMT
content-type: image/svg+xml
etag: W/"67ed2ec2-1146"
last-modified: Wed, 02 Apr 2025 12:34:10 GMT
expires: Tue, 05 Jun 2035 02:01:23 GMT
cache-control: public, max-age=315360000
x-cache-status: MISS
cf-cache-status: HIT
age: 5663743
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8faf5b9c92f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/casino-images/prov_relax_Hacksaw/60113e52-5af4-450b-9448-dc1b47ebffb1_0.png | 154.197.121.128 | 200 OK | 180 B |
URL GET v1.bundlecdn.com/casino-images/prov_relax_Hacksaw/60113e52-5af4-450b-9448-dc1b47ebffb1_0.png IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typePNG image data, 14 x 19, 8-bit gray+alpha, non-interlaced Hashde1e322c7af8b7c6cdfe96a9cafe4fe5 3cd424bc39a0210d7117ca42771ea693c4a910d3 981f037027e274858ba3b4151982e4d57bf0fb600d024a7c83a65b6b99a9ac5c
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /casino-images/prov_relax_Hacksaw/60113e52-5af4-450b-9448-dc1b47ebffb1_0.png HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:23 GMT
content-type: image/png
content-length: 180
cache-control: public, max-age=315360000
cf-bgj: imgq:100,h2pri
cf-polished: origSize=2003
etag: "67ed37b3-7d3"
expires: Tue, 05 Jun 2035 02:01:23 GMT
last-modified: Wed, 02 Apr 2025 13:12:19 GMT
x-cache-status: MISS
cf-cache-status: HIT
age: 5660832
accept-ranges: bytes
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fb0bc1192f4-CPH
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/casino-images/prov_mrslotty_Funky%20Games/b6d87d5f-3ab4-4564-ac4f-887f4bd35665_0.svg | 154.197.121.128 | 200 OK | 11 kB |
URL GET v1.bundlecdn.com/casino-images/prov_mrslotty_Funky%20Games/b6d87d5f-3ab4-4564-ac4f-887f4bd35665_0.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hash8b608653b43b2dcb96942b86b2ccc4ab f227434657519591670627b3a08e3413bc9a067c ee99e10eb8d77beee9eb3c6822712f82c0f7a02b89689f076ca018c20fb771ab
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /casino-images/prov_mrslotty_Funky%20Games/b6d87d5f-3ab4-4564-ac4f-887f4bd35665_0.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:23 GMT
content-type: image/svg+xml
etag: W/"67ed24a8-299e"
last-modified: Wed, 02 Apr 2025 11:51:04 GMT
expires: Tue, 05 Jun 2035 02:01:23 GMT
cache-control: public, max-age=315360000
x-cache-status: HIT
cf-cache-status: HIT
age: 5659496
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fafcbcf92f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/casino-images/prov_softswiss_Swintt/e627432c-bbc1-45e4-ab6f-03d91fdb5461_0.svg | 154.197.121.128 | 200 OK | 509 B |
URL GET v1.bundlecdn.com/casino-images/prov_softswiss_Swintt/e627432c-bbc1-45e4-ab6f-03d91fdb5461_0.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hashcc5a0b97cab8d24036c37edff2be0e77 bcfef5fc9fbb2beb46a25be9f4bccde03dcb2623 b30060de197654afc9c5ac5929faa5339c3d7a7e8a08d840ce75d6a76283729c
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /casino-images/prov_softswiss_Swintt/e627432c-bbc1-45e4-ab6f-03d91fdb5461_0.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:23 GMT
content-type: image/svg+xml
etag: W/"67ed2ee7-1fd"
last-modified: Wed, 02 Apr 2025 12:34:47 GMT
expires: Tue, 05 Jun 2035 02:01:23 GMT
cache-control: public, max-age=315360000
x-cache-status: HIT
cf-cache-status: HIT
age: 5662743
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fb20cb692f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/casino-images/1/categories/210253/693deb1e-d0a4-458f-8aa8-c38c7fe342bf.svg | 154.197.121.128 | 200 OK | 3.5 kB |
URL GET v1.bundlecdn.com/casino-images/1/categories/210253/693deb1e-d0a4-458f-8aa8-c38c7fe342bf.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hash468df0cd9546410a3d003671a9f67a01 abc3dbd74f54ace9a886b92ccecbf715b8e9f04f c916072fd5a5ceaa3ea42af7f003e5b7ba05b3a9b85e03e9724ecf9acece5758
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /casino-images/1/categories/210253/693deb1e-d0a4-458f-8aa8-c38c7fe342bf.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:24 GMT
content-type: image/svg+xml
etag: W/"6840109e-d8c"
last-modified: Wed, 04 Jun 2025 09:23:42 GMT
expires: Tue, 05 Jun 2035 02:01:24 GMT
cache-control: public, max-age=315360000
x-cache-status: HIT
cf-cache-status: HIT
age: 146974
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fb58dcf92f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/js/44179.1afd90437.js | 154.197.121.128 | 200 OK | 738 B |
URL GET v1.bundlecdn.com/js/44179.1afd90437.js IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeJavaScript source, ASCII text, with very long lines (738), with no line terminators Hash0c1c2c41d534a329f2add00c6489935d 9ed3e8d60a75a00bb3a6bc6b5763def850394572 4fd6b89391f7ef8731040dfb6a20ba770469e7a1782f7ea495efe670a737ff0c
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/44179.1afd90437.js HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:21 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 19 May 2025 09:46:12 GMT
etag: W/"682afde4-2e2"
expires: Tue, 05 Jun 2035 02:01:21 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 290608
priority: u=3,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fa6890c92f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/font/SFNSDisplay-cyrillic.e423f3776.woff2 | 154.197.121.128 | 200 OK | 17 kB |
URL GET v1.bundlecdn.com/font/SFNSDisplay-cyrillic.e423f3776.woff2 IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 16852, version 1.0 Hashc4f31a30bdf4dbced79fb75fc03111cf 14765799051deb933539e19f1ffa26198cabd4c1 cded98e2b95ccbf34690d20e4d466e2457d754f960b819d052d188dae2c9e9fc
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /font/SFNSDisplay-cyrillic.e423f3776.woff2 HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1w-jp-ftend-pp.top
DNT: 1
Connection: keep-alive
Referer: https://v1.bundlecdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:21 GMT
content-type: application/octet-stream
content-length: 16852
last-modified: Fri, 06 Jun 2025 15:37:17 GMT
etag: "68430b2d-41d4"
expires: Tue, 05 Jun 2035 02:01:21 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: MISS
accept-ranges: bytes
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fa7194d92f4-CPH
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/casino-images/prov_mrslotty_AmigoGaming/29c05b24-2377-4d97-8cff-0c3c833d1133_0.svg | 154.197.121.128 | 200 OK | 6.9 kB |
URL GET v1.bundlecdn.com/casino-images/prov_mrslotty_AmigoGaming/29c05b24-2377-4d97-8cff-0c3c833d1133_0.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hashd248fd11c99e7a44cb3620b6d2fb85d9 07e992280bdafca6a528b07a3ae1d2932653b495 dfe20fdeb9e38bbe23bc242794792e5b822a041eaac3b0c17580fda528b67358
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /casino-images/prov_mrslotty_AmigoGaming/29c05b24-2377-4d97-8cff-0c3c833d1133_0.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:22 GMT
content-type: image/svg+xml
etag: W/"67ed243f-1b22"
last-modified: Wed, 02 Apr 2025 11:49:19 GMT
expires: Tue, 05 Jun 2035 02:01:22 GMT
cache-control: public, max-age=315360000
x-cache-status: HIT
cf-cache-status: HIT
age: 5666702
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fadbb2792f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/casino-images/prov_softswiss_Booming/706c5d91-6022-406a-bb3a-5c4f779668c2_0.svg | 154.197.121.128 | 200 OK | 3.7 kB |
URL GET v1.bundlecdn.com/casino-images/prov_softswiss_Booming/706c5d91-6022-406a-bb3a-5c4f779668c2_0.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hashec67055ef7c044144dbbce43d9c6079c 4df115342e00d1783292149039a15e24bd70d04a 529734abfcf7c1ccb31580e7d966f36b3d1ae8f450033c633f0366ba8b1df309
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /casino-images/prov_softswiss_Booming/706c5d91-6022-406a-bb3a-5c4f779668c2_0.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:23 GMT
content-type: image/svg+xml
etag: W/"67ed2d20-e66"
last-modified: Wed, 02 Apr 2025 12:27:12 GMT
expires: Tue, 05 Jun 2035 02:01:23 GMT
cache-control: public, max-age=315360000
x-cache-status: HIT
cf-cache-status: HIT
age: 1283835
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8faf5ba192f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/casino-images/prov_tvbet_TVBet/a1c9bac9-ee81-4616-a064-1ee0dfc8fc07_0.svg | 154.197.121.128 | 200 OK | 1.8 kB |
URL GET v1.bundlecdn.com/casino-images/prov_tvbet_TVBet/a1c9bac9-ee81-4616-a064-1ee0dfc8fc07_0.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hash239a3772856767ad0d986d93cb80917e a2d7f92ea7330beaed88eeac7f591f0060545821 3d7d5740d17e39f74b8f9be59bd55ccf465e09c45c332396f9ba755dbd665478
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /casino-images/prov_tvbet_TVBet/a1c9bac9-ee81-4616-a064-1ee0dfc8fc07_0.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:23 GMT
content-type: image/svg+xml
etag: W/"67ed23e3-6d8"
last-modified: Wed, 02 Apr 2025 11:47:47 GMT
expires: Tue, 05 Jun 2035 02:01:23 GMT
cache-control: public, max-age=315360000
x-cache-status: HIT
cf-cache-status: HIT
age: 2648053
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fb28ce592f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/casino-images/1/categories/16/d77992bd-096a-4fa0-abee-fa748250292e_horizontal.svg | 154.197.121.128 | 200 OK | 12 kB |
URL GET v1.bundlecdn.com/casino-images/1/categories/16/d77992bd-096a-4fa0-abee-fa748250292e_horizontal.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hash8761b08a9144bf9335f76c65ae4373a8 b329554c9489b51202d4cec560a14195f4f68c34 1005ecb62ca58014b911479a3ef25ec30130a7fd5ba83083280ef0ff5e57bd90
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /casino-images/1/categories/16/d77992bd-096a-4fa0-abee-fa748250292e_horizontal.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:24 GMT
content-type: image/svg+xml
etag: W/"67642bf6-2cee"
last-modified: Thu, 19 Dec 2024 14:21:42 GMT
expires: Tue, 05 Jun 2035 02:01:24 GMT
cache-control: public, max-age=315360000
x-cache-status: HIT
cf-cache-status: HIT
age: 1525285
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fb55dbe92f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| imgproxy.v1.bundlecdn.com/unsafe/casino_list_big_1x/plain/https://v1.bundlecdn.com/casino-images/v/h_truelabbattlerage_battlerage.png@avif | 154.197.121.128 | 200 OK | 4.8 kB |
URL GET imgproxy.v1.bundlecdn.com/unsafe/casino_list_big_1x/plain/https://v1.bundlecdn.com/casino-images/v/h_truelabbattlerage_battlerage.png@avif IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
Hash55498069193166a0710bd7198f147510 74af43dbac83ee0b794508b4731c32a49c810e87 59daf9734568f3ae54591dac7b6926454c4de589dc2c70383552cacde73e546a
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://v1.bundlecdn.com/casino-images/v/h_truelabbattlerage_battlerage.png@avif HTTP/1.1
Host: imgproxy.v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:24 GMT
content-type: image/avif
content-length: 4756
cache-control: public, max-age=31536000
content-disposition: inline; filename="h_truelabbattlerage_battlerage.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY4MjVlM2ZiLTkxNTIi"
expires: Sun, 07 Jun 2026 02:01:24 GMT
x-request-id: ZjMWY5yfaAoH23R2vBShG
cf-cache-status: HIT
age: 688074
accept-ranges: bytes
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fb7de8792f4-CPH
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/js/52674.5e8e65e45.js | 154.197.121.128 | 200 OK | 9.1 kB |
URL GET v1.bundlecdn.com/js/52674.5e8e65e45.js IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (9087), with no line terminators Hashfb38485b08bb06f1ff52cdbf9b2572fa 0c7e97fc64fa70c2c1a51ee0704f484f70a92f25 71cc495766738ec20cf6c6235ece4f3a4a9542dca3df9745bd69a09de2c71992
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/52674.5e8e65e45.js HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:21 GMT
content-type: application/javascript; charset=utf-8
last-modified: Fri, 23 May 2025 08:22:30 GMT
etag: W/"68303046-23bc"
expires: Tue, 05 Jun 2035 02:01:21 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1272584
priority: u=3,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fa2afcc92f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/img/carRaffleDesktopHeaderTicket.1a4740acc.svg | 154.197.121.128 | 200 OK | 1.0 kB |
URL GET v1.bundlecdn.com/img/carRaffleDesktopHeaderTicket.1a4740acc.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hash5cfb99cfd07a3bda5fd7b6e5952057b8 be3ca09bc17e041ffcb8a9efe044b04278d0db88 a235180b89d4811bdb6fc712e8f91c822f8d90d21aad0bcf254014e67deb768a
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/carRaffleDesktopHeaderTicket.1a4740acc.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:22 GMT
content-type: image/svg+xml
last-modified: Fri, 06 Jun 2025 15:37:18 GMT
etag: W/"68430b2e-3ff"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 7180
expires: Sat, 07 Jun 2025 06:01:22 GMT
cache-control: public, max-age=14400
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fac4aba92f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/casino-images/prov_mrslotty_Caleta/39f72a8e-cc87-4c4a-ac44-4690fe1263db_0.svg | 154.197.121.128 | 200 OK | 1.4 kB |
URL GET v1.bundlecdn.com/casino-images/prov_mrslotty_Caleta/39f72a8e-cc87-4c4a-ac44-4690fe1263db_0.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hash74a17f1c76a06fb42c4fd3a2531575da 00347683a797c7575a8fc6581073690a40da9714 403906af687b368ca2b6cb9d6eace0f44d6799fd9aec1838bab0c5b7c7953665
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /casino-images/prov_mrslotty_Caleta/39f72a8e-cc87-4c4a-ac44-4690fe1263db_0.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:23 GMT
content-type: image/svg+xml
etag: W/"67ed2461-56b"
last-modified: Wed, 02 Apr 2025 11:49:53 GMT
expires: Tue, 05 Jun 2035 02:01:23 GMT
cache-control: public, max-age=315360000
x-cache-status: MISS
cf-cache-status: HIT
age: 5659496
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8faf6ba692f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| imgproxy.v1.bundlecdn.com/unsafe/casino_list_big_1x/plain/https://v1.bundlecdn.com/casino-images/v/h_clawbusterzeus_claws_zeus_claws.png@avif | 154.197.121.128 | 200 OK | 5.5 kB |
URL GET imgproxy.v1.bundlecdn.com/unsafe/casino_list_big_1x/plain/https://v1.bundlecdn.com/casino-images/v/h_clawbusterzeus_claws_zeus_claws.png@avif IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
Hash5453bcb3692f7f179c13fefa7bb32e7d b614a8d7bd360f0fe81df7402cb78902480fb2ae 42626baaa3f8fb6b0181e0a59a9f6b0ce78812fc6cdc4af845c2dec994a678ec
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://v1.bundlecdn.com/casino-images/v/h_clawbusterzeus_claws_zeus_claws.png@avif HTTP/1.1
Host: imgproxy.v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:24 GMT
content-type: image/avif
content-length: 5470
cache-control: public, max-age=31536000
content-disposition: inline; filename="h_clawbusterzeus_claws_zeus_claws.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY4MjVjYzFlLTc4NGUi"
expires: Sun, 07 Jun 2026 02:01:24 GMT
x-request-id: l4wXBBTNNqKs4oXshuzRa
cf-cache-status: HIT
age: 291619
accept-ranges: bytes
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fb7de8b92f4-CPH
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/js/73236.82ec8e8a4.js | 154.197.121.128 | 200 OK | 38 kB |
URL GET v1.bundlecdn.com/js/73236.82ec8e8a4.js IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (38067), with no line terminators Hash515fcb00745cd505f4e767a84b9f4f52 1144eee84294d9c40f09793b2fb832b400e95108 3d34a083cc2b5c6d417acd4739d1bc511e9fdf5482994d4290e5b5edd415f545
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/73236.82ec8e8a4.js HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:21 GMT
content-type: application/javascript; charset=utf-8
last-modified: Fri, 06 Jun 2025 14:00:10 GMT
etag: W/"6842f46a-94b9"
expires: Tue, 05 Jun 2035 02:01:21 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 40968
priority: u=3,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fa2dfdb92f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| res.1wcommon.com/3ktrpwe7ch9hccre.js?nrwuv6rd1gyu9va8=3fb27s7b&zu6phl85wf5wz75q=fa65c867-c5c2-4fcc-9954-5fe49c341eb3 | 91.235.132.77 | 200 OK | 99 kB |
URL GET res.1wcommon.com/3ktrpwe7ch9hccre.js?nrwuv6rd1gyu9va8=3fb27s7b&zu6phl85wf5wz75q=fa65c867-c5c2-4fcc-9954-5fe49c341eb3 IP91.235.132.77:443
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerSectigo Limited Subjectres.1wcommon.com FingerprintCA:57:9A:79:5A:DA:C3:1F:13:79:8E:6D:47:D3:CE:AC:9B:E3:07:28 ValidityWed, 04 Dec 2024 00:00:00 GMT - Sun, 04 Jan 2026 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (15506) Hash1daa46090155e619607de8f706524c9c a00fe0247ad034eea5c5f3d3008cb126f662108a 894a80f9baae00ccc80c3ed91992736403a12e5cb752c42074fcbdd3a6c327e0
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /3ktrpwe7ch9hccre.js?nrwuv6rd1gyu9va8=3fb27s7b&zu6phl85wf5wz75q=fa65c867-c5c2-4fcc-9954-5fe49c341eb3 HTTP/1.1
Host: res.1wcommon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 07 Jun 2025 02:01:22 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Connection: Keep-Alive, Keep-Alive
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT
tmx-nonce: 91d3820e94ac05e0
X-Robots-Tag: noindex, nofollow
P3P: CP=IVAa PSAa
Set-Cookie: thx_guid=1822d361c68f65cff7bbe04c52d309b0; Max-Age=155520000; Version=1; HttpOnly; Path=/; Secure; SameSite=None;
tmx_guid=AAw6PUcB4sg64sibo0iD2O5yGB-Oy3QS8DpTK0nCRRr0Og_jbqsd-37Hw33OnpttNR1AnAp7gqKK7mAqYxMK8J7RMAEPzg; Max-Age=155520000; Version=1; HttpOnly; Path=/; Secure; SameSite=None;
Content-Type: text/javascript;charset=UTF-8
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=2, max=100
Transfer-Encoding: chunked
|
|
| v1.bundlecdn.com/casino-images/prov_v_NardsClub/1ac01736-6abf-4aea-bc49-cc545ebbff0f.svg | 154.197.121.128 | 200 OK | 8.3 kB |
URL GET v1.bundlecdn.com/casino-images/prov_v_NardsClub/1ac01736-6abf-4aea-bc49-cc545ebbff0f.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hash325591b22e85ad088490b4cda7089a86 b1b27627320a1dac4c944b73e0c54c73fe8d4f32 a55f9d2a51876b462bb22f23271f819ccdfa3a78d5fe193e72102d23ca114e5c
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /casino-images/prov_v_NardsClub/1ac01736-6abf-4aea-bc49-cc545ebbff0f.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:23 GMT
content-type: image/svg+xml
etag: W/"68124900-2046"
last-modified: Wed, 30 Apr 2025 16:00:00 GMT
expires: Tue, 05 Jun 2035 02:01:23 GMT
cache-control: public, max-age=315360000
x-cache-status: HIT
cf-cache-status: HIT
age: 260362
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fb13c3c92f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| www.googletagmanager.com/gtag/js?id=G-0GFT8ZSQGY&cx=c>m=45He5641h1v894400803za200&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104617979~104617981~104653070~104653072~104661466~104661468~104698127~104698129 | 142.250.178.104 | 200 OK | 391 kB |
URL GET www.googletagmanager.com/gtag/js?id=G-0GFT8ZSQGY&cx=c>m=45He5641h1v894400803za200&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104617979~104617981~104653070~104653072~104661466~104661468~104698127~104698129 IP142.250.178.104:443
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subject*.google-analytics.com Fingerprint10:76:57:2F:C3:21:F2:5F:71:E4:85:A5:DB:F7:65:3F:51:03:55:07 ValidityMon, 12 May 2025 08:42:57 GMT - Mon, 04 Aug 2025 08:42:56 GMT
File typeJavaScript source, ASCII text, with very long lines (6079) Size391 kB (390917 bytes) Hashc79d2898e45eaac3e1e2bceecd71327c 4e7598959d8c8a41a11cc2fa4886183e3a93ac75 3850c7dbc8b473fcd21f3b8663f15e78966e6e88c5ba72f0ef5f5ac723e86e23
GET /gtag/js?id=G-0GFT8ZSQGY&cx=c>m=45He5641h1v894400803za200&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104617979~104617981~104653070~104653072~104661466~104661468~104698127~104698129 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 07 Jun 2025 02:01:24 GMT
expires: Sat, 07 Jun 2025 02:01:24 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1077:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascgcycc:1077:0
report-to: {"group":"ascgcycc:1077:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1077:0"}],}
server: Google Tag Manager
content-length: 130039
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| imgproxy.v1.bundlecdn.com/unsafe/casino_list_big_1x/plain/https://v1.bundlecdn.com/casino-images/v/h_nolimitbloodandshadow2dx1_bloodandshadow2dx1.png@avif | 154.197.121.128 | 200 OK | 5.8 kB |
URL GET imgproxy.v1.bundlecdn.com/unsafe/casino_list_big_1x/plain/https://v1.bundlecdn.com/casino-images/v/h_nolimitbloodandshadow2dx1_bloodandshadow2dx1.png@avif IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
Hashf3714885e1f5ecea48ff5a44d75b8da7 e47b6cdab101c1dda513fa2930abd35b9f818499 abd8d419313d9e9a633eda2af10dd227a85c60a35e0c15c36e346e9daf206dad
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://v1.bundlecdn.com/casino-images/v/h_nolimitbloodandshadow2dx1_bloodandshadow2dx1.png@avif HTTP/1.1
Host: imgproxy.v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:24 GMT
content-type: image/avif
content-length: 5763
cache-control: public, max-age=31536000
content-disposition: inline; filename="h_nolimitbloodandshadow2dx1_bloodandshadow2dx1.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY4MjVkNDQ4LTY4ZTYi"
expires: Sun, 07 Jun 2026 02:01:24 GMT
x-request-id: 9kQUZD2Z9h5QVRC1KXDTe
cf-cache-status: HIT
age: 688074
accept-ranges: bytes
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fb7de8892f4-CPH
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/img/nhl.9b1a4945d.svg | 154.197.121.128 | 200 OK | 5.5 kB |
URL GET v1.bundlecdn.com/img/nhl.9b1a4945d.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hash1ce9b889a9d0264e8f5f10f33057439e a294b6aab0be9f92131548485ee161b4e4e145f5 1323d35ce4ece6b0dcebf18bd0052fad5b936f468a29764e9b35d1971f3ed81a
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/nhl.9b1a4945d.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:22 GMT
content-type: image/svg+xml
last-modified: Fri, 06 Jun 2025 15:37:18 GMT
etag: W/"68430b2e-1584"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 7180
expires: Sat, 07 Jun 2025 06:01:22 GMT
cache-control: public, max-age=14400
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fabba6892f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/casino-images/prov_softswiss_Kalamba/f2f2daad-7909-4a28-93e5-f400903d2919_0.svg | 154.197.121.128 | 200 OK | 3.3 kB |
URL GET v1.bundlecdn.com/casino-images/prov_softswiss_Kalamba/f2f2daad-7909-4a28-93e5-f400903d2919_0.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hash36fde4daa9aed3edddd4271f0ff2b971 2a631c2476f3a9860e92c612357e371ba865dba1 4cf9b1b791d33206cdf508ada0031f632adbbfdde43d3eef427ed0e63b7a8bd3
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /casino-images/prov_softswiss_Kalamba/f2f2daad-7909-4a28-93e5-f400903d2919_0.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:23 GMT
content-type: image/svg+xml
etag: W/"67ed2e87-ce6"
last-modified: Wed, 02 Apr 2025 12:33:11 GMT
expires: Tue, 05 Jun 2035 02:01:23 GMT
cache-control: public, max-age=315360000
x-cache-status: HIT
cf-cache-status: HIT
age: 5659496
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fb0ec2092f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/casino-images/prov_softswiss_MPlay/cf9bd4fd-24e4-4f70-9a5a-7fb159fa309d_0.svg | 154.197.121.128 | 200 OK | 2.0 kB |
URL GET v1.bundlecdn.com/casino-images/prov_softswiss_MPlay/cf9bd4fd-24e4-4f70-9a5a-7fb159fa309d_0.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hash98c9c7c395ed2fd1ac1af7e468449847 291777f8417a2bfb944a15d8097340901a872853 06a9c3fde4b05353b1f4389d20322b5c9c156713138c586cc65a45fe92d64efe
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /casino-images/prov_softswiss_MPlay/cf9bd4fd-24e4-4f70-9a5a-7fb159fa309d_0.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:23 GMT
content-type: image/svg+xml
etag: W/"67ed2f6f-801"
last-modified: Wed, 02 Apr 2025 12:37:03 GMT
expires: Tue, 05 Jun 2035 02:01:23 GMT
cache-control: public, max-age=315360000
x-cache-status: HIT
cf-cache-status: HIT
age: 1923895
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fb13c3b92f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/casino-images/prov_softswiss_Slotmill/8fe35018-4892-45a6-9d4a-69156bc88946_0.svg | 154.197.121.128 | 200 OK | 15 kB |
URL GET v1.bundlecdn.com/casino-images/prov_softswiss_Slotmill/8fe35018-4892-45a6-9d4a-69156bc88946_0.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hash502efde8c82af6ab45c8002fdfe9a14c 341aafae12e05a51fcd1d1cb22be5c8206b24bed c466624fb175e1a2e460de90279080293d98dfa86a37056c71713e1cd41ada56
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /casino-images/prov_softswiss_Slotmill/8fe35018-4892-45a6-9d4a-69156bc88946_0.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:23 GMT
content-type: image/svg+xml
etag: W/"67ed2fd2-3c27"
last-modified: Wed, 02 Apr 2025 12:38:42 GMT
expires: Tue, 05 Jun 2035 02:01:23 GMT
cache-control: public, max-age=315360000
x-cache-status: HIT
cf-cache-status: HIT
age: 5659496
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fb1fcaa92f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/casino-images/1/categories/210116/65b664db-374a-4b73-8722-ed27c85ea36b_horizontal.svg | 154.197.121.128 | 200 OK | 2.2 kB |
URL GET v1.bundlecdn.com/casino-images/1/categories/210116/65b664db-374a-4b73-8722-ed27c85ea36b_horizontal.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hash776602883cee903c9c38bcc52c7d4f6a 9ae9c58ed9a1c9814fa9876aadfe0976939c3482 a08d6982162e561797358c0c6b253e75b0252016faa5d6dc17d97215392a960d
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /casino-images/1/categories/210116/65b664db-374a-4b73-8722-ed27c85ea36b_horizontal.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:24 GMT
content-type: image/svg+xml
etag: W/"67ee8947-8b1"
last-modified: Thu, 03 Apr 2025 13:12:39 GMT
expires: Tue, 05 Jun 2035 02:01:24 GMT
cache-control: public, max-age=315360000
x-cache-status: MISS
cf-cache-status: HIT
age: 7
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fb57dc692f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| res.1wcommon.com/F5u2SVjfitTp99fW?e89a8b0e0925a104=F_-MzJrI8a7yKwXeOU_bcV2ElVv_YJ9Ej3Z9W5x-WpsCoWVArFn7FcGSqZRSTpntvsVL_44reSsbEbvk_dqWEuKxgrla5mv6RNduoMLnKmSc8trkka1g-wTUcWfu7VL2E6IsR5cT6hHinoIYBJRzg2PLNRA&hp=.co-operativebank.co.uk/CBIBSWeb/login.do.co-operativebank.co.uk/CBIBSWeb/start.do.de/portal/portal/x.entropay.com/basemenu/prot/x.facebook.comx.nationet.com/x.netbank.commbank.com.au/netbank/bankmainx.npbs.co.uk/netmastergoldbanking/x.nwolb.xlogin.aspx?refereridentx.rbsdigital.xAccountSummaryx.smile.co.uk/SmileWeb/login.do.smile.co.uk/SmileWeb/start.do.yandex.rux/CapitalOne_Consumer/x/easypay.by/x/sbank.ru/x53.com/servlet/efsonlinex://online.wellsfargo.com/x://secure.assist.ru/assistid/protected/main.doxabbeynational.co.uk/EBAN_ENS/BtoChannelDriverxalliance-leicesterxaltergold.com/login.phpxamericanexpress.com/myca/intl/acctsumm/emea/accountSummaryxbancaintesa.it/xbankcardservices.co.ukxbankofamerica.com/xbanquepopulaire.fr/xbnpparibas.net/xcahoot.comxcapitaloneonline.co.uk/CapitalOne_Consumer/Transactionsxcbonline.co.uk/ralu/reglm-web/setupSecurityQuestionPagexcibc.comxPreSignOnxcibc.comxSignOnxcitibank.ru/xclient.uralsibbank.ruxco-operativebank.co.uk/CBIBSWeb/loginSpixcommerceonlinebanking.comxcoventrybuildingsociety.co.ukxdeutsche-bank.dexdiscovercard.com/cardmembersvcs/strongauth/app/sa_mainxebanking.bawag.comxebc_ebc1961xegg.com/customer/movemoneyxegg.com/customer/yourmoneyxfacebook.com/xhalifax-online.co.ukxMyAccountsxhalifax-online.co.uk/x/Mhalifax-online.co.uk/personalxhsbc.co.uk/1/2/personal/internet-banking/xhsbc.comxhttps://banking.postbank.de/app/finanzstatus.init.do;jsessionidxib.fineco.it/FinecoWeb/BonificiServletxib.fineco.it/FinecoWeb/jsp/Main/HBFineco.jspxib.fineco.it/FinecoWeb/jsp/Main/Principale.jspxibank.alfabank.ruxin-biz.it/xipko.plxlibertyreserve.com/x/historylibertyreserve.com/x/loginwww.libertyreserve.com/x/Core.jswww.libertyreserve.com/x/transfer.libertyreserve.com/x/commonscript.jslloydstsb.co.uk/personal/a/account_overview/xmbna.co.ukxmenyala.ruxmoney.yandex.ruxmoneybookers.com/app/login.plxmoneymail.ruxmy.ebay.co.uk/ws/eBayISAPI.dll?MyEbayxmy.ebay.com/ws/eBayISAPI.dll?MyEbayxmy.ebay.fr/ws/eBayISAPI.dll?MyEbayxmybusinessbank.co.ukxnationet.com/AppServices/SignOn/SignOnProcess/RcaSignOnxnpbs.co.ukxnwolb.com/AccountSummaryxnwolb.com/Statementsxnwolb.com/TransfersLandingPagexoltx.fidelity.com/x/x/ofsummary/summaryxonline.lloydstsb.co.ukxonlinebanking.mandtbank.com/summary/AccountSummaryxpassport.yandex.ruxpaypal.com/x/cgi-bin/webscr?cmd=_accountxpaypal.com/x/cgi-bin/webscr?cmd=_login-done&login_access=xpaypal.com/us/cgi-bin/webscr?cmd=_login-done&login_access=xposte.it/xpsk.co.at/xsecure.lloydstsb.co.uk/personal/a/account_overviewxsmile.co.uk/SmileWeb/passcodexusaa.com/xusbank.com/internetBanking/RequestRouter?requestCmdId=Gxwachovia.comxybonline.co.uk/ralu/reglm-web/setupSecurityQuestionPagex.amazon.fr/xhistory/orders/view.htmlx.banquepopulaire.frxShowPortal.dox.bnpparibasfortis.bexHome_Logon.aspx.cdiscount.com/Account/Home.aspxx.cmb.frxaccueil.jspx.credit-agricole.frxentreeBam?sessionSAGx.labanquepostale.fr/xreleveCPP-releve_ccp.eax.secure.bnpparibas.net/NSFR?Actionx.secure.lcl.frxAccueilxcredem.it/OneToOne/ebank/functionsxmijn.ing.nl/xonline.ybs.co.ukxwww.discover.com/xorder.cdiscount.comxCustomer.aspxxsealinfo.verisign.com/splash?form_filexvos-comptes.credit-du-nord.fr/CDC_TableauDeBord_0.asp?xvoscomptesenligne.labanquepostale.frxwww.x.caisse-epargne.fr/Portail.aspxxwww.exabanque.netxonglet.phpxdeutsche-bank.de/xnorisbank.de/xpostbank.de/xtargobank.de/x.x.de/portal/x.bankofamerica.com/x/commonscript.js.bmo.com/OLB?id=x.bmo.com/RMC?id=x.chase.com/x.aspxx.chase.com/js/Reporting.jsx.koodomobile.com/account/selfserve/x/xaccountId=x.payment.ru/x.scotiabank.com/portal/index.jsp?xbancopopular.es/empresasxcreval.it/login2007/loginSiciliano.aspxfirst-direct.com/xipko.plxmybusinessbank.co.ukxsanpaoloimi.com/xulsterbankanytimebanking.x/login.aspxx | 91.235.132.77 | 200 OK | 19 kB |
URL GET res.1wcommon.com/F5u2SVjfitTp99fW?e89a8b0e0925a104=F_-MzJrI8a7yKwXeOU_bcV2ElVv_YJ9Ej3Z9W5x-WpsCoWVArFn7FcGSqZRSTpntvsVL_44reSsbEbvk_dqWEuKxgrla5mv6RNduoMLnKmSc8trkka1g-wTUcWfu7VL2E6IsR5cT6hHinoIYBJRzg2PLNRA&hp=.co-operativebank.co.uk/CBIBSWeb/login.do.co-operativebank.co.uk/CBIBSWeb/start.do.de/portal/portal/x.entropay.com/basemenu/prot/x.facebook.comx.nationet.com/x.netbank.commbank.com.au/netbank/bankmainx.npbs.co.uk/netmastergoldbanking/x.nwolb.xlogin.aspx?refereridentx.rbsdigital.xAccountSummaryx.smile.co.uk/SmileWeb/login.do.smile.co.uk/SmileWeb/start.do.yandex.rux/CapitalOne_Consumer/x/easypay.by/x/sbank.ru/x53.com/servlet/efsonlinex://online.wellsfargo.com/x://secure.assist.ru/assistid/protected/main.doxabbeynational.co.uk/EBAN_ENS/BtoChannelDriverxalliance-leicesterxaltergold.com/login.phpxamericanexpress.com/myca/intl/acctsumm/emea/accountSummaryxbancaintesa.it/xbankcardservices.co.ukxbankofamerica.com/xbanquepopulaire.fr/xbnpparibas.net/xcahoot.comxcapitaloneonline.co.uk/CapitalOne_Consumer/Transactionsxcbonline.co.uk/ralu/reglm-web/setupSecurityQuestionPagexcibc.comxPreSignOnxcibc.comxSignOnxcitibank.ru/xclient.uralsibbank.ruxco-operativebank.co.uk/CBIBSWeb/loginSpixcommerceonlinebanking.comxcoventrybuildingsociety.co.ukxdeutsche-bank.dexdiscovercard.com/cardmembersvcs/strongauth/app/sa_mainxebanking.bawag.comxebc_ebc1961xegg.com/customer/movemoneyxegg.com/customer/yourmoneyxfacebook.com/xhalifax-online.co.ukxMyAccountsxhalifax-online.co.uk/x/Mhalifax-online.co.uk/personalxhsbc.co.uk/1/2/personal/internet-banking/xhsbc.comxhttps://banking.postbank.de/app/finanzstatus.init.do;jsessionidxib.fineco.it/FinecoWeb/BonificiServletxib.fineco.it/FinecoWeb/jsp/Main/HBFineco.jspxib.fineco.it/FinecoWeb/jsp/Main/Principale.jspxibank.alfabank.ruxin-biz.it/xipko.plxlibertyreserve.com/x/historylibertyreserve.com/x/loginwww.libertyreserve.com/x/Core.jswww.libertyreserve.com/x/transfer.libertyreserve.com/x/commonscript.jslloydstsb.co.uk/personal/a/account_overview/xmbna.co.ukxmenyala.ruxmoney.yandex.ruxmoneybookers.com/app/login.plxmoneymail.ruxmy.ebay.co.uk/ws/eBayISAPI.dll?MyEbayxmy.ebay.com/ws/eBayISAPI.dll?MyEbayxmy.ebay.fr/ws/eBayISAPI.dll?MyEbayxmybusinessbank.co.ukxnationet.com/AppServices/SignOn/SignOnProcess/RcaSignOnxnpbs.co.ukxnwolb.com/AccountSummaryxnwolb.com/Statementsxnwolb.com/TransfersLandingPagexoltx.fidelity.com/x/x/ofsummary/summaryxonline.lloydstsb.co.ukxonlinebanking.mandtbank.com/summary/AccountSummaryxpassport.yandex.ruxpaypal.com/x/cgi-bin/webscr?cmd=_accountxpaypal.com/x/cgi-bin/webscr?cmd=_login-done&login_access=xpaypal.com/us/cgi-bin/webscr?cmd=_login-done&login_access=xposte.it/xpsk.co.at/xsecure.lloydstsb.co.uk/personal/a/account_overviewxsmile.co.uk/SmileWeb/passcodexusaa.com/xusbank.com/internetBanking/RequestRouter?requestCmdId=Gxwachovia.comxybonline.co.uk/ralu/reglm-web/setupSecurityQuestionPagex.amazon.fr/xhistory/orders/view.htmlx.banquepopulaire.frxShowPortal.dox.bnpparibasfortis.bexHome_Logon.aspx.cdiscount.com/Account/Home.aspxx.cmb.frxaccueil.jspx.credit-agricole.frxentreeBam?sessionSAGx.labanquepostale.fr/xreleveCPP-releve_ccp.eax.secure.bnpparibas.net/NSFR?Actionx.secure.lcl.frxAccueilxcredem.it/OneToOne/ebank/functionsxmijn.ing.nl/xonline.ybs.co.ukxwww.discover.com/xorder.cdiscount.comxCustomer.aspxxsealinfo.verisign.com/splash?form_filexvos-comptes.credit-du-nord.fr/CDC_TableauDeBord_0.asp?xvoscomptesenligne.labanquepostale.frxwww.x.caisse-epargne.fr/Portail.aspxxwww.exabanque.netxonglet.phpxdeutsche-bank.de/xnorisbank.de/xpostbank.de/xtargobank.de/x.x.de/portal/x.bankofamerica.com/x/commonscript.js.bmo.com/OLB?id=x.bmo.com/RMC?id=x.chase.com/x.aspxx.chase.com/js/Reporting.jsx.koodomobile.com/account/selfserve/x/xaccountId=x.payment.ru/x.scotiabank.com/portal/index.jsp?xbancopopular.es/empresasxcreval.it/login2007/loginSiciliano.aspxfirst-direct.com/xipko.plxmybusinessbank.co.ukxsanpaoloimi.com/xulsterbankanytimebanking.x/login.aspxx IP91.235.132.77:443
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerSectigo Limited Subjectres.1wcommon.com FingerprintCA:57:9A:79:5A:DA:C3:1F:13:79:8E:6D:47:D3:CE:AC:9B:E3:07:28 ValidityWed, 04 Dec 2024 00:00:00 GMT - Sun, 04 Jan 2026 23:59:59 GMT
File typeHTML document, ASCII text, with very long lines (311), with CRLF, LF line terminators Hashccb1a78b88a874803c1dfd3e1e05e485 2d3a1ecaf6332a98df32d1f313804efdc64d68f0 928d874b87ef13e1213a9ca5e6c37c6fa855527142827bc991c6cacbb006d4d5
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /F5u2SVjfitTp99fW?e89a8b0e0925a104=F_-MzJrI8a7yKwXeOU_bcV2ElVv_YJ9Ej3Z9W5x-WpsCoWVArFn7FcGSqZRSTpntvsVL_44reSsbEbvk_dqWEuKxgrla5mv6RNduoMLnKmSc8trkka1g-wTUcWfu7VL2E6IsR5cT6hHinoIYBJRzg2PLNRA&hp=.co-operativebank.co.uk/CBIBSWeb/login.do.co-operativebank.co.uk/CBIBSWeb/start.do.de/portal/portal/x.entropay.com/basemenu/prot/x.facebook.comx.nationet.com/x.netbank.commbank.com.au/netbank/bankmainx.npbs.co.uk/netmastergoldbanking/x.nwolb.xlogin.aspx?refereridentx.rbsdigital.xAccountSummaryx.smile.co.uk/SmileWeb/login.do.smile.co.uk/SmileWeb/start.do.yandex.rux/CapitalOne_Consumer/x/easypay.by/x/sbank.ru/x53.com/servlet/efsonlinex://online.wellsfargo.com/x://secure.assist.ru/assistid/protected/main.doxabbeynational.co.uk/EBAN_ENS/BtoChannelDriverxalliance-leicesterxaltergold.com/login.phpxamericanexpress.com/myca/intl/acctsumm/emea/accountSummaryxbancaintesa.it/xbankcardservices.co.ukxbankofamerica.com/xbanquepopulaire.fr/xbnpparibas.net/xcahoot.comxcapitaloneonline.co.uk/CapitalOne_Consumer/Transactionsxcbonline.co.uk/ralu/reglm-web/setupSecurityQuestionPagexcibc.comxPreSignOnxcibc.comxSignOnxcitibank.ru/xclient.uralsibbank.ruxco-operativebank.co.uk/CBIBSWeb/loginSpixcommerceonlinebanking.comxcoventrybuildingsociety.co.ukxdeutsche-bank.dexdiscovercard.com/cardmembersvcs/strongauth/app/sa_mainxebanking.bawag.comxebc_ebc1961xegg.com/customer/movemoneyxegg.com/customer/yourmoneyxfacebook.com/xhalifax-online.co.ukxMyAccountsxhalifax-online.co.uk/x/Mhalifax-online.co.uk/personalxhsbc.co.uk/1/2/personal/internet-banking/xhsbc.comxhttps://banking.postbank.de/app/finanzstatus.init.do;jsessionidxib.fineco.it/FinecoWeb/BonificiServletxib.fineco.it/FinecoWeb/jsp/Main/HBFineco.jspxib.fineco.it/FinecoWeb/jsp/Main/Principale.jspxibank.alfabank.ruxin-biz.it/xipko.plxlibertyreserve.com/x/historylibertyreserve.com/x/loginwww.libertyreserve.com/x/Core.jswww.libertyreserve.com/x/transfer.libertyreserve.com/x/commonscript.jslloydstsb.co.uk/personal/a/account_overview/xmbna.co.ukxmenyala.ruxmoney.yandex.ruxmoneybookers.com/app/login.plxmoneymail.ruxmy.ebay.co.uk/ws/eBayISAPI.dll?MyEbayxmy.ebay.com/ws/eBayISAPI.dll?MyEbayxmy.ebay.fr/ws/eBayISAPI.dll?MyEbayxmybusinessbank.co.ukxnationet.com/AppServices/SignOn/SignOnProcess/RcaSignOnxnpbs.co.ukxnwolb.com/AccountSummaryxnwolb.com/Statementsxnwolb.com/TransfersLandingPagexoltx.fidelity.com/x/x/ofsummary/summaryxonline.lloydstsb.co.ukxonlinebanking.mandtbank.com/summary/AccountSummaryxpassport.yandex.ruxpaypal.com/x/cgi-bin/webscr?cmd=_accountxpaypal.com/x/cgi-bin/webscr?cmd=_login-done&login_access=xpaypal.com/us/cgi-bin/webscr?cmd=_login-done&login_access=xposte.it/xpsk.co.at/xsecure.lloydstsb.co.uk/personal/a/account_overviewxsmile.co.uk/SmileWeb/passcodexusaa.com/xusbank.com/internetBanking/RequestRouter?requestCmdId=Gxwachovia.comxybonline.co.uk/ralu/reglm-web/setupSecurityQuestionPagex.amazon.fr/xhistory/orders/view.htmlx.banquepopulaire.frxShowPortal.dox.bnpparibasfortis.bexHome_Logon.aspx.cdiscount.com/Account/Home.aspxx.cmb.frxaccueil.jspx.credit-agricole.frxentreeBam?sessionSAGx.labanquepostale.fr/xreleveCPP-releve_ccp.eax.secure.bnpparibas.net/NSFR?Actionx.secure.lcl.frxAccueilxcredem.it/OneToOne/ebank/functionsxmijn.ing.nl/xonline.ybs.co.ukxwww.discover.com/xorder.cdiscount.comxCustomer.aspxxsealinfo.verisign.com/splash?form_filexvos-comptes.credit-du-nord.fr/CDC_TableauDeBord_0.asp?xvoscomptesenligne.labanquepostale.frxwww.x.caisse-epargne.fr/Portail.aspxxwww.exabanque.netxonglet.phpxdeutsche-bank.de/xnorisbank.de/xpostbank.de/xtargobank.de/x.x.de/portal/x.bankofamerica.com/x/commonscript.js.bmo.com/OLB?id=x.bmo.com/RMC?id=x.chase.com/x.aspxx.chase.com/js/Reporting.jsx.koodomobile.com/account/selfserve/x/xaccountId=x.payment.ru/x.scotiabank.com/portal/index.jsp?xbancopopular.es/empresasxcreval.it/login2007/loginSiciliano.aspxfirst-direct.com/xipko.plxmybusinessbank.co.ukxsanpaoloimi.com/xulsterbankanytimebanking.x/login.aspxx HTTP/1.1
Host: res.1wcommon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Cookie: thx_guid=1822d361c68f65cff7bbe04c52d309b0; tmx_guid=AAw6PUcB4sg64sibo0iD2O5yGB-Oy3QS8DpTK0nCRRr0Og_jbqsd-37Hw33OnpttNR1AnAp7gqKK7mAqYxMK8J7RMAEPzg
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 07 Jun 2025 02:01:27 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Connection: Keep-Alive, Keep-Alive
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT
X-UA-Compatible: IE=Edge
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=2, max=99
Transfer-Encoding: chunked
|
|
| res.1wcommon.com/mX5SjEYye0XQrb_C?f2691fcb2a38cb1c=0HNxzkuJGXowgjNdModpl9Mx58M2uG3-nEnTClwiCnmB3fgBnWIFRSyCiPayJmAaV_EsbNOKQEfy3YebWWM13ebx7PYsHBep536YAkwX2RRIhCaxy-wvOwhPQl7EOKTB64V5NH_cu1KUWgCA5tKvMQ | 91.235.132.77 | 200 OK | 134 B |
URL GET res.1wcommon.com/mX5SjEYye0XQrb_C?f2691fcb2a38cb1c=0HNxzkuJGXowgjNdModpl9Mx58M2uG3-nEnTClwiCnmB3fgBnWIFRSyCiPayJmAaV_EsbNOKQEfy3YebWWM13ebx7PYsHBep536YAkwX2RRIhCaxy-wvOwhPQl7EOKTB64V5NH_cu1KUWgCA5tKvMQ IP91.235.132.77:443
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerSectigo Limited Subjectres.1wcommon.com FingerprintCA:57:9A:79:5A:DA:C3:1F:13:79:8E:6D:47:D3:CE:AC:9B:E3:07:28 ValidityWed, 04 Dec 2024 00:00:00 GMT - Sun, 04 Jan 2026 23:59:59 GMT
File typeASCII text, with no line terminators Hashc317454f5070350c3594935649dcb5a1 4a34373c669379d13e70adf7bea27ee8e817be50 63b860553ffa492450c64a7da88e739d82c7afeec9cacafbb6cc8f0861a5f2b0
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /mX5SjEYye0XQrb_C?f2691fcb2a38cb1c=0HNxzkuJGXowgjNdModpl9Mx58M2uG3-nEnTClwiCnmB3fgBnWIFRSyCiPayJmAaV_EsbNOKQEfy3YebWWM13ebx7PYsHBep536YAkwX2RRIhCaxy-wvOwhPQl7EOKTB64V5NH_cu1KUWgCA5tKvMQ HTTP/1.1
Host: res.1wcommon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Cookie: thx_guid=1822d361c68f65cff7bbe04c52d309b0; tmx_guid=AAw6PUcB4sg64sibo0iD2O5yGB-Oy3QS8DpTK0nCRRr0Og_jbqsd-37Hw33OnpttNR1AnAp7gqKK7mAqYxMK8J7RMAEPzg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 07 Jun 2025 02:01:27 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Connection: Keep-Alive, Keep-Alive
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/javascript;charset=UTF-8
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=2, max=100
Transfer-Encoding: chunked
|
|
| 1w-jp-ftend-pp.top/firebase/8.1.1/firebase-messaging.js | 186.2.162.102 | 200 OK | 41 kB |
URL GET 1w-jp-ftend-pp.top/firebase/8.1.1/firebase-messaging.js IP186.2.162.102:443
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerLet's Encrypt Subject1w-jp-ftend-pp.top FingerprintD8:19:54:6C:72:76:2A:9F:4D:9C:E8:D4:AB:99:90:76:B0:36:E2:3D ValiditySun, 01 Jun 2025 03:16:50 GMT - Sat, 30 Aug 2025 03:16:49 GMT
File typeJavaScript source, ASCII text, with very long lines (40719) Hash450e8b32262706d42cfdd438c49208f5 31c7e4aac1d1303c1e83a0b591abc3501e278668 58a372bb9d424111a2e73c427edb10db91c0f05e8f323f046d20f5cf8fd6f30f
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /firebase/8.1.1/firebase-messaging.js HTTP/1.1
Host: 1w-jp-ftend-pp.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Cookie: __ddg8_=kBZ2I3IHwaL8GovF; __ddg10_=1749261681; __ddg9_=91.90.42.154; __ddg1_=KSoY9uwf9i8O4qnFOkqt; visit_domain=1w-jp-ftend-pp.top; 1w_lang=en; fvt=2025-06-07T02:01:20.009Z; AMP_494cccfe21=JTdCJTIyZGV2aWNlSWQlMjIlM0ElMjJjYjAwMWU5ZS1kODg3LTRmNzEtOWIyMy1kYjc2MTNjYTM5Y2ElMjIlMkMlMjJzZXNzaW9uSWQlMjIlM0ExNzQ5MjYxNjgwMDIzJTJDJTIyb3B0T3V0JTIyJTNBZmFsc2UlMkMlMjJsYXN0RXZlbnRUaW1lJTIyJTNBMTc0OTI2MTY4MTAzMSUyQyUyMmxhc3RFdmVudElkJTIyJTNBMCUyQyUyMnBhZ2VDb3VudGVyJTIyJTNBMCU3RA==; 1w_locale=1; _ftv=1749261680
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=Lxj0OFsL0Gae2Ypd; Domain=.1w-jp-ftend-pp.top; Path=/; Expires=Sat, 07-Jun-2025 02:21:21 GMT
__ddg10_=1749261681; Domain=.1w-jp-ftend-pp.top; Path=/; Expires=Sat, 07-Jun-2025 02:21:21 GMT
__ddg9_=91.90.42.154; Domain=.1w-jp-ftend-pp.top; Path=/; Expires=Sat, 07-Jun-2025 02:21:21 GMT
date: Sat, 07 Jun 2025 02:01:21 GMT
content-type: application/javascript
last-modified: Fri, 06 Jun 2025 15:37:18 GMT
etag: W/"68430b2e-9f25"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
content-encoding: br
vary: Accept-Encoding
age: 0
ddg-cache-status: MISS,MISS
X-Firefox-Spdy: h2
|
|
| v1.bundlecdn.com/casino-images/prov_softswiss_KA%20Gaming/eb6609a6-c73f-4b21-8c4c-7204503064b2_0.svg | 154.197.121.128 | 200 OK | 8.0 kB |
URL GET v1.bundlecdn.com/casino-images/prov_softswiss_KA%20Gaming/eb6609a6-c73f-4b21-8c4c-7204503064b2_0.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hash317185e40fe58673e0a8775e227bd967 49cc13c36ff5a570a123ecb1840a1ed1a3519075 bf0b75d85f11583b36b89c44ab82fae4b347e9a01bb0b78fefa0cd6fdab855b9
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /casino-images/prov_softswiss_KA%20Gaming/eb6609a6-c73f-4b21-8c4c-7204503064b2_0.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:23 GMT
content-type: image/svg+xml
etag: W/"67ed2f65-1f20"
last-modified: Wed, 02 Apr 2025 12:36:53 GMT
expires: Tue, 05 Jun 2035 02:01:23 GMT
cache-control: public, max-age=315360000
x-cache-status: MISS
cf-cache-status: HIT
age: 3103825
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fb0ec1e92f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/img/fugaso.90ac21190.svg | 154.197.121.128 | 200 OK | 2.3 kB |
URL GET v1.bundlecdn.com/img/fugaso.90ac21190.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hash58aae1bf6da7bae7036df89536e3a0de 8e3f8c8a99840a3c1798da3c88ccf7fe5320eb7d 80c962082234d49e28c7837e891fd1d54c8a8a54f50447445131a87535490427
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/fugaso.90ac21190.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:23 GMT
content-type: image/svg+xml
last-modified: Fri, 06 Jun 2025 15:37:18 GMT
etag: W/"68430b2e-8f9"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 7180
expires: Sat, 07 Jun 2025 06:01:23 GMT
cache-control: public, max-age=14400
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fafcbce92f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/casino-images/prov_infingames_Playbro/15e852ce-3267-432d-9e9e-4e685b85e968_0.svg | 154.197.121.128 | 200 OK | 6.1 kB |
URL GET v1.bundlecdn.com/casino-images/prov_infingames_Playbro/15e852ce-3267-432d-9e9e-4e685b85e968_0.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hash583f0d0983eed5241a0749db761e2a6c 3105cc4d03029322a60a17fff7268542294942ca 07371810cccd3f8ee581d232e32bd6d6c7fa635439372662df12363021a05c2a
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /casino-images/prov_infingames_Playbro/15e852ce-3267-432d-9e9e-4e685b85e968_0.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:23 GMT
content-type: image/svg+xml
etag: W/"67ed2a2d-17a5"
last-modified: Wed, 02 Apr 2025 12:14:37 GMT
expires: Tue, 05 Jun 2035 02:01:23 GMT
cache-control: public, max-age=315360000
x-cache-status: HIT
cf-cache-status: HIT
age: 5662744
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fb1ac7d92f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| imgproxy.v1.bundlecdn.com/unsafe/casino_list_big_1x/plain/https://v1.bundlecdn.com/casino-images/v/h_nolimitkarendx1_karendx1.png@avif | 154.197.121.128 | 200 OK | 8.1 kB |
URL GET imgproxy.v1.bundlecdn.com/unsafe/casino_list_big_1x/plain/https://v1.bundlecdn.com/casino-images/v/h_nolimitkarendx1_karendx1.png@avif IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
Hasha855251e30ee014444a10d2e09c55642 be3611b166f4fb8877891902325bf8bafa6b7ebb b3bd6f940d1c0a2535b95075eada6992f1db187607e3b54f20517ba5ff42e087
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://v1.bundlecdn.com/casino-images/v/h_nolimitkarendx1_karendx1.png@avif HTTP/1.1
Host: imgproxy.v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:24 GMT
content-type: image/avif
content-length: 8085
cache-control: public, max-age=31536000
content-disposition: inline; filename="h_nolimitkarendx1_karendx1.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY4MjVkNDczLThjNTki"
expires: Sun, 07 Jun 2026 02:01:24 GMT
x-request-id: ITCULftLmHOGUk9KaK5cW
cf-cache-status: HIT
age: 688074
accept-ranges: bytes
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fb7de8592f4-CPH
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| imgproxy.v1.bundlecdn.com/unsafe/casino_list_big_1x/plain/https://v1.bundlecdn.com/casino-images/fundist/71e7a6e8-e0fb-4775-8133-023bf3bc624c_horizontal.png@avif | 154.197.121.128 | 200 OK | 5.2 kB |
URL GET imgproxy.v1.bundlecdn.com/unsafe/casino_list_big_1x/plain/https://v1.bundlecdn.com/casino-images/fundist/71e7a6e8-e0fb-4775-8133-023bf3bc624c_horizontal.png@avif IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
Hash5ed68df56ac80aae9ddf7935bda3910f ecbea1a8365b6f4c4f99d4febaee2ad99c1eb365 de4f4af6746e22095436ad04e3f887bc91d6a2a1a40f536f8b680a65dab994ed
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://v1.bundlecdn.com/casino-images/fundist/71e7a6e8-e0fb-4775-8133-023bf3bc624c_horizontal.png@avif HTTP/1.1
Host: imgproxy.v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:24 GMT
content-type: image/avif
content-length: 5243
cache-control: public, max-age=31536000
content-disposition: inline; filename="71e7a6e8-e0fb-4775-8133-023bf3bc624c_horizontal.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY3NTcyNWQzLTIzYWI0Ig"
expires: Sun, 07 Jun 2026 02:01:24 GMT
x-request-id: flFdFtet99NbDCUl-i607
cf-cache-status: HIT
age: 1908538
accept-ranges: bytes
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fb7fe9692f4-CPH
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| routerpp.life/api/v1/product-visits | 154.197.121.200 | 201 Created | 314 B |
URL POST routerpp.life/api/v1/product-visits IP154.197.121.200:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectrouterpp.life Fingerprint54:BC:16:29:E4:18:62:66:8B:32:32:06:55:91:CE:FE:5A:89:41:0B ValidityTue, 29 Apr 2025 13:45:18 GMT - Mon, 28 Jul 2025 14:45:16 GMT
Hash4801d671b53b2a0b7be88c47e878c298 824621461462a9af6e827d3b9d88cbf3e0be6f25 2048a6560c9e9873d8b8d09badab8b3d359567177d42b6980b6965a6cfc97592
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
POST /api/v1/product-visits HTTP/1.1
Host: routerpp.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1w-jp-ftend-pp.top/
Content-Type: application/json
X-Unique-Key: 554e85fb36c8bae39f4be57f5afc87e0
Content-Length: 108
Origin: https://1w-jp-ftend-pp.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 201 Created
date: Sat, 07 Jun 2025 02:01:21 GMT
content-type: application/json
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://1w-jp-ftend-pp.top
x-content-type-options: nosniff
x-xss-protection: 0
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
strict-transport-security: max-age=31536000 ; includeSubDomains
x-frame-options: DENY
cf-cache-status: DYNAMIC
set-cookie: __cf_bm=eaDcalMzVH26.Zcr9TuwgsXcrRtVg5bxvEKSg3FdT.w-1749261681-1.0.1.1-VY0lCXriTDEILnMv24DL2e7etjkl1ZT98GDBBFHLdNvkWnchCNpuSjzJ2Ph44jxUinxWA072W0HZQob8LjmMiIwNjo7PNq6HVe668k8Ln9E; path=/; expires=Sat, 07-Jun-25 02:31:21 GMT; domain=.routerpp.life; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 94bc8fa35ac3b24b-CPH
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| v1.bundlecdn.com/js/37896.553ada297.js | 154.197.121.128 | 200 OK | 697 B |
URL GET v1.bundlecdn.com/js/37896.553ada297.js IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeJavaScript source, ASCII text, with very long lines (697), with no line terminators Hash2aa820197f2c16b7da4756ac65baa85a a1967de4c5e31ac8db1cc59165b9c0e5a55fca4f 0bc62506b293dd2a11a8d5078d8d0cca5998244897e3494675bfc74d8ba27695
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/37896.553ada297.js HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:21 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 19 May 2025 09:46:11 GMT
etag: W/"682afde3-2b9"
expires: Tue, 05 Jun 2035 02:01:21 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1612000
priority: u=3,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fa6790892f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/casino-images/prov_mrslotty_Apollo%20Play/af7b5eb0-6605-4f3d-a143-e1780eb60a68_0.svg | 154.197.121.128 | 200 OK | 5.5 kB |
URL GET v1.bundlecdn.com/casino-images/prov_mrslotty_Apollo%20Play/af7b5eb0-6605-4f3d-a143-e1780eb60a68_0.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hash78668fb1947b8269e79290e22d58c348 da6865a6d9fba1edf3bbad7fbdef90ed948a0fc2 9e1ea1fb090885e11d3209d6157c7f42304c17920c03f0070a68912fb6ccaed8
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /casino-images/prov_mrslotty_Apollo%20Play/af7b5eb0-6605-4f3d-a143-e1780eb60a68_0.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:22 GMT
content-type: image/svg+xml
etag: W/"67ed244c-1585"
last-modified: Wed, 02 Apr 2025 11:49:32 GMT
expires: Tue, 05 Jun 2035 02:01:22 GMT
cache-control: public, max-age=315360000
x-cache-status: HIT
cf-cache-status: HIT
age: 5664973
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8faeab6892f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/casino-images/prov_mrslotty_LiW/785a2c55-3fe6-4f28-a961-28f5d3d5c9e6_0.svg | 154.197.121.128 | 200 OK | 4.9 kB |
URL GET v1.bundlecdn.com/casino-images/prov_mrslotty_LiW/785a2c55-3fe6-4f28-a961-28f5d3d5c9e6_0.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hashedae51d9b54b1d80d1afdb37e9436953 db598c7951b8100f37275f8176a1bb105f1684fc 656f5c67129c1d9226255db47c0f12219cf279cf93fde58eb7ded5d48c48274e
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /casino-images/prov_mrslotty_LiW/785a2c55-3fe6-4f28-a961-28f5d3d5c9e6_0.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:23 GMT
content-type: image/svg+xml
etag: W/"67ed26da-130e"
last-modified: Wed, 02 Apr 2025 12:00:26 GMT
expires: Tue, 05 Jun 2035 02:01:23 GMT
cache-control: public, max-age=315360000
x-cache-status: HIT
cf-cache-status: HIT
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fb10c2d92f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/casino-images/prov_softswiss_Poggiplay/2a31658d-8bae-40d1-bfe1-fe4057e373a1_0.svg | 154.197.121.128 | 200 OK | 13 kB |
URL GET v1.bundlecdn.com/casino-images/prov_softswiss_Poggiplay/2a31658d-8bae-40d1-bfe1-fe4057e373a1_0.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hasha5f6a042f8fed2a4edf8d6007cf7e3b6 ab05e32e60f6599172589951f79d12a72f4538ab ae2dbebb440d189727e81c686c2fa1f72ace2ab3ecdea04ad4d67793222038b7
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /casino-images/prov_softswiss_Poggiplay/2a31658d-8bae-40d1-bfe1-fe4057e373a1_0.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:23 GMT
content-type: image/svg+xml
etag: W/"67ed410c-3333"
last-modified: Wed, 02 Apr 2025 13:52:12 GMT
expires: Tue, 05 Jun 2035 02:01:23 GMT
cache-control: public, max-age=315360000
x-cache-status: HIT
cf-cache-status: HIT
age: 5658655
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fb1cc8792f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/casino-images/prov_fundist_Spadegaming/7b6e6a7a-6999-44f9-8071-2792f3423fc9_0.svg | 154.197.121.128 | 200 OK | 3.7 kB |
URL GET v1.bundlecdn.com/casino-images/prov_fundist_Spadegaming/7b6e6a7a-6999-44f9-8071-2792f3423fc9_0.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hash8ad6ed9a969546a8c2c95f253b68e7cc 0d6daed07e3241e43032d1540aae1cf667ee0889 0d76582579750a478dbeb6a2c1d41cc72d17a14e1132d91b059fb106c9f6fed2
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /casino-images/prov_fundist_Spadegaming/7b6e6a7a-6999-44f9-8071-2792f3423fc9_0.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:23 GMT
content-type: image/svg+xml
etag: W/"67ed207b-e82"
last-modified: Wed, 02 Apr 2025 11:33:15 GMT
expires: Tue, 05 Jun 2035 02:01:23 GMT
cache-control: public, max-age=315360000
x-cache-status: HIT
cf-cache-status: HIT
age: 5659496
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fb20cae92f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| 1w-jp-ftend-pp.top/analytics/events?event_name=slider_banner_view&pgi=GTM-KGKQDC7 | 186.2.162.102 | 204 No Content | 0 B |
URL POST 1w-jp-ftend-pp.top/analytics/events?event_name=slider_banner_view&pgi=GTM-KGKQDC7 IP186.2.162.102:443
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerLet's Encrypt Subject1w-jp-ftend-pp.top FingerprintD8:19:54:6C:72:76:2A:9F:4D:9C:E8:D4:AB:99:90:76:B0:36:E2:3D ValiditySun, 01 Jun 2025 03:16:50 GMT - Sat, 30 Aug 2025 03:16:49 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
POST /analytics/events?event_name=slider_banner_view&pgi=GTM-KGKQDC7 HTTP/1.1
Host: 1w-jp-ftend-pp.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 810
Origin: https://1w-jp-ftend-pp.top
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Cookie: __ddg8_=qytao1SyvwdcDN14; __ddg10_=1749261688; __ddg9_=91.90.42.154; __ddg1_=KSoY9uwf9i8O4qnFOkqt; visit_domain=1w-jp-ftend-pp.top; 1w_lang=en; fvt=2025-06-07T02:01:20.009Z; AMP_494cccfe21=JTdCJTIyZGV2aWNlSWQlMjIlM0ElMjJjYjAwMWU5ZS1kODg3LTRmNzEtOWIyMy1kYjc2MTNjYTM5Y2ElMjIlMkMlMjJzZXNzaW9uSWQlMjIlM0ExNzQ5MjYxNjgwMDIzJTJDJTIyb3B0T3V0JTIyJTNBZmFsc2UlMkMlMjJsYXN0RXZlbnRUaW1lJTIyJTNBMTc0OTI2MTY4NzcyNyUyQyUyMmxhc3RFdmVudElkJTIyJTNBMSUyQyUyMnBhZ2VDb3VudGVyJTIyJTNBMCU3RA==; 1w_locale=1; _ftv=1749261680; click_id=a6ddd5b3-e9db-402e-8792-053a060e33bb; core-sticky=a8a9ce735354173d; _gcl_au=1.1.813207091.1749261686; _ga_548949LWLW=GS2.1.s1749261686$o1$g0$t1749261686$j60$l0$h0; _ga=GA1.1.961746610.1749261686; _ga_0GFT8ZSQGY=GS2.1.s1749261686$o1$g0$t1749261686$j60$l0$h0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/2 204 No Content
server: ddos-guard
set-cookie: __ddg8_=ji79n4944wiM6W0E; Domain=.1w-jp-ftend-pp.top; Path=/; Expires=Sat, 07-Jun-2025 02:21:28 GMT
__ddg10_=1749261688; Domain=.1w-jp-ftend-pp.top; Path=/; Expires=Sat, 07-Jun-2025 02:21:28 GMT
__ddg9_=91.90.42.154; Domain=.1w-jp-ftend-pp.top; Path=/; Expires=Sat, 07-Jun-2025 02:21:28 GMT
date: Sat, 07 Jun 2025 02:01:28 GMT
X-Firefox-Spdy: h2
|
|
| v1.bundlecdn.com/css/85631.367382c8e.css | 154.197.121.128 | 200 OK | 44 kB |
URL GET v1.bundlecdn.com/css/85631.367382c8e.css IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeASCII text, with very long lines (43980) Hash660053ead691437cd7600ab365f7fbb5 db182d39aa43ab93c61d60b378d8af09d382fde5 06fe4859c09b337eedf3f597d83a7daa66594cf0025064652154af95a73ef0e2
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /css/85631.367382c8e.css HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:19 GMT
content-type: text/css
last-modified: Thu, 05 Jun 2025 12:28:01 GMT
etag: W/"68418d51-abcd"
expires: Tue, 05 Jun 2035 02:01:19 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 134368
priority: u=2,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8f9a2de492f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/img/present-with-light.bd57fb068-151.png | 154.197.121.128 | 200 OK | 5.6 kB |
URL GET v1.bundlecdn.com/img/present-with-light.bd57fb068-151.png IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typePNG image data, 151 x 161, 8-bit colormap, non-interlaced Hasha804ad67f4add53f8c251c2ebc80469d 4108aeab2f7a7c3720885edeb445e6131a383a49 06cee660e5b0dfa3ec59c1a1e03e4ab3da6cb22d1e49c9c51f9cf84ed925e304
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/present-with-light.bd57fb068-151.png HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:21 GMT
content-type: image/png
content-length: 5600
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cf-bgj: imgq:100,h2pri
cf-polished: origSize=6732
etag: "68430b2e-1a4c"
last-modified: Fri, 06 Jun 2025 15:37:18 GMT
cf-cache-status: HIT
age: 7180
expires: Sat, 07 Jun 2025 06:01:21 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fa4683892f4-CPH
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| res.1wcommon.com/yr7BspoRnWAkeL10?f47807dca10ea169=W_EuJ4VeNuwVyo1yPn5bTioolSCXkg4YGmgphRlNfSilmYt1nIAyemcFXeGhzpqF6gJjszzlb2q6d_5cYALX5TPhHhmlSky8fAnQxf5pv9jktj3XKnpAYkN5kjNBdLdGbDNKLPQor5_uEGHvEm15OeU46QzzXeqc4lso5EOqJ06T4jBTAOIMgi06jlOTnQNcEG7NcMATtTZLT2yQpg8 | 91.235.132.77 | 200 OK | 101 kB |
URL GET res.1wcommon.com/yr7BspoRnWAkeL10?f47807dca10ea169=W_EuJ4VeNuwVyo1yPn5bTioolSCXkg4YGmgphRlNfSilmYt1nIAyemcFXeGhzpqF6gJjszzlb2q6d_5cYALX5TPhHhmlSky8fAnQxf5pv9jktj3XKnpAYkN5kjNBdLdGbDNKLPQor5_uEGHvEm15OeU46QzzXeqc4lso5EOqJ06T4jBTAOIMgi06jlOTnQNcEG7NcMATtTZLT2yQpg8 IP91.235.132.77:443
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerSectigo Limited Subjectres.1wcommon.com FingerprintCA:57:9A:79:5A:DA:C3:1F:13:79:8E:6D:47:D3:CE:AC:9B:E3:07:28 ValidityWed, 04 Dec 2024 00:00:00 GMT - Sun, 04 Jan 2026 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (15506) Size101 kB (101345 bytes) Hash4d37c8c57bc69136d6061085310d3786 a135522035d38edb11400faf71226c5fe2c85ca7 2e13d97a349d29f3028d1ed73c26930d8d4060c2d7012cc4f69cd402fc39d4b8
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /yr7BspoRnWAkeL10?f47807dca10ea169=W_EuJ4VeNuwVyo1yPn5bTioolSCXkg4YGmgphRlNfSilmYt1nIAyemcFXeGhzpqF6gJjszzlb2q6d_5cYALX5TPhHhmlSky8fAnQxf5pv9jktj3XKnpAYkN5kjNBdLdGbDNKLPQor5_uEGHvEm15OeU46QzzXeqc4lso5EOqJ06T4jBTAOIMgi06jlOTnQNcEG7NcMATtTZLT2yQpg8 HTTP/1.1
Host: res.1wcommon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Cookie: thx_guid=1822d361c68f65cff7bbe04c52d309b0; tmx_guid=AAw6PUcB4sg64sibo0iD2O5yGB-Oy3QS8DpTK0nCRRr0Og_jbqsd-37Hw33OnpttNR1AnAp7gqKK7mAqYxMK8J7RMAEPzg
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 07 Jun 2025 02:01:27 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Connection: Keep-Alive, Keep-Alive
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT
X-Robots-Tag: noindex, nofollow
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=2, max=98
Transfer-Encoding: chunked
|
|
| res.1wcommon.com/Tf2zW2KAAC3arEbZ?b1dc1f9546a0f43f=ne2weKGmm5Y30ljJazHwrmRyasAnYlLAzyliEXGeK5b06FyyKVG502105geJIB50e2GbzuGLQVrx0ScRSSyd6AajCPoOqHRampuSrpB_f_vzud9UeGfdwFyy2N2WPIqmf41ChHi47Q_-UijCfx9endyc5PlCfJ8UOrwDAHIIF9ILAykIySR5x8nguQNLfKaHcUC-MYMeUz8FKlceMzG- | 91.235.132.77 | 200 OK | 99 kB |
URL GET res.1wcommon.com/Tf2zW2KAAC3arEbZ?b1dc1f9546a0f43f=ne2weKGmm5Y30ljJazHwrmRyasAnYlLAzyliEXGeK5b06FyyKVG502105geJIB50e2GbzuGLQVrx0ScRSSyd6AajCPoOqHRampuSrpB_f_vzud9UeGfdwFyy2N2WPIqmf41ChHi47Q_-UijCfx9endyc5PlCfJ8UOrwDAHIIF9ILAykIySR5x8nguQNLfKaHcUC-MYMeUz8FKlceMzG- IP91.235.132.77:443
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerSectigo Limited Subjectres.1wcommon.com FingerprintCA:57:9A:79:5A:DA:C3:1F:13:79:8E:6D:47:D3:CE:AC:9B:E3:07:28 ValidityWed, 04 Dec 2024 00:00:00 GMT - Sun, 04 Jan 2026 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (15506) Hashd75d625a42642244dee6fa6daede2812 f86cb22d8a346d0fd8a7f2f5ef5eeb649e7b02a7 d98a2deebd1246d3b00f8fba82e4a5774c14a6dd6e8a4682fb63847988aebaba
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /Tf2zW2KAAC3arEbZ?b1dc1f9546a0f43f=ne2weKGmm5Y30ljJazHwrmRyasAnYlLAzyliEXGeK5b06FyyKVG502105geJIB50e2GbzuGLQVrx0ScRSSyd6AajCPoOqHRampuSrpB_f_vzud9UeGfdwFyy2N2WPIqmf41ChHi47Q_-UijCfx9endyc5PlCfJ8UOrwDAHIIF9ILAykIySR5x8nguQNLfKaHcUC-MYMeUz8FKlceMzG- HTTP/1.1
Host: res.1wcommon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Cookie: thx_guid=1822d361c68f65cff7bbe04c52d309b0; tmx_guid=AAw6PUcB4sg64sibo0iD2O5yGB-Oy3QS8DpTK0nCRRr0Og_jbqsd-37Hw33OnpttNR1AnAp7gqKK7mAqYxMK8J7RMAEPzg
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 07 Jun 2025 02:01:27 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Connection: Keep-Alive, Keep-Alive
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT
X-Robots-Tag: noindex, nofollow
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=2, max=96
Transfer-Encoding: chunked
|
|
| v1.bundlecdn.com/js/19439.96d7ecd72.js | 154.197.121.128 | 200 OK | 1.3 kB |
URL GET v1.bundlecdn.com/js/19439.96d7ecd72.js IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeJavaScript source, ASCII text, with very long lines (1290), with no line terminators Hash58a543fe43565013db47c842deddbdf7 3980eab82cf19d21e287735c0d39772d1e68ff54 0b9980a4295e1e3e9b59884e1f055efb14c189cfce38c5c7d894d26e9786b549
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/19439.96d7ecd72.js HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:23 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 19 May 2025 09:46:12 GMT
etag: W/"682afde4-50a"
expires: Tue, 05 Jun 2035 02:01:23 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1613300
priority: u=3,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fafcbcd92f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/img/free-money-link-image.1ada0c9e1-120.png | 154.197.121.128 | 200 OK | 5.3 kB |
URL GET v1.bundlecdn.com/img/free-money-link-image.1ada0c9e1-120.png IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typePNG image data, 120 x 97, 8-bit colormap, non-interlaced Hash911fa68d94dd3f2bc8ceff2671e87bdd 9bca43449cf32e95c62291a802cad6e6c4493025 9d652f09af7a4abeaa6cd6a77f32598dd33e3b7b8a55c032409cd2ecacd11db7
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/free-money-link-image.1ada0c9e1-120.png HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:21 GMT
content-type: image/png
content-length: 5274
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cf-bgj: imgq:100,h2pri
cf-polished: origSize=6354
etag: "68430b2e-18d2"
last-modified: Fri, 06 Jun 2025 15:37:18 GMT
cf-cache-status: HIT
age: 7179
expires: Sat, 07 Jun 2025 06:01:21 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fa6f93f92f4-CPH
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/casino-images/prov_softswiss_Gamomat/bdcaa174-c1f6-4ad3-a194-a630cd2a0a47_0.svg | 154.197.121.128 | 200 OK | 520 B |
URL GET v1.bundlecdn.com/casino-images/prov_softswiss_Gamomat/bdcaa174-c1f6-4ad3-a194-a630cd2a0a47_0.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hashd9cd86210fa98ea0ada46cdbbf9fe24e accb35a153043b55af3d754512b52109ace2fffc 4fad15e77e5fe0f1f2671a0410dd254e35540e5eb5221827cdce1b901e119e03
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /casino-images/prov_softswiss_Gamomat/bdcaa174-c1f6-4ad3-a194-a630cd2a0a47_0.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:23 GMT
content-type: image/svg+xml
etag: W/"67ed2e68-208"
last-modified: Wed, 02 Apr 2025 12:32:40 GMT
expires: Tue, 05 Jun 2035 02:01:23 GMT
cache-control: public, max-age=315360000
x-cache-status: HIT
cf-cache-status: HIT
age: 5659496
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8faffbe392f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/casino-images/prov_fundist_Wazdan/06ea8d6d-ad8c-4e91-af33-5af726ae2ced_0.svg | 154.197.121.128 | 200 OK | 633 B |
URL GET v1.bundlecdn.com/casino-images/prov_fundist_Wazdan/06ea8d6d-ad8c-4e91-af33-5af726ae2ced_0.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hashc37fbaa2ab1d0a52ec7ebac4831d9b25 20e0b2149e1051eb4285cf256307e959419fb950 e5109cfc29aa149113d614b0589b1d711b1f6f956b9d53d314b859806b24e9b3
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /casino-images/prov_fundist_Wazdan/06ea8d6d-ad8c-4e91-af33-5af726ae2ced_0.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:23 GMT
content-type: image/svg+xml
etag: W/"67ed1d59-279"
last-modified: Wed, 02 Apr 2025 11:19:53 GMT
expires: Tue, 05 Jun 2035 02:01:23 GMT
cache-control: public, max-age=315360000
x-cache-status: HIT
cf-cache-status: HIT
age: 1409306
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fb28cea92f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/casino-images/1/categories/306/60344c68-15b0-42a4-847b-91a1f8508ad9_horizontal.svg | 154.197.121.128 | 200 OK | 2.2 kB |
URL GET v1.bundlecdn.com/casino-images/1/categories/306/60344c68-15b0-42a4-847b-91a1f8508ad9_horizontal.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hasha83dc32325a0adef26b23326e57d9bf4 28ca967a0be2671784cb39ae5b057a4bff20fe6f eb59acf1f40f7260e5750689857644b9b8703f195af303745531b96cb59cf8eb
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /casino-images/1/categories/306/60344c68-15b0-42a4-847b-91a1f8508ad9_horizontal.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:24 GMT
content-type: image/svg+xml
etag: W/"67642d7b-873"
last-modified: Thu, 19 Dec 2024 14:28:11 GMT
expires: Tue, 05 Jun 2035 02:01:24 GMT
cache-control: public, max-age=315360000
x-cache-status: HIT
cf-cache-status: HIT
age: 8252214
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fb54dba92f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| imgproxy.v1.bundlecdn.com/unsafe/banner_desktop_main_2x/plain/https://d1x0nzb6t1pnx3.cloudfront.net/banner-files/XjYxyRdJqftR9En5uassJoDOovhnU9HtyTvsHm_8lnClGU9CjB7YyiH6mxDZSGMC4N8bqFRFSa2BiWKFejc981L8BpiLzxyJ1YXD.jpg@avif | 154.197.121.128 | 200 OK | 39 kB |
URL GET imgproxy.v1.bundlecdn.com/unsafe/banner_desktop_main_2x/plain/https://d1x0nzb6t1pnx3.cloudfront.net/banner-files/XjYxyRdJqftR9En5uassJoDOovhnU9HtyTvsHm_8lnClGU9CjB7YyiH6mxDZSGMC4N8bqFRFSa2BiWKFejc981L8BpiLzxyJ1YXD.jpg@avif IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
Hash2a3a3e280ad07e52e3dbee7695654752 e7d89f67880ebf9ce8bba08c6b16c9f40a6d2560 133f89dc491967b63c8aca27dc257e9c9f3182e50195cb43fed840a9ccb341c4
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/banner_desktop_main_2x/plain/https://d1x0nzb6t1pnx3.cloudfront.net/banner-files/XjYxyRdJqftR9En5uassJoDOovhnU9HtyTvsHm_8lnClGU9CjB7YyiH6mxDZSGMC4N8bqFRFSa2BiWKFejc981L8BpiLzxyJ1YXD.jpg@avif HTTP/1.1
Host: imgproxy.v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:30 GMT
content-type: image/avif
content-length: 39424
cache-control: public, max-age=31536000
content-disposition: inline; filename="XjYxyRdJqftR9En5uassJoDOovhnU9HtyTvsHm_8lnClGU9CjB7YyiH6mxDZSGMC4N8bqFRFSa2BiWKFejc981L8BpiLzxyJ1YXD.avif"
content-security-policy: script-src 'none'
etag: "xlg5b1aJN0wEm5fM9W-pwGes5IuQ2UVu2WSuFNlmdfI/RIjM1YmQxZDgxZjliOGYzNTAyZDUwOGVlOTE5ZmUyYWJhIg"
expires: Sun, 07 Jun 2026 02:01:30 GMT
x-request-id: AW2ixbipoAYM1bYgYXy31
cf-cache-status: HIT
accept-ranges: bytes
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fdf78f092f4-CPH
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/css/index.e36644051.css | 154.197.121.128 | 200 OK | 6.2 kB |
URL GET v1.bundlecdn.com/css/index.e36644051.css IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeASCII text, with very long lines (6166) Hash83179a393eb16b1e885bce725f988741 25438291c0867fefc5e70e4ce20d06b33cac69a8 9cd374cdc8a23d97567d6d48f28730192396ec85a8be252be912e796f138faec
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /css/index.e36644051.css HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 07 Jun 2025 02:01:18 GMT
content-type: text/css
last-modified: Thu, 17 Apr 2025 14:53:47 GMT
etag: W/"680115fb-1817"
expires: Tue, 05 Jun 2035 02:01:18 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 2325397
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8f94fa582533-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| v1.bundlecdn.com/js/99226.6ef22e251.js | 154.197.121.128 | 200 OK | 649 B |
URL GET v1.bundlecdn.com/js/99226.6ef22e251.js IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeJavaScript source, ASCII text, with very long lines (649), with no line terminators Hash3ac293388783902ee222e0d3f30b3e24 8b80ac718c842faf2be1c1ff0642bc73f8fc0cc4 a432781ac417de3c655e6398bd76be5ecb76ce930679b392369f2e0d72192c12
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/99226.6ef22e251.js HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:21 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 19 May 2025 09:46:12 GMT
etag: W/"682afde4-289"
expires: Tue, 05 Jun 2035 02:01:21 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1612000
priority: u=3,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fa568ab92f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/img/sprite-poker@2.a38733e7a-256.webp | 154.197.121.128 | 200 OK | 361 kB |
URL GET v1.bundlecdn.com/img/sprite-poker@2.a38733e7a-256.webp IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeRIFF (little-endian) data, Web/P image Size361 kB (360930 bytes) Hash3da44652926631bc4fc847cfcbad6c71 a5f7955272162e543d5db897e200d00d3af22b22 354fe37cee669fe141e1e1dcb3b5a12df1ff2b9b34be38b4f2e20dd46fdb7d2a
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/sprite-poker@2.a38733e7a-256.webp HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:21 GMT
content-type: image/webp
content-length: 360930
last-modified: Fri, 06 Jun 2025 15:37:17 GMT
etag: "68430b2d-581e2"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 4053
expires: Sat, 07 Jun 2025 06:01:21 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fa7996f92f4-CPH
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/casino-images/prov_spinmatic_GOLDENRACE/e8af6d6e-3086-4591-ab30-cb9d1746bd4f_0.svg | 154.197.121.128 | 200 OK | 2.3 kB |
URL GET v1.bundlecdn.com/casino-images/prov_spinmatic_GOLDENRACE/e8af6d6e-3086-4591-ab30-cb9d1746bd4f_0.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hashfd9d51556040b0bb8bf5471b5acf4d78 b76c67ea7652720d3e0e489524f829c603640bd9 4bbd2157119d18029e21d72a1ebe6d2d40880016d604e745c032f7e780d9503b
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /casino-images/prov_spinmatic_GOLDENRACE/e8af6d6e-3086-4591-ab30-cb9d1746bd4f_0.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:23 GMT
content-type: image/svg+xml
etag: W/"67ed271c-901"
last-modified: Wed, 02 Apr 2025 12:01:32 GMT
expires: Tue, 05 Jun 2035 02:01:23 GMT
cache-control: public, max-age=315360000
x-cache-status: MISS
cf-cache-status: HIT
age: 2335187
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fb07c0392f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/casino-images/1/categories/64/70e6a05b-06f7-448b-8008-bf93cfa9b008_horizontal.svg | 154.197.121.128 | 200 OK | 1.4 kB |
URL GET v1.bundlecdn.com/casino-images/1/categories/64/70e6a05b-06f7-448b-8008-bf93cfa9b008_horizontal.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hash41b0fd1553e5d2ab350de9ecfc5587c3 f554ce5ec0a2da298bc754fb6a89db1fa0bb3831 db18c0f881526fb26b38d25d78f51714ec8f1f66c3e1cabfac34fd9508c80588
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /casino-images/1/categories/64/70e6a05b-06f7-448b-8008-bf93cfa9b008_horizontal.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:24 GMT
content-type: image/svg+xml
etag: W/"67642a82-561"
last-modified: Thu, 19 Dec 2024 14:15:30 GMT
expires: Tue, 05 Jun 2035 02:01:24 GMT
cache-control: public, max-age=315360000
x-cache-status: HIT
cf-cache-status: HIT
age: 8252215
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fb54db492f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/casino-images/tenant/1/categories/94/44196da4-d8e9-4579-b182-8412cccaa9d5_horizontal.svg | 154.197.121.128 | 200 OK | 1.9 kB |
URL GET v1.bundlecdn.com/casino-images/tenant/1/categories/94/44196da4-d8e9-4579-b182-8412cccaa9d5_horizontal.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hash39787f32a147bf32737ce17134fdfcdd cfe123dff7d691174cf70ab253cb42e5e765a545 fbe6e64aa533f5e90925b9c10b8b1dc87d527dd48f0cd46843ed4c5506fb3daf
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /casino-images/tenant/1/categories/94/44196da4-d8e9-4579-b182-8412cccaa9d5_horizontal.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:24 GMT
content-type: image/svg+xml
etag: W/"6749ad38-764"
last-modified: Fri, 29 Nov 2024 12:02:00 GMT
expires: Tue, 05 Jun 2035 02:01:24 GMT
cache-control: public, max-age=315360000
x-cache-status: HIT
cf-cache-status: HIT
age: 8252214
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fb58dd192f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| www.google.com/recaptcha/api.js | 142.250.74.68 | 200 OK | 1.0 kB |
URL GET www.google.com/recaptcha/api.js IP142.250.74.68:443
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectwww.google.com Fingerprint84:BD:0D:9A:51:CC:86:3E:E9:2F:6E:7C:2D:58:AC:4C:FB:B5:3D:8C ValidityMon, 12 May 2025 08:44:44 GMT - Mon, 04 Aug 2025 08:44:43 GMT
File typeJavaScript source, ASCII text, with very long lines (1017), with no line terminators Hash7baeac2324294bcd212d23ed5bf1e9fc f4374afe02695c1ffa5341538a2ab8f0895cd918 474b3eeb7e3e5941bd326fcf32c9ec1bc6239e181f6c996d67cf1f1bc073750a
GET /recaptcha/api.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
expires: Sat, 07 Jun 2025 02:01:21 GMT
date: Sat, 07 Jun 2025 02:01:21 GMT
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
report-to: {"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d"
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| v1.bundlecdn.com/js/75606.308fb34b3.js | 154.197.121.128 | 200 OK | 830 B |
URL GET v1.bundlecdn.com/js/75606.308fb34b3.js IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeJavaScript source, ASCII text, with very long lines (830), with no line terminators Hash38feffc6ec67ff84ff0c936380757c69 3116ced97edf6c1b605bfe6f8f6a5eab8227576c f02001f81078dfc1aeb341fa70c895cbeb2987df0764057ee03497eee22ff028
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/75606.308fb34b3.js HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:21 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 19 May 2025 09:46:12 GMT
etag: W/"682afde4-33e"
expires: Tue, 05 Jun 2035 02:01:21 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1612000
priority: u=3,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fa4182592f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| 1w-jp-ftend-pp.top/fss/translations/en?domain=1w-jp-ftend-pp.top&appName=web | 186.2.162.102 | 200 OK | 491 kB |
URL GET 1w-jp-ftend-pp.top/fss/translations/en?domain=1w-jp-ftend-pp.top&appName=web IP186.2.162.102:443
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerLet's Encrypt Subject1w-jp-ftend-pp.top FingerprintD8:19:54:6C:72:76:2A:9F:4D:9C:E8:D4:AB:99:90:76:B0:36:E2:3D ValiditySun, 01 Jun 2025 03:16:50 GMT - Sat, 30 Aug 2025 03:16:49 GMT
Size491 kB (490687 bytes) Hashfdd0e397c36c176ade5c45615f40e424 14b45c376718a352cf21b48d2cce569946b39cc9 fd6c10bd460723bf5398afd9b512828df69196ecbbf1ee6d139233f57d5ae866
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /fss/translations/en?domain=1w-jp-ftend-pp.top&appName=web HTTP/1.1
Host: 1w-jp-ftend-pp.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Origin: 1w-jp-ftend-pp.top
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Cookie: __ddg8_=HaikxEFyvudnBesn; __ddg10_=1749261679; __ddg9_=91.90.42.154; __ddg1_=KSoY9uwf9i8O4qnFOkqt; visit_domain=1w-jp-ftend-pp.top; 1w_lang=en; fvt=2025-06-07T02:01:20.009Z; AMP_TLDTEST=MQ==
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=tamrv30qvnn0f2Hd; Domain=.1w-jp-ftend-pp.top; Path=/; Expires=Sat, 07-Jun-2025 02:21:20 GMT
__ddg10_=1749261680; Domain=.1w-jp-ftend-pp.top; Path=/; Expires=Sat, 07-Jun-2025 02:21:20 GMT
__ddg9_=91.90.42.154; Domain=.1w-jp-ftend-pp.top; Path=/; Expires=Sat, 07-Jun-2025 02:21:20 GMT
date: Sat, 07 Jun 2025 02:01:20 GMT
content-type: application/json; charset=utf-8
content-length: 126109
x-request-id: c7b20205423cf998dcafbcb24e55c3a1
vary: Origin
access-control-allow-origin: *
etag: W/"cdf0b-SY57PTpfciqkwypN86hF2BdHpuA"
content-encoding: gzip
x-trace-id: c7b20205423cf998dcafbcb24e55c3a1
X-Firefox-Spdy: h2
|
|
| v1.bundlecdn.com/js/82379.f30bef3e6.js | 154.197.121.128 | 200 OK | 668 B |
URL GET v1.bundlecdn.com/js/82379.f30bef3e6.js IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeJavaScript source, ASCII text, with very long lines (668), with no line terminators Hash3e076f95e87801c6a3e8e40e99da7a39 6131038844412a1dde446df36c69bc83a1faaa90 d227a5c80bdf9e81978f8631b3c47754dab2b06646ae41fc36899c640452d5a4
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/82379.f30bef3e6.js HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:21 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 19 May 2025 09:46:12 GMT
etag: W/"682afde4-29c"
expires: Tue, 05 Jun 2035 02:01:21 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1613318
priority: u=3,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fa618e192f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/img/sprite-roulette@2.255074856-256.webp | 154.197.121.128 | 200 OK | 720 kB |
URL GET v1.bundlecdn.com/img/sprite-roulette@2.255074856-256.webp IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeRIFF (little-endian) data, Web/P image Size720 kB (719644 bytes) Hash344d71695bd0f387fedd84fba6ace2c1 1d37e2d66ab1098072febc0a0dc3769d44090048 7775854f4b641fa2c9f954c79de9d4bd51ffea8b9bc74d8e01768718cc438003
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/sprite-roulette@2.255074856-256.webp HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:21 GMT
content-type: image/webp
content-length: 719644
last-modified: Fri, 06 Jun 2025 15:37:17 GMT
etag: "68430b2d-afb1c"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 4053
expires: Sat, 07 Jun 2025 06:01:21 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fa7695d92f4-CPH
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/img/1win%20games.e1a2e735d.svg | 154.197.121.128 | 200 OK | 2.2 kB |
URL GET v1.bundlecdn.com/img/1win%20games.e1a2e735d.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hash1383b6ab84546c641aeacf14935c5c1e fe9e5ab01513a8c6670af72efdebd05820e78acd 91acb29055e01d379707fd3853770ae895f3f4f42d6bb1aab160db907443a6c8
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/1win%20games.e1a2e735d.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:22 GMT
content-type: image/svg+xml
last-modified: Fri, 06 Jun 2025 15:37:18 GMT
etag: W/"68430b2e-868"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 7180
expires: Sat, 07 Jun 2025 06:01:22 GMT
cache-control: public, max-age=14400
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fad0ade92f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/img/playtech.37dbca5ed.svg | 154.197.121.128 | 200 OK | 2.5 kB |
URL GET v1.bundlecdn.com/img/playtech.37dbca5ed.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hashdc33b5c599201914456e2dfebb6e00f6 3e33ce385444930ed6f222b075dd4df883a4a1fb b8da4393ca5005fdc07e1d1dd192b157d7f488ea402bbd1fa1d5a9383c73da64
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/playtech.37dbca5ed.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:23 GMT
content-type: image/svg+xml
last-modified: Fri, 06 Jun 2025 15:37:18 GMT
etag: W/"68430b2e-9e4"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 7180
expires: Sat, 07 Jun 2025 06:01:23 GMT
cache-control: public, max-age=14400
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fb1bc8592f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| imgproxy.v1.bundlecdn.com/unsafe/casino_list_big_1x/plain/https://v1.bundlecdn.com/casino-images/fundist/7b0f67e2-89ca-4177-ae19-f0ee994f7593.jfif@avif | 154.197.121.128 | 200 OK | 4.3 kB |
URL GET imgproxy.v1.bundlecdn.com/unsafe/casino_list_big_1x/plain/https://v1.bundlecdn.com/casino-images/fundist/7b0f67e2-89ca-4177-ae19-f0ee994f7593.jfif@avif IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
Hash9c1be9478d87cb154ff0af8ca88aa502 7ad7ff6a6541975f59a3b0fb9f9b22f86f55cba0 d705103a5a975b206bd81c8e431076edcb7139d783907bfe9be2ccbafdcc62a9
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://v1.bundlecdn.com/casino-images/fundist/7b0f67e2-89ca-4177-ae19-f0ee994f7593.jfif@avif HTTP/1.1
Host: imgproxy.v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:24 GMT
content-type: image/avif
content-length: 4298
cache-control: public, max-age=31536000
content-disposition: inline; filename="7b0f67e2-89ca-4177-ae19-f0ee994f7593.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY3MjFkMTQ0LTEyNmU3Ig"
expires: Sun, 07 Jun 2026 02:01:24 GMT
x-request-id: BXU_f038-21lIiREx0phC
cf-cache-status: HIT
age: 1592107
accept-ranges: bytes
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fb86ec392f4-CPH
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| | 186.2.162.102 | 200 OK | 57 kB |
IP186.2.162.102:443
CertificateIssuerLet's Encrypt Subject1w-jp-ftend-pp.top FingerprintD8:19:54:6C:72:76:2A:9F:4D:9C:E8:D4:AB:99:90:76:B0:36:E2:3D ValiditySun, 01 Jun 2025 03:16:50 GMT - Sat, 30 Aug 2025 03:16:49 GMT
File typeHTML document, Unicode text, UTF-8 text, with very long lines (14772) Hash1a9019d61897e66ea6676e9ea27dfd1c 0af54d4ad5a7d867b1af6c6c4dba226c9797ecc6 4eb64b041507405acbb399e1ee16f6931ae8df1ec1aff962e2eab295cbeaff6f
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET / HTTP/1.1
Host: 1w-jp-ftend-pp.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg8_=FVB36ypd0IIeggw9; Domain=.1w-jp-ftend-pp.top; Path=/; Expires=Sat, 07-Jun-2025 02:21:18 GMT
__ddg10_=1749261678; Domain=.1w-jp-ftend-pp.top; Path=/; Expires=Sat, 07-Jun-2025 02:21:18 GMT
__ddg9_=91.90.42.154; Domain=.1w-jp-ftend-pp.top; Path=/; Expires=Sat, 07-Jun-2025 02:21:18 GMT
__ddg1_=KSoY9uwf9i8O4qnFOkqt; Domain=.1w-jp-ftend-pp.top; HttpOnly; Path=/; Expires=Sun, 07-Jun-2026 02:01:18 GMT
date: Sat, 07 Jun 2025 02:01:18 GMT
content-type: text/html; charset=utf-8
x-request-id: 659aa15fb76e54f95714dd0b53279f66
vary: Origin
access-control-allow-origin: *
x-trace-id: 659aa15fb76e54f95714dd0b53279f66
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| v1.bundlecdn.com/font/SFNSText-latin.f09aa5229.woff2 | 154.197.121.128 | 200 OK | 44 kB |
URL GET v1.bundlecdn.com/font/SFNSText-latin.f09aa5229.woff2 IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 43512, version 1.0 Hash426f20bb65ea80d35f3f2a999d5d7d1e 85f211a450f26d7f0822d718fc61085a506fa455 06e02d3d2d01bb2c88786b0a2dd2d692f6659c0159ec4754f7db49c12e03b0d6
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /font/SFNSText-latin.f09aa5229.woff2 HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1w-jp-ftend-pp.top
DNT: 1
Connection: keep-alive
Referer: https://v1.bundlecdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:19 GMT
content-type: application/octet-stream
content-length: 43512
last-modified: Fri, 06 Jun 2025 15:37:17 GMT
etag: "68430b2d-a9f8"
expires: Tue, 05 Jun 2035 02:01:19 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1
accept-ranges: bytes
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8f9ade0092f4-CPH
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/js/65525.9fb61e577.js | 154.197.121.128 | 200 OK | 530 B |
URL GET v1.bundlecdn.com/js/65525.9fb61e577.js IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeJavaScript source, ASCII text, with very long lines (530), with no line terminators Hashd78cdc954af81a764fc9bcea33434f81 9f81b3be01a5dff0d838367424b84e377309f681 1ebc82d0cda95bd4cd2385302238df34421cd4663148ff8c480e42e489655728
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/65525.9fb61e577.js HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:21 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 19 May 2025 09:46:12 GMT
etag: W/"682afde4-212"
expires: Tue, 05 Jun 2035 02:01:21 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1612000
priority: u=3,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fa4884f92f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/js/icons-pack-social.8077663e7.js | 154.197.121.128 | 200 OK | 25 kB |
URL GET v1.bundlecdn.com/js/icons-pack-social.8077663e7.js IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeJavaScript source, ASCII text, with very long lines (24959), with no line terminators Hash3e34be221ca9882a95d20a062a4b9349 3041a896201f8c1c0723f1d661abf42939b214cc be9a62e6672049f7313631e652e86a3b320d165c5c3586e0a9a3c77f54266ff2
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/icons-pack-social.8077663e7.js HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:21 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 19 May 2025 09:46:12 GMT
etag: W/"682afde4-617f"
expires: Tue, 05 Jun 2035 02:01:21 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 465
priority: u=3,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fa6790992f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/img/sprite-roulette-frame@2.76ea5a241-256.png | 154.197.121.128 | 200 OK | 27 kB |
URL GET v1.bundlecdn.com/img/sprite-roulette-frame@2.76ea5a241-256.png IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typePNG image data, 256 x 256, 8-bit colormap, non-interlaced Hash9a35699413d56978ea4af6896f0aa16c c22d50770f376a17d5539919541496a1e1e5a626 396126da9646bf2bf8d5a2a9f1e449391db7861540ad243e0ca8c3e0c40fd012
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/sprite-roulette-frame@2.76ea5a241-256.png HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:21 GMT
content-type: image/png
content-length: 27297
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cf-bgj: imgq:100,h2pri
cf-polished: origSize=29770
etag: "68430b2d-744a"
last-modified: Fri, 06 Jun 2025 15:37:17 GMT
cf-cache-status: HIT
age: 4053
expires: Sat, 07 Jun 2025 06:01:21 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fa7695c92f4-CPH
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/casino-images/prov_mrslotty_7Mojos%20Slots/d09d5de5-50a6-465c-820a-ae719dc1bb8e_0.svg | 154.197.121.128 | 200 OK | 6.9 kB |
URL GET v1.bundlecdn.com/casino-images/prov_mrslotty_7Mojos%20Slots/d09d5de5-50a6-465c-820a-ae719dc1bb8e_0.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hashcfae3107c14ebe1cda6bbbabdf591464 044e464a9f05a49df84ca389f29ee9513f33285c 023b279e2023e60fb74139f1f7bd78a4448468cd282c8a723b3a99681db90e68
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /casino-images/prov_mrslotty_7Mojos%20Slots/d09d5de5-50a6-465c-820a-ae719dc1bb8e_0.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:22 GMT
content-type: image/svg+xml
etag: W/"67ed3528-1b11"
last-modified: Wed, 02 Apr 2025 13:01:28 GMT
expires: Tue, 05 Jun 2035 02:01:22 GMT
cache-control: public, max-age=315360000
x-cache-status: HIT
cf-cache-status: HIT
age: 4
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fad7b1392f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/casino-images/prov_orchestra_Slotopia/a3f6b071-669b-4d45-9beb-f885d1e07284_0.svg | 154.197.121.128 | 200 OK | 1.2 kB |
URL GET v1.bundlecdn.com/casino-images/prov_orchestra_Slotopia/a3f6b071-669b-4d45-9beb-f885d1e07284_0.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hash1fec54e2a0699796163463250cdceca5 d9714c105dc62547c16b0555a7398a98371895e0 081966b893786452c59bdb3445dc0efdb8e751a7088d099122c7ccc75c25160b
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /casino-images/prov_orchestra_Slotopia/a3f6b071-669b-4d45-9beb-f885d1e07284_0.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:23 GMT
content-type: image/svg+xml
etag: W/"67ed306b-4a4"
last-modified: Wed, 02 Apr 2025 12:41:15 GMT
expires: Tue, 05 Jun 2035 02:01:23 GMT
cache-control: public, max-age=315360000
x-cache-status: HIT
cf-cache-status: HIT
age: 5659496
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fb20cac92f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/casino-images/prov_softswiss_Truelab/a31d3e7a-bb73-458b-8596-b6d90c48350b_0.svg | 154.197.121.128 | 200 OK | 2.4 kB |
URL GET v1.bundlecdn.com/casino-images/prov_softswiss_Truelab/a31d3e7a-bb73-458b-8596-b6d90c48350b_0.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hash36616c20d2952d69bfbf14c480ad5e90 0fc08090120127fbc5243efb950baad1cc6a37cf 23cafe694b66055c00e778731afa71faf315f4401f3d5e257082ea16a284652f
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /casino-images/prov_softswiss_Truelab/a31d3e7a-bb73-458b-8596-b6d90c48350b_0.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:23 GMT
content-type: image/svg+xml
etag: W/"67ed2e5b-977"
last-modified: Wed, 02 Apr 2025 12:32:27 GMT
expires: Tue, 05 Jun 2035 02:01:23 GMT
cache-control: public, max-age=315360000
x-cache-status: HIT
cf-cache-status: HIT
age: 5662743
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fb27ce292f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/css/chunk-common.431d634a4.css | 154.197.121.128 | 200 OK | 96 kB |
URL GET v1.bundlecdn.com/css/chunk-common.431d634a4.css IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeASCII text, with very long lines (65536), with no line terminators Hashca94229fce925e33cfc8c396d7fb9353 67109172ba278f583ca68b3bc449b568ea3fe519 6a92852b436df13f15f3889a09be5a6b30333c93a92d918732c8b2a38f09e93b
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /css/chunk-common.431d634a4.css HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 07 Jun 2025 02:01:18 GMT
content-type: text/css
last-modified: Fri, 06 Jun 2025 14:00:10 GMT
etag: W/"6842f46a-17750"
expires: Tue, 05 Jun 2035 02:01:18 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 41734
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8f94fa5c2533-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| v1.bundlecdn.com/js/88999.69010206a.js | 154.197.121.128 | 200 OK | 750 B |
URL GET v1.bundlecdn.com/js/88999.69010206a.js IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeJavaScript source, ASCII text, with very long lines (750), with no line terminators Hashe6864e3ac42a6196213ff1e806c6cfbf b12d7e090b596093142f552ec1710523ea8bf8af 55354a86cd0d368182824c8856b3467026b18a0b1837052033d510b7cea3c4fd
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/88999.69010206a.js HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:21 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 19 May 2025 09:46:11 GMT
etag: W/"682afde3-2ee"
expires: Tue, 05 Jun 2035 02:01:21 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1612000
priority: u=3,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fa4482f92f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/casino-images/prov_softswiss_Zillion/7b3929ed-7f1a-4b03-99e9-cea038d2cb60_0.svg | 154.197.121.128 | 200 OK | 772 B |
URL GET v1.bundlecdn.com/casino-images/prov_softswiss_Zillion/7b3929ed-7f1a-4b03-99e9-cea038d2cb60_0.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hash098577649f8bb8be33f2708e608bfab5 62ce76cb1a61f240631c308352537e9f8c98f9aa 8ea6c2c49f7a2d0411b58752adf34a36a55108b63536f026b531baae30a448ea
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /casino-images/prov_softswiss_Zillion/7b3929ed-7f1a-4b03-99e9-cea038d2cb60_0.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:23 GMT
content-type: image/svg+xml
etag: W/"67ed2f24-304"
last-modified: Wed, 02 Apr 2025 12:35:48 GMT
expires: Tue, 05 Jun 2035 02:01:23 GMT
cache-control: public, max-age=315360000
x-cache-status: HIT
cf-cache-status: HIT
age: 4849535
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fb2acf192f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| wss://cf.1win.direct/v4/socket.io/?Language=en&xorigin=1w-jp-ftend-pp.top&EIO=4&transport=websocket | 154.197.121.130 | 101 Switching Protocols | 0 B |
URL GET wss://cf.1win.direct/v4/socket.io/?Language=en&xorigin=1w-jp-ftend-pp.top&EIO=4&transport=websocket IP154.197.121.130:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectcf.1win.direct Fingerprint88:6C:D9:A8:E3:73:8C:BA:6F:CC:73:5A:31:D7:B4:42:AA:CB:D8:65 ValiditySat, 12 Apr 2025 11:44:38 GMT - Fri, 11 Jul 2025 12:44:37 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /v4/socket.io/?Language=en&xorigin=1w-jp-ftend-pp.top&EIO=4&transport=websocket HTTP/1.1
Host: cf.1win.direct
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://1w-jp-ftend-pp.top
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: rI/ys2sK+Mi9BoJu1HzQWQ==
DNT: 1
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Date: Sat, 07 Jun 2025 02:01:20 GMT
Connection: upgrade
Sec-Websocket-Accept: Lue7thbxBn8rjGXDz9smxXSPhrU=
Sec-Websocket-Extensions: permessage-deflate
Set-Cookie: core-sticky=47ee671c5456519e; Path=/; HttpOnly
Upgrade: websocket
cf-cache-status: DYNAMIC
Server: cloudflare
CF-RAY: 94bc8f9d8a85abd2-CPH
alt-svc: h3=":443"; ma=86400
|
|
| v1.bundlecdn.com/img/itf.9b1402c42.svg | 154.197.121.128 | 200 OK | 2.8 kB |
URL GET v1.bundlecdn.com/img/itf.9b1402c42.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hashe7c2e5e54432a6999d45719ec5ea989c 03a1e0c37c60f3346fe3f33f8d7df30bdd5f0a26 026787d253a7364e39e9ae5e850d4e0746e7125372b1909ccdf9a0eed00e5163
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/itf.9b1402c42.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:22 GMT
content-type: image/svg+xml
last-modified: Fri, 06 Jun 2025 15:37:18 GMT
etag: W/"68430b2e-af0"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Sat, 07 Jun 2025 06:01:22 GMT
cache-control: public, max-age=14400
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fabea7492f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| imgproxy.v1.bundlecdn.com/unsafe/banner_desktop_main_2x/plain/https://d1x0nzb6t1pnx3.cloudfront.net/banner-files/z67oIQsNe-SbRut19iwRLnQMxN5sEskGBneACxZKhB27yLIduB3YquFOJoMwiXJxb6oi0Hua7kerqTKRXm2zI-YYjJtd_RkCgrmk.jpg@avif | 154.197.121.128 | 200 OK | 33 kB |
URL GET imgproxy.v1.bundlecdn.com/unsafe/banner_desktop_main_2x/plain/https://d1x0nzb6t1pnx3.cloudfront.net/banner-files/z67oIQsNe-SbRut19iwRLnQMxN5sEskGBneACxZKhB27yLIduB3YquFOJoMwiXJxb6oi0Hua7kerqTKRXm2zI-YYjJtd_RkCgrmk.jpg@avif IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
Hash860c479c7c2d3036efd7c79eda593499 59dfdff6a5febe0de17ebc393bca945052a2fc4f 75509d9970c2e6248a659ad60e6dc7637099eca77668a4454587aaa40dbc5925
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/banner_desktop_main_2x/plain/https://d1x0nzb6t1pnx3.cloudfront.net/banner-files/z67oIQsNe-SbRut19iwRLnQMxN5sEskGBneACxZKhB27yLIduB3YquFOJoMwiXJxb6oi0Hua7kerqTKRXm2zI-YYjJtd_RkCgrmk.jpg@avif HTTP/1.1
Host: imgproxy.v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:21 GMT
content-type: image/avif
content-length: 33339
cache-control: public, max-age=31536000
content-disposition: inline; filename="z67oIQsNe-SbRut19iwRLnQMxN5sEskGBneACxZKhB27yLIduB3YquFOJoMwiXJxb6oi0Hua7kerqTKRXm2zI-YYjJtd_RkCgrmk.avif"
content-security-policy: script-src 'none'
etag: "xlg5b1aJN0wEm5fM9W-pwGes5IuQ2UVu2WSuFNlmdfI/RImUwNzg3NGJjNzQ2ZGUzMzk1MWNkMTA0ZjMyZWIwYjcxIg"
expires: Sun, 07 Jun 2026 02:01:21 GMT
x-request-id: lWm_1HU5xrqlnhDEfCJgb
cf-cache-status: HIT
age: 1247995
accept-ranges: bytes
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fa8299592f4-CPH
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/casino-images/prov_softswiss_Clawbuster/412f5e2d-922a-43cc-bd1e-5b88cb157d5c_0.svg | 154.197.121.128 | 200 OK | 7.2 kB |
URL GET v1.bundlecdn.com/casino-images/prov_softswiss_Clawbuster/412f5e2d-922a-43cc-bd1e-5b88cb157d5c_0.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hashfeac734a441ac9722f55a3b6d422c57d d7cb881ce0958f24ac42b72233c472b105c3d22d 5defce4733b463404c4093929c9c9f3b02ff20a1dd676849dd3068fbf8735c0f
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /casino-images/prov_softswiss_Clawbuster/412f5e2d-922a-43cc-bd1e-5b88cb157d5c_0.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:23 GMT
content-type: image/svg+xml
etag: W/"67ed2f54-1c26"
last-modified: Wed, 02 Apr 2025 12:36:36 GMT
expires: Tue, 05 Jun 2035 02:01:23 GMT
cache-control: public, max-age=315360000
x-cache-status: MISS
cf-cache-status: HIT
age: 301335
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8faf8bb292f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/casino-images/prov_v_Gamebeat/db07b2cd-ae17-44a8-8128-d26915c3377f.svg | 154.197.121.128 | 200 OK | 1.7 kB |
URL GET v1.bundlecdn.com/casino-images/prov_v_Gamebeat/db07b2cd-ae17-44a8-8128-d26915c3377f.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hash5492804c09450801011315222680683c 24616520d32be8f2a70772f1ebc4aa92a6c6cb89 a2363d5c107412d7d2f4a7c07ea99dc8eabe07ea06c1ee9ca074111e910fea95
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /casino-images/prov_v_Gamebeat/db07b2cd-ae17-44a8-8128-d26915c3377f.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:23 GMT
content-type: image/svg+xml
etag: W/"682f481e-672"
last-modified: Thu, 22 May 2025 15:51:58 GMT
expires: Tue, 05 Jun 2035 02:01:23 GMT
cache-control: public, max-age=315360000
x-cache-status: HIT
cf-cache-status: HIT
age: 1331932
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fafebd892f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/casino-images/1/categories/260/55778580-3fe9-482c-ac6e-926b9884a42f_horizontal.svg | 154.197.121.128 | 200 OK | 1.1 kB |
URL GET v1.bundlecdn.com/casino-images/1/categories/260/55778580-3fe9-482c-ac6e-926b9884a42f_horizontal.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hash71e0912bde7be739d96db894ecb36aa9 58138f1cf533dc7ad6892fb7b698dda8cfc05af3 700e180efeba57e40f5f5c6280fde3cfedb9ac856fbebd9c5015c5a7ca53c379
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /casino-images/1/categories/260/55778580-3fe9-482c-ac6e-926b9884a42f_horizontal.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:24 GMT
content-type: image/svg+xml
etag: W/"67a1ec81-43c"
last-modified: Tue, 04 Feb 2025 10:31:29 GMT
expires: Tue, 05 Jun 2035 02:01:24 GMT
cache-control: public, max-age=315360000
x-cache-status: HIT
cf-cache-status: HIT
age: 8252214
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fb5bddf92f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| imgproxy.v1.bundlecdn.com/unsafe/casino_list_big_1x/plain/https://v1.bundlecdn.com/casino-images/1play/8cd3ae6e-3840-454e-8e42-434cd48af16c.jpg@avif | 154.197.121.128 | 200 OK | 6.3 kB |
URL GET imgproxy.v1.bundlecdn.com/unsafe/casino_list_big_1x/plain/https://v1.bundlecdn.com/casino-images/1play/8cd3ae6e-3840-454e-8e42-434cd48af16c.jpg@avif IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
Hashd1bf483eaa49e04cb9cc970b59f6b015 2a0ba2d6a253d11fc9cd60fcf3a32ebca69ec863 d0f65821eb5d1cb4dea4cfec83e872a97ce69cd873603fab3749c0cb21abf48f
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://v1.bundlecdn.com/casino-images/1play/8cd3ae6e-3840-454e-8e42-434cd48af16c.jpg@avif HTTP/1.1
Host: imgproxy.v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:24 GMT
content-type: image/avif
content-length: 6303
cache-control: public, max-age=31536000
content-disposition: inline; filename="8cd3ae6e-3840-454e-8e42-434cd48af16c.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY2MTY2NmI4LTJiMmQxIg"
expires: Sun, 07 Jun 2026 02:01:24 GMT
x-request-id: 2KkSJ3tq6hhdkRS5hD4uC
cf-cache-status: HIT
age: 1908538
accept-ranges: bytes
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fb7ce8092f4-CPH
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/css/82899.e5e89e630.css | 154.197.121.128 | 200 OK | 12 kB |
URL GET v1.bundlecdn.com/css/82899.e5e89e630.css IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeASCII text, with very long lines (12496) Hash74015b608727252d88099ff6e7266b92 5400496307d253dbabe13e96ea76a98e3a651393 2d31423b8f1679842717af03119d8d9b1371567688185f670e9761601b2fde01
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /css/82899.e5e89e630.css HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:21 GMT
content-type: text/css
last-modified: Thu, 05 Jun 2025 13:52:37 GMT
etag: W/"6841a125-30d1"
expires: Tue, 05 Jun 2035 02:01:21 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
priority: u=2,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fa2dfdc92f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/img/sprite-poker-frame@2.50a0c1527-256.png | 154.197.121.128 | 200 OK | 9.4 kB |
URL GET v1.bundlecdn.com/img/sprite-poker-frame@2.50a0c1527-256.png IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typePNG image data, 256 x 256, 8-bit colormap, non-interlaced Hashe46f588febb018229e3c2450c4a3d4f0 4904652973205c308ead578918f7ff5a6a27bf0e 855739792866720d46d60d1a9696327132ecb9a4e9420ec40a861c41a6e57e20
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/sprite-poker-frame@2.50a0c1527-256.png HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:21 GMT
content-type: image/png
content-length: 9422
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cf-bgj: imgq:100,h2pri
cf-polished: origSize=10453
etag: "68430b2d-28d5"
last-modified: Fri, 06 Jun 2025 15:37:17 GMT
cf-cache-status: HIT
age: 4053
expires: Sat, 07 Jun 2025 06:01:21 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fa7996e92f4-CPH
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| imgproxy.v1.bundlecdn.com/unsafe/casino_list_big_1x/plain/https://v1.bundlecdn.com/casino-images/1play/0bb7b6ac-ee39-46b2-95ca-1a98bca6e6f0_horizontal.png@avif | 154.197.121.128 | 200 OK | 4.2 kB |
URL GET imgproxy.v1.bundlecdn.com/unsafe/casino_list_big_1x/plain/https://v1.bundlecdn.com/casino-images/1play/0bb7b6ac-ee39-46b2-95ca-1a98bca6e6f0_horizontal.png@avif IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
Hash525025c591cd3a3091bd9c61dcb339fd be1c899d431040fa3bf14d09be43e93841fb505e 9d3c08ce3204e8c0bc0f7739b975c8d2e4d489907157e3d53e2afdf79a84e936
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://v1.bundlecdn.com/casino-images/1play/0bb7b6ac-ee39-46b2-95ca-1a98bca6e6f0_horizontal.png@avif HTTP/1.1
Host: imgproxy.v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:24 GMT
content-type: image/avif
content-length: 4232
cache-control: public, max-age=31536000
content-disposition: inline; filename="0bb7b6ac-ee39-46b2-95ca-1a98bca6e6f0_horizontal.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY3NDc1Mzg2LTM5YmExIg"
expires: Sun, 07 Jun 2026 02:01:24 GMT
x-request-id: 3l_YAWJxEfIeiVd4kauRE
cf-cache-status: HIT
age: 2121784
accept-ranges: bytes
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fb7de8392f4-CPH
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| imgproxy.v1.bundlecdn.com/unsafe/casino_list_big_1x/plain/https://v1.bundlecdn.com/casino-images/fundist/3170bc60-1ae2-403d-94c7-0bb9dad9cc60.jpg@avif | 154.197.121.128 | 200 OK | 5.2 kB |
URL GET imgproxy.v1.bundlecdn.com/unsafe/casino_list_big_1x/plain/https://v1.bundlecdn.com/casino-images/fundist/3170bc60-1ae2-403d-94c7-0bb9dad9cc60.jpg@avif IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
Hash61a79043ff7ef1b6e81851766fc4cf28 9a38c5ef3892b169c36dba1059e9f8054af40698 4deea61adcbca5cd2c23c0fe4856b38a6107ee537122cb3d01308828a0842fc4
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://v1.bundlecdn.com/casino-images/fundist/3170bc60-1ae2-403d-94c7-0bb9dad9cc60.jpg@avif HTTP/1.1
Host: imgproxy.v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:24 GMT
content-type: image/avif
content-length: 5174
cache-control: public, max-age=31536000
content-disposition: inline; filename="3170bc60-1ae2-403d-94c7-0bb9dad9cc60.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY3MjFjY2FlLTEyZjkwIg"
expires: Sun, 07 Jun 2026 02:01:24 GMT
x-request-id: cOHwkosHnuH_fOd9rq_Hc
cf-cache-status: HIT
age: 1225901
accept-ranges: bytes
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fb84eb692f4-CPH
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| res.1wcommon.com/7x57BiguQbWhzYB8?608065a642e8fb23=4r8EXUfzXQHaimb7Va-Fd0qRipwyzoJoQ2WAjrJP3zElg4GPgwrx3l9WrWYWcSF83gKqWUtOAAbFtqj_F57rX0wfeBF6lQQdR0bR5hVPFk1Ukf8ELpM-zqGNebMPZRR0berro3oSR22_yuu3YwT1-P9CY71jcbQfVqinUc-HhXSl | 91.235.132.77 | 200 OK | 221 kB |
URL GET res.1wcommon.com/7x57BiguQbWhzYB8?608065a642e8fb23=4r8EXUfzXQHaimb7Va-Fd0qRipwyzoJoQ2WAjrJP3zElg4GPgwrx3l9WrWYWcSF83gKqWUtOAAbFtqj_F57rX0wfeBF6lQQdR0bR5hVPFk1Ukf8ELpM-zqGNebMPZRR0berro3oSR22_yuu3YwT1-P9CY71jcbQfVqinUc-HhXSl IP91.235.132.77:443
Requested byhttps://res.1wcommon.com/F5u2SVjfitTp99fW?e89a8b0e0925a104=F_-MzJrI8a7yKwXeOU_bcV2ElVv_YJ9Ej3Z9W5x-WpsCoWVArFn7FcGSqZRSTpntvsVL_44reSsbEbvk_dqWEuKxgrla5mv6RNduoMLnKmSc8trkka1g-wTUcWfu7VL2E6IsR5cT6hHinoIYBJRzg2PLNRA&hp=.co-operativebank.co.uk/CBIBSWeb/login.do.co-operativebank.co.uk/CBIBSWeb/start.do.de/portal/portal/x.entropay.com/basemenu/prot/x.facebook.comx.nationet.com/x.netbank.commbank.com.au/netbank/bankmainx.npbs.co.uk/netmastergoldbanking/x.nwolb.xlogin.aspx?refereridentx.rbsdigital.xAccountSummaryx.smile.co.uk/SmileWeb/login.do.smile.co.uk/SmileWeb/start.do.yandex.rux/CapitalOne_Consumer/x/easypay.by/x/sbank.ru/x53.com/servlet/efsonlinex://online.wellsfargo.com/x://secure.assist.ru/assistid/protected/main.doxabbeynational.co.uk/EBAN_ENS/BtoChannelDriverxalliance-leicesterxaltergold.com/login.phpxamericanexpress.com/myca/intl/acctsumm/emea/accountSummaryxbancaintesa.it/xbankcardservices.co.ukxbankofamerica.com/xbanquepopulaire.fr/xbnpparibas.net/xcahoot.comxcapitaloneonline.co.uk/CapitalOne_Consumer/Transactionsxcbonline.co.uk/ralu/reglm-web/setupSecurityQuestionPagexcibc.comxPreSignOnxcibc.comxSignOnxcitibank.ru/xclient.uralsibbank.ruxco-operativebank.co.uk/CBIBSWeb/loginSpixcommerceonlinebanking.comxcoventrybuildingsociety.co.ukxdeutsche-bank.dexdiscovercard.com/cardmembersvcs/strongauth/app/sa_mainxebanking.bawag.comxebc_ebc1961xegg.com/customer/movemoneyxegg.com/customer/yourmoneyxfacebook.com/xhalifax-online.co.ukxMyAccountsxhalifax-online.co.uk/x/Mhalifax-online.co.uk/personalxhsbc.co.uk/1/2/personal/internet-banking/xhsbc.comxhttps://banking.postbank.de/app/finanzstatus.init.do;jsessionidxib.fineco.it/FinecoWeb/BonificiServletxib.fineco.it/FinecoWeb/jsp/Main/HBFineco.jspxib.fineco.it/FinecoWeb/jsp/Main/Principale.jspxibank.alfabank.ruxin-biz.it/xipko.plxlibertyreserve.com/x/historylibertyreserve.com/x/loginwww.libertyreserve.com/x/Core.jswww.libertyreserve.com/x/transfer.libertyreserve.com/x/commonscript.jslloydstsb.co.uk/personal/a/account_overview/xmbna.co.ukxmenyala.ruxmoney.yandex.ruxmoneybookers.com/app/login.plxmoneymail.ruxmy.ebay.co.uk/ws/eBayISAPI.dll?MyEbayxmy.ebay.com/ws/eBayISAPI.dll?MyEbayxmy.ebay.fr/ws/eBayISAPI.dll?MyEbayxmybusinessbank.co.ukxnationet.com/AppServices/SignOn/SignOnProcess/RcaSignOnxnpbs.co.ukxnwolb.com/AccountSummaryxnwolb.com/Statementsxnwolb.com/TransfersLandingPagexoltx.fidelity.com/x/x/ofsummary/summaryxonline.lloydstsb.co.ukxonlinebanking.mandtbank.com/summary/AccountSummaryxpassport.yandex.ruxpaypal.com/x/cgi-bin/webscr?cmd=_accountxpaypal.com/x/cgi-bin/webscr?cmd=_login-done&login_access=xpaypal.com/us/cgi-bin/webscr?cmd=_login-done&login_access=xposte.it/xpsk.co.at/xsecure.lloydstsb.co.uk/personal/a/account_overviewxsmile.co.uk/SmileWeb/passcodexusaa.com/xusbank.com/internetBanking/RequestRouter?requestCmdId=Gxwachovia.comxybonline.co.uk/ralu/reglm-web/setupSecurityQuestionPagex.amazon.fr/xhistory/orders/view.htmlx.banquepopulaire.frxShowPortal.dox.bnpparibasfortis.bexHome_Logon.aspx.cdiscount.com/Account/Home.aspxx.cmb.frxaccueil.jspx.credit-agricole.frxentreeBam?sessionSAGx.labanquepostale.fr/xreleveCPP-releve_ccp.eax.secure.bnpparibas.net/NSFR?Actionx.secure.lcl.frxAccueilxcredem.it/OneToOne/ebank/functionsxmijn.ing.nl/xonline.ybs.co.ukxwww.discover.com/xorder.cdiscount.comxCustomer.aspxxsealinfo.verisign.com/splash?form_filexvos-comptes.credit-du-nord.fr/CDC_TableauDeBord_0.asp?xvoscomptesenligne.labanquepostale.frxwww.x.caisse-epargne.fr/Portail.aspxxwww.exabanque.netxonglet.phpxdeutsche-bank.de/xnorisbank.de/xpostbank.de/xtargobank.de/x.x.de/portal/x.bankofamerica.com/x/commonscript.js.bmo.com/OLB?id=x.bmo.com/RMC?id=x.chase.com/x.aspxx.chase.com/js/Reporting.jsx.koodomobile.com/account/selfserve/x/xaccountId=x.payment.ru/x.scotiabank.com/portal/index.jsp?xbancopopular.es/empresasxcreval.it/login2007/loginSiciliano.aspxfirst-direct.com/xipko.plxmybusinessbank.co.ukxsanpaoloimi.com/xulsterbankanytimebanking.x/login.aspxx CertificateIssuerSectigo Limited Subjectres.1wcommon.com FingerprintCA:57:9A:79:5A:DA:C3:1F:13:79:8E:6D:47:D3:CE:AC:9B:E3:07:28 ValidityWed, 04 Dec 2024 00:00:00 GMT - Sun, 04 Jan 2026 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (15506) Size221 kB (220971 bytes) Hashb842f8168e31ae6d51601d8d009763ef b7920a4cd2f9e2d26fc09c9cc29f2caa9471eacc 1f8852599777f28f1a58e05c933e919e0dc71865715a45b0624e560214c1b722
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /7x57BiguQbWhzYB8?608065a642e8fb23=4r8EXUfzXQHaimb7Va-Fd0qRipwyzoJoQ2WAjrJP3zElg4GPgwrx3l9WrWYWcSF83gKqWUtOAAbFtqj_F57rX0wfeBF6lQQdR0bR5hVPFk1Ukf8ELpM-zqGNebMPZRR0berro3oSR22_yuu3YwT1-P9CY71jcbQfVqinUc-HhXSl HTTP/1.1
Host: res.1wcommon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://res.1wcommon.com/F5u2SVjfitTp99fW?e89a8b0e0925a104=F_-MzJrI8a7yKwXeOU_bcV2ElVv_YJ9Ej3Z9W5x-WpsCoWVArFn7FcGSqZRSTpntvsVL_44reSsbEbvk_dqWEuKxgrla5mv6RNduoMLnKmSc8trkka1g-wTUcWfu7VL2E6IsR5cT6hHinoIYBJRzg2PLNRA&hp=.co-operativebank.co.uk/CBIBSWeb/login.do.co-operativebank.co.uk/CBIBSWeb/start.do.de/portal/portal/x.entropay.com/basemenu/prot/x.facebook.comx.nationet.com/x.netbank.commbank.com.au/netbank/bankmainx.npbs.co.uk/netmastergoldbanking/x.nwolb.xlogin.aspx?refereridentx.rbsdigital.xAccountSummaryx.smile.co.uk/SmileWeb/login.do.smile.co.uk/SmileWeb/start.do.yandex.rux/CapitalOne_Consumer/x/easypay.by/x/sbank.ru/x53.com/servlet/efsonlinex://online.wellsfargo.com/x://secure.assist.ru/assistid/protected/main.doxabbeynational.co.uk/EBAN_ENS/BtoChannelDriverxalliance-leicesterxaltergold.com/login.phpxamericanexpress.com/myca/intl/acctsumm/emea/accountSummaryxbancaintesa.it/xbankcardservices.co.ukxbankofamerica.com/xbanquepopulaire.fr/xbnpparibas.net/xcahoot.comxcapitaloneonline.co.uk/CapitalOne_Consumer/Transactionsxcbonline.co.uk/ralu/reglm-web/setupSecurityQuestionPagexcibc.comxPreSignOnxcibc.comxSignOnxcitibank.ru/xclient.uralsibbank.ruxco-operativebank.co.uk/CBIBSWeb/loginSpixcommerceonlinebanking.comxcoventrybuildingsociety.co.ukxdeutsche-bank.dexdiscovercard.com/cardmembersvcs/strongauth/app/sa_mainxebanking.bawag.comxebc_ebc1961xegg.com/customer/movemoneyxegg.com/customer/yourmoneyxfacebook.com/xhalifax-online.co.ukxMyAccountsxhalifax-online.co.uk/x/Mhalifax-online.co.uk/personalxhsbc.co.uk/1/2/personal/internet-banking/xhsbc.comxhttps://banking.postbank.de/app/finanzstatus.init.do;jsessionidxib.fineco.it/FinecoWeb/BonificiServletxib.fineco.it/FinecoWeb/jsp/Main/HBFineco.jspxib.fineco.it/FinecoWeb/jsp/Main/Principale.jspxibank.alfabank.ruxin-biz.it/xipko.plxlibertyreserve.com/x/historylibertyreserve.com/x/loginwww.libertyreserve.com/x/Core.jswww.libertyreserve.com/x/transfer.libertyreserve.com/x/commonscript.jslloydstsb.co.uk/personal/a/account_overview/xmbna.co.ukxmenyala.ruxmoney.yandex.ruxmoneybookers.com/app/login.plxmoneymail.ruxmy.ebay.co.uk/ws/eBayISAPI.dll?MyEbayxmy.ebay.com/ws/eBayISAPI.dll?MyEbayxmy.ebay.fr/ws/eBayISAPI.dll?MyEbayxmybusinessbank.co.ukxnationet.com/AppServices/SignOn/SignOnProcess/RcaSignOnxnpbs.co.ukxnwolb.com/AccountSummaryxnwolb.com/Statementsxnwolb.com/TransfersLandingPagexoltx.fidelity.com/x/x/ofsummary/summaryxonline.lloydstsb.co.ukxonlinebanking.mandtbank.com/summary/AccountSummaryxpassport.yandex.ruxpaypal.com/x/cgi-bin/webscr?cmd=_accountxpaypal.com/x/cgi-bin/webscr?cmd=_login-done&login_access=xpaypal.com/us/cgi-bin/webscr?cmd=_login-done&login_access=xposte.it/xpsk.co.at/xsecure.lloydstsb.co.uk/personal/a/account_overviewxsmile.co.uk/SmileWeb/passcodexusaa.com/xusbank.com/internetBanking/RequestRouter?requestCmdId=Gxwachovia.comxybonline.co.uk/ralu/reglm-web/setupSecurityQuestionPagex.amazon.fr/xhistory/orders/view.htmlx.banquepopulaire.frxShowPortal.dox.bnpparibasfortis.bexHome_Logon.aspx.cdiscount.com/Account/Home.aspxx.cmb.frxaccueil.jspx.credit-agricole.frxentreeBam?sessionSAGx.labanquepostale.fr/xreleveCPP-releve_ccp.eax.secure.bnpparibas.net/NSFR?Actionx.secure.lcl.frxAccueilxcredem.it/OneToOne/ebank/functionsxmijn.ing.nl/xonline.ybs.co.ukxwww.discover.com/xorder.cdiscount.comxCustomer.aspxxsealinfo.verisign.com/splash?form_filexvos-comptes.credit-du-nord.fr/CDC_TableauDeBord_0.asp?xvoscomptesenligne.labanquepostale.frxwww.x.caisse-epargne.fr/Portail.aspxxwww.exabanque.netxonglet.phpxdeutsche-bank.de/xnorisbank.de/xpostbank.de/xtargobank.de/x.x.de/portal/x.bankofamerica.com/x/commonscript.js.bmo.com/OLB?id=x.bmo.com/RMC?id=x.chase.com/x.aspxx.chase.com/js/Reporting.jsx.koodomobile.com/account/selfserve/x/xaccountId=x.payment.ru/x.scotiabank.com/portal/index.jsp?xbancopopular.es/empresasxcreval.it/login2007/loginSiciliano.aspxfirst-direct.com/xipko.plxmybusinessbank.co.ukxsanpaoloimi.com/xulsterbankanytimebanking.x/login.aspxx
Cookie: thx_guid=1822d361c68f65cff7bbe04c52d309b0; tmx_guid=AAw6PUcB4sg64sibo0iD2O5yGB-Oy3QS8DpTK0nCRRr0Og_jbqsd-37Hw33OnpttNR1AnAp7gqKK7mAqYxMK8J7RMAEPzg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 07 Jun 2025 02:01:27 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Connection: Keep-Alive, Keep-Alive
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT
tmx-nonce: 91d3820e94ac05e0
X-Robots-Tag: noindex, nofollow
Content-Type: text/javascript;charset=UTF-8
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=2, max=99
Transfer-Encoding: chunked
|
|
| v1.bundlecdn.com/js/chunk-common.c3c9bd5d1.js | 154.197.121.128 | 200 OK | 1.4 MB |
URL GET v1.bundlecdn.com/js/chunk-common.c3c9bd5d1.js IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (65485), with no line terminators Size1.4 MB (1436203 bytes) Hash61b581055a0285662a06714ae63ba0fc 3e0749162fe3c7898b11883cce8102ba1ceb8cdc 001a7f04ff6c666751d41e17f57f84a652b3809ba171b7fb86f4445de850f042
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/chunk-common.c3c9bd5d1.js HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 07 Jun 2025 02:01:18 GMT
content-type: application/javascript; charset=utf-8
last-modified: Fri, 06 Jun 2025 14:00:10 GMT
etag: W/"6842f46a-15ea2b"
expires: Tue, 05 Jun 2035 02:01:18 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 41734
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8f94fa592533-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| v1.bundlecdn.com/casino-images/1/categories/30/5991b67d-d4e9-4858-b009-2caad9217875_horizontal.svg | 154.197.121.128 | 200 OK | 1.1 kB |
URL GET v1.bundlecdn.com/casino-images/1/categories/30/5991b67d-d4e9-4858-b009-2caad9217875_horizontal.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hash71e0912bde7be739d96db894ecb36aa9 58138f1cf533dc7ad6892fb7b698dda8cfc05af3 700e180efeba57e40f5f5c6280fde3cfedb9ac856fbebd9c5015c5a7ca53c379
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /casino-images/1/categories/30/5991b67d-d4e9-4858-b009-2caad9217875_horizontal.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:24 GMT
content-type: image/svg+xml
etag: W/"67ee8b88-43c"
last-modified: Thu, 03 Apr 2025 13:22:16 GMT
expires: Tue, 05 Jun 2035 02:01:24 GMT
cache-control: public, max-age=315360000
x-cache-status: HIT
cf-cache-status: HIT
age: 997523
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fb57dc892f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/casino-images/prov_softswiss_Barbara%20Bang/9d5ad32e-b414-4186-89fa-f4b49301f7f7_0.svg | 154.197.121.128 | 200 OK | 11 kB |
URL GET v1.bundlecdn.com/casino-images/prov_softswiss_Barbara%20Bang/9d5ad32e-b414-4186-89fa-f4b49301f7f7_0.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hash52324d7fb8ffb6a02a7f017453cc845d 223d488908c56007b3849e1675d667451ee909d3 b9f4741304daf738afa992d063a3e5bd36cdcbc11a722c69b0da09621bb2215a
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /casino-images/prov_softswiss_Barbara%20Bang/9d5ad32e-b414-4186-89fa-f4b49301f7f7_0.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:23 GMT
content-type: image/svg+xml
etag: W/"67ed2f07-2a83"
last-modified: Wed, 02 Apr 2025 12:35:19 GMT
expires: Tue, 05 Jun 2035 02:01:23 GMT
cache-control: public, max-age=315360000
x-cache-status: HIT
cf-cache-status: HIT
age: 2648053
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8faecb7292f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/casino-images/prov_infingames_Onlyplay/9dfe4ccd-dda9-462d-9771-cb87611ddee8_0.svg | 154.197.121.128 | 200 OK | 1.6 kB |
URL GET v1.bundlecdn.com/casino-images/prov_infingames_Onlyplay/9dfe4ccd-dda9-462d-9771-cb87611ddee8_0.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hash689a09445bf4fcdb16a78e76c48143a0 bf0d2ce2bfc9ad2c0d639ae7c00a49a25ca5cf2d 376265740272609bd1ef2c5e4f222bf04887c994cd2be82eee11ab4607903ac0
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /casino-images/prov_infingames_Onlyplay/9dfe4ccd-dda9-462d-9771-cb87611ddee8_0.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:23 GMT
content-type: image/svg+xml
etag: W/"67ed29d8-63e"
last-modified: Wed, 02 Apr 2025 12:13:12 GMT
expires: Tue, 05 Jun 2035 02:01:23 GMT
cache-control: public, max-age=315360000
x-cache-status: HIT
cf-cache-status: HIT
age: 5665077
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fb18c6392f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| routerpp.life/api/v1/product-visits | 154.197.121.200 | 200 OK | 0 B |
URL OPTIONS routerpp.life/api/v1/product-visits IP154.197.121.200:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectrouterpp.life Fingerprint54:BC:16:29:E4:18:62:66:8B:32:32:06:55:91:CE:FE:5A:89:41:0B ValidityTue, 29 Apr 2025 13:45:18 GMT - Mon, 28 Jul 2025 14:45:16 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
OPTIONS /api/v1/product-visits HTTP/1.1
Host: routerpp.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,x-unique-key
Referer: https://1w-jp-ftend-pp.top/
Origin: https://1w-jp-ftend-pp.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 07 Jun 2025 02:01:21 GMT
content-length: 0
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://1w-jp-ftend-pp.top
access-control-allow-methods: POST
access-control-allow-headers: content-type, x-unique-key
x-content-type-options: nosniff
x-xss-protection: 0
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
strict-transport-security: max-age=31536000 ; includeSubDomains
x-frame-options: DENY
cf-cache-status: DYNAMIC
set-cookie: __cf_bm=vYXmUIRZo3lWEPzE6MGxj74kUfYfgl59bWX213N6RHY-1749261681-1.0.1.1-oB90YaFj9L.rHmzPq7Ngbt3w67BGkvxhvbdu2VJ0i6MP7RTG_aCwPtgRWhkJJy7pVglffjyceB9Js_2TWDlR95GhU6Ltl4yT9IdXeXtKV94; path=/; expires=Sat, 07-Jun-25 02:31:21 GMT; domain=.routerpp.life; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 94bc8fa27a25b24b-CPH
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| www.googletagmanager.com/gtag/js?id=G-548949LWLW&cx=c>m=45He5641h1v894400803za200&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104617979~104617981~104653070~104653072~104661466~104661468~104698127~104698129 | 142.250.178.104 | 200 OK | 350 kB |
URL GET www.googletagmanager.com/gtag/js?id=G-548949LWLW&cx=c>m=45He5641h1v894400803za200&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104617979~104617981~104653070~104653072~104661466~104661468~104698127~104698129 IP142.250.178.104:443
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subject*.google-analytics.com Fingerprint10:76:57:2F:C3:21:F2:5F:71:E4:85:A5:DB:F7:65:3F:51:03:55:07 ValidityMon, 12 May 2025 08:42:57 GMT - Mon, 04 Aug 2025 08:42:56 GMT
File typeJavaScript source, ASCII text, with very long lines (6079) Size350 kB (349533 bytes) Hash6bacd88921ca24402da00392391bca41 7cc4dea6a5b3b483a752d97fd243c1f7c914721f 774fdfc076ce5b7b3bbcd2cc8c3903ca146ab719debdd9d358aacc332897a4cb
GET /gtag/js?id=G-548949LWLW&cx=c>m=45He5641h1v894400803za200&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104617979~104617981~104653070~104653072~104661466~104661468~104698127~104698129 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 07 Jun 2025 02:01:24 GMT
expires: Sat, 07 Jun 2025 02:01:24 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1077:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascgcycc:1077:0
report-to: {"group":"ascgcycc:1077:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1077:0"}],}
server: Google Tag Manager
content-length: 120528
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| www.gstatic.com/recaptcha/releases/GUGrl5YkSwqiWrzO3ShIKDlu/recaptcha__en.js | 142.250.178.67 | 200 OK | 652 kB |
URL GET www.gstatic.com/recaptcha/releases/GUGrl5YkSwqiWrzO3ShIKDlu/recaptcha__en.js IP142.250.178.67:443
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subject*.gstatic.com Fingerprint41:FF:72:9C:74:6F:D4:D1:3B:A8:03:EB:55:D2:D2:09:7E:7A:44:DC ValidityMon, 12 May 2025 08:44:01 GMT - Mon, 04 Aug 2025 08:44:00 GMT
Size652 kB (651660 bytes) Hash1aadd838404a995920bd370418096fa7 72ccf13ddc94c03066e247b7f7bda9ed73840bd2 a67763d4fedab30d8e8b8d88259de236c56b00d8be78c741083ca2178c19bc8a
GET /recaptcha/releases/GUGrl5YkSwqiWrzO3ShIKDlu/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1w-jp-ftend-pp.top
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
timing-allow-origin: *
content-length: 276832
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 03 Jun 2025 19:00:00 GMT
expires: Wed, 03 Jun 2026 19:00:00 GMT
cache-control: public, max-age=31536000
age: 284483
last-modified: Mon, 26 May 2025 16:43:37 GMT
content-type: text/javascript
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| v1.bundlecdn.com/casino-images/prov_relax_Fantasma/19dc659d-57bc-4ca3-a5ad-2cc90dbfbc60_0.svg | 154.197.121.128 | 200 OK | 3.3 kB |
URL GET v1.bundlecdn.com/casino-images/prov_relax_Fantasma/19dc659d-57bc-4ca3-a5ad-2cc90dbfbc60_0.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hashde9d7bb724b9660834da9824cbcf3c91 b10fefb86bbea1fd097f5ade83ea774d5008ee34 ef963069c0fa46aa120dcf5a2d9b3b019d2ed7d3c5d6a9f7be146bfa34da9801
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /casino-images/prov_relax_Fantasma/19dc659d-57bc-4ca3-a5ad-2cc90dbfbc60_0.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:23 GMT
content-type: image/svg+xml
etag: W/"67ed2b8b-ce2"
last-modified: Wed, 02 Apr 2025 12:20:27 GMT
expires: Tue, 05 Jun 2035 02:01:23 GMT
cache-control: public, max-age=315360000
x-cache-status: MISS
cf-cache-status: HIT
age: 5659496
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fafbbc692f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/casino-images/prov_infingames_Mancala%20Gaming/c3164eda-1598-4593-82cc-d1112faa6d1a_0.svg | 154.197.121.128 | 200 OK | 3.4 kB |
URL GET v1.bundlecdn.com/casino-images/prov_infingames_Mancala%20Gaming/c3164eda-1598-4593-82cc-d1112faa6d1a_0.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hash4693915341351972958eb0593ab5c3ed 1050346dc0c7fd3fef4609964478e40b50042786 2b2bb401ddeebe092012fa2ceefe5f0361cb43e002c6aab8ac3077276d689d56
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /casino-images/prov_infingames_Mancala%20Gaming/c3164eda-1598-4593-82cc-d1112faa6d1a_0.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:23 GMT
content-type: image/svg+xml
etag: W/"67ed289d-d5d"
last-modified: Wed, 02 Apr 2025 12:07:57 GMT
expires: Tue, 05 Jun 2035 02:01:23 GMT
cache-control: public, max-age=315360000
x-cache-status: HIT
cf-cache-status: HIT
age: 5665077
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fb12c3592f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/casino-images/prov_mrslotty_OneTouch/1ee15b6f-e71e-4c8f-bcfc-aaf594a8efe3_0.svg | 154.197.121.128 | 200 OK | 2.7 kB |
URL GET v1.bundlecdn.com/casino-images/prov_mrslotty_OneTouch/1ee15b6f-e71e-4c8f-bcfc-aaf594a8efe3_0.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hashf4f6536e83f4837bce46f401ce003261 e02d4f0f2190e614d23ee53ed0880e6754d852c0 a20d00154a3fd1bf5d3e91aec93621ae2478b5dccbe68d7a15c1c8bffba5b133
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /casino-images/prov_mrslotty_OneTouch/1ee15b6f-e71e-4c8f-bcfc-aaf594a8efe3_0.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:23 GMT
content-type: image/svg+xml
etag: W/"67ed26e6-aa8"
last-modified: Wed, 02 Apr 2025 12:00:38 GMT
expires: Tue, 05 Jun 2035 02:01:23 GMT
cache-control: public, max-age=315360000
x-cache-status: HIT
cf-cache-status: HIT
age: 5664974
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fb18c6292f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/img/rubyplay.b4553f39e.svg | 154.197.121.128 | 200 OK | 7.6 kB |
URL GET v1.bundlecdn.com/img/rubyplay.b4553f39e.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hash69680c6fbb3e9c1866a18ef69941e53b 54433c16936ad4f5e78965f8d1131598c83a4ad3 d49a2dc21164a4859ff8dc325d96b7bd21627cde27223aa8e6efc484326f7978
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/rubyplay.b4553f39e.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:23 GMT
content-type: image/svg+xml
last-modified: Fri, 06 Jun 2025 15:37:18 GMT
etag: W/"68430b2e-1d85"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1465
expires: Sat, 07 Jun 2025 06:01:23 GMT
cache-control: public, max-age=14400
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fb1fca392f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/js/35811.2eedba7f4.js | 154.197.121.128 | 200 OK | 915 B |
URL GET v1.bundlecdn.com/js/35811.2eedba7f4.js IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeJavaScript source, ASCII text, with very long lines (915), with no line terminators Hash2ef6e14b282351a3e22c4f2fae153787 8221a39b7007f74c692a83ee84692d4f6be03eb2 e7a26e6aeb1c52be2e56eb6e32ff9b8fd65ba191afab67a3e08c41ca336ebca0
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/35811.2eedba7f4.js HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:21 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 19 May 2025 09:46:12 GMT
etag: W/"682afde4-393"
expires: Tue, 05 Jun 2035 02:01:21 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1613345
priority: u=3,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fa6c92992f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/img/pwa_ios_en.f08ddb1e6-690.png | 154.197.121.128 | 200 OK | 35 kB |
URL GET v1.bundlecdn.com/img/pwa_ios_en.f08ddb1e6-690.png IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typePNG image data, 690 x 450, 8-bit colormap, non-interlaced Hash232d05b165c6b0fc9695db490aa71f47 f04ccc74ebd190747114ceeb882d51db8e9268c6 9f1c5e7317322a12fab89e9a96b3c4dcb22381d5751128217b168e3477e5e207
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/pwa_ios_en.f08ddb1e6-690.png HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:21 GMT
content-type: image/png
content-length: 34925
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cf-bgj: imgq:100,h2pri
cf-polished: origSize=39066
etag: "68430b2d-989a"
last-modified: Fri, 06 Jun 2025 15:37:17 GMT
cf-cache-status: HIT
age: 4053
expires: Sat, 07 Jun 2025 06:01:21 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fa869ab92f4-CPH
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/img/betraja.5cf6f15c0-75.png | 154.197.121.128 | 200 OK | 1.1 kB |
URL GET v1.bundlecdn.com/img/betraja.5cf6f15c0-75.png IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typePNG image data, 75 x 75, 8-bit colormap, non-interlaced Hash2840e342f235c6d7d76db654ff6a0edd 8f81dc2954a1e234394d7b284e02742730f25f37 2ad89292fa4c717acf6c24a9fa1f4c795f1e63f7e03bd4800c73f989c595a950
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/betraja.5cf6f15c0-75.png HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:22 GMT
content-type: image/png
content-length: 1054
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cf-bgj: imgq:100,h2pri
cf-polished: origSize=1174
etag: "68430b2e-496"
last-modified: Fri, 06 Jun 2025 15:37:18 GMT
cf-cache-status: HIT
age: 1472
expires: Sat, 07 Jun 2025 06:01:22 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fabea7d92f4-CPH
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/casino-images/1/categories/251/5c6ffdb7-0191-4719-aa2b-d593c99e77e7_horizontal.svg | 154.197.121.128 | 200 OK | 2.7 kB |
URL GET v1.bundlecdn.com/casino-images/1/categories/251/5c6ffdb7-0191-4719-aa2b-d593c99e77e7_horizontal.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hash29332f760e9b13d868dde4da5fa7177d 6df587d2e8df82012fe179f64df24fa328a517b3 a691731b365c8c7b66bac42e15c14d04e7ad557fa69fbf003fc17858237981f8
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /casino-images/1/categories/251/5c6ffdb7-0191-4719-aa2b-d593c99e77e7_horizontal.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:24 GMT
content-type: image/svg+xml
etag: W/"6764294d-a66"
last-modified: Thu, 19 Dec 2024 14:10:21 GMT
expires: Tue, 05 Jun 2035 02:01:24 GMT
cache-control: public, max-age=315360000
x-cache-status: MISS
cf-cache-status: HIT
age: 1856273
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fb57dc992f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/casino-images/1/categories/210010/90961cb0-8b04-4beb-9798-e3b44ffb2954_horizontal.svg | 154.197.121.128 | 200 OK | 3.5 kB |
URL GET v1.bundlecdn.com/casino-images/1/categories/210010/90961cb0-8b04-4beb-9798-e3b44ffb2954_horizontal.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hash468df0cd9546410a3d003671a9f67a01 abc3dbd74f54ace9a886b92ccecbf715b8e9f04f c916072fd5a5ceaa3ea42af7f003e5b7ba05b3a9b85e03e9724ecf9acece5758
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /casino-images/1/categories/210010/90961cb0-8b04-4beb-9798-e3b44ffb2954_horizontal.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:24 GMT
content-type: image/svg+xml
etag: W/"677fb080-d8c"
last-modified: Thu, 09 Jan 2025 11:18:24 GMT
expires: Tue, 05 Jun 2035 02:01:24 GMT
cache-control: public, max-age=315360000
x-cache-status: HIT
cf-cache-status: HIT
age: 8252214
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fb5addc92f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| imgproxy.v1.bundlecdn.com/unsafe/casino_list_big_1x/plain/https://v1.bundlecdn.com/casino-images/v/h_gamzixbilliewild_billiewild.png@avif | 154.197.121.128 | 200 OK | 4.9 kB |
URL GET imgproxy.v1.bundlecdn.com/unsafe/casino_list_big_1x/plain/https://v1.bundlecdn.com/casino-images/v/h_gamzixbilliewild_billiewild.png@avif IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
Hash75082c0ee4b03a882abc811db710362f afe76803422fa4e72da84b676cffcf1fcae9bf38 3bd19f2e676c50df33d3e867aaf658b7a39328b9fb6cc986988a15e4ca1f4956
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://v1.bundlecdn.com/casino-images/v/h_gamzixbilliewild_billiewild.png@avif HTTP/1.1
Host: imgproxy.v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:24 GMT
content-type: image/avif
content-length: 4906
cache-control: public, max-age=31536000
content-disposition: inline; filename="h_gamzixbilliewild_billiewild.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY4MjVkMGI2LTgxMzki"
expires: Sun, 07 Jun 2026 02:01:24 GMT
x-request-id: D1OVqGFRnSAxoIl9h7k_6
cf-cache-status: HIT
age: 291619
accept-ranges: bytes
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fb7fe9592f4-CPH
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/img/1win-normal.5a6f93b4b.svg | 154.197.121.128 | 200 OK | 2.6 kB |
URL GET v1.bundlecdn.com/img/1win-normal.5a6f93b4b.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hash59e94959643f38855d4d3d34b88616be 417ce9365109c41552472bdb0ae007510167afbb ca6adc7a5013f9e7435bbb589460fe9cdb5bfd17efd738493b728ee21e77d0a2
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/1win-normal.5a6f93b4b.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:21 GMT
content-type: image/svg+xml
last-modified: Fri, 06 Jun 2025 15:37:18 GMT
etag: W/"68430b2e-a26"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 3505
expires: Sat, 07 Jun 2025 06:01:21 GMT
cache-control: public, max-age=14400
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fa4a85f92f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/img/speed-and-cash.dffacd6c5.svg | 154.197.121.128 | 200 OK | 24 kB |
URL GET v1.bundlecdn.com/img/speed-and-cash.dffacd6c5.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hash3c62bcde419e822cfa55d45a05fa112d 77631a7cbc25e1d4567b72cc5b8c4acb43c7eb38 feb59050cb394075bb3efee348121151a8a214d673e69b1a3b8021e85a46c5f0
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/speed-and-cash.dffacd6c5.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:21 GMT
content-type: image/svg+xml
last-modified: Fri, 06 Jun 2025 15:37:18 GMT
etag: W/"68430b2e-5bb7"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6633
expires: Sat, 07 Jun 2025 06:01:21 GMT
cache-control: public, max-age=14400
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fa568a892f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/casino-images/prov_infingames_3%20Oaks%20Gaming/00c09d90-bd63-4cec-8d25-7fad060cbc7c_0.svg | 154.197.121.128 | 200 OK | 3.1 kB |
URL GET v1.bundlecdn.com/casino-images/prov_infingames_3%20Oaks%20Gaming/00c09d90-bd63-4cec-8d25-7fad060cbc7c_0.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hashf1f368134b4a4b7060c603acdd03d9e9 40406e77cc484609357fe594beb491cdde71f5d8 9a49ea36821a2bf5bab4b4c82905591174990362be3907962a33db624fa69827
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /casino-images/prov_infingames_3%20Oaks%20Gaming/00c09d90-bd63-4cec-8d25-7fad060cbc7c_0.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:22 GMT
content-type: image/svg+xml
etag: W/"67ed288c-bf9"
last-modified: Wed, 02 Apr 2025 12:07:40 GMT
expires: Tue, 05 Jun 2035 02:01:22 GMT
cache-control: public, max-age=315360000
x-cache-status: HIT
cf-cache-status: HIT
age: 5664846
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fad0ae092f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/casino-images/prov_fundist_TopSpin/67dbc1ad-e7d9-46d6-9da4-de6236ef34c6_0.png | 154.197.121.128 | 200 OK | 2.6 kB |
URL GET v1.bundlecdn.com/casino-images/prov_fundist_TopSpin/67dbc1ad-e7d9-46d6-9da4-de6236ef34c6_0.png IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typePNG image data, 300 x 98, 8-bit colormap, non-interlaced Hash2559a4fbb143eebce7462fe5251aaa65 89ba22269638d2c9f2900c17d1b24dc94b19b13f 89dc978f91774e23b228f241801d641062aff06db62357c128503187149bcba0
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /casino-images/prov_fundist_TopSpin/67dbc1ad-e7d9-46d6-9da4-de6236ef34c6_0.png HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:23 GMT
content-type: image/png
content-length: 2635
cache-control: public, max-age=315360000
cf-bgj: imgq:100,h2pri
cf-polished: origSize=5128
etag: "67ed5d1f-1408"
expires: Tue, 05 Jun 2035 02:01:23 GMT
last-modified: Wed, 02 Apr 2025 15:51:59 GMT
x-cache-status: HIT
cf-cache-status: HIT
age: 5649347
accept-ranges: bytes
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fb27ce192f4-CPH
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/casino-images/1/categories/81/c9c8bf1f-d3ea-4d33-b0d3-3eb388900e16_horizontal.svg | 154.197.121.128 | 200 OK | 3.0 kB |
URL GET v1.bundlecdn.com/casino-images/1/categories/81/c9c8bf1f-d3ea-4d33-b0d3-3eb388900e16_horizontal.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hash3a3ba6acc5b15480eded91d8b673d9af 5800f6bda7fcc9443ee3e153f89105330ee2f8f0 7424f04641a898bc83fb68b02dc292039072a3ae3bcefbbcd11333f04b1a702b
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /casino-images/1/categories/81/c9c8bf1f-d3ea-4d33-b0d3-3eb388900e16_horizontal.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:24 GMT
content-type: image/svg+xml
etag: W/"67642c73-b9d"
last-modified: Thu, 19 Dec 2024 14:23:47 GMT
expires: Tue, 05 Jun 2035 02:01:24 GMT
cache-control: public, max-age=315360000
x-cache-status: HIT
cf-cache-status: HIT
age: 8252215
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fb54db792f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| imgproxy.v1.bundlecdn.com/unsafe/casino_list_big_1x/plain/https://v1.bundlecdn.com/casino-images/pragmatic/4c69f350-897f-4406-b178-81cb183d280b_horizontal.png@avif | 154.197.121.128 | 200 OK | 6.2 kB |
URL GET imgproxy.v1.bundlecdn.com/unsafe/casino_list_big_1x/plain/https://v1.bundlecdn.com/casino-images/pragmatic/4c69f350-897f-4406-b178-81cb183d280b_horizontal.png@avif IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
Hashd913edc402898f1a0bb9206acce25aee eee6743a782c3d1e0170c419e2b946758e9e3d14 18dd40d0d83c9fbe2ae888ec285078b5e2848d7c6b128a895d8ca60431217c20
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://v1.bundlecdn.com/casino-images/pragmatic/4c69f350-897f-4406-b178-81cb183d280b_horizontal.png@avif HTTP/1.1
Host: imgproxy.v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:24 GMT
content-type: image/avif
content-length: 6248
cache-control: public, max-age=31536000
content-disposition: inline; filename="4c69f350-897f-4406-b178-81cb183d280b_horizontal.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY4MjRhOTI5LTM5MzNlIg"
expires: Sun, 07 Jun 2026 02:01:24 GMT
x-request-id: Yws4PS75rLn30fWxMD4Y7
cf-cache-status: HIT
age: 2022548
accept-ranges: bytes
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fb84eb792f4-CPH
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| res.1wcommon.com/yYj_JBkOeLgxvDmw?2ded977582b616b3=wJuakHCnX-EE7VxqhM9lH7rRbkIFFlLsjyj6r445m73EZ4O4ovUfYvAtVEvVNoE8tGSivBvChXRVrgFtjMKPd7zjghjGApM7MI7JGDPqQZhDfjEs_h1bNGvt-QjLlwEMmy02kvnVlaNjbNuS5rzrrmikbts&jb=3136246c71693f663f666330633c316631376d3c3b386269616637653d3537336137643463623b | 91.235.132.77 | 200 OK | 0 B |
URL GET res.1wcommon.com/yYj_JBkOeLgxvDmw?2ded977582b616b3=wJuakHCnX-EE7VxqhM9lH7rRbkIFFlLsjyj6r445m73EZ4O4ovUfYvAtVEvVNoE8tGSivBvChXRVrgFtjMKPd7zjghjGApM7MI7JGDPqQZhDfjEs_h1bNGvt-QjLlwEMmy02kvnVlaNjbNuS5rzrrmikbts&jb=3136246c71693f663f666330633c316631376d3c3b386269616637653d3537336137643463623b IP91.235.132.77:443
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerSectigo Limited Subjectres.1wcommon.com FingerprintCA:57:9A:79:5A:DA:C3:1F:13:79:8E:6D:47:D3:CE:AC:9B:E3:07:28 ValidityWed, 04 Dec 2024 00:00:00 GMT - Sun, 04 Jan 2026 23:59:59 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /yYj_JBkOeLgxvDmw?2ded977582b616b3=wJuakHCnX-EE7VxqhM9lH7rRbkIFFlLsjyj6r445m73EZ4O4ovUfYvAtVEvVNoE8tGSivBvChXRVrgFtjMKPd7zjghjGApM7MI7JGDPqQZhDfjEs_h1bNGvt-QjLlwEMmy02kvnVlaNjbNuS5rzrrmikbts&jb=3136246c71693f663f666330633c316631376d3c3b386269616637653d3537336137643463623b HTTP/1.1
Host: res.1wcommon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Cookie: thx_guid=1822d361c68f65cff7bbe04c52d309b0; tmx_guid=AAw6PUcB4sg64sibo0iD2O5yGB-Oy3QS8DpTK0nCRRr0Og_jbqsd-37Hw33OnpttNR1AnAp7gqKK7mAqYxMK8J7RMAEPzg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 07 Jun 2025 02:01:27 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Pragma: no-cache
Cache-Control: no-cache, no-store, must-revalidate
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Length: 0
Keep-Alive: timeout=2, max=97
Connection: Keep-Alive
Content-Type: text/javascript
|
|
| v1.bundlecdn.com/js/34884.26a099be4.js | 154.197.121.128 | 200 OK | 2.7 kB |
URL GET v1.bundlecdn.com/js/34884.26a099be4.js IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeJavaScript source, ASCII text, with very long lines (2701), with no line terminators Hash10f80b0a58464342061a67e2be5cd80f fa01cbbdc169b42f82bb7ea5c34691a98b223947 d834e4dca0e5d56168d15b2b40dcb8f925b659c43bf800bde933f7e298efc8af
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/34884.26a099be4.js HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:21 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 19 May 2025 09:46:11 GMT
etag: W/"682afde3-a8d"
expires: Tue, 05 Jun 2035 02:01:21 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1613299
priority: u=3,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fa658fb92f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/img/sprite-dice-frame@2.8e0d70675-256.png | 154.197.121.128 | 200 OK | 16 kB |
URL GET v1.bundlecdn.com/img/sprite-dice-frame@2.8e0d70675-256.png IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typePNG image data, 256 x 256, 8-bit colormap, non-interlaced Hash2018c59c5dccfaec96873d1ce9a60276 46ad94df758fdb9f0a257d99fcf52314cf5df926 b57379b1cd70db0d460ce31140e81eb78d3347ad6f7dd2cf9fe1c624d5e65439
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/sprite-dice-frame@2.8e0d70675-256.png HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:21 GMT
content-type: image/png
content-length: 15901
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cf-bgj: imgq:100,h2pri
cf-polished: origSize=17269
etag: "68430b2d-4375"
last-modified: Fri, 06 Jun 2025 15:37:17 GMT
cf-cache-status: HIT
age: 4053
expires: Sat, 07 Jun 2025 06:01:21 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fa7896792f4-CPH
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/casino-images/prov_relax_Leap/438742df-26cd-4eb0-8143-bdf31eccd092_0.svg | 154.197.121.128 | 200 OK | 1.6 kB |
URL GET v1.bundlecdn.com/casino-images/prov_relax_Leap/438742df-26cd-4eb0-8143-bdf31eccd092_0.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hash149f8d2c983c585da9db8bd1b06d3579 195517f82f3cb6779e9e052203d084cfd853f491 16e13af1be1d42b198e0ac311aa5cccfd1cb9a0928177c86df90adaf5f5d2d3a
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /casino-images/prov_relax_Leap/438742df-26cd-4eb0-8143-bdf31eccd092_0.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:23 GMT
content-type: image/svg+xml
etag: W/"67ed2b15-629"
last-modified: Wed, 02 Apr 2025 12:18:29 GMT
expires: Tue, 05 Jun 2035 02:01:23 GMT
cache-control: public, max-age=315360000
x-cache-status: HIT
cf-cache-status: HIT
age: 5659496
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fb0ec2292f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/casino-images/prov_pragmatic_Pragmatic/1a64546d-e84a-475a-9777-68c03b8154ae_0.svg | 154.197.121.128 | 200 OK | 2.4 kB |
URL GET v1.bundlecdn.com/casino-images/prov_pragmatic_Pragmatic/1a64546d-e84a-475a-9777-68c03b8154ae_0.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hash6151159bfb6870c84132eb6c01cac7f3 660b767dd7f2e4d1462f2541e4e0f00f3194ffe8 43224ceee3d870ff97d46ba24cf510ca6e1e4074940dd81552b317ebe6144dae
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /casino-images/prov_pragmatic_Pragmatic/1a64546d-e84a-475a-9777-68c03b8154ae_0.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:23 GMT
content-type: image/svg+xml
etag: W/"67ed273e-945"
last-modified: Wed, 02 Apr 2025 12:02:06 GMT
expires: Tue, 05 Jun 2035 02:01:23 GMT
cache-control: public, max-age=315360000
x-cache-status: HIT
cf-cache-status: HIT
age: 5665918
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fb1cc8c92f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/casino-images/prov_fundist_Red%20Tiger/c736df4e-abbe-4ff4-a189-1784187bc03c_0.svg | 154.197.121.128 | 200 OK | 15 kB |
URL GET v1.bundlecdn.com/casino-images/prov_fundist_Red%20Tiger/c736df4e-abbe-4ff4-a189-1784187bc03c_0.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hash98ee85a823a1a19daf7cc359a065d416 1c1af292b1d129e8deb65589b0f5b967f8012905 9560c0c21bfa3de2d99eb476430b8c18c8a7883e42b3687a4655225ce38f4788
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /casino-images/prov_fundist_Red%20Tiger/c736df4e-abbe-4ff4-a189-1784187bc03c_0.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:23 GMT
content-type: image/svg+xml
etag: W/"67ed21c8-3b58"
last-modified: Wed, 02 Apr 2025 11:38:48 GMT
expires: Tue, 05 Jun 2035 02:01:23 GMT
cache-control: public, max-age=315360000
x-cache-status: HIT
cf-cache-status: HIT
age: 1912538
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fb1ec9992f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/js/60385.818b4b62f.js | 154.197.121.128 | 200 OK | 9.3 kB |
URL GET v1.bundlecdn.com/js/60385.818b4b62f.js IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (9261), with no line terminators Hashe55da5d1be17c594a3fc6cadb0e3a8a5 fd5e59d4f50feffef256cf7c1ecf3793412d42be b3d1b5a7fb3657c5a7508f0a4c3fb5678832d52bed065e3ab3d8484e8496413c
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/60385.818b4b62f.js HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:21 GMT
content-type: application/javascript; charset=utf-8
last-modified: Fri, 06 Jun 2025 14:00:10 GMT
etag: W/"6842f46a-2430"
expires: Tue, 05 Jun 2035 02:01:21 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 41736
priority: u=3,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fa2afcd92f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/casino-images/prov_mrslotty_CT%20Interactive/184d3507-295b-4257-bb59-0eaea68db5d2_0.svg | 154.197.121.128 | 200 OK | 2.1 kB |
URL GET v1.bundlecdn.com/casino-images/prov_mrslotty_CT%20Interactive/184d3507-295b-4257-bb59-0eaea68db5d2_0.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hashc13d99981e165b5d433c563d8c993aa3 2c20f7e45c6b410ce2b8632ca90ac96a24d44516 d5ee50ca2c4b34184f6ef69e0e767805dd7ae21034636f90ff3dc72730e9cd35
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /casino-images/prov_mrslotty_CT%20Interactive/184d3507-295b-4257-bb59-0eaea68db5d2_0.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:23 GMT
content-type: image/svg+xml
etag: W/"67ed2475-84f"
last-modified: Wed, 02 Apr 2025 11:50:13 GMT
expires: Tue, 05 Jun 2035 02:01:23 GMT
cache-control: public, max-age=315360000
x-cache-status: HIT
cf-cache-status: HIT
age: 1525284
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8faf9bba92f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/casino-images/prov_1x2_Prospect%20gaming/8d555994-8dcf-4cd6-9a17-5dc9571ef5fd_0.svg | 154.197.121.128 | 200 OK | 34 kB |
URL GET v1.bundlecdn.com/casino-images/prov_1x2_Prospect%20gaming/8d555994-8dcf-4cd6-9a17-5dc9571ef5fd_0.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hashef5cdd22b2842d5446f92257dd642dfd a449e37519ff6cbb3f4c2322d5a77d96bfbdb690 000bbecb492dcf46c103461548f1faa7937cc5ff6888dcdc8776ecaa04a72796
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /casino-images/prov_1x2_Prospect%20gaming/8d555994-8dcf-4cd6-9a17-5dc9571ef5fd_0.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:23 GMT
content-type: image/svg+xml
etag: W/"67ed2346-86da"
last-modified: Wed, 02 Apr 2025 11:45:10 GMT
expires: Tue, 05 Jun 2035 02:01:23 GMT
cache-control: public, max-age=315360000
x-cache-status: HIT
cf-cache-status: HIT
age: 5666566
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fb1dc9292f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| imgproxy.v1.bundlecdn.com/unsafe/casino_list_big_1x/plain/https://v1.bundlecdn.com/casino-images/fundist/gold_nugget_rush_hold_and_win.jpg@avif | 154.197.121.128 | 200 OK | 8.5 kB |
URL GET imgproxy.v1.bundlecdn.com/unsafe/casino_list_big_1x/plain/https://v1.bundlecdn.com/casino-images/fundist/gold_nugget_rush_hold_and_win.jpg@avif IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
Hash0e15573bf427ba7edd876f4b6e450b9b 814f8ef7b69086b6b9173edd395f67e1d8aab92c 92b1b3cfe1cc4a87eef5c2353a6e22c7a874a14ddaf19b03aa98f7ec958b397a
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://v1.bundlecdn.com/casino-images/fundist/gold_nugget_rush_hold_and_win.jpg@avif HTTP/1.1
Host: imgproxy.v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:24 GMT
content-type: image/avif
content-length: 8492
cache-control: public, max-age=31536000
content-disposition: inline; filename="gold_nugget_rush_hold_and_win.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY4MDllNDI4LTIwZWVlIg"
expires: Sun, 07 Jun 2026 02:01:24 GMT
x-request-id: pDE3ZVQZps9J51dB3zm9g
cf-cache-status: HIT
age: 366789
accept-ranges: bytes
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fb7ee8d92f4-CPH
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/js/icons-pack-home.d43afffd9.js | 154.197.121.128 | 200 OK | 21 kB |
URL GET v1.bundlecdn.com/js/icons-pack-home.d43afffd9.js IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeJavaScript source, ASCII text, with very long lines (21034), with no line terminators Hash29d1c475489bf26c33c9d4f29eb5ba4f 3e8abc552b7008227a9912767049536a86f910b5 a0edc423fc09fd0c6087926d0967867e9dca23d557faadae0685809aa483dfc4
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/icons-pack-home.d43afffd9.js HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:21 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 19 May 2025 09:46:12 GMT
etag: W/"682afde4-522a"
expires: Tue, 05 Jun 2035 02:01:21 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1613298
priority: u=3,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fa5e8cf92f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/img/home-poker-banner-bg.daea5f5cb-600.png | 154.197.121.128 | 200 OK | 20 kB |
URL GET v1.bundlecdn.com/img/home-poker-banner-bg.daea5f5cb-600.png IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typePNG image data, 600 x 295, 8-bit colormap, non-interlaced Hashb924bd42443557a1ef9d41f043ddf175 a9db601e2941557cba7e3e688390aa43e8411e2e 8103c7873a41f0c2d28c5738b5bfb26bf324123930e0f49f7cf83964211b1def
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/home-poker-banner-bg.daea5f5cb-600.png HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:21 GMT
content-type: image/png
content-length: 19467
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cf-bgj: imgq:100,h2pri
cf-polished: origSize=21524
etag: "68430b2e-5414"
last-modified: Fri, 06 Jun 2025 15:37:18 GMT
cf-cache-status: HIT
age: 4053
expires: Sat, 07 Jun 2025 06:01:21 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fa5e8d092f4-CPH
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| imgproxy.v1.bundlecdn.com/unsafe/banner_desktop_main_2x/plain/https://v1.bundlecdn.com/img/cashback.f5a548e68-399.png@png | 154.197.121.128 | 200 OK | 46 kB |
URL GET imgproxy.v1.bundlecdn.com/unsafe/banner_desktop_main_2x/plain/https://v1.bundlecdn.com/img/cashback.f5a548e68-399.png@png IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typePNG image data, 399 x 472, 8-bit colormap, non-interlaced Hashd85dc9c313de5faf79707dc368542b76 c0fdc8b21e873c5abcc712a52bcb52eee788ac82 b210e48700f01e717f0dbee24441732c6c7fd849654b064ae55f426b7bb46308
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/banner_desktop_main_2x/plain/https://v1.bundlecdn.com/img/cashback.f5a548e68-399.png@png HTTP/1.1
Host: imgproxy.v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:21 GMT
content-type: image/png
content-length: 45818
cache-control: public, max-age=31536000
cf-bgj: imgq:100,h2pri
cf-polished: origSize=52341
content-disposition: inline; filename="cashback.f5a548e68-399.png"
content-security-policy: script-src 'none'
etag: "oN-atjIedSHeipdyd-P-MI0_FeNXF8BfsVvHdE-1i2s/RIjY4MjI0YmI0LWNjOTki"
expires: Sun, 07 Jun 2026 02:01:21 GMT
x-request-id: X-bEDkvMWg7Ek9be11VCt
cf-cache-status: HIT
age: 1908537
accept-ranges: bytes
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fa8399a92f4-CPH
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/casino-images/prov_habanero_Habanero/10bb8fda-8261-403f-b548-2f113de18c1b_0.svg | 154.197.121.128 | 200 OK | 5.5 kB |
URL GET v1.bundlecdn.com/casino-images/prov_habanero_Habanero/10bb8fda-8261-403f-b548-2f113de18c1b_0.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hashff6351c33fd8af0106411edf0d1061a3 97c74376d087662c03be23c3f3236ee1fea048e9 6377b8692814eecac15d84b5c119649a68461a8bcb22fff1643bb4c943e3ad00
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /casino-images/prov_habanero_Habanero/10bb8fda-8261-403f-b548-2f113de18c1b_0.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:23 GMT
content-type: image/svg+xml
etag: W/"67ed26fb-1553"
last-modified: Wed, 02 Apr 2025 12:00:59 GMT
expires: Tue, 05 Jun 2035 02:01:23 GMT
cache-control: public, max-age=315360000
x-cache-status: HIT
cf-cache-status: HIT
age: 5659496
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fb0ac0f92f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/casino-images/prov_softswiss_No%20Limit%20City/2b9cdade-167b-457f-b58c-24c4cdbb64f0_0.svg | 154.197.121.128 | 200 OK | 1.7 kB |
URL GET v1.bundlecdn.com/casino-images/prov_softswiss_No%20Limit%20City/2b9cdade-167b-457f-b58c-24c4cdbb64f0_0.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hash42856d1cf7dfd9c4e3f1305ff067ffa0 b899874b4674de68f503a3e6ab6f4965011c1e96 b33b12bd8dd1825e1980fcae593968e566b3a0d3500ff0931c6a4cf7f8355c77
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /casino-images/prov_softswiss_No%20Limit%20City/2b9cdade-167b-457f-b58c-24c4cdbb64f0_0.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:23 GMT
content-type: image/svg+xml
etag: W/"67ed2f79-6b7"
last-modified: Wed, 02 Apr 2025 12:37:13 GMT
expires: Tue, 05 Jun 2035 02:01:23 GMT
cache-control: public, max-age=315360000
x-cache-status: HIT
cf-cache-status: HIT
age: 5662744
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fb17c5992f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/casino-images/prov_spinomenal_Spinomenal/6d0de1f0-7d22-4282-99a2-ebf92b8a9a4b_0.svg | 154.197.121.128 | 200 OK | 2.2 kB |
URL GET v1.bundlecdn.com/casino-images/prov_spinomenal_Spinomenal/6d0de1f0-7d22-4282-99a2-ebf92b8a9a4b_0.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hashe65ab9bcad4bf7177673c7f0d8d3085a 62bf8d20303ad32179a63131153c7431ed84bac5 554f807d44d09e356f0318193a5dfe2d749df2eb42dea4a74786ecd8e34e98e8
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /casino-images/prov_spinomenal_Spinomenal/6d0de1f0-7d22-4282-99a2-ebf92b8a9a4b_0.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:23 GMT
content-type: image/svg+xml
etag: W/"67ed23c1-87f"
last-modified: Wed, 02 Apr 2025 11:47:13 GMT
expires: Tue, 05 Jun 2035 02:01:23 GMT
cache-control: public, max-age=315360000
x-cache-status: HIT
cf-cache-status: HIT
age: 5666048
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fb20cb292f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/casino-images/prov_v_Tomhornnative/8dc669ee-6231-4e90-bce5-81e59101d567.png | 154.197.121.128 | 200 OK | 8.9 kB |
URL GET v1.bundlecdn.com/casino-images/prov_v_Tomhornnative/8dc669ee-6231-4e90-bce5-81e59101d567.png IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typePNG image data, 85 x 85, 8-bit/color RGBA, non-interlaced Hashdeed4339ef2b9e40515a33123967ca45 d4e5fd7e216e168ec5e55c18030a5f24a3a5ff5b bf3ae6ce43e65e42614d621ecb78cbdb22b1cac9133c572efb719da654ce3af7
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /casino-images/prov_v_Tomhornnative/8dc669ee-6231-4e90-bce5-81e59101d567.png HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:23 GMT
content-type: image/png
content-length: 8916
cache-control: public, max-age=315360000
cf-bgj: imgq:100,h2pri
cf-polished: origSize=9516
etag: "68274201-252c"
expires: Tue, 05 Jun 2035 02:01:23 GMT
last-modified: Fri, 16 May 2025 13:47:45 GMT
x-cache-status: HIT
cf-cache-status: HIT
age: 1856335
accept-ranges: bytes
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fb27cdf92f4-CPH
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/img/aviator-game-logo.2fb50dc03.svg | 154.197.121.128 | 200 OK | 3.1 kB |
URL GET v1.bundlecdn.com/img/aviator-game-logo.2fb50dc03.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hash23e4590adbc18e1473bee69850c0cbdb e4269ac681466cc608b2ba012748e3927a942c25 cb6364edc4b1553377c0095fcca9ad118ba03f1e3d953c30239b8fbd14d75000
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/aviator-game-logo.2fb50dc03.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:21 GMT
content-type: image/svg+xml
last-modified: Fri, 06 Jun 2025 15:37:18 GMT
etag: W/"68430b2e-bfa"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6633
expires: Sat, 07 Jun 2025 06:01:21 GMT
cache-control: public, max-age=14400
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fa568a992f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/js/icons-pack-payment-full.a0f923047.js | 154.197.121.128 | 200 OK | 142 kB |
URL GET v1.bundlecdn.com/js/icons-pack-payment-full.a0f923047.js IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size142 kB (141825 bytes) Hash51fddde7b3761d7343d0b9228dc0f160 c6d2ffaf722057123158d69f18066383b1bcd25b 03209c776d96624d61f8028d8b0b57895f230ff5996cfccf39f733494dd6032a
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/icons-pack-payment-full.a0f923047.js HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:21 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 19 May 2025 09:46:12 GMT
etag: W/"682afde4-22a01"
expires: Tue, 05 Jun 2035 02:01:21 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1613318
priority: u=3,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fa6991192f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| imgproxy.v1.bundlecdn.com/unsafe/casino_list_big_1x/plain/https://v1.bundlecdn.com/casino-images/fundist/ultimate_roulette.jpg@avif | 154.197.121.128 | 200 OK | 8.3 kB |
URL GET imgproxy.v1.bundlecdn.com/unsafe/casino_list_big_1x/plain/https://v1.bundlecdn.com/casino-images/fundist/ultimate_roulette.jpg@avif IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
Hash755e4679326f8e4ec8ec7340e1b90e44 b59cad4e3ef808e1e1b06cec00e654876af847da 5b9e30eb967e8fb89f10be25127d7e809b8317a2d3f634e1527e50643b564af2
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://v1.bundlecdn.com/casino-images/fundist/ultimate_roulette.jpg@avif HTTP/1.1
Host: imgproxy.v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:24 GMT
content-type: image/avif
content-length: 8288
cache-control: public, max-age=31536000
content-disposition: inline; filename="ultimate_roulette.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY0MTQ1OGIwLTI0ZGUyIg"
x-request-id: VAFiU9FqMFb1CeYznQ6dj
cf-cache-status: HIT
age: 1592107
expires: Sun, 07 Jun 2026 02:01:24 GMT
accept-ranges: bytes
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fb8aed592f4-CPH
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/casino-images/prov_1x2_1x2gaming/1b185fb5-fab5-4178-bad1-87d50fb1f55c_0.svg | 154.197.121.128 | 200 OK | 9.7 kB |
URL GET v1.bundlecdn.com/casino-images/prov_1x2_1x2gaming/1b185fb5-fab5-4178-bad1-87d50fb1f55c_0.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hash8d8655899c00d119983feeda231f2601 0f2236aeb8ca12429fa54624d5157f0f25491d7b 0c18c46e6827fa48d0f47e46d531256efc5f2adfd1dc2e7421650748671eeb87
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /casino-images/prov_1x2_1x2gaming/1b185fb5-fab5-4178-bad1-87d50fb1f55c_0.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:22 GMT
content-type: image/svg+xml
etag: W/"67ed2316-25f2"
last-modified: Wed, 02 Apr 2025 11:44:22 GMT
expires: Tue, 05 Jun 2035 02:01:22 GMT
cache-control: public, max-age=315360000
x-cache-status: HIT
cf-cache-status: HIT
age: 5666702
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fad0adf92f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/casino-images/prov_spinomenal_RetroGames/7d54ad73-0d98-43cd-b2af-eecb7f900207_0.svg | 154.197.121.128 | 200 OK | 4.9 kB |
URL GET v1.bundlecdn.com/casino-images/prov_spinomenal_RetroGames/7d54ad73-0d98-43cd-b2af-eecb7f900207_0.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hash4558e0045bc5103c5a71860033b136a6 a2787bab4e7190e915316e5850b1ba7c21f94bd7 6e9a17feb5e5f959fc653503c3f943cb32ecf2b761108e0956e35b1f0a087c04
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /casino-images/prov_spinomenal_RetroGames/7d54ad73-0d98-43cd-b2af-eecb7f900207_0.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:23 GMT
content-type: image/svg+xml
etag: W/"67ed23b6-1315"
last-modified: Wed, 02 Apr 2025 11:47:02 GMT
expires: Tue, 05 Jun 2035 02:01:23 GMT
cache-control: public, max-age=315360000
x-cache-status: MISS
cf-cache-status: HIT
age: 5659496
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fb1fc9f92f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/casino-images/prov_bfgames_BF%20Games/c1b6a686-e222-493d-b9d1-04d64b10ed86_0.svg | 154.197.121.128 | 200 OK | 2.8 kB |
URL GET v1.bundlecdn.com/casino-images/prov_bfgames_BF%20Games/c1b6a686-e222-493d-b9d1-04d64b10ed86_0.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hashbb71c3b8db65cedcc242f52810dda833 10584dfb6e4f8f9f8440587eac145aaef10a72e9 86d99f227efed315edc1826e8f8aab9773a6044a0dc72698adb64210c1ca1e3c
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /casino-images/prov_bfgames_BF%20Games/c1b6a686-e222-493d-b9d1-04d64b10ed86_0.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:23 GMT
content-type: image/svg+xml
etag: W/"67ed2a73-afe"
last-modified: Wed, 02 Apr 2025 12:15:47 GMT
expires: Tue, 05 Jun 2035 02:01:23 GMT
cache-control: public, max-age=315360000
x-cache-status: MISS
cf-cache-status: HIT
age: 5665077
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8faf4b9892f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/casino-images/prov_fundist_YGRGames/e24e51e3-701d-4b74-adb4-0bf8f170dd9c_0.webp | 154.197.121.128 | 200 OK | 22 kB |
URL GET v1.bundlecdn.com/casino-images/prov_fundist_YGRGames/e24e51e3-701d-4b74-adb4-0bf8f170dd9c_0.webp IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeRIFF (little-endian) data, Web/P image Hash01d9d688a06a5c18a6c6f9e52e296228 2d5484764e62fe5ef8a6927eacf6f647e2d83a72 639e07d333bb0dd8556af0f49c76d7999671a7f72976d65ed3995a5f63e0accd
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /casino-images/prov_fundist_YGRGames/e24e51e3-701d-4b74-adb4-0bf8f170dd9c_0.webp HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:23 GMT
content-type: image/webp
content-length: 21748
etag: "67ed2bde-54f4"
last-modified: Wed, 02 Apr 2025 12:21:50 GMT
expires: Tue, 05 Jun 2035 02:01:23 GMT
cache-control: public, max-age=315360000
x-cache-status: HIT
cf-cache-status: HIT
age: 5659496
accept-ranges: bytes
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fb29cef92f4-CPH
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/casino-images/1/categories/210034/d04ba29a-1bde-48cc-b651-a99088169379_horizontal.svg | 154.197.121.128 | 200 OK | 3.5 kB |
URL GET v1.bundlecdn.com/casino-images/1/categories/210034/d04ba29a-1bde-48cc-b651-a99088169379_horizontal.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hash468df0cd9546410a3d003671a9f67a01 abc3dbd74f54ace9a886b92ccecbf715b8e9f04f c916072fd5a5ceaa3ea42af7f003e5b7ba05b3a9b85e03e9724ecf9acece5758
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /casino-images/1/categories/210034/d04ba29a-1bde-48cc-b651-a99088169379_horizontal.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:24 GMT
content-type: image/svg+xml
etag: W/"67a4d717-d8c"
last-modified: Thu, 06 Feb 2025 15:36:55 GMT
expires: Tue, 05 Jun 2035 02:01:24 GMT
cache-control: public, max-age=315360000
x-cache-status: HIT
cf-cache-status: HIT
age: 4849264
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fb59dd392f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| imgproxy.v1.bundlecdn.com/unsafe/casino_list_big_1x/plain/https://v1.bundlecdn.com/casino-images/1play/41025403-904f-4680-953d-db150df7a251_horizontal.png@avif | 154.197.121.128 | 200 OK | 4.0 kB |
URL GET imgproxy.v1.bundlecdn.com/unsafe/casino_list_big_1x/plain/https://v1.bundlecdn.com/casino-images/1play/41025403-904f-4680-953d-db150df7a251_horizontal.png@avif IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
Hash10d71984f03cfb7bd304ac6647c24deb 9a49bd85d992b6d43760a1a322d89adeea68dcfd 8ee1327e1e86efdc0bef343f892675733be5cd6d3b017ccf4d1ecdc65045dee7
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://v1.bundlecdn.com/casino-images/1play/41025403-904f-4680-953d-db150df7a251_horizontal.png@avif HTTP/1.1
Host: imgproxy.v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:24 GMT
content-type: image/avif
content-length: 4005
cache-control: public, max-age=31536000
content-disposition: inline; filename="41025403-904f-4680-953d-db150df7a251_horizontal.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY3NDc1MzdmLTM3ODU2Ig"
expires: Sun, 07 Jun 2026 02:01:24 GMT
x-request-id: vB0Afes1e9ad5Qe91zY6C
cf-cache-status: HIT
age: 1855538
accept-ranges: bytes
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fb7de8492f4-CPH
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| region1.analytics.google.com/g/collect?v=2&tid=G-548949LWLW>m=45je5641h1v894728184z8894400803za200zb894400803&_p=1749261681012&gcd=13l3lPl2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104653070~104653072~104661466~104661468~104684204~104684207~104698127~104698129&cid=961746610.1749261686&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&_eu=AAAAAAQ&sid=1749261686&sct=1&seg=0&dl=https%3A%2F%2F1w-jp-ftend-pp.top%2F&dt=1win%20-%20%D1%81%D1%82%D0%B0%D0%B2%D0%BA%D0%B8%20%D0%BD%D0%B0%20%D1%81%D0%BF%D0%BE%D1%80%D1%82%20-%201327338.2479150598&_s=2&tfd=11255 | 216.239.34.36 | 204 No Content | 0 B |
URL POST region1.analytics.google.com/g/collect?v=2&tid=G-548949LWLW>m=45je5641h1v894728184z8894400803za200zb894400803&_p=1749261681012&gcd=13l3lPl2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104653070~104653072~104661466~104661468~104684204~104684207~104698127~104698129&cid=961746610.1749261686&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&_eu=AAAAAAQ&sid=1749261686&sct=1&seg=0&dl=https%3A%2F%2F1w-jp-ftend-pp.top%2F&dt=1win%20-%20%D1%81%D1%82%D0%B0%D0%B2%D0%BA%D0%B8%20%D0%BD%D0%B0%20%D1%81%D0%BF%D0%BE%D1%80%D1%82%20-%201327338.2479150598&_s=2&tfd=11255 IP216.239.34.36:443
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subject*.google-analytics.com Fingerprint10:76:57:2F:C3:21:F2:5F:71:E4:85:A5:DB:F7:65:3F:51:03:55:07 ValidityMon, 12 May 2025 08:42:57 GMT - Mon, 04 Aug 2025 08:42:56 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-548949LWLW>m=45je5641h1v894728184z8894400803za200zb894400803&_p=1749261681012&gcd=13l3lPl2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104653070~104653072~104661466~104661468~104684204~104684207~104698127~104698129&cid=961746610.1749261686&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&_eu=AAAAAAQ&sid=1749261686&sct=1&seg=0&dl=https%3A%2F%2F1w-jp-ftend-pp.top%2F&dt=1win%20-%20%D1%81%D1%82%D0%B0%D0%B2%D0%BA%D0%B8%20%D0%BD%D0%B0%20%D1%81%D0%BF%D0%BE%D1%80%D1%82%20-%201327338.2479150598&_s=2&tfd=11255 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1w-jp-ftend-pp.top/
Content-Type: text/plain;charset=UTF-8
Content-Length: 67
Origin: https://1w-jp-ftend-pp.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 204 No Content
access-control-allow-origin: https://1w-jp-ftend-pp.top
date: Sat, 07 Jun 2025 02:01:29 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:158:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascnsrsggc:158:0
report-to: {"group":"ascnsrsggc:158:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:158:0"}],}
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| v1.bundlecdn.com/casino-images/prov_softswiss_AvatarUX/edd893fa-73de-4213-a587-2d5eb50a9d31_0.svg | 154.197.121.128 | 200 OK | 434 B |
URL GET v1.bundlecdn.com/casino-images/prov_softswiss_AvatarUX/edd893fa-73de-4213-a587-2d5eb50a9d31_0.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hashb5b6c31a9f7a08854abee001846b6660 cdaf045f01b02dcd899e7b05ab781052e6daa8f5 8a4606679283cb33c52cf4eadf9ad1889d011232a332aba540d4b20dd09ae34b
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /casino-images/prov_softswiss_AvatarUX/edd893fa-73de-4213-a587-2d5eb50a9d31_0.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:22 GMT
content-type: image/svg+xml
etag: W/"67ed2f1b-1b2"
last-modified: Wed, 02 Apr 2025 12:35:39 GMT
expires: Tue, 05 Jun 2035 02:01:22 GMT
cache-control: public, max-age=315360000
x-cache-status: HIT
cf-cache-status: HIT
age: 2991410
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8faebb6a92f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/casino-images/prov_orchestra_Evoplay/f0f4b10c-19a0-4526-98e7-9d5c094710e7_0.svg | 154.197.121.128 | 200 OK | 837 B |
URL GET v1.bundlecdn.com/casino-images/prov_orchestra_Evoplay/f0f4b10c-19a0-4526-98e7-9d5c094710e7_0.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hash67ddfda66895354453baa066508afe08 12c840cdd8125c6b17bcb3dc248969fe0e184e9b 1ffd947d9b98ba97634fede7c3f93c35beda01d4a4871fa0d57cd77cd1f8a590
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /casino-images/prov_orchestra_Evoplay/f0f4b10c-19a0-4526-98e7-9d5c094710e7_0.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:23 GMT
content-type: image/svg+xml
etag: W/"67ed3062-345"
last-modified: Wed, 02 Apr 2025 12:41:06 GMT
expires: Tue, 05 Jun 2035 02:01:23 GMT
cache-control: public, max-age=315360000
x-cache-status: HIT
cf-cache-status: HIT
age: 5663181
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fafbbc392f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/js/20695.a931dbdd7.js | 154.197.121.128 | 200 OK | 639 B |
URL GET v1.bundlecdn.com/js/20695.a931dbdd7.js IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeJavaScript source, ASCII text, with very long lines (639), with no line terminators Hash9f76878167284279c7f98428fa51ddbf 1b6849b93c1be2ee77304077cbd07d094804696f deb2dda6ce87447d39bbb57c1676f2cb7025d6f851f45a31f38634139aa0ffef
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/20695.a931dbdd7.js HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:21 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 19 May 2025 09:46:12 GMT
etag: W/"682afde4-27f"
expires: Tue, 05 Jun 2035 02:01:21 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1611507
priority: u=3,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fa578ad92f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/img/sprite-tvbet-frame@2.52cde99d0-256.png | 154.197.121.128 | 200 OK | 3.9 kB |
URL GET v1.bundlecdn.com/img/sprite-tvbet-frame@2.52cde99d0-256.png IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typePNG image data, 256 x 256, 8-bit colormap, non-interlaced Hashbd11730c197227300ae5e1b00b8cc637 c0e28cfb09642e9402f12f9c6677242ef671de33 2868cadf19218572e4970158bb91602551898a040cac6fed88b1d98d77f1b649
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/sprite-tvbet-frame@2.52cde99d0-256.png HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:21 GMT
content-type: image/png
content-length: 3888
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cf-bgj: imgq:100,h2pri
cf-polished: origSize=4458
etag: "68430b2d-116a"
last-modified: Fri, 06 Jun 2025 15:37:17 GMT
cf-cache-status: HIT
age: 4053
expires: Sat, 07 Jun 2025 06:01:21 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fa7595592f4-CPH
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/casino-images/prov_fundist_BlueHorn/7aa7b9ee-d1f3-4206-992c-8355529ad042_0.svg | 154.197.121.128 | 200 OK | 1.8 kB |
URL GET v1.bundlecdn.com/casino-images/prov_fundist_BlueHorn/7aa7b9ee-d1f3-4206-992c-8355529ad042_0.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hashc6552002c9f85046079c3b23953fdbdc 95f360bc354b52e8393026e365d6ed36a023daae 38daf39ed3c5805b5b0adc00ebc63162fda40c898286c837998c7551eae72439
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /casino-images/prov_fundist_BlueHorn/7aa7b9ee-d1f3-4206-992c-8355529ad042_0.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:23 GMT
content-type: image/svg+xml
etag: W/"67ed20b7-717"
last-modified: Wed, 02 Apr 2025 11:34:15 GMT
expires: Tue, 05 Jun 2035 02:01:23 GMT
cache-control: public, max-age=315360000
x-cache-status: MISS
cf-cache-status: HIT
age: 5659496
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8faf5b9e92f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/casino-images/prov_fundist_Evolution/db48e355-17c9-4a51-9025-519818afb29c_0.png | 154.197.121.128 | 200 OK | 4.7 kB |
URL GET v1.bundlecdn.com/casino-images/prov_fundist_Evolution/db48e355-17c9-4a51-9025-519818afb29c_0.png IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typePNG image data, 505 x 700, 8-bit colormap, non-interlaced Hashfb33f536d748fee9d9db82e337a9c199 a38f2e361df5686c477e48f997e56241a7c45722 97a4f1e712b75969773bf3697c35b8e31fe576091e152d1cca86c3194c9fcfe8
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /casino-images/prov_fundist_Evolution/db48e355-17c9-4a51-9025-519818afb29c_0.png HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:23 GMT
content-type: image/png
content-length: 4682
cache-control: public, max-age=315360000
cf-bgj: imgq:100,h2pri
cf-polished: origSize=10184
etag: "67ed22e2-27c8"
expires: Tue, 05 Jun 2035 02:01:23 GMT
last-modified: Wed, 02 Apr 2025 11:43:30 GMT
x-cache-status: HIT
cf-cache-status: HIT
age: 4672625
accept-ranges: bytes
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8faf9bbc92f4-CPH
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| v1.bundlecdn.com/casino-images/1/categories/210202/46810441-e8a3-4055-a3df-2de3c2ebc107.svg | 154.197.121.128 | 200 OK | 3.5 kB |
URL GET v1.bundlecdn.com/casino-images/1/categories/210202/46810441-e8a3-4055-a3df-2de3c2ebc107.svg IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeSVG Scalable Vector Graphics image Hash468df0cd9546410a3d003671a9f67a01 abc3dbd74f54ace9a886b92ccecbf715b8e9f04f c916072fd5a5ceaa3ea42af7f003e5b7ba05b3a9b85e03e9724ecf9acece5758
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /casino-images/1/categories/210202/46810441-e8a3-4055-a3df-2de3c2ebc107.svg HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:24 GMT
content-type: image/svg+xml
etag: W/"68276e34-d8c"
last-modified: Fri, 16 May 2025 16:56:20 GMT
expires: Tue, 05 Jun 2035 02:01:24 GMT
cache-control: public, max-age=315360000
x-cache-status: MISS
cf-cache-status: HIT
age: 1844990
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fb5add892f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| www.googletagmanager.com/gtm.js?id=GTM-KGKQDC7 | 142.250.178.104 | 200 OK | 403 kB |
URL GET www.googletagmanager.com/gtm.js?id=GTM-KGKQDC7 IP142.250.178.104:443
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subject*.google-analytics.com Fingerprint10:76:57:2F:C3:21:F2:5F:71:E4:85:A5:DB:F7:65:3F:51:03:55:07 ValidityMon, 12 May 2025 08:42:57 GMT - Mon, 04 Aug 2025 08:42:56 GMT
File typeJavaScript source, ASCII text, with very long lines (30090) Size403 kB (403051 bytes) Hash5674e398926d918b7bd9ab91f2d2a4b8 94d5a438463d95bf7028342493a36852d113d959 8e88ccc1f5bd044a9fb459c8409156c85a6339a3c21d6575de6018f6e10f9d96
GET /gtm.js?id=GTM-KGKQDC7 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 07 Jun 2025 02:01:21 GMT
expires: Sat, 07 Jun 2025 02:01:21 GMT
cache-control: private, max-age=900
last-modified: Sat, 07 Jun 2025 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1319:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascgcycc:1319:0
report-to: {"group":"ascgcycc:1319:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1319:0"}],}
server: Google Tag Manager
content-length: 130223
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| v1.bundlecdn.com/js/37752.3a1c9627b.js | 154.197.121.128 | 200 OK | 17 kB |
URL GET v1.bundlecdn.com/js/37752.3a1c9627b.js IP154.197.121.128:443 ASN#209242 Cloudflare London, LLC
Requested byhttps://1w-jp-ftend-pp.top/ CertificateIssuerGoogle Trust Services Subjectv1.bundlecdn.com Fingerprint30:DA:5A:E0:07:9E:1D:22:BF:8C:2D:61:4B:9D:D9:30:E6:20:CF:87 ValidityFri, 16 May 2025 14:12:09 GMT - Thu, 14 Aug 2025 15:12:07 GMT
File typeJavaScript source, ASCII text, with very long lines (16876), with no line terminators Hash6a46cf8d51f97d8cf38e4bfc240a7e8e 307a3779c6f7d32d58f15db38180b4c0a5c48cf7 664e1b59ac2e861210825d8ec3d6e7d635ef18af04a0c7e94ba0bc2c6cf62f95
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/37752.3a1c9627b.js HTTP/1.1
Host: v1.bundlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1w-jp-ftend-pp.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 07 Jun 2025 02:01:21 GMT
content-type: application/javascript; charset=utf-8
last-modified: Fri, 06 Jun 2025 14:00:10 GMT
etag: W/"6842f46a-41ec"
expires: Tue, 05 Jun 2035 02:01:21 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 41734
priority: u=3,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94bc8fa2dfd992f4-CPH
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|