| lsdk.pw/favicon.ico | 45.130.41.95 | | 267 B |
IP45.130.41.95:0
File typeHTML document, ASCII text Hash23973339c90720447eb4712af9b822a0 7489b9b3c8f24f5b59ef0a96b8c1649007860224 4e1f8129d5806b91f8e7f5ad26092f59e5391c3c6f6336db1f757c129c0ecb2f
GET /favicon.ico HTTP/1.1
Host: lsdk.pw
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lsdk.pw/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 404 Not Found
server: nginx-reuseport/1.21.1
date: Fri, 10 May 2024 05:54:04 GMT
content-type: text/html; charset=iso-8859-1
content-length: 267
X-Firefox-Spdy: h2
|
|
| leadshub.traccklink.com/click?pid=9191&offer_id=2237&sub1=b | 172.67.155.87 | 302 Found | 0 B |
URL User Request GET HTTP/2leadshub.traccklink.com/click?pid=9191&offer_id=2237&sub1=b IP172.67.155.87:443
CertificateIssuerLet's Encrypt Subjecttraccklink.com FingerprintE0:54:64:62:A9:C3:56:A7:AF:18:AA:89:56:8F:E1:23:3D:E0:84:08 ValidityTue, 23 Apr 2024 16:12:04 GMT - Mon, 22 Jul 2024 16:12:03 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /click?pid=9191&offer_id=2237&sub1=b HTTP/1.1
Host: leadshub.traccklink.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
date: Fri, 10 May 2024 05:54:05 GMT
content-length: 0
location: https://1wynyj.win/casino/list?open=register&sub1=&sub2=9191
x-adjust-use-original-forwarded-for: 1
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CsYwIM9Z%2BsYtlUslk5thzG5I0xKSTGpmFUsAptp99szQSwqFEVcTYAfPkBPFIX09diY1g2yhIv6xleSbGCuBYhqGBnqbw6lHZldsCqqMmU%2BDTh6MSSqxgyF5gXvaUAAUs8pwbFbxt6o8mw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8817ac2f8b9c712e-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1wynyj.win/core-js/3.33.3/minified.js | 190.115.24.78 | 200 OK | 74 kB |
URL GET HTTP/21wynyj.win/core-js/3.33.3/minified.js IP190.115.24.78:443
Requested byhttps://1wynyj.win/casino/list?open=register&sub1=&sub2=9191 CertificateIssuerLet's Encrypt Subject1wynyj.win Fingerprint12:B7:EA:0A:E2:24:95:AF:85:D7:64:33:58:EF:12:5E:A5:28:0A:F9 ValidityThu, 09 May 2024 13:55:07 GMT - Wed, 07 Aug 2024 13:55:06 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (31999) Hash38facf849f100d0fe6269a53a7bca451 9bb69f981438d48b093bd1eb673885476b4932f0 ce68e1614ab493deaecfa6eb9711736de0348248e1d559b5f6dfb5dc4c29b459
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /core-js/3.33.3/minified.js HTTP/1.1
Host: 1wynyj.win
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/casino/list?open=register&sub1=&sub2=9191
Cookie: __ddg1_=QZbdj0c7aMV9HECrE99B; sub_ids=sub1=&sub2=9191
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: ddos-guard
date: Thu, 09 May 2024 17:49:45 GMT
content-type: application/javascript
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: W/"663bfc40-3b989"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: ALLOW-FROM ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan, ALLOW-FROM 1win-partner.com ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan
content-encoding: br
vary: Accept-Encoding
age: 43461
content-length: 74483
ddg-cache-status: HIT
X-Firefox-Spdy: h2
|
|
| 1wynyj.win/img/logo/main/1win-normal.svg | 190.115.24.78 | 200 OK | 1.6 kB |
URL GET HTTP/21wynyj.win/img/logo/main/1win-normal.svg IP190.115.24.78:443
Requested byhttps://1wynyj.win/casino/list?open=register&sub1=&sub2=9191 CertificateIssuerLet's Encrypt Subject1wynyj.win Fingerprint12:B7:EA:0A:E2:24:95:AF:85:D7:64:33:58:EF:12:5E:A5:28:0A:F9 ValidityThu, 09 May 2024 13:55:07 GMT - Wed, 07 Aug 2024 13:55:06 GMT
File typeSVG Scalable Vector Graphics image Hash0a5e2aff3499f587617337c0add83e72 c713ec3dbfd744114ba3b9cbf7b9ce3d40fbd8a4 a5cb3d03f299b837679eaa793491a03acc5fc1afdbc7f207b7566646f3bd2ecb
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/logo/main/1win-normal.svg HTTP/1.1
Host: 1wynyj.win
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/casino/list?open=register&sub1=&sub2=9191
Cookie: __ddg1_=QZbdj0c7aMV9HECrE99B; sub_ids=sub1=&sub2=9191
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: ddos-guard
date: Thu, 09 May 2024 09:40:13 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: W/"663bfc40-1221"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
content-encoding: gzip
age: 72833
content-length: 1629
ddg-cache-status: HIT
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/font/SFNSDisplay-latin.50a4eaff3.woff2 | 154.197.121.128 | | 33 kB |
URL 1win-cdn.com/font/SFNSDisplay-latin.50a4eaff3.woff2 IP154.197.121.128:0 ASN#328608 Africa-on-Cloud-AS
File typeWeb Open Font Format (Version 2), TrueType, length 33064, version 1.0 Hashde175cbf569bb3ccf1f761c845cbd896 8d93663b858bae157ba5fc40e1400177104d71bd df3772666587111462634070c47969ad9687bbf80d0694bb2e6c33be39434d68
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /font/SFNSDisplay-latin.50a4eaff3.woff2 HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1wynyj.win/
Origin: https://1wynyj.win
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:06 GMT
content-type: application/octet-stream
content-length: 33064
last-modified: Fri, 03 May 2024 15:33:37 GMT
etag: "663503d1-8128"
expires: Mon, 08 May 2034 05:54:06 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 551288
accept-ranges: bytes
set-cookie: __cf_bm=q9EaWtE7cxOy6D8r_8ouzOdM6_iF3QVb8kkuqNTy.lE-1715320446-1.0.1.1-9u_MQbuBnhKeMYk1JX4I9woWSjlncjdgzB5fiE_YCU5ht8g501aI2JhIkq0yruy7NnoNzMD9Er5ZmL0l8K4OBw; path=/; expires=Fri, 10-May-24 06:24:06 GMT; domain=.1win-cdn.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac34d8f856b5-OSL
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/font/SFNSText-latin.f09aa5229.woff2 | 154.197.121.128 | | 44 kB |
URL 1win-cdn.com/font/SFNSText-latin.f09aa5229.woff2 IP154.197.121.128:0 ASN#328608 Africa-on-Cloud-AS
File typeWeb Open Font Format (Version 2), TrueType, length 43512, version 1.0 Hash426f20bb65ea80d35f3f2a999d5d7d1e 85f211a450f26d7f0822d718fc61085a506fa455 06e02d3d2d01bb2c88786b0a2dd2d692f6659c0159ec4754f7db49c12e03b0d6
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /font/SFNSText-latin.f09aa5229.woff2 HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1wynyj.win/
Origin: https://1wynyj.win
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:06 GMT
content-type: application/octet-stream
content-length: 43512
last-modified: Fri, 19 Apr 2024 13:09:36 GMT
etag: "66226d10-a9f8"
expires: Mon, 08 May 2034 05:54:06 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
accept-ranges: bytes
set-cookie: __cf_bm=.yBrsitrfmvLnV5HrzGBa8y7wi0VIIMJfK3ushvAisw-1715320446-1.0.1.1-RmGbIA97P8it_wgj6BCidzmTeLg9N06gkIdA7F.JpJQfNewcH1oDnJPtKAgBiL1NHByBoJTySqIRBsaC7HHD_Q; path=/; expires=Fri, 10-May-24 06:24:06 GMT; domain=.1win-cdn.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac34d90256b5-OSL
X-Firefox-Spdy: h2
|
|
| 1wynyj.win/img/icons/favicon-16x16-darkmode.png | 190.115.24.78 | | 344 B |
URL 1wynyj.win/img/icons/favicon-16x16-darkmode.png IP190.115.24.78:0
CertificateIssuerLet's Encrypt Subject1wynyj.win Fingerprint12:B7:EA:0A:E2:24:95:AF:85:D7:64:33:58:EF:12:5E:A5:28:0A:F9 ValidityThu, 09 May 2024 13:55:07 GMT - Wed, 07 Aug 2024 13:55:06 GMT
File typePNG image data, 16 x 16, 8-bit colormap, non-interlaced Hash55101f46ace081073c98f0d75229ae94 384e813b0f35437de99eb269c7d5c76479e20886 e380e9db272a2b59fabadab58a1d0a0ba51fbba121eec2920d4ab7b239b85a5f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/icons/favicon-16x16-darkmode.png HTTP/1.1
Host: 1wynyj.win
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/casino/list?open=register&sub1=&sub2=9191
Cookie: __ddg1_=QZbdj0c7aMV9HECrE99B; sub_ids=sub1=&sub2=9191; visit_domain=1wynyj.win; core-sticky=http://10.233.72.61:80
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: ddos-guard
date: Wed, 08 May 2024 21:54:42 GMT
content-type: image/png
content-length: 344
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: "663b6aff-158"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: ALLOW-FROM ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan, ALLOW-FROM 1win-partner.com ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan
accept-ranges: bytes
age: 115164
ddg-cache-status: HIT
X-Firefox-Spdy: h2
|
|
| 1wynyj.win/affiliate:link_visit?visit_domain=1wynyj.win&sub_ids=sub1%3D%26sub2%3D9191 | 190.115.24.78 | 200 OK | 553 B |
URL GET HTTP/21wynyj.win/affiliate:link_visit?visit_domain=1wynyj.win&sub_ids=sub1%3D%26sub2%3D9191 IP190.115.24.78:443
Requested byhttps://1wynyj.win/casino/list?open=register&sub1=&sub2=9191 CertificateIssuerLet's Encrypt Subject1wynyj.win Fingerprint12:B7:EA:0A:E2:24:95:AF:85:D7:64:33:58:EF:12:5E:A5:28:0A:F9 ValidityThu, 09 May 2024 13:55:07 GMT - Wed, 07 Aug 2024 13:55:06 GMT
File typegzip compressed data, from Unix Hash8921c21367a8d9c62753ec606cc83239 49bf7c58051f63122661382930389cecdf1bb215 1e79105bee5d3ec2e1ab425a502877551b2692827f98710067dced836bbf6c2e
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /affiliate:link_visit?visit_domain=1wynyj.win&sub_ids=sub1%3D%26sub2%3D9191 HTTP/1.1
Host: 1wynyj.win
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1wynyj.win/casino/list?open=register&&
DNT: 1
Connection: keep-alive
Cookie: __ddg1_=QZbdj0c7aMV9HECrE99B; sub_ids=sub1=&sub2=9191; visit_domain=1wynyj.win
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: ddos-guard
date: Fri, 10 May 2024 05:54:06 GMT
content-type: application/json; charset=utf-8
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Authorization, X-Origin
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin: undefined
access-control-expose-headers: Authorization
access-control-max-age: 7200
etag: W/"25-Zj67mG54TfZ031q1ea2QwFUXWX4"
set-cookie: core-sticky=http://10.233.72.61:80; Path=/; HttpOnly
x-powered-by: Express
x-frame-options: ALLOW-FROM ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan, ALLOW-FROM 1win-partner.com ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/63502.d79807f7c.js | 154.197.121.128 | 200 OK | 25 kB |
URL GET HTTP/21win-cdn.com/js/63502.d79807f7c.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wynyj.win/casino/list?open=register&sub1=&sub2=9191 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Hasha96e8f77207eb314deed6396463ffefa 2aa9286dba017fbcf9ff859e59b5a051cdfd73c7 227d6d7911161549ffd703d7ee317ba6994b18b40241ecfd5873768851bb5e4c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/63502.d79807f7c.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:06 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 06 May 2024 08:52:05 GMT
etag: W/"66389a35-2103b"
expires: Mon, 08 May 2034 05:54:06 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 334579
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac36e8bfb50f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1wynyj.win/firebase/8.1.1/firebase-app.js | 190.115.24.78 | 200 OK | 6.6 kB |
URL GET HTTP/21wynyj.win/firebase/8.1.1/firebase-app.js IP190.115.24.78:443
Requested byhttps://1wynyj.win/casino/list?open=register&sub1=&sub2=9191 CertificateIssuerLet's Encrypt Subject1wynyj.win Fingerprint12:B7:EA:0A:E2:24:95:AF:85:D7:64:33:58:EF:12:5E:A5:28:0A:F9 ValidityThu, 09 May 2024 13:55:07 GMT - Wed, 07 Aug 2024 13:55:06 GMT
File typeJavaScript source, ASCII text, with very long lines (19927) Hash5b9dcee25dd464bbf914b48e05e770c7 3f4e99ad6ce1fb6eb6be51dbd50ffab375eb0533 01a87f9f8138f66274cfedb855c0bfbe1529600a65ed26b0c863533e1e94abce
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /firebase/8.1.1/firebase-app.js HTTP/1.1
Host: 1wynyj.win
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/casino/list?open=register&&
Cookie: __ddg1_=QZbdj0c7aMV9HECrE99B; sub_ids=sub1=&sub2=9191; visit_domain=1wynyj.win; core-sticky=http://10.233.72.61:80; 1w_lang=en; 1w_locale=1; AMP_494cccfe21=JTdCJTIyZGV2aWNlSWQlMjIlM0ElMjI1ZDVkZWEyMC00ZjY5LTQ0OTktOGU5MC1kM2E0Yjc2MjIzNTElMjIlMkMlMjJzZXNzaW9uSWQlMjIlM0ExNzE1MzIwNDQ2Nzg2JTJDJTIyb3B0T3V0JTIyJTNBZmFsc2UlMkMlMjJsYXN0RXZlbnRUaW1lJTIyJTNBMTcxNTMyMDQ0NjgyMSUyQyUyMmxhc3RFdmVudElkJTIyJTNBMCU3RA==; AMP_MKTG_494cccfe21=JTdCJTdE
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: ddos-guard
date: Thu, 09 May 2024 15:12:06 GMT
content-type: application/javascript
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: W/"663bfc40-4ded"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: ALLOW-FROM ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan, ALLOW-FROM 1win-partner.com ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan
content-encoding: br
vary: Accept-Encoding
age: 52921
content-length: 6578
ddg-cache-status: HIT
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/32289.86db3b21b.js | 154.197.121.128 | | 15 kB |
URL 1win-cdn.com/js/32289.86db3b21b.js IP154.197.121.128:0 ASN#328608 Africa-on-Cloud-AS
File typegzip compressed data, from Unix Hash8512922dbbcc2dfe9bb09d1619cecc80 b5e44e3bb23f1835ad68532efef0d2ed10124394 1275397380121228cbd1488ed170168b6f5fccd7762c4e8de1831fe33e593638
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/32289.86db3b21b.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:07 GMT
content-type: application/javascript; charset=utf-8
last-modified: Tue, 07 May 2024 13:17:22 GMT
etag: W/"663a29e2-29f3"
expires: Mon, 08 May 2034 05:54:07 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 231548
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac3b1e5fb50f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/css/index.fd224ee8e.css | 154.197.121.128 | 200 OK | 12 kB |
URL GET HTTP/21win-cdn.com/css/index.fd224ee8e.css IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wynyj.win/casino/list?open=register&sub1=&sub2=9191 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hash7babc8c028f21570dafd128c47953418 19962f2481f46182144db45763449d5249c6b10f a86ad9fcedfbdd1c7b0e66eca4905c838fd2bbef63e5492b662b8bdbe136b9c2
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /css/index.fd224ee8e.css HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:06 GMT
content-type: text/css
last-modified: Thu, 04 Apr 2024 11:31:45 GMT
etag: W/"660e8fa1-1823"
expires: Mon, 08 May 2034 05:54:06 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 825681
set-cookie: __cf_bm=ODQMbdx4Z4eqnGSAzLx7kT83Sxqv.xIGMFDP.CL4e54-1715320446-1.0.1.1-rOuV9EBY5vJ42ugy68BgTOoLft_enR4a_51Qv3LLPOpJHuTghffq4wa_seUi9K6NNCQasie9P0aGtMJrihS65A; path=/; expires=Fri, 10-May-24 06:24:06 GMT; domain=.1win-cdn.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac34ee6cb50f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/chunk-common.1cc012ae5.js | 154.197.121.128 | | 67 kB |
URL 1win-cdn.com/js/chunk-common.1cc012ae5.js IP154.197.121.128:0 ASN#328608 Africa-on-Cloud-AS
File typegzip compressed data, from Unix Hashf8264c720344a8bb991eb6b32f8c8c24 2e0f5ca5389d25d7fbb0c4009e1ce2dddc1b1f99 f8080adbb351b8f6fd08a291db10e216e70911b0cfebd5548bed65e26bd189f2
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/chunk-common.1cc012ae5.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:06 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: W/"663bfc40-2ec4e"
expires: Mon, 08 May 2034 05:54:06 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 112937
set-cookie: __cf_bm=tOYPYL._nppIeTgquz9Xvfi.bNfrVYAWIDBXInNisF4-1715320446-1.0.1.1-UZnZu9i_NMl3U6siTUgfu0eJg4y.x_XuoJN_L5KoXdv0Io.wTkeriLiKpQqSESIfNZ2IgrImqrg.RFkjklZTqQ; path=/; expires=Fri, 10-May-24 06:24:06 GMT; domain=.1win-cdn.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac34ee5cb50f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1wynyj.win/casino/list?open=register&sub1=&sub2=9191 | 190.115.24.78 | | 246 kB |
URL 1wynyj.win/casino/list?open=register&sub1=&sub2=9191 IP190.115.24.78:0
CertificateIssuerLet's Encrypt Subject1wynyj.win Fingerprint12:B7:EA:0A:E2:24:95:AF:85:D7:64:33:58:EF:12:5E:A5:28:0A:F9 ValidityThu, 09 May 2024 13:55:07 GMT - Wed, 07 Aug 2024 13:55:06 GMT
File typegzip compressed data, from Unix Size246 kB (246231 bytes) Hashc5d612e10bc00b4a9aa8cb06ec274186 0982734c494ec54895b505062033a62b7601bd44 f87fff3c4dd06e5ed26c6e4d4bbedfb6e524d22821a64a03424565d351572f3e
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /casino/list?open=register&sub1=&sub2=9191 HTTP/1.1
Host: 1wynyj.win
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: ddos-guard
date: Fri, 10 May 2024 05:54:05 GMT
content-type: text/html; charset=utf-8
x-request-id: TW8qwwYtjXlb5vbi
vary: Origin
access-control-allow-origin: *
x-match-domain: 1wynyj.win
set-cookie: __ddg1_=QZbdj0c7aMV9HECrE99B; Domain=.1wynyj.win; HttpOnly; Path=/; Expires=Sat, 10-May-2025 05:54:05 GMT
sub_ids=sub1=&sub2=9191; path=/; expires=Mon, 10 Jun 2024 05:54:05 GMT
x-frame-options: ALLOW-FROM ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan, ALLOW-FROM 1win-partner.com ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/44101.cd5168bbb.js | 154.197.121.128 | | 19 kB |
URL 1win-cdn.com/js/44101.cd5168bbb.js IP154.197.121.128:0 ASN#328608 Africa-on-Cloud-AS
File typegzip compressed data, from Unix Hash88254d41712da9897e55a6303e89b615 cc1ce1f5e2ef1a5ed87ced856cf3fafa4b525041 d23ffa64ff0ce3d3e7652cf39ffa3ae6b163ecf002c47aec6a6f069d17338ff6
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/44101.cd5168bbb.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:07 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 06 May 2024 12:32:27 GMT
etag: W/"6638cddb-8119"
expires: Mon, 08 May 2034 05:54:07 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 320842
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac3b1e61b50f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/free-money-link-image.1ada0c9e1-120.png | 154.197.121.128 | | 5.3 kB |
URL 1win-cdn.com/img/free-money-link-image.1ada0c9e1-120.png IP154.197.121.128:0 ASN#328608 Africa-on-Cloud-AS
File typePNG image data, 120 x 97, 8-bit colormap, non-interlaced Hash911fa68d94dd3f2bc8ceff2671e87bdd 9bca43449cf32e95c62291a802cad6e6c4493025 9d652f09af7a4abeaa6cd6a77f32598dd33e3b7b8a55c032409cd2ecacd11db7
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/free-money-link-image.1ada0c9e1-120.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:07 GMT
content-type: image/png
content-length: 5274
cf-bgj: imgq:100,h2pri
cf-polished: origSize=6354
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "663bfc40-18d2"
last-modified: Wed, 08 May 2024 22:27:12 GMT
cf-cache-status: HIT
age: 563
expires: Fri, 10 May 2024 09:54:07 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac3cf871b50f-OSL
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/23008.ba7ce1428.js | 154.197.121.128 | | 3.4 kB |
URL 1win-cdn.com/js/23008.ba7ce1428.js IP154.197.121.128:0 ASN#328608 Africa-on-Cloud-AS
File typegzip compressed data, from Unix Hashc3de01c8ed91f48384488366933374f1 03f0af64f7c9d8e537a72f87c78ed86f027736f4 60ef54fb1ae6a3ce2514e30136703d056ac913d798f55d0e08f17c1df18e09a1
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/23008.ba7ce1428.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:07 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 06 May 2024 08:52:05 GMT
etag: W/"66389a35-1848"
expires: Mon, 08 May 2034 05:54:07 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 333174
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac3b2e69b50f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/8726.6a357273b.js | 154.197.121.128 | 200 OK | 34 kB |
URL GET HTTP/21win-cdn.com/js/8726.6a357273b.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wynyj.win/casino/list?open=register&sub1=&sub2=9191 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hash7c3520b11e2084ad170f1c37aa9a214f dee19b600ea077967d7775b4d58626c3585c5750 a21ab02d33aafabb166dc922629b63327f7f410e0e5a2664aae7b88fdced1c79
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/8726.6a357273b.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:07 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-298"
expires: Mon, 08 May 2034 05:54:07 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 818091
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac3cf86db50f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/66512.d3b9afb82.js | 154.197.121.128 | | 8.3 kB |
URL 1win-cdn.com/js/66512.d3b9afb82.js IP154.197.121.128:0 ASN#328608 Africa-on-Cloud-AS
File typegzip compressed data, from Unix Hashe857a5d0f615ae63c9d5a47d3084ab26 6d131b165bb81d5eea2b4eb1d70f28fba43a7ee5 08d0620380a292c5c9181614ae037c27a29e9b44890e4221c2fef00fe29e5cd6
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/66512.d3b9afb82.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:07 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-2f7"
expires: Mon, 08 May 2034 05:54:07 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 816758
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac3ce86ab50f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| d16q5vvir3f28d.cloudfront.net/raffle-20240411/headerLink.png | 143.204.42.156 | 200 OK | 3.9 kB |
URL GET HTTP/2d16q5vvir3f28d.cloudfront.net/raffle-20240411/headerLink.png IP143.204.42.156:443
Requested byhttps://1wynyj.win/casino/list?open=register&sub1=&sub2=9191 CertificateIssuerAmazon Subject*.cloudfront.net FingerprintFA:21:45:DC:4D:94:03:A3:09:77:51:78:4A:21:F2:C5:6D:94:BE:52 ValidityTue, 10 Oct 2023 00:00:00 GMT - Thu, 19 Sep 2024 23:59:59 GMT
File typePNG image data, 124 x 48, 8-bit colormap, non-interlaced Hash3219393f1efd01cf2db20820dff57cf2 ebdbcf916084a0d5a70680021d269680e9f41d41 8bb1195fc7bb92abd77f1a9bb21ce32e20e509d25d3aef4c412b50c8fae6ec06
GET /raffle-20240411/headerLink.png HTTP/1.1
Host: d16q5vvir3f28d.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: image/png
content-length: 3884
last-modified: Thu, 11 Apr 2024 12:20:45 GMT
x-amz-server-side-encryption: AES256
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
date: Thu, 09 May 2024 06:44:07 GMT
etag: "3219393f1efd01cf2db20820dff57cf2"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 277d0e3af1ffdcb1ee40b7dc9f040146.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: sWQNv-R5BWjBfh5h-ATOr8IrdvtQcsasbaYkjMpHjgLjxeGbm1dYtQ==
age: 83401
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/banner_desktop_casino_1x/plain/https://1win-cdn.com/casino-images/game_of_week/b019bc91-5277-41df-811a-32da4215ae5d.png@avif | 188.114.97.1 | | 16 kB |
URL imgproxy.1win-cdn.com/unsafe/banner_desktop_casino_1x/plain/https://1win-cdn.com/casino-images/game_of_week/b019bc91-5277-41df-811a-32da4215ae5d.png@avif IP188.114.97.1:0
Hash49373c5e183f23c97578f20822c9f29d 65426c38d19327505ec0a8a65d1587b3aa33a616 1902110c0d46c029edfd22f99a97ac7d267ea86ce53121b8c41fe895faf31176
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/banner_desktop_casino_1x/plain/https://1win-cdn.com/casino-images/game_of_week/b019bc91-5277-41df-811a-32da4215ae5d.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:07 GMT
content-type: image/avif
content-length: 16274
cache-control: public, max-age=31536000
content-disposition: inline; filename="b019bc91-5277-41df-811a-32da4215ae5d.avif"
content-security-policy: script-src 'none'
etag: "aAW6VDAor011uV9XSvPmkLd6FEDbuXicemelEDsn6Hk/RIjY2MzlkZTFiLWFlM2JmIg"
x-request-id: qHKP5yEE_G0C9p-m2JHU2
cf-cache-status: HIT
age: 251909
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6s7qciMhggpGHhFgBDJqB0mc%2FA5o5fC%2B3ZvaljYfjVgHMMITGHE4MS9OH0zLj2gUAhqb7UnzOYxWBUKstvLnlao%2FZGaCcTmOIcf91D4JxaJQ03cHrkWRC7W1rV5SRC4n2NX%2FeRJXMKo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac3f8f2e56cc-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/14681.3d5bceb66.js | 154.197.121.128 | | 868 B |
URL 1win-cdn.com/js/14681.3d5bceb66.js IP154.197.121.128:0 ASN#328608 Africa-on-Cloud-AS
File typegzip compressed data, from Unix Hashf2dc10961358f8fc01130cbc5b7c9318 db6f05887ecb744610dc71197447b7e18c87c811 cf554fcb3043cb7e363b285b26231767c4cde7ed6eb6b1553ee534759e80b851
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/14681.3d5bceb66.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:07 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-24d"
expires: Mon, 08 May 2034 05:54:07 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 816511
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac3eaa21b50f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/55799.274042d04.js | 154.197.121.128 | 200 OK | 40 kB |
URL GET HTTP/21win-cdn.com/js/55799.274042d04.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wynyj.win/casino/list?open=register&sub1=&sub2=9191 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hash4522c552635c48bebcc01ab85135f184 4d6bf9851541efae2fb75b993bc47f9c32789c1c 5fb247dd48b44e37e5874e5aebabeb71bc88d62a18be1898c2280b348df93de3
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/55799.274042d04.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:07 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 10 Apr 2024 09:12:11 GMT
etag: W/"661657eb-3c3"
expires: Mon, 08 May 2034 05:54:07 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 816511
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac3eaa28b50f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/500_i18_img.77110d4f9-1320.webp | 154.197.121.128 | | 25 kB |
URL 1win-cdn.com/img/500_i18_img.77110d4f9-1320.webp IP154.197.121.128:0 ASN#328608 Africa-on-Cloud-AS
File typeRIFF (little-endian) data, Web/P image Hash1f85b44a5305e8928fcae8922301d92a 7ecc0724a7560af7c4debc83014bab875eba685b 660ffadc474a5738fb2d93662e90e32d80dad0baa670e737854347ef8e4b904d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/500_i18_img.77110d4f9-1320.webp HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:07 GMT
content-type: image/webp
content-length: 25292
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: "663bfc40-62cc"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6526
expires: Fri, 10 May 2024 09:54:07 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac3fbbb7b50f-OSL
X-Firefox-Spdy: h2
|
|
| www.gstatic.com/recaptcha/releases/vjbW55W42X033PfTdVf6Ft4q/recaptcha__en.js | 142.250.74.35 | | 204 kB |
URL www.gstatic.com/recaptcha/releases/vjbW55W42X033PfTdVf6Ft4q/recaptcha__en.js IP142.250.74.35:0
File typeJavaScript source, ASCII text, with very long lines (632) Size204 kB (204445 bytes) Hashadd520996e437bff5d081315da187fbf 2e489fe16f3712bf36df00b03a8a5af8fa8d4b42 922b951591d52d44aa7015ebc95cab08192aa435b64f9016673ac5da1124a8b4
GET /recaptcha/releases/vjbW55W42X033PfTdVf6Ft4q/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1wynyj.win
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 204445
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 06 May 2024 16:12:34 GMT
expires: Tue, 06 May 2025 16:12:34 GMT
cache-control: public, max-age=31536000
last-modified: Sun, 05 May 2024 20:00:16 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 308493
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/cashback.12a565952.svg | 154.197.121.128 | | 1.4 kB |
URL 1win-cdn.com/img/cashback.12a565952.svg IP154.197.121.128:0 ASN#328608 Africa-on-Cloud-AS
File typegzip compressed data, from Unix Hasha8062f6de67507910391b623d05654e9 72a2c1705b78f9eb873147dc2f350244dec4bb9b f453509c71fe63f50c9c34ceb7a80d8a9af1520ecba0590e96e87036b1539f84
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/cashback.12a565952.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:07 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: W/"663bfc40-851"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
expires: Fri, 10 May 2024 09:54:07 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac3eea6fb50f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| www.googletagmanager.com/gtag/js?id=AW-16482547739&l=dataLayer&cx=c | 142.250.74.168 | | 90 kB |
URL www.googletagmanager.com/gtag/js?id=AW-16482547739&l=dataLayer&cx=c IP142.250.74.168:0
File typeJavaScript source, ASCII text, with very long lines (4179) Hashe87f891fef299c1dc131b904e9c8271a 4792c0e3d454d953921d5f8aa40d42faa5845ccf 5c7476821fccec6ab0fcabcb4505c5990d33ddb6cb1485ddf09d73da21d65d0e
GET /gtag/js?id=AW-16482547739&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 10 May 2024 05:54:08 GMT
expires: Fri, 10 May 2024 05:54:08 GMT
cache-control: private, max-age=900
last-modified: Fri, 10 May 2024 03:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 90351
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| 1win-cdn.com/js/chunk-vendors.84f8d8042.js | 154.197.121.128 | | 191 kB |
URL 1win-cdn.com/js/chunk-vendors.84f8d8042.js IP154.197.121.128:0 ASN#328608 Africa-on-Cloud-AS
File typegzip compressed data, from Unix Size191 kB (190582 bytes) Hash51b2792a77ca30d1ec528a4d5fa1bc40 d23c725b3dd3b94f0b4d995ffe56146b92130bb6 448f810940c952529a3e5fe54aca69193a449bb9eeaffed043669403099940dc
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/chunk-vendors.84f8d8042.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:06 GMT
content-type: application/javascript; charset=utf-8
last-modified: Thu, 25 Apr 2024 11:30:31 GMT
etag: W/"662a3ed7-3bb32"
expires: Mon, 08 May 2034 05:54:06 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 812499
set-cookie: __cf_bm=yDlS6Q7YSlnkPM1xYaYRHwy.y0anmc3wIUdY3iVju8o-1715320446-1.0.1.1-v8XYDbYSO.GqF9kKIyb7avW6tm1IsUkwKwGFcrS4Wd0IBa0U5PJYr_rFXvcTUTg6AKO_IA534v6q1OILIXpSOA; path=/; expires=Fri, 10-May-24 06:24:06 GMT; domain=.1win-cdn.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac34de51b50f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/62873.c94378d02.js | 154.197.121.128 | | 93 kB |
URL 1win-cdn.com/js/62873.c94378d02.js IP154.197.121.128:0 ASN#328608 Africa-on-Cloud-AS
File typegzip compressed data, from Unix Hasheaa047c458115c1afe0c5050f3e6ab84 0f4ce1d4a8cc738ad8a63b307ca4ae64a616d053 58df80ce89a57ee7c4ecafa9060efef2f78021f5f2c161d644ad8c2d8ff11c6a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/62873.c94378d02.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:07 GMT
content-type: application/javascript; charset=utf-8
last-modified: Tue, 23 Apr 2024 11:53:44 GMT
etag: W/"6627a148-556"
expires: Mon, 08 May 2034 05:54:07 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 811533
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac3aee07b50f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/carRaffleDesktopHeaderTicket.1a4740acc.svg | 154.197.121.128 | | 76 kB |
URL 1win-cdn.com/img/carRaffleDesktopHeaderTicket.1a4740acc.svg IP154.197.121.128:0 ASN#328608 Africa-on-Cloud-AS
File typegzip compressed data, from Unix Hashb94c2ce75422723167c9c3e8dbdcdd1a f79ebbe256b1cc2393f5ed262d6d39b05fe35348 2348e4c78551a5ed80644e5d54b180078097062a0e5fe8965c50c0ed79271f72
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/carRaffleDesktopHeaderTicket.1a4740acc.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:07 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: W/"663bfc40-3ff"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 562
expires: Fri, 10 May 2024 09:54:07 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac3f0ab1b50f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/32005.5701eb106.js | 154.197.121.128 | | 59 kB |
URL 1win-cdn.com/js/32005.5701eb106.js IP154.197.121.128:0 ASN#328608 Africa-on-Cloud-AS
File typegzip compressed data, from Unix Hash55557309888b6839f22d5920b0854417 e3bfefbaee1974d278ba02f5995f16edbd00d2e1 ef44969fafd2a79be06756670f3ad86e272c3d3d560869a8a0b49cc8dbb53b0d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/32005.5701eb106.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:07 GMT
content-type: application/javascript; charset=utf-8
last-modified: Tue, 07 May 2024 13:17:22 GMT
etag: W/"663a29e2-2428"
expires: Mon, 08 May 2034 05:54:07 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 232275
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac3b1e59b50f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/spinomenal/b766d86a-eade-487b-98e3-7c58464e62de.png@png | 188.114.97.1 | 200 OK | 48 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/spinomenal/b766d86a-eade-487b-98e3-7c58464e62de.png@png IP188.114.97.1:443
Requested byhttps://1wynyj.win/casino/list?open=register&sub1=&sub2=9191 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typePNG image data, 300 x 225, 8-bit colormap, non-interlaced Hash2535d1765fe1588d6e7a5652bf5bcdf6 bd9a712af48f1d321dd7cf311aa6f7c91212b356 c23fb5d19d444502e1334eec9c185b28cd24d46b9605631d953cdb1539ff4109
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/spinomenal/b766d86a-eade-487b-98e3-7c58464e62de.png@png HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:08 GMT
content-type: image/png
content-length: 48076
cache-control: public, max-age=31536000
content-disposition: inline; filename="b766d86a-eade-487b-98e3-7c58464e62de.png"
content-security-policy: script-src 'none'
etag: "YivgRLogmnYHS1cXPJjS1dpZXN4A7BZ3bWbLSqbfqjQ/RIjY0MTJlYmFlLTMwYjZmIg"
x-request-id: k6peDpSkNPwb1WaJNqmb_
cf-cache-status: HIT
age: 212140
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=d0w48OG%2BTHc8r5ZthN66RzRPQa4H5CjNEZ5KlbTni%2FSifvZnSb6uVjnXerv46KDpyyImxPv2KHmoew7l4IvSo4G%2BKS%2Fx7qQu2hNXyLOy9mB50G9dcqeAbhzLd6yoBlpiDKg8NbMxSTY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac4158ce56cc-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/72949.472bec630.js | 154.197.121.128 | 200 OK | 63 kB |
URL GET HTTP/21win-cdn.com/js/72949.472bec630.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wynyj.win/casino/list?open=register&sub1=&sub2=9191 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hash5255ae5819d4535c2894aa7e338c4201 e57ab191b9c286d24dafb0de3557ebb62ed8dc49 07dd74603914c2faa89537827a4571cd879064a740dc19abc9bd7ba602160180
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/72949.472bec630.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:07 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-36e"
expires: Mon, 08 May 2034 05:54:07 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 816511
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac3eba38b50f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/softswiss/a9a10eb5-1f81-4bea-bdf4-8257caba9ca3.jpg@png | 188.114.97.1 | | 57 kB |
URL imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/softswiss/a9a10eb5-1f81-4bea-bdf4-8257caba9ca3.jpg@png IP188.114.97.1:0
File typePNG image data, 419 x 314, 8-bit colormap, non-interlaced Hash09b8c76b505060ba7238dc13aa3ef3f1 8129661f89c808a0ee78f45d2dc5a356058c0edc c7e6f0ef091f5998c29a66137850d3a46ec803d8c3242955dc3cd46ed562bf84
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/softswiss/a9a10eb5-1f81-4bea-bdf4-8257caba9ca3.jpg@png HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:08 GMT
content-type: image/png
content-length: 56985
cache-control: public, max-age=31536000
content-disposition: inline; filename="a9a10eb5-1f81-4bea-bdf4-8257caba9ca3.png"
content-security-policy: script-src 'none'
etag: "YivgRLogmnYHS1cXPJjS1dpZXN4A7BZ3bWbLSqbfqjQ/RIjY2MmI1YzY1LWJmMTgi"
x-request-id: Mh3ve4vUsoiJ1XVQT9M6u
cf-cache-status: HIT
age: 218633
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9H2odtuAY9AXqIBSSIogbKaTcwrHvMBQCw15K8oU9kI0j6XeS6FH96U3qa5F6jNi2QC4bmR6mLY39x7rb8%2FdbCgMuG8ByJ23GYGPQOEojMvUVLdEiWW9LhF4vpJmGSjxOOfecV%2BFPsU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac4158d856cc-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/softswiss/e5e6ff35-98dc-4923-abf3-6f2fe59515fe.png@png | 188.114.97.1 | 200 OK | 39 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/softswiss/e5e6ff35-98dc-4923-abf3-6f2fe59515fe.png@png IP188.114.97.1:443
Requested byhttps://1wynyj.win/casino/list?open=register&sub1=&sub2=9191 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typePNG image data, 300 x 225, 8-bit colormap, non-interlaced Hash8873bf3d185b968dc5d324a1c3468b27 4254020263ca25e054a50451b28d6f9f96d37411 69bd8a4f71df1e70cfda8fa1e6f9940bf1910030d173b72ddb20dceaa60ba55b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/softswiss/e5e6ff35-98dc-4923-abf3-6f2fe59515fe.png@png HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:08 GMT
content-type: image/png
content-length: 39377
cache-control: public, max-age=31536000
content-disposition: inline; filename="e5e6ff35-98dc-4923-abf3-6f2fe59515fe.png"
content-security-policy: script-src 'none'
etag: "YivgRLogmnYHS1cXPJjS1dpZXN4A7BZ3bWbLSqbfqjQ/RIjY0ZTM1M2QzLTJjM2QyIg"
x-request-id: AYbD8udXsRB4-EMAufTDO
cf-cache-status: HIT
age: 58525
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UVhb0wf4k7qB2eYZmwsDV0XoQ3JFb9UxrBZBSJuajk1zk7IXPtfU6V4nzySf3b6AT1GC%2B1ukDim%2BW6CZHpPdPhdgmCZgvs9Cut10DjHdmhgi%2F2nzKfvcgQRv3URWzBW4Kp03XXbGhIk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac4158db56cc-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/bfgames/c_f62e3a405aef5f1d40fc145c65eaf21c.jpg@png | 188.114.97.1 | | 20 kB |
URL imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/bfgames/c_f62e3a405aef5f1d40fc145c65eaf21c.jpg@png IP188.114.97.1:0
File typePNG image data, 200 x 150, 8-bit colormap, non-interlaced Hash8dff94b9485c5e3b3c707c834f236ed9 15cc8a2762089c7c1f16075afdac641670186075 e601fbb5dcf460739287aa117d6918c9afad2d0cc02bafc76a71f8a99193ddbf
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/bfgames/c_f62e3a405aef5f1d40fc145c65eaf21c.jpg@png HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:08 GMT
content-type: image/png
content-length: 20326
cache-control: public, max-age=31536000
content-disposition: inline; filename="c_f62e3a405aef5f1d40fc145c65eaf21c.png"
content-security-policy: script-src 'none'
etag: "YivgRLogmnYHS1cXPJjS1dpZXN4A7BZ3bWbLSqbfqjQ/RIjYxM2EyNThlLTEzMTYi"
x-request-id: esBIUVeigrbbLsxFZSEsU
cf-cache-status: HIT
age: 134749
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QJGBLJArkq%2FI%2B8aE3RHiZtfhDM4t8q4RuSi2f7%2B0DIXZ%2F2PlTPBnrolTgfSqxW8I7JKU6Hqw4He3Dc%2FIAtiOTe4afBuFWdq2G7jUhKPdj5VaoD%2FhMqM7IOGMehKQNKta4qw6rIqjISU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac41a90d56cc-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/endorphina/e616b239-a47e-43b9-a050-50c3662fbce4.png@png | 188.114.97.1 | | 64 kB |
URL imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/endorphina/e616b239-a47e-43b9-a050-50c3662fbce4.png@png IP188.114.97.1:0
File typePNG image data, 419 x 314, 8-bit colormap, non-interlaced Hash4c88b145fd07075c8c9ce0e41559d784 a8c63027c85b67240ef7128b67d1aec986b43b84 fee0cb62aa6674686a8e610f6934fa57bbfc8e002d9be0e06caa78e1a2657a58
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/endorphina/e616b239-a47e-43b9-a050-50c3662fbce4.png@png HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:08 GMT
content-type: image/png
content-length: 63546
cache-control: public, max-age=31536000
content-disposition: inline; filename="e616b239-a47e-43b9-a050-50c3662fbce4.png"
content-security-policy: script-src 'none'
etag: "YivgRLogmnYHS1cXPJjS1dpZXN4A7BZ3bWbLSqbfqjQ/RIjY1YjhlMTg3LTZkMmQyIg"
x-request-id: WVQ4gEjrQ32F1rkAnsgON
cf-cache-status: HIT
age: 138493
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=R54JhIAffkuqCDM2HaIE4whCiq6SbisjtqHP7FZ6RTCpim9kG5AtMGQu9ll%2BerLvsqVyS9DneXMNXs8om7TFBmOkwoczubnQsYhhyY44Kgj6WwpF8rc66GOacJAh609d5hCV6oWBKAA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac4188fe56cc-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/infingames/43097ed5-2830-494a-b011-fe3f59895a87.png@png | 188.114.97.1 | | 42 kB |
URL imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/infingames/43097ed5-2830-494a-b011-fe3f59895a87.png@png IP188.114.97.1:0
File typePNG image data, 300 x 225, 8-bit colormap, non-interlaced Hash620174f04f481d28326a411b1cabb187 1ca53e5711ced25cb4c70c03a942f1872666d944 f6ee80f4ba1dee3011e068f4636ce13049e060e262ad0b2a78543c0195194425
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/infingames/43097ed5-2830-494a-b011-fe3f59895a87.png@png HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:08 GMT
content-type: image/png
content-length: 42183
cache-control: public, max-age=31536000
content-disposition: inline; filename="43097ed5-2830-494a-b011-fe3f59895a87.png"
content-security-policy: script-src 'none'
etag: "YivgRLogmnYHS1cXPJjS1dpZXN4A7BZ3bWbLSqbfqjQ/RIjY0OWU5Nzc1LTMxOTNlIg"
x-request-id: 3ssNRLbLH6TylbfRVLFJI
cf-cache-status: HIT
age: 134749
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BINc4RIC1TbQ5jTYdK51qlIP7cgm7zbYgolqalwGBmBbjSqBwW38I234iIvYLrsq1McDLjPNJnrZsIgzx16YAyuL580yChtpkZgKWCJI7JPU4S7N1nhf1OBJ4MeqUqIwjAQygY60%2BwI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac41a90956cc-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/endorphina/3a74cb93-c140-47e2-b2a7-6c79fe6141a1.png@png | 188.114.97.1 | 200 OK | 46 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/endorphina/3a74cb93-c140-47e2-b2a7-6c79fe6141a1.png@png IP188.114.97.1:443
Requested byhttps://1wynyj.win/casino/list?open=register&sub1=&sub2=9191 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typePNG image data, 300 x 225, 8-bit colormap, non-interlaced Hash22f76510b40094984413e540f68390fc 95d8396ac875d65a90d1eba6a6646972221c33de 4621380ef94b0ab207f2e56d0942c27b1d3a17ae4ee4843c795cdc37155f868e
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/endorphina/3a74cb93-c140-47e2-b2a7-6c79fe6141a1.png@png HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:08 GMT
content-type: image/png
content-length: 45956
cache-control: public, max-age=31536000
content-disposition: inline; filename="3a74cb93-c140-47e2-b2a7-6c79fe6141a1.png"
content-security-policy: script-src 'none'
etag: "YivgRLogmnYHS1cXPJjS1dpZXN4A7BZ3bWbLSqbfqjQ/RIjY1NjVkMmJmLTJkMWQxIg"
x-request-id: ii_oDFwEuJXi5dbKvu_g0
cf-cache-status: HIT
age: 138492
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6dNqa2b70x%2FVfl6KESsPQuOQ6ci2njPfxz%2BFBm6aa%2BH7vdniGohz1OcZs0yjSFVLwyowBX5LzIKelUSi%2BYd6sTTEE8lJBeY1esLUlrAw8jHYJV23czqh%2BJKbMXdr2KxtVZbdjDFig9A%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac41a90a56cc-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/mrslotty/e44a0723-8123-49b7-a817-b5e81c10ba6a.png@png | 188.114.97.1 | | 77 kB |
URL imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/mrslotty/e44a0723-8123-49b7-a817-b5e81c10ba6a.png@png IP188.114.97.1:0
File typePNG image data, 419 x 314, 8-bit colormap, non-interlaced Hash4850d9e144ef82d5485ee223a3492f5b 1872bd9ff9cd44582aa27facc9d6a72e546c5ee6 3aa68663055e33e4c5fcb0e020316101385005595d3c8d37d9e566183aae6cfa
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/mrslotty/e44a0723-8123-49b7-a817-b5e81c10ba6a.png@png HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:08 GMT
content-type: image/png
content-length: 76785
cache-control: public, max-age=31536000
content-disposition: inline; filename="e44a0723-8123-49b7-a817-b5e81c10ba6a.png"
content-security-policy: script-src 'none'
etag: "YivgRLogmnYHS1cXPJjS1dpZXN4A7BZ3bWbLSqbfqjQ/RIjY1ZGI0OGVkLTUyMGE4Ig"
x-request-id: 2InNQZ7SwWZF66Mz7EnT4
cf-cache-status: HIT
age: 138490
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ROV4xMwttOj70VSLryvPR7JtjjvyLRo19%2BZCXHPgl6dsF6W72wLA3gR3lB1Gw4qP632vBQFyY%2BhCr8lcvsMmmH%2Fq0iLnpFrQF2579AR343wUWM8o0NKUjjd%2BiAfnPa0AfxwknEdB3y0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac42094a56cc-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/90511.4bc374431.js | 154.197.121.128 | | 80 kB |
URL 1win-cdn.com/js/90511.4bc374431.js IP154.197.121.128:0 ASN#328608 Africa-on-Cloud-AS
File typegzip compressed data, from Unix Hash5db6ae85c2951470e3d42cc259c3360e 1a5f129f3449621ec9cdeefdb9684d27ae6f4d36 13c327f0f94df278d18ec0503ae41170fd23ae2db7b6aee412c1804937354a18
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/90511.4bc374431.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:07 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-27d"
expires: Mon, 08 May 2034 05:54:07 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 812012
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac3ce868b50f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/fundist/d0e532f1-4415-468d-aa3c-dbc88f46f22f.jpg@png | 188.114.97.1 | | 72 kB |
URL imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/fundist/d0e532f1-4415-468d-aa3c-dbc88f46f22f.jpg@png IP188.114.97.1:0
File typePNG image data, 419 x 314, 8-bit colormap, non-interlaced Hashfea1b5de45a77fdd0e4f01a5e88637ae 8a61c3818f0d11154aa6531fdd43b250dcc19c0f e1c49df377acf949f41c8f4e260098e52142c3085dfb7d68b1294a004296c62d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/fundist/d0e532f1-4415-468d-aa3c-dbc88f46f22f.jpg@png HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:08 GMT
content-type: image/png
content-length: 76821
cache-control: public, max-age=31536000
content-disposition: inline; filename="d0e532f1-4415-468d-aa3c-dbc88f46f22f.png"
content-security-policy: script-src 'none'
etag: "YivgRLogmnYHS1cXPJjS1dpZXN4A7BZ3bWbLSqbfqjQ/RIjY2MDQxNGFiLTFmODcyIg"
x-request-id: vNJWMFeuC6FXS60nADqyu
cf-cache-status: HIT
age: 208205
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eV4HXKG4dW3PkqImWOzlLsT6bX56eWLxRgsaEMc5pVZ3JriLrr0E88t%2BoHBXN2Hh0xsAZV9liQuPC8rSJDRGP3wqjK6dPLMwFCg86z1JafZnw3k0n4jtUTFuBznVyl7ISu3huuJ9%2FXA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac4168dd56cc-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/zillion.c0e3dd6f0.svg | 154.197.121.128 | | 8.1 kB |
URL 1win-cdn.com/img/zillion.c0e3dd6f0.svg IP154.197.121.128:0 ASN#328608 Africa-on-Cloud-AS
File typegzip compressed data, from Unix Hash6095956972d158caa3542a3c33475a91 9c33d820206c4aec80040ed79304b6af7acd4d0d 0996fa20fae592b68947eb41821cecfa35cba3ca3463dcb48342ff374b096e9b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/zillion.c0e3dd6f0.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:08 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: W/"663bfc40-2ac"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 562
expires: Fri, 10 May 2024 09:54:08 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac422f12b50f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/mrslotty/7fdd4ca4-61a6-451c-9533-185b9f88a4da.png@avif | 188.114.96.1 | | 7.4 kB |
URL imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/mrslotty/7fdd4ca4-61a6-451c-9533-185b9f88a4da.png@avif IP188.114.96.1:0
Hash4841c7a15b396644ee7ba8554ffb5bf6 a2829093874a49809c29b2d4a186e1af8cea5153 1e8c5d052a6863b10764bb9391767143f9c6599b48d966322520927913fb3d9c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/mrslotty/7fdd4ca4-61a6-451c-9533-185b9f88a4da.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:08 GMT
content-type: image/avif
content-length: 7407
cache-control: public, max-age=31536000
content-disposition: inline; filename="7fdd4ca4-61a6-451c-9533-185b9f88a4da.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1MDg1NWMyLTQ5ZTFmIg"
x-request-id: ayKlLuwlDWjGizyzfc3h7
cf-cache-status: HIT
age: 215011
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rXUti2GbC2Wnf49aF%2F1UEj2oEJbNP%2F6hnO7fivDt9GXt%2BzIVA3ysyvLk40G3i0UEDlArMvFK6xzN%2BvMgUuXpYqwxRS3%2BmfUFm2TIMIiUCC0jTHLTLxnezECU9alBchtZgAamEOodQTA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac434f7756ca-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/40223bea-129c-45a9-afed-277cad8ba9a1.png@avif | 188.114.96.1 | 200 OK | 5.9 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/40223bea-129c-45a9-afed-277cad8ba9a1.png@avif IP188.114.96.1:443
Requested byhttps://1wynyj.win/casino/list?open=register&sub1=&sub2=9191 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hash9d19a8ee72d8c48af25fdc64baaa1377 845b03e70fa87c6cd8025abe3c257117e0d88bb6 02a25486cea99e7a7cbc3a72ed94b5466705f26440184d1a2f2f5ebff6695ce3
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/40223bea-129c-45a9-afed-277cad8ba9a1.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:08 GMT
content-type: image/avif
content-length: 5859
cache-control: public, max-age=31536000
content-disposition: inline; filename="40223bea-129c-45a9-afed-277cad8ba9a1.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY0MDA5OTI1LTMwMWYwIg"
x-request-id: Gtd2gR3NIUujjGjkA0lEY
cf-cache-status: HIT
age: 206863
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mdSMyzTnPs7frnQXx6domXCdD4bDtzIhaattJJS%2BJmp5N4P2ixZFYzevULF9fE1FWXBcewUi77hSyFsAPoLwjAvWUhoTyib8i0FA%2FWdgYqNDxEniqDm0JnNW1XWlqY1v3KkjuskiTp0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac434f7556ca-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/mascot%20gaming.21cafbe70.svg | 154.197.121.128 | | 5.6 kB |
URL 1win-cdn.com/img/mascot%20gaming.21cafbe70.svg IP154.197.121.128:0 ASN#328608 Africa-on-Cloud-AS
File typegzip compressed data, from Unix Hashdbe8387b89aac6dda33448b0189694cc b071bc0787147e4e536466c4ef5060c6e8eadd68 f6aed97226b114a11a19b7af8cdc50c6d2e162dd759a2375b87e5d9433085e01
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/mascot%20gaming.21cafbe70.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:08 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: W/"663bfc40-144f"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 2517
expires: Fri, 10 May 2024 09:54:08 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac416e15b50f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/spinomenal/b766d86a-eade-487b-98e3-7c58464e62de.png@avif | 188.114.96.1 | | 9.3 kB |
URL imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/spinomenal/b766d86a-eade-487b-98e3-7c58464e62de.png@avif IP188.114.96.1:0
Hash19ea6dc62a4b1d3b87a9940660698dd1 8c3052c6f52d60b40824437d282619e91034db7a 37fdf454398cc9c71d94e939cd12dc958e9380d776cc895395d52fca7ff78308
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/spinomenal/b766d86a-eade-487b-98e3-7c58464e62de.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:08 GMT
content-type: image/avif
content-length: 9300
cache-control: public, max-age=31536000
content-disposition: inline; filename="b766d86a-eade-487b-98e3-7c58464e62de.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY0MTJlYmFlLTMwYjZmIg"
x-request-id: H5JlTxFxiug-gsAN0uQr1
cf-cache-status: HIT
age: 217625
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2a8AZFISsfxYpmnA8AErU7jhVStJGk%2BXPabqSZgpqC52QMdP%2FTuRt1mObeZopGuihLs9n9dc2nb5Yzm1glDDEQjucBM6cG%2BHYS8XXClptnIS4UrkI1HDMHpHx35T8UB4fNFpJc2WulM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac434f7a56ca-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/04f67ecf-d744-4f0e-b33b-5fee6d24649e.jpg@avif | 188.114.96.1 | | 6.9 kB |
URL imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/04f67ecf-d744-4f0e-b33b-5fee6d24649e.jpg@avif IP188.114.96.1:0
Hashf4d034b11dd303021ad639388d1721bb eb5131c3192a0ce42a3d1e5eb706e14dbf5f9efa c1f8592835a5491c95e668858c9b1a8fbf74f6644bbaa8d1f4a4efbf8cc637b0
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/04f67ecf-d744-4f0e-b33b-5fee6d24649e.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:08 GMT
content-type: image/avif
content-length: 6917
cache-control: public, max-age=31536000
content-disposition: inline; filename="04f67ecf-d744-4f0e-b33b-5fee6d24649e.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY0ODgyYjA3LTFjMjM5Ig"
x-request-id: 1yyGRHeiPvnFDJlVeYtGo
cf-cache-status: HIT
age: 216927
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=A%2B82EpY4owoIyparMYIz9q1VuN%2Bght9VayzQDGmn7OEz9JXjs%2FIW2MnjdjHY%2BH85%2BD6daERRsOP%2By75WCcow8Cpm7B0XhyjZRLIgl1Y4InKwC1YB2ma5HCFmtELh9nJFdxpf5O6MaxA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac435f8156ca-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/ada717cd-e63b-40b2-adbf-c1009964d6f0.png@avif | 188.114.96.1 | 200 OK | 7.8 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/ada717cd-e63b-40b2-adbf-c1009964d6f0.png@avif IP188.114.96.1:443
Requested byhttps://1wynyj.win/casino/list?open=register&sub1=&sub2=9191 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hash6a86c5bb3ff2902051c8a5b9212df604 4c871b9b1b0da3cb252977e3177d302cad6230fd 131c4194037afc4e0e990751d6b75b478eef845d855d2d20bc2722612ddf671c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/ada717cd-e63b-40b2-adbf-c1009964d6f0.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:08 GMT
content-type: image/avif
content-length: 7785
cache-control: public, max-age=31536000
content-disposition: inline; filename="ada717cd-e63b-40b2-adbf-c1009964d6f0.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY2MWNlZTJkLTZiYjFhIg"
x-request-id: soAn6Cv9FDG1lRMNVYG9M
cf-cache-status: HIT
age: 213078
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qUFJ693BZ0dm2engawlY44B1u9c%2BpZgogS39toF1vNXN%2BiIkzQHE4GDBZVDnPRsH74HHaYG22KqKxlSmM2b%2F0PgkA2It9lB%2Fb34W%2BWyAO0OjhSTRwofBAJQjVTLapjLN6fBUS7swYwM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac434f7b56ca-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/bfgames/9d7c96cf-66aa-4580-9563-baa3f940db93.jpg@avif | 188.114.96.1 | 200 OK | 9.9 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/bfgames/9d7c96cf-66aa-4580-9563-baa3f940db93.jpg@avif IP188.114.96.1:443
Requested byhttps://1wynyj.win/casino/list?open=register&sub1=&sub2=9191 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hash26af576690cab574a1d969032fdc5f16 8f279f854c9eaaf667d3a0c92c5a5276f9f01cd4 2a0d9e95e9d3526457ba6469ad12b84828057965145caee52dec0388ab28a614
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/bfgames/9d7c96cf-66aa-4580-9563-baa3f940db93.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:08 GMT
content-type: image/avif
content-length: 9892
cache-control: public, max-age=31536000
content-disposition: inline; filename="9d7c96cf-66aa-4580-9563-baa3f940db93.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1MWQyN2EzLTIzOTk3Ig"
x-request-id: oLIa4BJLqwG1HB5BEqpqM
cf-cache-status: HIT
age: 213319
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4SPqnMrtUZuX0RrnrFmNh1t38XV%2FEU%2BHD0gwQdeKooYtIy%2BC3zdbKjOi7FB%2FpI5b0von335L4cir1b2K3gqfwtpJAj0MYKEmZAwi8hs27aMPKQ%2F%2Bp1Vtod5GkgmZMteszI7Z%2B2lWaZg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac434f8056ca-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/fbcbd07e-2fbd-4b00-9edd-96eaae801b22.png@avif | 188.114.96.1 | 200 OK | 8.3 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/fbcbd07e-2fbd-4b00-9edd-96eaae801b22.png@avif IP188.114.96.1:443
Requested byhttps://1wynyj.win/casino/list?open=register&sub1=&sub2=9191 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hash9867f5ddac7eff5f2fd88dfdec8fd493 6ea9a242437fe23c61e09a00030ae3eee78d3cd1 2a35868035bda3ac30307b7226b56456bb7bab2d244b808e07d3384cd18ba1e1
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/fbcbd07e-2fbd-4b00-9edd-96eaae801b22.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:08 GMT
content-type: image/avif
content-length: 8337
cache-control: public, max-age=31536000
content-disposition: inline; filename="fbcbd07e-2fbd-4b00-9edd-96eaae801b22.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1ZTFkNjFmLTdjN2M4Ig"
x-request-id: I85TlysGV19zGB3VN3wxj
cf-cache-status: HIT
age: 206863
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kpGz%2BRL8BfxoyZndiEPY8rs8PDhOpapVCL%2BHve%2BzIIAdn8WSltibKE95WVnboRG%2Bd%2FHGJzhI%2BvTEvQtZ5GkvIzS7Ftdpwhx%2FP%2FxE9zQa4bRwIj6LkCpHPAFKWUk6VsDdmIeSQnTYFPI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac435f8256ca-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/a9a10eb5-1f81-4bea-bdf4-8257caba9ca3.jpg@avif | 188.114.96.1 | | 4.9 kB |
URL imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/a9a10eb5-1f81-4bea-bdf4-8257caba9ca3.jpg@avif IP188.114.96.1:0
Hashd628c0ddaa84c22e5e28c7f05e2badd5 43a3d8aff9d0cc1ffb87c7f1ae6ea1a34b68e51e 46debe0231b7815549872a1a81e09374c40db5a3e6ff0d23cde4a1d5706e3be0
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/a9a10eb5-1f81-4bea-bdf4-8257caba9ca3.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:08 GMT
content-type: image/avif
content-length: 4938
cache-control: public, max-age=31536000
content-disposition: inline; filename="a9a10eb5-1f81-4bea-bdf4-8257caba9ca3.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY2MmI1YzY1LWJmMTgi"
x-request-id: hfX33J938_EHQRn2jKmaI
cf-cache-status: HIT
age: 204451
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pLnAFqqBrVpKvR52tfIJYL4Z2c5sJKg1jwLBsSJte9F2Wd1Gl1uMepfTQwWafubswd%2FnE9SFVwXWuh5wRj1NMj4QmKT82mLsz1R%2BLo8hGACofv3oaMWT31ulZWBG653B0hkzL1%2FGesI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac435f8556ca-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/7e183855-0a8d-4323-a363-208600e16b4e.jpeg@avif | 188.114.96.1 | | 7.4 kB |
URL imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/7e183855-0a8d-4323-a363-208600e16b4e.jpeg@avif IP188.114.96.1:0
Hash88ae9f55ebc5e59fa8e178a37c08a0be bf75a666f229a93065910dfb7891ba30ec8e0c9e 1d5bf5fa067e02203a77de65a4b549a62d7496de54613411777a43f541e14506
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/7e183855-0a8d-4323-a363-208600e16b4e.jpeg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:08 GMT
content-type: image/avif
content-length: 7429
cache-control: public, max-age=31536000
content-disposition: inline; filename="7e183855-0a8d-4323-a363-208600e16b4e.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY2MWZiZjk0LTFjZGM1Ig"
x-request-id: dCUMNmbGtQZuCiNr0pHbM
cf-cache-status: HIT
age: 212359
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ycmu6EmCdvd6kxlEwIn9XpAFMmNRI97mj5UNxRwsdD18Fj0qtsS7LuGVDz8wO5Llz%2FcVtcsJRFPI8Ou1od%2F59WAn%2FdcAe684Ax16g7i0VHep4tcry0ju%2F28KS1fVb0G%2FJD9t9Ug7%2FjA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac435f8656ca-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/e5e6ff35-98dc-4923-abf3-6f2fe59515fe.png@avif | 188.114.96.1 | | 8.1 kB |
URL imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/e5e6ff35-98dc-4923-abf3-6f2fe59515fe.png@avif IP188.114.96.1:0
Hash7e8efe46dde9cda3cd4a173d23aa609e e285ec6cabd58a1f137a323c2795da808c5c65e8 3256461de8e961771cf7d1d55f8a438667b73a8363f69c460026643981a2c1cb
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/e5e6ff35-98dc-4923-abf3-6f2fe59515fe.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:08 GMT
content-type: image/avif
content-length: 8148
cache-control: public, max-age=31536000
content-disposition: inline; filename="e5e6ff35-98dc-4923-abf3-6f2fe59515fe.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY0ZTM1M2QzLTJjM2QyIg"
x-request-id: TQVbhqWVjiTMKol2lOoJL
cf-cache-status: HIT
age: 203965
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2B%2FswYgabzHxFa%2BeAhdOIDt7teAUnQ6cjsyFMhBpirVoHeTefoy3qPi0c7LITdhrTZ7O7uSJ3v0iovFPL5LH5HnK3fVUi92feKoiA44XX87ALWl596oI9E7oYTmNJtTzH0Xrg%2BsnmrdA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac435f9656ca-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/d4db362b-69a1-4639-9371-642b0c43aa44.png@avif | 188.114.96.1 | | 5.6 kB |
URL imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/d4db362b-69a1-4639-9371-642b0c43aa44.png@avif IP188.114.96.1:0
Hash0c68c15cbb21833d4a398df7ca3b99e8 230db81592609272f92c475facc194c525cabbc6 88cbcb76b6f0b16a9afc392a620f1a6d4fcbba5b99e5c01606894a622de7c562
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/d4db362b-69a1-4639-9371-642b0c43aa44.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:08 GMT
content-type: image/avif
content-length: 5632
cache-control: public, max-age=31536000
content-disposition: inline; filename="d4db362b-69a1-4639-9371-642b0c43aa44.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY0NmM5ZTcyLTQzOTBiIg"
x-request-id: 3eVxskTchfr8194j9_8ou
cf-cache-status: HIT
age: 212359
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ns4ika7l4EyvG%2BDLSbF%2BevIDhSVSQmwEg3jtFYU4b3%2BXWhi06a71wt4wAASOY3mvyFP0SS5WL%2BA28q1n%2Fdni%2Fs%2Bad7yL6k5%2FxuARQp7vbK0BbLAHP%2FBZD1gPTU39Z22tgs40c%2F8tlL4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac435f9756ca-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/32ad7d13-0689-4d2a-9749-8e0779257d2d.jpg@avif | 188.114.96.1 | | 7.7 kB |
URL imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/32ad7d13-0689-4d2a-9749-8e0779257d2d.jpg@avif IP188.114.96.1:0
Hash532d0102f713b90c31c5e23d68b93a0c 14887a3d6923d0155b412bcc1a38da91f0327ad2 2684f99d9447da62936d14fac9add4f9effcd8b1976055268044d5e5e4894bf3
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/32ad7d13-0689-4d2a-9749-8e0779257d2d.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:08 GMT
content-type: image/avif
content-length: 7679
cache-control: public, max-age=31536000
content-disposition: inline; filename="32ad7d13-0689-4d2a-9749-8e0779257d2d.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY0ZmIwZDM0LTExZjlhIg"
x-request-id: PrBDq6M0xZVNZVY_z_8Hg
cf-cache-status: HIT
age: 215738
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cVKxlDyJQ8torBiRc0SxviiPJ4%2BwVg4KTcIvPFEpZpD7lecyCkXSBLL9de2y9k5h0liJDh%2F9ZzO3WlSlcusFbf1lR8DiiW5OO2lfabTisvWAoxR98vmmJsE1KfzYi3Pflhe2Dae5T8o%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac435f9256ca-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/endorphina/16b695c0-a55e-4b62-a358-7f28a054f5c3.png@avif | 188.114.96.1 | | 8.1 kB |
URL imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/endorphina/16b695c0-a55e-4b62-a358-7f28a054f5c3.png@avif IP188.114.96.1:0
Hash0e5690478eedfa1df868b3925ae7765f 2b5c93c92cd6c824f2b78e3eca5acdcd0848c5a7 efc476f654991ceb6e2ec648f67789fe3f5a56c2e85dcabae86175ee1a1f06d0
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/endorphina/16b695c0-a55e-4b62-a358-7f28a054f5c3.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:08 GMT
content-type: image/avif
content-length: 8133
cache-control: public, max-age=31536000
content-disposition: inline; filename="16b695c0-a55e-4b62-a358-7f28a054f5c3.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1NmY0YzBmLTViZWY2Ig"
x-request-id: wIvVBE6Ca87qQK-_rWGwc
cf-cache-status: HIT
age: 217626
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=96OcL8doiIJu8qZycRzMRqTI3tsjEDRygbusjQKt9XvhGVttvW3lJll40rE7iYum%2BejlbTJ1v0Nw8kV39M3kwcScvq6bl9iZQK%2BJuXXegU7wrCdEaBZmowHZn5RkuQnf2YlKm7PUxvQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac434f7d56ca-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/bf%20games.7559aed26.svg | 154.197.121.128 | | 11 kB |
URL 1win-cdn.com/img/bf%20games.7559aed26.svg IP154.197.121.128:0 ASN#328608 Africa-on-Cloud-AS
File typegzip compressed data, from Unix Hasha2ea1cfca29bda5ed28bb3354e787c0a 1b262cf6eac2e8d201a22e54378f7e533b438280 87a1680ac386582a5b3673508afc75f2603ca8fac70d934abae4bd6b2364f372
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/bf%20games.7559aed26.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:08 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: W/"663bfc40-1382"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1715
expires: Fri, 10 May 2024 09:54:08 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac41ae80b50f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/0ba3209c-cc88-4939-8825-8169ef474010.jpg@avif | 188.114.96.1 | | 8.4 kB |
URL imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/0ba3209c-cc88-4939-8825-8169ef474010.jpg@avif IP188.114.96.1:0
Hash19f229b84c704888d3b7a617d4ea0d5f ead41a6984c57debbde1fdbe6820dcdd07634f99 2ded6d38b4a260c8c2b217d42f160b0ad2e5f2ffba86bc3f4b98c660c29ff870
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/0ba3209c-cc88-4939-8825-8169ef474010.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:08 GMT
content-type: image/avif
content-length: 8415
cache-control: public, max-age=31536000
content-disposition: inline; filename="0ba3209c-cc88-4939-8825-8169ef474010.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY2MjhiZjVkLTIwNzNlIg"
x-request-id: qm6oGx3zgZoAvqzoU-0Oq
cf-cache-status: HIT
age: 213319
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cj4qPHJnwpXL8vaKz2bFZbNb9AyhO8RE8eipZt8C0aiCg7s1r6Xtq0hdMZRGewA2iMUw7p1xB83OkYeIB7XZPJb854%2BKDRgwGRjmCVzN%2B1fMeUfPJ2GKpLiWurl%2FU%2BIBv7sPp7r%2BmLI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac434f7e56ca-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/mrslotty/7fdd4ca4-61a6-451c-9533-185b9f88a4da.png@png | 188.114.97.1 | 200 OK | 72 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/mrslotty/7fdd4ca4-61a6-451c-9533-185b9f88a4da.png@png IP188.114.97.1:443
Requested byhttps://1wynyj.win/casino/list?open=register&sub1=&sub2=9191 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typePNG image data, 419 x 314, 8-bit colormap, non-interlaced Hash30ff9263cfcb5d12a6c081d0d4e7b8dc 85e32209bed68e87242cfc1f8843984633a29349 b5c33a40ca0624076449b8a5d182802457eb2f95cfd4ff2e3ada9129b4cad028
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/mrslotty/7fdd4ca4-61a6-451c-9533-185b9f88a4da.png@png HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:08 GMT
content-type: image/png
content-length: 67161
cache-control: public, max-age=31536000
content-disposition: inline; filename="7fdd4ca4-61a6-451c-9533-185b9f88a4da.png"
content-security-policy: script-src 'none'
etag: "YivgRLogmnYHS1cXPJjS1dpZXN4A7BZ3bWbLSqbfqjQ/RIjY1MDg1NWMyLTQ5ZTFmIg"
x-request-id: fmq65PwS3YzI8WKv60Pex
cf-cache-status: HIT
age: 157697
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ICJmHsapsKcZ%2FxgDyG64zV8EhicRLlvyC53Tkdf7lC%2F6fg1fHJFWLGsuOm1fdmoWQe1KiRcApx2nJEM5%2F%2F7BhdscV1Fco4HvVhsYdzeFXie0xLWwb8xf1UK5DTeJ3kNJc1NdCV%2Bne%2FA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac4158cc56cc-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/desktop.b9c515d35.js | 154.197.121.128 | 200 OK | 112 kB |
URL GET HTTP/21win-cdn.com/js/desktop.b9c515d35.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wynyj.win/casino/list?open=register&sub1=&sub2=9191 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Size112 kB (112344 bytes) Hasha1c1684b9fd500e1126bc02a82bc3454 55d807a5f411abe537d6e47783a820b092cd6372 3ca7c85b2bf4faad3fce56ffa300e4610e0d8166e846c6d45af7341d2b2b34e3
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/desktop.b9c515d35.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:06 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 08 May 2024 12:07:27 GMT
etag: W/"663b6aff-214d1"
expires: Mon, 08 May 2034 05:54:06 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 149779
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac367805b50f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/18860.cc0fd1e0e.js | 154.197.121.128 | 200 OK | 19 kB |
URL GET HTTP/21win-cdn.com/js/18860.cc0fd1e0e.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wynyj.win/casino/list?open=register&sub1=&sub2=9191 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hash22b231617e379d9db08eaa9528389463 3ee4f176fb7ede327757bef3d529921f943c2f12 0d46650aab9a6f3082211bda7334a0e5c9b71d1b62462cfe569d72ba4d2f15be
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/18860.cc0fd1e0e.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:06 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 06 May 2024 12:32:27 GMT
etag: W/"6638cddb-6d56"
expires: Mon, 08 May 2034 05:54:06 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 320848
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac36d8a8b50f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/2540c6b5-b697-4ddc-9ed5-aa5dbac69801.png@avif | 188.114.96.1 | 200 OK | 6.7 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/2540c6b5-b697-4ddc-9ed5-aa5dbac69801.png@avif IP188.114.96.1:443
Requested byhttps://1wynyj.win/casino/list?open=register&sub1=&sub2=9191 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hashb3f2c9d8fad9590c4306452f6a3d5351 e52f72ddf95325d98298bdf2652ae183e66c90b3 ccbcb4a8db94c566311666e7f9da33eb11d985688211cb2380375e99ef11f991
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/2540c6b5-b697-4ddc-9ed5-aa5dbac69801.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:08 GMT
content-type: image/avif
content-length: 6731
cache-control: public, max-age=31536000
content-disposition: inline; filename="2540c6b5-b697-4ddc-9ed5-aa5dbac69801.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1YTkxZDM0LTcyODdmIg"
x-request-id: 8vKrg9VeAhdtFu4RexVJq
cf-cache-status: HIT
age: 203103
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=L6Ayx6YLol4vJX9p5%2FViJtcTSr6B12KV8tCcBJje8eeClP%2F3b0Lpt7R2JJlrMt3gybKcs1uxvetcO%2BWgvWcySWGpXzjtzCZJLiF6gYqzcMe02FYPGzLKN%2BoRcfMoB6vMlZbAZxJiIfk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac437fae56ca-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/5972e0dd-d954-45b0-b608-3f3e3832a0a1.jpg@avif | 188.114.96.1 | 200 OK | 6.4 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/5972e0dd-d954-45b0-b608-3f3e3832a0a1.jpg@avif IP188.114.96.1:443
Requested byhttps://1wynyj.win/casino/list?open=register&sub1=&sub2=9191 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hash21f105a054c05e9366d3f21f5b5502d6 988e9e267fcb163db10f8b4df924d8c6f222df70 46eda0814f8fbb7cc505997f7b8d8693b8dc2a4fc5eb24670ace1f7b560a439e
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/5972e0dd-d954-45b0-b608-3f3e3832a0a1.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:08 GMT
content-type: image/avif
content-length: 6384
cache-control: public, max-age=31536000
content-disposition: inline; filename="5972e0dd-d954-45b0-b608-3f3e3832a0a1.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY2MmI1Y2QyLWYwOTAi"
x-request-id: geP_sTyq3NX82hre9Mh6X
cf-cache-status: HIT
age: 217618
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uatzCRvmEIfToCaVi11rbW6VBGaFgP5AsxcLpVMAmkeplv5E7oTXrDxjUU7%2FPNmspUbRBRb71Z4cVO62l8n32lpaED0Oz1m2PmrOyCM7Ir3b2z%2BR%2FgKzDdFaPAdthdVEr78Xpz55qa4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac437fb056ca-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/f6079dcf-04df-4bfd-bb7c-8d454bdcb21b.png@avif | 188.114.96.1 | 200 OK | 8.3 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/f6079dcf-04df-4bfd-bb7c-8d454bdcb21b.png@avif IP188.114.96.1:443
Requested byhttps://1wynyj.win/casino/list?open=register&sub1=&sub2=9191 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hash5a3ba0dae96f50ad592fd6eb8dd93fee c4e9678f3997e55855e24e41a7e6086276830275 8a5bd44f9e77f472f75fa8d3c5e7d6e790ada844a06c6c16ab8181436b0452d3
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/f6079dcf-04df-4bfd-bb7c-8d454bdcb21b.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:08 GMT
content-type: image/avif
content-length: 8300
cache-control: public, max-age=31536000
content-disposition: inline; filename="f6079dcf-04df-4bfd-bb7c-8d454bdcb21b.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY0MDA5N2I1LTNiNjcxIg"
x-request-id: 7yZNyxvF6AX-QOH-i7_OP
cf-cache-status: HIT
age: 212359
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LieKsHt2Pv2u%2FWcw8fJEUsmb931DTllEgZ9KL6Z%2BXMU1IhHjujf9h1WbkU2XMcDyB%2F8MU2%2Byz%2BSqvu1u%2BxMaIzgIxwdaCaqc5%2BblK8EgW00jmkbbmZoO%2BSHJGPxnRcSzM7kRBMWB7dc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac437fb956ca-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/046c1ad8-2d45-45d3-b7ca-e339ffc44393.png@avif | 188.114.96.1 | | 6.3 kB |
URL imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/046c1ad8-2d45-45d3-b7ca-e339ffc44393.png@avif IP188.114.96.1:0
Hash82df8b1a95cb8818dd1583ad7af183ac 565eff4d65902dc985ae3eae8de2861cf7a2bd42 464cd4b7e6112e8c8f0130974a91f0a3c6c914ff042159348553397a3fbdb597
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/046c1ad8-2d45-45d3-b7ca-e339ffc44393.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:08 GMT
content-type: image/avif
content-length: 6260
cache-control: public, max-age=31536000
content-disposition: inline; filename="046c1ad8-2d45-45d3-b7ca-e339ffc44393.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1NDRmZWJjLTRhN2VjIg"
x-request-id: sTiclXwu_T4zVe43NcUUp
cf-cache-status: HIT
age: 217303
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fHhQKb5PQbdbq2lJaS3kQlz6KFu%2FciaqwG1a9u6To4zTjX4lvZiOwVrkLxYwOH2fkl4DqRzFAzD00jsvYK8%2Bg956ooBvy8OoMujKQMep8UcidhVHtMbANpvn0U5HzFRNF%2F3lnPuYM%2Fk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac438fbd56ca-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/bfgames/c_f62e3a405aef5f1d40fc145c65eaf21c.jpg@avif | 188.114.96.1 | 200 OK | 3.0 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/bfgames/c_f62e3a405aef5f1d40fc145c65eaf21c.jpg@avif IP188.114.96.1:443
Requested byhttps://1wynyj.win/casino/list?open=register&sub1=&sub2=9191 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hashb84b8eee62be54ca3943144aff77f777 21301288f3a804d07b877766a6525b46581bfb27 6f57255cb5f92f68022061354e308f3e73e69852035f41591d51f29e70146e86
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/bfgames/c_f62e3a405aef5f1d40fc145c65eaf21c.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:08 GMT
content-type: image/avif
content-length: 2996
cache-control: public, max-age=31536000
content-disposition: inline; filename="c_f62e3a405aef5f1d40fc145c65eaf21c.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjYxM2EyNThlLTEzMTYi"
x-request-id: DOP2BOroo-wE8GEaS-uvv
cf-cache-status: HIT
age: 203103
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Gy01LIMGHSZjl0DAbxYjLk5qT8ZktLqJ80UH9mJ1QsbF4fIN22Dtk3nDutdp%2BWA1ly5eJ7m%2BQ6x7tQ9InQZhNkqZDJlUDKcybdwgV2vCLfLcwH%2Fod9WbRS1pk%2BWcemH6YnFKNB0G%2FkY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac437fb856ca-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/1spin4win.bb21057a4.svg | 154.197.121.128 | 200 OK | 8.2 kB |
URL GET HTTP/21win-cdn.com/img/1spin4win.bb21057a4.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wynyj.win/casino/list?open=register&sub1=&sub2=9191 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hash918e97040eedd2fecd787828ab8cf0e5 6e40f14daf2f76d9a987b1b45239350997a67af0 0ee466afac446ee67f390cb93d6de86f0d1af1145d745ce8ab1d5bd5925679ff
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/1spin4win.bb21057a4.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:08 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: W/"663bfc40-4da"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 2496
expires: Fri, 10 May 2024 09:54:08 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac41ae82b50f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/amatic.1ad22f1f0.svg | 154.197.121.128 | 200 OK | 11 kB |
URL GET HTTP/21win-cdn.com/img/amatic.1ad22f1f0.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wynyj.win/casino/list?open=register&sub1=&sub2=9191 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hash922afdd8659451752a3cc0cb991e06e9 6716b26fa338ed9e19d456876ac0e99b123e1d11 623938d7a9d22abe13a7fa9b5bc5e30cb83cb53f9f736365ae7a02d0acf7c7c3
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/amatic.1ad22f1f0.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:08 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: W/"663bfc40-400"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 2931
expires: Fri, 10 May 2024 09:54:08 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac422f1cb50f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/mrslotty/e44a0723-8123-49b7-a817-b5e81c10ba6a.png@avif | 188.114.96.1 | | 9.4 kB |
URL imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/mrslotty/e44a0723-8123-49b7-a817-b5e81c10ba6a.png@avif IP188.114.96.1:0
Hash23d27fbc486c8af1aecccb6a643301ca cab294760cd7325c9584ea19f2b2aa5392c303c9 af77512a4eefe1f96acec3ba446760d0d09941bb4ce516051e3dc2a397cb8424
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/mrslotty/e44a0723-8123-49b7-a817-b5e81c10ba6a.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:08 GMT
content-type: image/avif
content-length: 9420
cache-control: public, max-age=31536000
content-disposition: inline; filename="e44a0723-8123-49b7-a817-b5e81c10ba6a.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1ZGI0OGVkLTUyMGE4Ig"
x-request-id: O-mE_fhxl64b4vYfVE51X
cf-cache-status: HIT
age: 203103
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HFBOHEKgSzlcloaBR31nk9x6VLIZ2BwrflOILoYL7dm2k0mnpTcagWI2pK5uQCW1EsGrhXMTDFmwHJWx62xEQjHGaAHe7oCs1njntHwfJre5jkE%2Biq2Ln%2FD2u7Ln0gYmkT5NB61tRqg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac438fcf56ca-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/bfgames/c_f4ab01a2d9bb9ae2ed5f3576b4fb9fc3.jpg@avif | 188.114.96.1 | | 8.2 kB |
URL imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/bfgames/c_f4ab01a2d9bb9ae2ed5f3576b4fb9fc3.jpg@avif IP188.114.96.1:0
Hash1c15fa01c476447093bb27eab0e35536 32855e3ccc396e96c2debadcc982396fd054ac0e caab2ace656ea67b0e0ce586517c3f82cabc50927d6d154b008cf6219a67f4ed
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/bfgames/c_f4ab01a2d9bb9ae2ed5f3576b4fb9fc3.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:08 GMT
content-type: image/avif
content-length: 8202
cache-control: public, max-age=31536000
content-disposition: inline; filename="c_f4ab01a2d9bb9ae2ed5f3576b4fb9fc3.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjYyNjZhYzc4LWFlNjMi"
x-request-id: vI7r9uhaSaHbPbV85Oi8R
cf-cache-status: HIT
age: 212359
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cAfNWSCefHkuhyVY6XXclP6%2BJG80L55VtYN95mOcLnMXPw6Trz%2F5Ej1ZR02jLxtrzLp0B0bF4r5in8WASrJ%2FrZdo4XEjFpARfZ2A5WJWop8PpTPqWM9SOZ1RgvxUNKer%2BtkmaBFZ7ew%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac439fd256ca-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/6a36f17d-bda4-4022-af1d-ba9749b4370d.jpeg@avif | 188.114.96.1 | | 6.7 kB |
URL imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/6a36f17d-bda4-4022-af1d-ba9749b4370d.jpeg@avif IP188.114.96.1:0
Hashdd6365a511a38b20b83426422943720b 3ba2b5ca7d7262218c495320d68930af138c2caa 8bf0df78ffb495b9bc8efbda27bed7cfa70cd1d84d3d47e693487d1fdf598bc6
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/6a36f17d-bda4-4022-af1d-ba9749b4370d.jpeg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:08 GMT
content-type: image/avif
content-length: 6714
cache-control: public, max-age=31536000
content-disposition: inline; filename="6a36f17d-bda4-4022-af1d-ba9749b4370d.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY0ZjA1MzQwLTFjYmRkIg"
x-request-id: PHP17VVDqM-YvzA9PWkNy
cf-cache-status: HIT
age: 212359
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2B7e9AmlJysreqEV9GpTHkVpALa2DNdsC5PPwie2tQhIYbx2%2Fjh8OvPjTSpYmiMznUahWPNUK9BpApfdMmI4yAwUKsa8ITWxRJtRXoPNCZW%2B%2FFvCvbc97JTm4Nw3yLtiAA0XT%2F%2FyPLCE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac43aff056ca-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/bfgames/669e5916-bed1-42b2-87c5-47099f065894.jpg@avif | 188.114.96.1 | | 8.6 kB |
URL imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/bfgames/669e5916-bed1-42b2-87c5-47099f065894.jpg@avif IP188.114.96.1:0
Hash32c03f3facce0f09ebf0a22352150345 659b52666db936b57c2f58dca5f9e4e2ab6b2cd0 48551a1c87eb70ef82d984b8bb547c33c1756c1afefc60e46ac6e0018141ee5f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/bfgames/669e5916-bed1-42b2-87c5-47099f065894.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:08 GMT
content-type: image/avif
content-length: 8553
cache-control: public, max-age=31536000
content-disposition: inline; filename="669e5916-bed1-42b2-87c5-47099f065894.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1OWU5OTg3LTI1YzZiIg"
x-request-id: haYxE3m_-IItbEH2MPAbR
cf-cache-status: HIT
age: 217265
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bfO1wm0t%2B%2FSR6jHxD75EGSjRh25PIP8KrN%2BY3RdI4ZMsFcat0QIcnwaFJJI6HbChuxEX9n5ck72NvzqyN%2FWHXMvQNbw4rfmvaNdrRBalgDmmMSchai3NdnsmoOIqwiwz6OUhS2L1Mfs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac43afee56ca-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/54c53066-cb7d-4c67-9543-5c569e72da3a.png@avif | 188.114.96.1 | | 8.1 kB |
URL imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/54c53066-cb7d-4c67-9543-5c569e72da3a.png@avif IP188.114.96.1:0
Hash1fb7b22dea4d87652fa4ac4287bf1fc5 8297697d23e2bb407e6a0e1670f2b9aebe0aafe6 28f0cd1eb976d9e92d9797ceda17dc7331f5c5ada0c0574ec0ea5425e0fe31fe
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/54c53066-cb7d-4c67-9543-5c569e72da3a.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:08 GMT
content-type: image/avif
content-length: 8116
cache-control: public, max-age=31536000
content-disposition: inline; filename="54c53066-cb7d-4c67-9543-5c569e72da3a.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY0NDdkYzQzLTFlZjgxIg"
x-request-id: WQFshURTyx6kCYW-o9Dk5
cf-cache-status: HIT
age: 212359
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TvBgKtu8oeyFn9Yy5Nik8Qb%2BrA5qqvL7OHI7IFFQkMwoJJuqz73%2BIJVylNGwHJl2iPmGGRN6cFfI8xFueyHwCrjUQ2w9Q3K8mfX5PQZnHaM6dmJpFXqwlT2jV20hsDjKkEUo6OGkrRk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac43aff256ca-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/c2abecf2-042a-41d3-8527-5bb9e886caab.jpg@avif | 188.114.96.1 | 200 OK | 8.3 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/c2abecf2-042a-41d3-8527-5bb9e886caab.jpg@avif IP188.114.96.1:443
Requested byhttps://1wynyj.win/casino/list?open=register&sub1=&sub2=9191 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hashcd452335ce2868ead18d8e2082e43350 c673f2ea78d3dbf3bba5ec7944c1ff953222dae0 bda165800d495d883bd2880f0767090a408ad945fb193bb725546743e0dacccd
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/c2abecf2-042a-41d3-8527-5bb9e886caab.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:08 GMT
content-type: image/avif
content-length: 8273
cache-control: public, max-age=31536000
content-disposition: inline; filename="c2abecf2-042a-41d3-8527-5bb9e886caab.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY0MmQ3MDhjLTFmNjUyIg"
x-request-id: X39YwVZsq_k77Yhxp_gdA
cf-cache-status: HIT
age: 217265
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BQ%2FHRNJwuClh%2F1IHLZJt9zRU9vByx1BVm%2Bt%2Bzh0kdsRH1cFaUF%2BzkFxWFTX6NeNSO2ubdiWO8D4Dzxv9jOL5QMtr6lLGkYqrV7dSoo4yyQ8L6t%2F1BughDW9XJ34VdFH08NV%2BA%2F%2BpbvI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac43afe956ca-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/aviator-game-logo.2fb50dc03.svg | 154.197.121.128 | 200 OK | 9.9 kB |
URL GET HTTP/21win-cdn.com/img/aviator-game-logo.2fb50dc03.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wynyj.win/casino/list?open=register&sub1=&sub2=9191 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hash088f0877112cc0cdf8d14e93daaa5a62 4b56d07d609b8430a8ca81cda7b0ce8ae07c2547 92832eaafe50f669b600faae839acac047e7d025da0bbb28502736e91d09d23b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/aviator-game-logo.2fb50dc03.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:07 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: W/"663bfc40-bfa"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1715
expires: Fri, 10 May 2024 09:54:07 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac3cd858b50f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/aac4d623-5134-4bf1-9cb3-49c6a8128b9b.jpg@avif | 188.114.96.1 | | 7.7 kB |
URL imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/aac4d623-5134-4bf1-9cb3-49c6a8128b9b.jpg@avif IP188.114.96.1:0
Hash8d5a5983bddda8e2cb584a761eb7190e 34171fd6ca23b5e00cbef69371cb0f4b321c8a16 647a3351196579eade487fd8be23ac3c4bbbfa6166a54ad800fc455859667682
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/aac4d623-5134-4bf1-9cb3-49c6a8128b9b.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:08 GMT
content-type: image/avif
content-length: 7665
cache-control: public, max-age=31536000
content-disposition: inline; filename="aac4d623-5134-4bf1-9cb3-49c6a8128b9b.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1ODJmMDE3LTFlMzU4Ig"
x-request-id: 70Zh0d26FrRVPX57egvzQ
cf-cache-status: HIT
age: 217239
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eT%2BHKpTG1W8xN%2FUwO%2B1yTD4om%2B4XtA99hFJ8wxWieqAKHvqTz4I0uYnl59%2BGluRbw%2BQEWdQeLL6LpAYUpAoIWJedIA0F9m9tYB3bbLglE%2BvFGuSZAMMPHF0grlS4ZeOpn6mHoKFYWEQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac43bffe56ca-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/jetx.64787fc5c.svg | 154.197.121.128 | 200 OK | 78 kB |
URL GET HTTP/21win-cdn.com/img/jetx.64787fc5c.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wynyj.win/casino/list?open=register&sub1=&sub2=9191 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hash3e94fba29b2fb8c8ce9db393bc035217 80613a06406dc7880576cb3711cd4708effb1070 aba4d494c43759237494d290e9a17523a313475b49576f9a798600af328fe217
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/jetx.64787fc5c.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:07 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: W/"663bfc40-33f5"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1715
expires: Fri, 10 May 2024 09:54:07 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac3cd859b50f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/dbc5db56-b061-4362-ae84-ed051b568d0b.png@avif | 188.114.96.1 | | 9.0 kB |
URL imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/dbc5db56-b061-4362-ae84-ed051b568d0b.png@avif IP188.114.96.1:0
Hashdbbfd0e60e264a9de69a94942dcf0daa b71f91f5b2859f8ff0867e7fade0870f928e6cc8 520d8b3fb7a2056495d2504ad9ee2f3f29e142abb6ed7af0a858603ddfbefe25
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/dbc5db56-b061-4362-ae84-ed051b568d0b.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:08 GMT
content-type: image/avif
content-length: 9026
cache-control: public, max-age=31536000
content-disposition: inline; filename="dbc5db56-b061-4362-ae84-ed051b568d0b.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1YmI1ZGRhLTUwMTFmIg"
x-request-id: WgA5_3I7ZSGszCfVFRr1G
cf-cache-status: HIT
age: 217265
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zDPTQUN%2Fm%2FxmiV0LsQOk36svcULN0JlkQXXvBUtKcJ%2BYtz4MxFUogz3%2BhhlH6Vyos2uCyDBAzL388NIhkKMOf7qqEk8i6cgsw7bn5aF6521SGU%2FDBTs%2FkZ9VYUOHSMDcDTAl8FVYwCc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac43bffc56ca-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/6d5adbef-0809-492a-9bac-2a122d002b61.jpeg@avif | 188.114.96.1 | 200 OK | 7.9 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/6d5adbef-0809-492a-9bac-2a122d002b61.jpeg@avif IP188.114.96.1:443
Requested byhttps://1wynyj.win/casino/list?open=register&sub1=&sub2=9191 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hash921bdde4dd01cfb3626ecc0026e9d8b1 ae8eb4b04b71d0c65065f98885e3af5523694902 eedfdb25ba59a7914b923b0c509aa53faa03ca3302293bd3d9f3b64fa794a99d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/6d5adbef-0809-492a-9bac-2a122d002b61.jpeg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:08 GMT
content-type: image/avif
content-length: 7917
cache-control: public, max-age=31536000
content-disposition: inline; filename="6d5adbef-0809-492a-9bac-2a122d002b61.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1ODQ1ZGQ1LTMzMmE4Ig"
x-request-id: 0Z-PTfx9ovpUmzMrsjsjK
cf-cache-status: HIT
age: 203103
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mmNLdrVzUxGqP0sUg2j7iR67PdII8fwjsv%2F8zpp7kEIw7Mm%2BIYXadr3pNZsI2THzOIgv4CornUXV1xrDpoh%2Byvu%2BQm9uq%2FMkrnAJNeUc0hKtYL1t%2FxLZBcW4cZveySN9wWsdUgssOnU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac43bfff56ca-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/ce984aa3-1980-464a-a49f-9d1c7c928a57.png@avif | 188.114.96.1 | | 7.3 kB |
URL imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/ce984aa3-1980-464a-a49f-9d1c7c928a57.png@avif IP188.114.96.1:0
Hash011b64c005adbc5b3454b79a1adf1693 6f19e774c39048f45441c4499c0b08b749829585 7d8852ad393034eb0a80f299bd81707ab3dae09826438ceafec2831d7858546c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/ce984aa3-1980-464a-a49f-9d1c7c928a57.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:08 GMT
content-type: image/avif
content-length: 7332
cache-control: public, max-age=31536000
content-disposition: inline; filename="ce984aa3-1980-464a-a49f-9d1c7c928a57.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1NzFjY2JjLTYwOTVlIg"
x-request-id: 2Q3gfEav66fb9EoQBg6NH
cf-cache-status: HIT
age: 219870
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IqocE8ZsYbPieBCAAN%2BMqBEyI5KJYy%2FkhC0qR2qQDV6g5ujAJT9Nw4DvCxoYEclWABFrxPnsgFozIiX0KFRn54NKBD73Mr3Dxhze3VQkrqVT8YjbTg6iO2BjgDGErLSdRZddOItFZYA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac43b80156ca-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/62330210-340e-4ed3-aca6-640fe741a193.jpg@avif | 188.114.96.1 | | 6.8 kB |
URL imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/62330210-340e-4ed3-aca6-640fe741a193.jpg@avif IP188.114.96.1:0
Hasha8d37c60cb1b69c54ad71d70fdff5893 5c03da11ea4ee0eedd24726c56c88ec3687d42bb 6ae485f43dd6e9576e1da2b2130261fc31173fcca772711bf4bdc23f64403bb7
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/62330210-340e-4ed3-aca6-640fe741a193.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:08 GMT
content-type: image/avif
content-length: 6774
cache-control: public, max-age=31536000
content-disposition: inline; filename="62330210-340e-4ed3-aca6-640fe741a193.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY0MjZiYmYzLTE5MDBhIg"
x-request-id: vLuoUMOA-5c6hECK2EJwA
cf-cache-status: HIT
age: 211736
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uu8FMu%2FNzmX77%2BcFVBWExlKglQcK9nzutyBIYWt8N%2B%2FflS9SbDBRME6uCefva%2FG4yrweA4IZaZnR%2BX5l9tLauocTY8ItIejDuKGQdTFk05j2Oe110fg5lkKOuyUmWCixthiwn83OuQ4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac43b80556ca-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/e72d3aa7-8742-414d-bf8e-4cc530caa4bc.png@avif | 188.114.96.1 | | 8.6 kB |
URL imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/e72d3aa7-8742-414d-bf8e-4cc530caa4bc.png@avif IP188.114.96.1:0
Hasha07eff44863b0b15d204ae6076197e9d aff153ae78420c1ed8f8e54ee20e33eb1a87215b 15355eeb2da0fe84c05dcaf0a0367dfaeb2769fe50bec1533556a17d92606895
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/e72d3aa7-8742-414d-bf8e-4cc530caa4bc.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:08 GMT
content-type: image/avif
content-length: 8634
cache-control: public, max-age=31536000
content-disposition: inline; filename="e72d3aa7-8742-414d-bf8e-4cc530caa4bc.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY0YzEwYjczLTRlNmQzIg"
x-request-id: 3iCdcpwwCBXttYw4etjxu
cf-cache-status: HIT
age: 202378
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=c2BJ2YBSsf8xqvFQ6HEqksHsQlPKRCfKmmjpsxFxeXjMuumb55IZFVpm9b7hGbYAe1oSfGX91mZL2vVBll0k%2BJTpg7r%2FsncSN7cDsLBN06F8zVrOgLxJSN2E66eF9smfJ0GtsMOhCvE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac43c80756ca-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/bfgames/5771c41a-5bb6-4ced-8f5d-a93b7be3163b.jpg@avif | 188.114.96.1 | | 7.0 kB |
URL imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/bfgames/5771c41a-5bb6-4ced-8f5d-a93b7be3163b.jpg@avif IP188.114.96.1:0
Hashdc9dd1a97ca5a0f20ee954665553580c 945be6ae016cd9d5036a2eb09f01d82c93314120 727a0e6c04b446aa45225d9eef1c9142af6b477c4e10ff67d2f2cfbdb588ebf4
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/bfgames/5771c41a-5bb6-4ced-8f5d-a93b7be3163b.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:08 GMT
content-type: image/avif
content-length: 7024
cache-control: public, max-age=31536000
content-disposition: inline; filename="5771c41a-5bb6-4ced-8f5d-a93b7be3163b.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1NGI3YzExLTIwOWU3Ig"
x-request-id: _AtrcscsAj8JivHO0yhj-
cf-cache-status: HIT
age: 220471
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8dhcJvC8XkxI5HwJnPMk%2F65cB50oYxIoXGLPkgsyk9Eo2HGevspV1uabeKPPOAMR%2FBfE014vRY5rAe9bmEiRsamCi%2B40wG%2BnFNuNc%2FVf3yLrb5kkmSVfaY1bnMhNfgQi8CCZtXbP6d8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac43c80656ca-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/e778e77f-e65e-4551-a1b6-1e67aea3ff81.png@avif | 188.114.96.1 | | 7.7 kB |
URL imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/e778e77f-e65e-4551-a1b6-1e67aea3ff81.png@avif IP188.114.96.1:0
Hash4d53131980714ca754de982bcbed231a 7469a00f40e7356610d061a590fcb5b47d2c73d4 2f6f837e2558e630ec4a0940b3233f01857d8bcbda500c259d387a1b83cafcf5
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/e778e77f-e65e-4551-a1b6-1e67aea3ff81.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:08 GMT
content-type: image/avif
content-length: 7722
cache-control: public, max-age=31536000
content-disposition: inline; filename="e778e77f-e65e-4551-a1b6-1e67aea3ff81.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY0M2ZmMDk1LTQ5MTdlIg"
x-request-id: pTbcw2x47Gx9S2iKIxIaf
cf-cache-status: HIT
age: 211733
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YHZRnOq4iNZeAlsEYH4FYkwg8pGHYQDnPZ2OzcRH33i9vqHcaGv6Oh0zxC9Gx4wZoqSaQ5xfsVB2T8SWUfC8JRMN1rcjoEiRD5lyM14j886QccselGZucsC0UKWXIXgNmlOKhg9VkG8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac43d82e56ca-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/053b99a1-01ea-4804-a7c9-73b576014d8d.png@avif | 188.114.96.1 | | 5.0 kB |
URL imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/053b99a1-01ea-4804-a7c9-73b576014d8d.png@avif IP188.114.96.1:0
Hashcce0ec99160820b86c077a88187fa91f 12108bdd77b8c9f8e08c7bf4cf3ef8157ffc5d11 ad053a9ca2b8b80ef433770219991084f8ed9864709141820f6c787c5b0eee25
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/053b99a1-01ea-4804-a7c9-73b576014d8d.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:08 GMT
content-type: image/avif
content-length: 5009
cache-control: public, max-age=31536000
content-disposition: inline; filename="053b99a1-01ea-4804-a7c9-73b576014d8d.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1NTRiN2UzLTczOTk1Ig"
x-request-id: gqheZ6tZl_07FT4jCckgJ
cf-cache-status: HIT
age: 202378
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0INc3L%2Fwty76cm2nn9uHGufTdEQhjGMTFrZG2UuqP4HXXcoqJBnZZk71IK8W1iU8QcUgnOzzUmIRdWkFvfn8WXxvcP5xEoFVAcjMdESV2E%2Fmh8QmW5wUGdmZrEzXotChwQOz36N1eUo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac43d83356ca-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/726a5af4-eb51-4dea-bdb3-0c15a08bda37.jpg@avif | 188.114.96.1 | | 8.9 kB |
URL imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/726a5af4-eb51-4dea-bdb3-0c15a08bda37.jpg@avif IP188.114.96.1:0
Hash717b797e017da14d3a011e7c1ff14be7 e38b4a56787649a0c71a33746fb967daad623f33 e0fc8ebc776ae489f111b3248efe221aec36124ee31abf94db8dc544e3dd372b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/726a5af4-eb51-4dea-bdb3-0c15a08bda37.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:08 GMT
content-type: image/avif
content-length: 8895
cache-control: public, max-age=31536000
content-disposition: inline; filename="726a5af4-eb51-4dea-bdb3-0c15a08bda37.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY0YTY5MTc0LTE1MGFjIg"
x-request-id: 0FsqVm34As-_wa4Rqpfrg
cf-cache-status: HIT
age: 211733
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fQGu%2BVC1VNL0rlrfBwa08zU%2FyWluEHWz3R%2FC%2BImlohNEoy%2F5QXqAOyL1CMfYhDYub9U1ML%2FOyCI5nvITNh4Y%2Bqr0rtoy4unws5S%2BsNmQcSSd3tSKWxIPg%2Bk1E0NgVpYzgJ86aonnwSQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac43d83256ca-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/9ea6777e-3796-45f5-bd3d-2bfdfa8686df.jpg@avif | 188.114.96.1 | | 7.0 kB |
URL imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/9ea6777e-3796-45f5-bd3d-2bfdfa8686df.jpg@avif IP188.114.96.1:0
Hash1136ff6e8be98efd8093d5f9e71d9e8f e0d7dbc0b88a68054f53c9f30d9655f4645c230d ad403972bec7983706da78ec7ef60e587a536c13881c8f5442510cb917c9bf10
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/9ea6777e-3796-45f5-bd3d-2bfdfa8686df.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:08 GMT
content-type: image/avif
content-length: 7011
cache-control: public, max-age=31536000
content-disposition: inline; filename="9ea6777e-3796-45f5-bd3d-2bfdfa8686df.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY0ZjcyOTE2LTRiMGQ0Ig"
x-request-id: Hqp-6kLo0X2uoOcYrh6Yf
cf-cache-status: HIT
age: 211732
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1P6gHuRwM%2BOTCdbjTCyZigSyPx9xiW0MZNVZfjNdVlvsw%2FdrCzYQCoAxuASPKFdUajmr1N8eDWWvtPZKz9jD01ZrDbE%2BDT12a%2FhuyFpXStsJrbddPHXmIXKH9tyeqQkYt7LjXqYJbm8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac43e83656ca-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/c57c414f-2dc6-4eee-872e-015548d9d27a.png@avif | 188.114.96.1 | | 4.9 kB |
URL imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/c57c414f-2dc6-4eee-872e-015548d9d27a.png@avif IP188.114.96.1:0
Hashdb701571c4425d8274de1b27d7e6cb09 36d108c41cdc990ba72798d8dfffd6409665d960 e46f417166303199e2093a8f1a54d6a48196c846296d6fd2dd1cc89ee56f925a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/c57c414f-2dc6-4eee-872e-015548d9d27a.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:08 GMT
content-type: image/avif
content-length: 4856
cache-control: public, max-age=31536000
content-disposition: inline; filename="c57c414f-2dc6-4eee-872e-015548d9d27a.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjYzZTYwYTBjLTc4ZjQ4Ig"
x-request-id: c24Lgm6pHU9j3zU1omnPM
cf-cache-status: HIT
age: 81801
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ce%2FyzkhiRNq1FENDWqGDP4%2BH1ki7YYB3D1GQQhB2mZAolIMYWee7IXNzixRxMQCxDlHgkuB7wGfKWsDw%2FpMMG0J2kfbt6eI%2B5OipqO1vdGRZHG9wmBPvh8SRtohY5Rv8GU3h1j6cWKM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac43e83556ca-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/softswiss/32ad7d13-0689-4d2a-9749-8e0779257d2d.jpg@png | 188.114.97.1 | | 73 kB |
URL imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/softswiss/32ad7d13-0689-4d2a-9749-8e0779257d2d.jpg@png IP188.114.97.1:0
File typePNG image data, 419 x 314, 8-bit colormap, non-interlaced Hash2ac73b4320fab6713610f9db384ff8c9 6ecd6199f5eb12a1eb3d3f0e992fb120f74edbaa 07fae0eb949281fdb310845f647188a78340f21eda7257461304dc62146e9dbc
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/softswiss/32ad7d13-0689-4d2a-9749-8e0779257d2d.jpg@png HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:08 GMT
content-type: image/png
content-length: 68422
cache-control: public, max-age=31536000
content-disposition: inline; filename="32ad7d13-0689-4d2a-9749-8e0779257d2d.png"
content-security-policy: script-src 'none'
etag: "YivgRLogmnYHS1cXPJjS1dpZXN4A7BZ3bWbLSqbfqjQ/RIjY0ZmIwZDM0LTExZjlhIg"
x-request-id: jMNAclUvyQfWIp8V2aLnH
cf-cache-status: HIT
age: 134749
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xfc4amPfJBZqUuIaB4JyP%2BQkZZSlMZdbTwyVxQd5apvIWmt56jZouuPEUMvxaAvdRCu684UAj1VrvNPVrMT2C84EXsqiPOLHrNdAk5gIIskRnWhT9scP%2BuOhXLr48HzW4fZ1lU55JFE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac4158da56cc-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/c971b3cb-1bf8-4fc0-8970-fb258a3a0ac3.jpg@avif | 188.114.96.1 | 200 OK | 7.2 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/c971b3cb-1bf8-4fc0-8970-fb258a3a0ac3.jpg@avif IP188.114.96.1:443
Requested byhttps://1wynyj.win/casino/list?open=register&sub1=&sub2=9191 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hash5a258a62a127acb8b8ad56770591d501 8452fa24937409b089d5a07b73ec4392b84c1a7e d039ac11879d3e157fe0dc5f8f4df871574a12c1d2cb1e8ed8586993f5684959
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/c971b3cb-1bf8-4fc0-8970-fb258a3a0ac3.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:08 GMT
content-type: image/avif
content-length: 7154
cache-control: public, max-age=31536000
content-disposition: inline; filename="c971b3cb-1bf8-4fc0-8970-fb258a3a0ac3.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY0NTExYzUwLTJjYTViIg"
x-request-id: cjZPpYfIthTg0uDGyT-gh
cf-cache-status: HIT
age: 221247
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dQk%2Bg6VDCEZ6z79k9egqtzMtcBxdkDh3GfdX660CqHw3BdYKVm5OE%2BAYwpNCTcimUlofKnUp4cU%2FxFerY%2FPAYnik6MgZ8JBpjMbYEoJIcki9WAnWoM3%2BbC1qUWmDPkroC2VOT46z0RA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac43e83956ca-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/edict.ca67383de.svg | 154.197.121.128 | | 5.1 kB |
URL 1win-cdn.com/img/edict.ca67383de.svg IP154.197.121.128:0 ASN#328608 Africa-on-Cloud-AS
File typegzip compressed data, from Unix Hash5832db5aa1fc91230bc1518fce081fe5 17ac077e07a5e798cc0fa4f1c35a7a34324a86f0 6009f00dabacf452910fe3563ab72060c7a7b1802be1bf76acf53c025ad15e16
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/edict.ca67383de.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:08 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: W/"663bfc40-3206"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 2494
expires: Fri, 10 May 2024 09:54:08 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac45aae9b50f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/red%20tiger.157f419e2.svg | 154.197.121.128 | | 6.5 kB |
URL 1win-cdn.com/img/red%20tiger.157f419e2.svg IP154.197.121.128:0 ASN#328608 Africa-on-Cloud-AS
File typegzip compressed data, from Unix Hash9fdb49f3c2e53fe7a15f48f0e9065ef2 2cb06df5255df01b634caddd5762ed1f0b1177c2 3ea156374d1c79bb53166a74393ae3d8a4f9428080a8dfd4d3b54df3cce000de
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/red%20tiger.157f419e2.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:09 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: W/"663bfc40-3990"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 563
expires: Fri, 10 May 2024 09:54:09 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac471c66b50f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/bet2tech.41863da88.svg | 154.197.121.128 | | 1.3 kB |
URL 1win-cdn.com/img/bet2tech.41863da88.svg IP154.197.121.128:0 ASN#328608 Africa-on-Cloud-AS
File typegzip compressed data, from Unix Hash8f07fe230a5f935e4b4827912e0b2ee8 68a5dcef9c40e31be344f0582cb3603076c82ac8 e7ca83835c5140c3faf7ffe45c1e64cc7bb6e167eb3b2866d19fcc221524ea19
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/bet2tech.41863da88.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:08 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: W/"663bfc40-71f"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 2494
expires: Fri, 10 May 2024 09:54:08 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac451a51b50f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| region1.analytics.google.com/g/collect?v=2&tid=G-548949LWLW>m=45je4580v894728184z8894400803za200&_p=1715320447166&_gaz=1&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=358743955.1715320449&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&_s=1&dp=%2Fcasino%2Flist&sid=1715320448&sct=1&seg=0&dl=https%3A%2F%2F1wynyj.win%2Fcasino%2Flist%3Fopen%3Dregister%26%26&dt=1win&en=page_view&_fv=1&_nsi=1&_ss=1&ep.page_url=https%3A%2F%2F1wynyj.win%2Fcasino%2Flist%3Fopen%3Dregister%26%26&up.UserID=&up.platform_language=en&up.device_type=desktop&up.platform=web&up.os=other&tfd=3711 | 216.239.32.36 | 204 No Content | 0 B |
URL POST HTTP/2region1.analytics.google.com/g/collect?v=2&tid=G-548949LWLW>m=45je4580v894728184z8894400803za200&_p=1715320447166&_gaz=1&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=358743955.1715320449&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&_s=1&dp=%2Fcasino%2Flist&sid=1715320448&sct=1&seg=0&dl=https%3A%2F%2F1wynyj.win%2Fcasino%2Flist%3Fopen%3Dregister%26%26&dt=1win&en=page_view&_fv=1&_nsi=1&_ss=1&ep.page_url=https%3A%2F%2F1wynyj.win%2Fcasino%2Flist%3Fopen%3Dregister%26%26&up.UserID=&up.platform_language=en&up.device_type=desktop&up.platform=web&up.os=other&tfd=3711 IP216.239.32.36:443
Requested byhttps://1wynyj.win/casino/list?open=register&sub1=&sub2=9191 CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-548949LWLW>m=45je4580v894728184z8894400803za200&_p=1715320447166&_gaz=1&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=358743955.1715320449&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&_s=1&dp=%2Fcasino%2Flist&sid=1715320448&sct=1&seg=0&dl=https%3A%2F%2F1wynyj.win%2Fcasino%2Flist%3Fopen%3Dregister%26%26&dt=1win&en=page_view&_fv=1&_nsi=1&_ss=1&ep.page_url=https%3A%2F%2F1wynyj.win%2Fcasino%2Flist%3Fopen%3Dregister%26%26&up.UserID=&up.platform_language=en&up.device_type=desktop&up.platform=web&up.os=other&tfd=3711 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1wynyj.win
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: https://1wynyj.win
date: Fri, 10 May 2024 05:54:10 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/aviatrix.b5fd712c8.svg | 154.197.121.128 | | 24 kB |
URL 1win-cdn.com/img/aviatrix.b5fd712c8.svg IP154.197.121.128:0 ASN#328608 Africa-on-Cloud-AS
File typegzip compressed data, from Unix Hashb78efc9a8b4efd692652596592dd6bb5 7a1642810971bda7d698c3ed5c95cf1b989d3860 19f8a21caf9db1d9b01ebf1637126c03c6bcb7169b9d88944769ed2ef2f660d5
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/aviatrix.b5fd712c8.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:08 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: W/"663bfc40-34fe"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1715
expires: Fri, 10 May 2024 09:54:08 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac451a47b50f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/onlyplay.1c7a3c455.svg | 154.197.121.128 | | 11 kB |
URL 1win-cdn.com/img/onlyplay.1c7a3c455.svg IP154.197.121.128:0 ASN#328608 Africa-on-Cloud-AS
File typegzip compressed data, from Unix Hashe9930cfad58ebe8cec9894830eb92529 4177f51b71512fce9cb914e894a712bfa13fecbe 2718ece7bf13f5fc83b9c3d07ddeafc7774d1739b7b24ced920503b65c35f3a8
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/onlyplay.1c7a3c455.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:09 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: W/"663bfc40-6ad"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5123
expires: Fri, 10 May 2024 09:54:09 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac469bd3b50f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/spinmatic.f74cf69af.svg | 154.197.121.128 | 200 OK | 9.9 kB |
URL GET HTTP/21win-cdn.com/img/spinmatic.f74cf69af.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wynyj.win/casino/list?open=register&sub1=&sub2=9191 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hashd26c60aebdca310a6a3fbbdab637f744 af99d9a70a6f86084a97a16d9eddaed2f57f9f33 610eae7a8acef4eca3fea8aa66b78130454095ffdf524b7e3e1a9695ed56b1e1
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/spinmatic.f74cf69af.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:09 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: W/"663bfc40-86d"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 563
expires: Fri, 10 May 2024 09:54:09 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac475cb2b50f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| region1.analytics.google.com/g/collect?v=2&tid=G-548949LWLW>m=45je4580v894728184z8894400803za200&_p=1715320447166&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=358743955.1715320449&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&dp=%2Fcasino%2Flist&sid=1715320448&sct=1&seg=0&dl=https%3A%2F%2F1wynyj.win%2Fcasino%2Flist%3Fopen%3Dregister%26%26&dt=1win&_s=2&tfd=8721 | 216.239.32.36 | | 0 B |
URL region1.analytics.google.com/g/collect?v=2&tid=G-548949LWLW>m=45je4580v894728184z8894400803za200&_p=1715320447166&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=358743955.1715320449&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&dp=%2Fcasino%2Flist&sid=1715320448&sct=1&seg=0&dl=https%3A%2F%2F1wynyj.win%2Fcasino%2Flist%3Fopen%3Dregister%26%26&dt=1win&_s=2&tfd=8721 IP216.239.32.36:0
CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-548949LWLW>m=45je4580v894728184z8894400803za200&_p=1715320447166&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=358743955.1715320449&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&dp=%2Fcasino%2Flist&sid=1715320448&sct=1&seg=0&dl=https%3A%2F%2F1wynyj.win%2Fcasino%2Flist%3Fopen%3Dregister%26%26&dt=1win&_s=2&tfd=8721 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 298
Origin: https://1wynyj.win
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/3 204 No Content
access-control-allow-origin: https://1wynyj.win
date: Fri, 10 May 2024 05:54:14 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| 1win-cdn.com/img/oryx.ddc50c514.svg | 154.197.121.128 | | 7.9 kB |
URL 1win-cdn.com/img/oryx.ddc50c514.svg IP154.197.121.128:0 ASN#328608 Africa-on-Cloud-AS
File typegzip compressed data, from Unix Hashee29e341055733e4d55df26d9c5f78c2 925d988fe45e703827cc70cc85c5606da10252f7 95ced4890c4c50841398a3ab5f8428bbfed0d00886116aaef85cf26e164b570c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/oryx.ddc50c514.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:09 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: W/"663bfc40-557"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 563
expires: Fri, 10 May 2024 09:54:09 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac469bd7b50f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| static-adm.1win-cdn.com/banner-files/JLftVVw1t0_EwybR7D7jcrvlyHh-frCp7wv7hA9MW7TXgazEy_9-I20U4ydlNhKnhDyIqrXqYPcm9wWmxxgC42pAhEQrtuGxMDuN.png | 104.21.75.209 | | 230 kB |
URL static-adm.1win-cdn.com/banner-files/JLftVVw1t0_EwybR7D7jcrvlyHh-frCp7wv7hA9MW7TXgazEy_9-I20U4ydlNhKnhDyIqrXqYPcm9wWmxxgC42pAhEQrtuGxMDuN.png IP104.21.75.209:0
File typePNG image data, 1508 x 488, 8-bit colormap, non-interlaced Size230 kB (230270 bytes) Hashc45a5f023592d6b869a1a41216399dc9 280d32d02ad142bfaa08ae0bdf4e7812d2336b9e eb3288d5ba136f10c1e3ecd675b8201eed039099f751b3df152781cdffd78aeb
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /banner-files/JLftVVw1t0_EwybR7D7jcrvlyHh-frCp7wv7hA9MW7TXgazEy_9-I20U4ydlNhKnhDyIqrXqYPcm9wWmxxgC42pAhEQrtuGxMDuN.png HTTP/1.1
Host: static-adm.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:26 GMT
content-type: image/png
content-length: 230270
last-modified: Tue, 13 Feb 2024 22:31:26 GMT
etag: "65cbedbe-3837e"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4XWF0%2FJzOuFot71M%2BI9e2iwsnUNet4fZMdhkZgPo5%2B1TAYE87ai85ZktORRsqpNQknV3oeOPPYGa2QiWlT1%2BCJFd%2FbptyCP34ayiVOVhmAgxSUoe8NaiYX4kQhmGVozWTGqd3sV5d5yhSQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817acb39a35b503-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/ezugi.a9c66babd.svg | 154.197.121.128 | 200 OK | 10 kB |
URL GET HTTP/21win-cdn.com/img/ezugi.a9c66babd.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wynyj.win/casino/list?open=register&sub1=&sub2=9191 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typegzip compressed data, from Unix Hash723f2ba9e3bc092bf55404312d529be0 4d003942db254768a38ced62c9817cb909fc5949 03598c63a325fb96b92d0d11312865c8459a597d62fc49e3c5cff486a5707995
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/ezugi.a9c66babd.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:08 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: W/"663bfc40-59f"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 562
expires: Fri, 10 May 2024 09:54:08 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac45cb0bb50f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win.direct/v4/socket.io/?Language=en&xorigin=1wynyj.win&EIO=4&transport=websocket | 134.122.54.186 | 101 Switching Protocols | 0 B |
URL GET HTTP/1.11win.direct/v4/socket.io/?Language=en&xorigin=1wynyj.win&EIO=4&transport=websocket IP134.122.54.186:443 ASN#14061 DIGITALOCEAN-ASN
Requested byhttps://1wynyj.win/casino/list?open=register&sub1=&sub2=9191 CertificateIssuerLet's Encrypt Subject*.1win.direct Fingerprint52:A8:ED:F5:F8:3D:CF:F0:55:C1:2A:96:EA:32:49:27:6C:D8:26:27 ValiditySun, 17 Mar 2024 06:46:18 GMT - Sat, 15 Jun 2024 06:46:17 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /v4/socket.io/?Language=en&xorigin=1wynyj.win&EIO=4&transport=websocket HTTP/1.1
Host: 1win.direct
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://1wynyj.win
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: uTS2e7qbv1xCKtOVAnLuxg==
DNT: 1
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Sec-Websocket-Accept: Tpf7fQQGCbXHokPx1fhBsC9bVTE=
Sec-Websocket-Extensions: permessage-deflate
Set-Cookie: core-sticky=330f49262b88293c; Path=/; HttpOnly
Upgrade: websocket
|
|
| 1win-cdn.com/js/57652.297e4ecc2.js | 154.197.121.128 | 200 OK | 647 B |
URL GET HTTP/21win-cdn.com/js/57652.297e4ecc2.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wynyj.win/casino/list?open=register&sub1=&sub2=9191 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (667), with no line terminators Hash53d580c5f29a2a838b6595fa6ff0f0a3 ab60adb7207a806d271778effe677ed01dc144b0 d09039f573818646e722fef48f6f9d999dc7382548877a5699e9b45be29ec6dc
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/57652.297e4ecc2.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:07 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-287"
expires: Mon, 08 May 2034 05:54:07 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 825281
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac3ce867b50f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/fundist/0ba3209c-cc88-4939-8825-8169ef474010.jpg@png | 188.114.97.1 | 200 OK | 0 B |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/fundist/0ba3209c-cc88-4939-8825-8169ef474010.jpg@png IP188.114.97.1:443
Requested byhttps://1wynyj.win/casino/list?open=register&sub1=&sub2=9191 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/fundist/0ba3209c-cc88-4939-8825-8169ef474010.jpg@png HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:08 GMT
content-type: image/png
content-length: 77223
cache-control: public, max-age=31536000
content-disposition: inline; filename="0ba3209c-cc88-4939-8825-8169ef474010.png"
content-security-policy: script-src 'none'
etag: "YivgRLogmnYHS1cXPJjS1dpZXN4A7BZ3bWbLSqbfqjQ/RIjY2MjhiZjVkLTIwNzNlIg"
x-request-id: L8Y0eiEcqAl7cqfXO8W4e
cf-cache-status: HIT
age: 218917
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hL47W0eR3Jlxz%2F5MzCeZFY0HtwKC9mhEAqccG87ghWjC4L0jeSuAkZjQK7dLPjx2ONc52JtueIwrD7gaXQUZ1kT3V4a2o8A2JtCcAsrN0%2Fr%2BicudhIGsD4%2BgrwQHFr3RLStefkqmW8s%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac4158d456cc-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/silverback.297288e25.svg | 154.197.121.128 | 200 OK | 42 kB |
URL GET HTTP/21win-cdn.com/img/silverback.297288e25.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wynyj.win/casino/list?open=register&sub1=&sub2=9191 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash2910b9f6ba7f900a0246432d2777b217 86b09b58a3eb69c70f175e577cfefd4efe1dfa0c b5274849cf17745568ee5854a736f1ca11cf874511dc6554884c6083155fdde2
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/silverback.297288e25.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:09 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: W/"663bfc40-a2dd"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 563
expires: Fri, 10 May 2024 09:54:09 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac473c8bb50f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/softswiss/e72d3aa7-8742-414d-bf8e-4cc530caa4bc.png@png | 0.0.0.0 | | 0 B |
URL GET imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/softswiss/e72d3aa7-8742-414d-bf8e-4cc530caa4bc.png@png IP0.0.0.0:0
Requested byhttps://1wynyj.win/casino/list?open=register&sub1=&sub2=9191 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/softswiss/e72d3aa7-8742-414d-bf8e-4cc530caa4bc.png@png HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
|
|
| 1win-cdn.com/css/21758.dae54c10d.css | 154.197.121.128 | 200 OK | 31 kB |
URL GET HTTP/21win-cdn.com/css/21758.dae54c10d.css IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wynyj.win/casino/list?open=register&sub1=&sub2=9191 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeASCII text, with very long lines (31262) Hash042184ca7fa3adf2a29c3de64253e215 321e3142ce096f24515bf9c5699fda45dcc5e76c 672247ee69b11db439dc0db48c1b8115542d13a4c9c2f23af0a0433b453adc7a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /css/21758.dae54c10d.css HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:06 GMT
content-type: text/css
last-modified: Mon, 06 May 2024 12:32:27 GMT
etag: W/"6638cddb-7a1f"
expires: Mon, 08 May 2034 05:54:06 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 320848
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac36e8d8b50f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/css/70244.c404f84dd.css | 154.197.121.128 | 200 OK | 28 kB |
URL GET HTTP/21win-cdn.com/css/70244.c404f84dd.css IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wynyj.win/casino/list?open=register&sub1=&sub2=9191 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeASCII text, with very long lines (28379) Hashfc695b12d4bb582f74b3a2daab88836f 8749b1ae087c71c07974b71b279c8b4b1710fe1a 1bf6032c87e0c13ed67319128a0ad036bd111e7c1e98336d36eabf7330e7fbd4
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /css/70244.c404f84dd.css HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:07 GMT
content-type: text/css
last-modified: Thu, 18 Apr 2024 14:14:56 GMT
etag: W/"66212ae0-6edc"
expires: Mon, 08 May 2034 05:54:07 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 816514
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac3b6e9db50f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/infingames/7e183855-0a8d-4323-a363-208600e16b4e.jpeg@png | 188.114.97.1 | 200 OK | 0 B |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/infingames/7e183855-0a8d-4323-a363-208600e16b4e.jpeg@png IP188.114.97.1:443
Requested byhttps://1wynyj.win/casino/list?open=register&sub1=&sub2=9191 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/infingames/7e183855-0a8d-4323-a363-208600e16b4e.jpeg@png HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:08 GMT
content-type: image/png
content-length: 71786
cache-control: public, max-age=31536000
content-disposition: inline; filename="7e183855-0a8d-4323-a363-208600e16b4e.png"
content-security-policy: script-src 'none'
etag: "YivgRLogmnYHS1cXPJjS1dpZXN4A7BZ3bWbLSqbfqjQ/RIjY2MWZiZjk0LTFjZGM1Ig"
x-request-id: GP3MXzRo03NoG3nuJVmsE
cf-cache-status: HIT
age: 214313
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FFKlabFzcgV52k%2FRzKepf8c5TG0Zug7UMn7R3TSEhGrhefx0YpOX4QZIfMrDMgyVph0O7qiCyrF9HJoTxBlGDwjIrD3xVi44N4ZTvOBzHIsfVfqWtPjuQSNzfYt7VcQyMEuo1MWLaCM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac4158d956cc-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/softswiss/62330210-340e-4ed3-aca6-640fe741a193.jpg@png | 0.0.0.0 | | 0 B |
URL GET imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/softswiss/62330210-340e-4ed3-aca6-640fe741a193.jpg@png IP0.0.0.0:0
Requested byhttps://1wynyj.win/casino/list?open=register&sub1=&sub2=9191 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/softswiss/62330210-340e-4ed3-aca6-640fe741a193.jpg@png HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/b66d7a82-7e0e-4461-815f-03c4e37367bc.png@avif | 188.114.96.1 | 200 OK | 7.7 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/b66d7a82-7e0e-4461-815f-03c4e37367bc.png@avif IP188.114.96.1:443
Requested byhttps://1wynyj.win/casino/list?open=register&sub1=&sub2=9191 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hash59dc0c8364af19cbd9df286058166da0 6f22523fccc24ee83f3550fb44793ceb5d63f2d1 19a74f92ccef157bba0aa43a0bdff5acf8b03c65924edca4c1676b80ab7dbb5b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/softswiss/b66d7a82-7e0e-4461-815f-03c4e37367bc.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:08 GMT
content-type: image/avif
content-length: 7728
cache-control: public, max-age=31536000
content-disposition: inline; filename="b66d7a82-7e0e-4461-815f-03c4e37367bc.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1OTdmMTNkLTVjMzk3Ig"
x-request-id: TAyAh0LE9QJc2T-Jgxivc
cf-cache-status: HIT
age: 217265
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TSFP1MyaS7sBbt3nfbqDnnTOBTj4gOBlkA5k8jnWiGCJ5q9SYILO%2BZ7rbrJVN6axQwh2eJ%2FTcx0P10jUp16K8fqWQtEp5g8wfAf8HGuvL3MqxjU%2F%2BbNoYyruGYGpSsc4vvmZhndvDr4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac43bffa56ca-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/86359.48c462178.js | 154.197.121.128 | 200 OK | 634 B |
URL GET HTTP/21win-cdn.com/js/86359.48c462178.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wynyj.win/casino/list?open=register&sub1=&sub2=9191 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (654), with no line terminators Hash33a83c5ac34b557d3037a52c8dead1fe 6bd3202d3720d8c86a84a63f1975b5d53d044ef9 7eb34e53490cdfe14b7d40ae44b2bf4e92d10e204114c1bf5352f6a66c587b8b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/86359.48c462178.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:07 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-27a"
expires: Mon, 08 May 2034 05:54:07 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 811669
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac3c0f5eb50f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/upgaming.242b9e921.svg | 154.197.121.128 | 200 OK | 4.8 kB |
URL GET HTTP/21win-cdn.com/img/upgaming.242b9e921.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wynyj.win/casino/list?open=register&sub1=&sub2=9191 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hashaeb4cc1caa82c4f55b3598ea0c7003fd 8c1eec585578ba1c3803b2d6b724d67cb8e3de25 236f3b8b8aad7f6ad5e23aa1eaf555fb7420d9dd6eb1df70e7957b1707554982
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/upgaming.242b9e921.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:09 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: W/"663bfc40-129c"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 2519
expires: Fri, 10 May 2024 09:54:09 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac47cd42b50f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/elbet.701d0b0cd.svg | 154.197.121.128 | 200 OK | 11 kB |
URL GET HTTP/21win-cdn.com/img/elbet.701d0b0cd.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wynyj.win/casino/list?open=register&sub1=&sub2=9191 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hashbd34c45017a4b3fe3d0813abbe16f113 2177a96200b95aa21ece71bfcbeadd200904c279 2ac83316161088868fcb56ac9812110d94b73567efab5e25b7387089d1ba7624
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/elbet.701d0b0cd.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:08 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: W/"663bfc40-2a4d"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 562
expires: Fri, 10 May 2024 09:54:08 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac45baecb50f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/1x2gaming.00302c7de.svg | 154.197.121.128 | 200 OK | 2.6 kB |
URL GET HTTP/21win-cdn.com/img/1x2gaming.00302c7de.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wynyj.win/casino/list?open=register&sub1=&sub2=9191 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash113eb6d7137f5f70e8e824f5487e85bd 3d4d5852693e551b81b3d8106608e11bdb3a5080 72f4e464420bdd29f86767f770246a82e37d7d54e601f3f460fdcaf351339a0b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/1x2gaming.00302c7de.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:08 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: W/"663bfc40-9fb"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 2496
expires: Fri, 10 May 2024 09:54:08 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac44fa2eb50f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/pg%20soft.fdb9d6567.svg | 154.197.121.128 | 200 OK | 1.4 kB |
URL GET HTTP/21win-cdn.com/img/pg%20soft.fdb9d6567.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wynyj.win/casino/list?open=register&sub1=&sub2=9191 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash71eb5806fcdd473839d2654d03c3fd5e 76a63507f2c2a26ffc343182aaa5d3278197ab88 dcf4ddaaf54ac6541b02df2c9198fe4743b219ec65ec8caa67b999e6a07335dd
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/pg%20soft.fdb9d6567.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:09 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: W/"663bfc40-5a0"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1916
expires: Fri, 10 May 2024 09:54:09 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac469be2b50f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/33700.8f8589382.js | 154.197.121.128 | 200 OK | 992 B |
URL GET HTTP/21win-cdn.com/js/33700.8f8589382.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wynyj.win/casino/list?open=register&sub1=&sub2=9191 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (1010), with no line terminators Hash7a56ca20c70147de869fb6f869c24757 8ba632a6c326ca6152d0c51a202527013eeb42f4 543572cbc25b63dbaf723d527cdb47a50c56655698f3eae1708b30e881429640
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/33700.8f8589382.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:07 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-3e0"
expires: Mon, 08 May 2034 05:54:07 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 821977
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac3eda62b50f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/bd0fa37c-d05c-4bf6-bc4d-6eae06bc2b8e.jpg@avif | 188.114.96.1 | 200 OK | 7.9 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/bd0fa37c-d05c-4bf6-bc4d-6eae06bc2b8e.jpg@avif IP188.114.96.1:443
Requested byhttps://1wynyj.win/casino/list?open=register&sub1=&sub2=9191 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hashc8ebe3b26cc5a8d527f6e58ad7838b6c ede563719eaf4ec059895d4c8990c056b454ffdf 6520662873d7e8737cbf258e9c064b97b7580db5043f8d73316a499995e5a12c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/bd0fa37c-d05c-4bf6-bc4d-6eae06bc2b8e.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:08 GMT
content-type: image/avif
content-length: 7885
cache-control: public, max-age=31536000
content-disposition: inline; filename="bd0fa37c-d05c-4bf6-bc4d-6eae06bc2b8e.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1YjBkMjliLTFkZTdjIg"
x-request-id: EREUHuy-6Z58arIgwk4Fm
cf-cache-status: HIT
age: 217265
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=enoA2o%2B4Bh7TLuS9ICTPXgKc%2BkE1ZXLiIXNtDWQpxvpsq4MT9Oe%2BZT2bIjkKQhWGwgiMHtRub%2BhHIlaDj0KL6Jc7F2RLRmc3WB24kVH5tPaUdUuzDYQsao7uHrycZzkcMAQ5UqlnG%2FE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac43bffd56ca-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/cool%20games.019d15340.svg | 154.197.121.128 | 200 OK | 3.6 kB |
URL GET HTTP/21win-cdn.com/img/cool%20games.019d15340.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wynyj.win/casino/list?open=register&sub1=&sub2=9191 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hashc3efa9849696becabebca718837f0827 96c9a9ae1bcc9e9b7ca05f52c14a1dc0cd986653 ee6d141e322862aa269184cbe47e86f7e8882b13966a905121857502eaa1a8fa
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/cool%20games.019d15340.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:08 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: W/"663bfc40-e13"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 2494
expires: Fri, 10 May 2024 09:54:08 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac45aae2b50f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/softswiss/5972e0dd-d954-45b0-b608-3f3e3832a0a1.jpg@png | 188.114.97.1 | 200 OK | 0 B |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/softswiss/5972e0dd-d954-45b0-b608-3f3e3832a0a1.jpg@png IP188.114.97.1:443
Requested byhttps://1wynyj.win/casino/list?open=register&sub1=&sub2=9191 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/softswiss/5972e0dd-d954-45b0-b608-3f3e3832a0a1.jpg@png HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:08 GMT
content-type: image/png
content-length: 63064
cache-control: public, max-age=31536000
content-disposition: inline; filename="5972e0dd-d954-45b0-b608-3f3e3832a0a1.png"
content-security-policy: script-src 'none'
etag: "YivgRLogmnYHS1cXPJjS1dpZXN4A7BZ3bWbLSqbfqjQ/RIjY2MmI1Y2QyLWYwOTAi"
x-request-id: epTu3gM_JoQg1x4xWECOw
cf-cache-status: HIT
age: 214314
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RrlFaO3p%2BPaIowS4HCiI6FPE1PMxA4XPYYu5qtHbQK%2FEvNiO51UrW9oU%2B14TD1TsQws2eguL8yFYXZD5LooEGIoTr043qeA6sOlnwQNGMVioUZBnN8oIkslilYiHec56mrFljxqqDsk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac41a90c56cc-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/fazi.19d7f4b72.svg | 154.197.121.128 | 200 OK | 645 B |
URL GET HTTP/21win-cdn.com/img/fazi.19d7f4b72.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wynyj.win/casino/list?open=register&sub1=&sub2=9191 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hashc2948d97afb6d8e1cf8e7b50b62a9272 a1607553e252407e35addae9b48c1cedfeebd048 309347ec479f691cb02b9aaac9c06aea9cbefa075c591a35b0651e8928e64792
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/fazi.19d7f4b72.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:08 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: W/"663bfc40-285"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 2493
expires: Fri, 10 May 2024 09:54:08 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac45db19b50f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/20420.30b3c996e.js | 154.197.121.128 | 200 OK | 573 B |
URL GET HTTP/21win-cdn.com/js/20420.30b3c996e.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wynyj.win/casino/list?open=register&sub1=&sub2=9191 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (591), with no line terminators Hash41330d1d45db0c752d96abc28dbb0644 3e716caf3e130d706d19fff163b8fda8b91574eb fbcbcecc2dd56e59b3e7ae495a64eafdbee9d493cd3b86ba0ebe14f75e031dc0
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/20420.30b3c996e.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:08 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-23d"
expires: Mon, 08 May 2034 05:54:08 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 825680
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac454a92b50f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/games%20inc.64fb099a0.svg | 154.197.121.128 | 200 OK | 695 B |
URL GET HTTP/21win-cdn.com/img/games%20inc.64fb099a0.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wynyj.win/casino/list?open=register&sub1=&sub2=9191 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash3d90ca2a78e19006ff1926510ed316d4 0becc591fcf773fa9e56396884dfd0f963a46e73 e7d7da9c1e3909de31009cba4f854e960403196039b489c7e42d4d6ad3acec0c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/games%20inc.64fb099a0.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:08 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: W/"663bfc40-2b7"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 562
expires: Fri, 10 May 2024 09:54:08 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac45db28b50f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/retrogames.bb592a878.svg | 154.197.121.128 | 200 OK | 7.3 kB |
URL GET HTTP/21win-cdn.com/img/retrogames.bb592a878.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wynyj.win/casino/list?open=register&sub1=&sub2=9191 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash58c68473b3dd3ae2f45e31560e366dbf 577748dead61e9aff6756db3bade90442cde170f e4305fe1e258b0357e17b29825d8fcf96aa9e60f453118e4a69066eb2c955207
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/retrogames.bb592a878.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:09 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: W/"663bfc40-1cb4"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6528
expires: Fri, 10 May 2024 09:54:09 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac471c6eb50f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/revolver.25aaacada.svg | 154.197.121.128 | 200 OK | 3.9 kB |
URL GET HTTP/21win-cdn.com/img/revolver.25aaacada.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wynyj.win/casino/list?open=register&sub1=&sub2=9191 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash49db2026a7b56b5525113dde1df88e5f 145eaf3e89aaa41bc641b6cfd321d900f74065d6 6f0a14e96df44350c7101bb3382f02983f1eb98fced9d4309cf99b2210a96adc
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/revolver.25aaacada.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:09 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: W/"663bfc40-f28"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 563
expires: Fri, 10 May 2024 09:54:09 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac471c6fb50f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/flags/no.svg | 154.197.121.128 | 200 OK | 326 B |
URL GET HTTP/21win-cdn.com/img/flags/no.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wynyj.win/casino/list?open=register&sub1=&sub2=9191 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash8b888b132836f9bf2c915bb3904c6dd3 e356289b851fdef19c9e0b2af31acbf95d77b0f8 da80fbdaeba2338f9ff3e93db2f1653c03c3dffa0cf376eed372edc98e308f0b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/flags/no.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:09 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: W/"663bfc40-146"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6539
expires: Fri, 10 May 2024 09:54:09 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac498f29b50f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/38209.ce0dbb534.js | 154.197.121.128 | 200 OK | 1.3 kB |
URL GET HTTP/21win-cdn.com/js/38209.ce0dbb534.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wynyj.win/casino/list?open=register&sub1=&sub2=9191 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (1359), with no line terminators Hash8cac0a300131504f4cdf9de98e24c2bc c76c49c15203750221970fefea15fe0352bb9978 a213d9451b50ae86bd8e75883092b22dedfcdc6ae2e26f5dd9c7de3d8957c16d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/38209.ce0dbb534.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:07 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-51f"
expires: Mon, 08 May 2034 05:54:07 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 812435
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac3bff34b50f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/rubyplay.b4553f39e.svg | 154.197.121.128 | 200 OK | 7.6 kB |
URL GET HTTP/21win-cdn.com/img/rubyplay.b4553f39e.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wynyj.win/casino/list?open=register&sub1=&sub2=9191 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash3858ea5c6be5319073b0453eac475c1b 72be49666df66401b531cfe9658ae2b64f897b0b fb96a6365440b705da9c72c59a869499f4872ed922243f9d248536974a860980
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/rubyplay.b4553f39e.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:07 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: W/"663bfc40-1d85"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1714
expires: Fri, 10 May 2024 09:54:07 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac3f2ad5b50f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/icons-pack-casino.fd47961dc.js | 154.197.121.128 | 200 OK | 91 kB |
URL GET HTTP/21win-cdn.com/js/icons-pack-casino.fd47961dc.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wynyj.win/casino/list?open=register&sub1=&sub2=9191 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Hashcaf103b3719cd36e18dd18439deac2fe b2e498d23c374abbc8ccd46f2ca03cb2bb2f41a3 4b280d2612a827e6604aef233c91cfd79b359a47065c728a350d0646c5c8a68c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/icons-pack-casino.fd47961dc.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:08 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-164f9"
expires: Mon, 08 May 2034 05:54:08 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 822373
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac4489a8b50f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/42672.1d05742a3.js | 154.197.121.128 | 200 OK | 884 B |
URL GET HTTP/21win-cdn.com/js/42672.1d05742a3.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wynyj.win/casino/list?open=register&sub1=&sub2=9191 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (910), with no line terminators Hash84e9ef241ba6d064f080cf809baa8f8b aa88381b3389d9ac5129099cac848b9068c5841f 0ee1a9bf53639249a9ff2b09acb4903f1bd7d4318e25612c0c88b1389af9125f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/42672.1d05742a3.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:09 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-374"
expires: Mon, 08 May 2034 05:54:09 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 812435
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac499f2fb50f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/softswiss/dbc5db56-b061-4362-ae84-ed051b568d0b.png@png | 0.0.0.0 | | 0 B |
URL GET imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/softswiss/dbc5db56-b061-4362-ae84-ed051b568d0b.png@png IP0.0.0.0:0
Requested byhttps://1wynyj.win/casino/list?open=register&sub1=&sub2=9191 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/softswiss/dbc5db56-b061-4362-ae84-ed051b568d0b.png@png HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
|
|
| 1win-cdn.com/img/netent.95417a961.svg | 154.197.121.128 | 200 OK | 1.0 kB |
URL GET HTTP/21win-cdn.com/img/netent.95417a961.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wynyj.win/casino/list?open=register&sub1=&sub2=9191 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash24c2a93da817e20deb8796b20655510d e0e0acc2a55fd9623907272dac8f96c8f30360c6 01707112895fbab90532a0afbe23c9ec0402c8f73656fb87e74eca54550a5bcf
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/netent.95417a961.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:08 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: W/"663bfc40-3f7"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 2931
expires: Fri, 10 May 2024 09:54:08 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac461b65b50f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/yggdrasil.a6bc350dc.svg | 154.197.121.128 | 200 OK | 5.8 kB |
URL GET HTTP/21win-cdn.com/img/yggdrasil.a6bc350dc.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wynyj.win/casino/list?open=register&sub1=&sub2=9191 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash1156d7b0c16ee989276ab38995b5e316 2efca22c943534eec487d1441efc9c1280c0ce62 05a95300234033b2ad7ffbf88873540ae90bfb3b849dc207666d8deed966d24d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/yggdrasil.a6bc350dc.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:09 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: W/"663bfc40-1697"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 563
expires: Fri, 10 May 2024 09:54:09 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac47ed84b50f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/common/banners/all-v2?lang=en&type=desktop&bannersType=casino&localeId=1 | 154.197.121.128 | 200 OK | 17 kB |
URL GET HTTP/21win-cdn.com/common/banners/all-v2?lang=en&type=desktop&bannersType=casino&localeId=1 IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wynyj.win/casino/list?open=register&sub1=&sub2=9191 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /common/banners/all-v2?lang=en&type=desktop&bannersType=casino&localeId=1 HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1wynyj.win
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:07 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: *
etag: W/"6edf-7tGSFEctCOHdjvobeAZXVyfzDLY"
vary: Origin
expires: Fri, 10 May 2024 05:54:07 GMT
cache-control: max-age=0
x-frame-options: DENY
cf-cache-status: DYNAMIC
set-cookie: __cf_bm=sIDxSY_dPY7INe1_ojj9xs8yK.gMLh6ocy5dACf4E58-1715320447-1.0.1.1-c_7E6nPYCuVp0G2cGNUOYhICjPzBYRXypVwA1HPqjcFdv80D2aWADCzKTRRRborvFMsc8x9OrsL6RLsGtyxpTw; path=/; expires=Fri, 10-May-24 06:24:07 GMT; domain=.1win-cdn.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 8817ac3d389e56b5-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/salsa.8d18d113d.svg | 154.197.121.128 | 200 OK | 4.5 kB |
URL GET HTTP/21win-cdn.com/img/salsa.8d18d113d.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wynyj.win/casino/list?open=register&sub1=&sub2=9191 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash8ddc56d0a9c2b1ae996c3521eddfae36 db430c81bcb0d7090c4067b858c8d48f0ba5d320 08bcd575204796b49e6590b14d0aef61c53647132f039606f45957b971c37844
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/salsa.8d18d113d.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:09 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: W/"663bfc40-1187"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 563
expires: Fri, 10 May 2024 09:54:09 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac472c80b50f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1wynyj.win/common/title?path=casino&lang=en | 190.115.24.78 | 200 OK | 29 B |
URL GET HTTP/21wynyj.win/common/title?path=casino&lang=en IP190.115.24.78:443
Requested byhttps://1wynyj.win/casino/list?open=register&sub1=&sub2=9191 CertificateIssuerLet's Encrypt Subject1wynyj.win Fingerprint12:B7:EA:0A:E2:24:95:AF:85:D7:64:33:58:EF:12:5E:A5:28:0A:F9 ValidityThu, 09 May 2024 13:55:07 GMT - Wed, 07 Aug 2024 13:55:06 GMT
File typetroff or preprocessor input, ASCII text, with no line terminators Hash55d138477f5d21b2864ed51b2aa3b446 f493c01dcf90c45f2334b9ca47839ce0a014222b 456ce42d8f0a396a6549e0fc1e00649162a0391884d40a887f013a53f681f37b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /common/title?path=casino&lang=en HTTP/1.1
Host: 1wynyj.win
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/casino/list?open=register&&
Cookie: __ddg1_=QZbdj0c7aMV9HECrE99B; sub_ids=sub1=&sub2=9191; visit_domain=1wynyj.win; core-sticky=http://10.233.72.61:80; 1w_lang=en; 1w_locale=1; AMP_494cccfe21=JTdCJTIyZGV2aWNlSWQlMjIlM0ElMjI1ZDVkZWEyMC00ZjY5LTQ0OTktOGU5MC1kM2E0Yjc2MjIzNTElMjIlMkMlMjJzZXNzaW9uSWQlMjIlM0ExNzE1MzIwNDQ2Nzg2JTJDJTIyb3B0T3V0JTIyJTNBZmFsc2UlMkMlMjJsYXN0RXZlbnRUaW1lJTIyJTNBMTcxNTMyMDQ0NjgyMSUyQyUyMmxhc3RFdmVudElkJTIyJTNBMCU3RA==; AMP_MKTG_494cccfe21=JTdCJTdE
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: ddos-guard
date: Fri, 10 May 2024 05:54:07 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=3600, stale-while-revalidate=300
etag: W/"25-bM/5z02X/xOkKbh8eZCiJpcKcd0"
vary: Origin, Accept-Encoding
x-frame-options: ALLOW-FROM ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan, ALLOW-FROM 1win-partner.com ww.1win.run 1win.run www.1win.work 1win.work www.1w.run 1w.run www.1wip.best 1wip.best www.1wint.run 1wint.run www.1winr.run 1winr.run www.1wind.run 1wind.run www.1wins.run 1wins.run www.1w.fan 1w.fan www.1win.team 1win.team www.1win.partners 1win.partners 1wip.best www.1wip.best 1wint.run www.1wint.run 1winr.run www.1winr.run 1wind.run www.1wind.run 1wins.run www.1wins.run 1w.fan www.1w.fan
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| www.googletagmanager.com/gtag/destination?id=DC-12688802&l=dataLayer&cx=c | 142.250.74.168 | 200 OK | 204 kB |
URL GET HTTP/3www.googletagmanager.com/gtag/destination?id=DC-12688802&l=dataLayer&cx=c IP142.250.74.168:443
Requested byhttps://1wynyj.win/casino/list?open=register&sub1=&sub2=9191 CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT
File typeJavaScript source, ASCII text, with very long lines (1822) Size204 kB (204153 bytes) Hashba63dc94f1a05c899466c84d8d4d921f dc975254ec6b4804c5815974dc10ddf5dd189848 023c85c196d6fa008b42903af1684d82c3668b9a228866bf8eaab9cd297a8464
GET /gtag/destination?id=DC-12688802&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 10 May 2024 05:54:08 GMT
expires: Fri, 10 May 2024 05:54:08 GMT
cache-control: private, max-age=900
last-modified: Fri, 10 May 2024 03:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 74061
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/bfgames/5771c41a-5bb6-4ced-8f5d-a93b7be3163b.jpg@png | 0.0.0.0 | | 0 B |
URL GET imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/bfgames/5771c41a-5bb6-4ced-8f5d-a93b7be3163b.jpg@png IP0.0.0.0:0
Requested byhttps://1wynyj.win/casino/list?open=register&sub1=&sub2=9191 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/bfgames/5771c41a-5bb6-4ced-8f5d-a93b7be3163b.jpg@png HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
|
|
| 1win-cdn.com/img/bombay%20live.ab678ab94.svg | 154.197.121.128 | 200 OK | 1.5 kB |
URL GET HTTP/21win-cdn.com/img/bombay%20live.ab678ab94.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wynyj.win/casino/list?open=register&sub1=&sub2=9191 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash291aed0c4eee33d7354cb7440283934c ed96adcc70c1f20adad6a9b7a4fa494c45a0d66e e74a67564e0b43deb9d4a6cf97c232567d7dc8111c457c32360d695c21692291
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/bombay%20live.ab678ab94.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:08 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: W/"663bfc40-5b4"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 2494
expires: Fri, 10 May 2024 09:54:08 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac456aafb50f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/gameart.7beff0d18.svg | 154.197.121.128 | 200 OK | 2.6 kB |
URL GET HTTP/21win-cdn.com/img/gameart.7beff0d18.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wynyj.win/casino/list?open=register&sub1=&sub2=9191 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash0316280cc350cb02b448e29142cbc493 16182a01de1fe9f3918bdfff51002844776c1b08 be85aab3a3bd01ae6471157366d278a01d650882cccaa670c8d5472eda92a073
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/gameart.7beff0d18.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:08 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: W/"663bfc40-a30"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 562
expires: Fri, 10 May 2024 09:54:08 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac45db1fb50f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/infingames/ada717cd-e63b-40b2-adbf-c1009964d6f0.png@png | 188.114.97.1 | 200 OK | 0 B |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/infingames/ada717cd-e63b-40b2-adbf-c1009964d6f0.png@png IP188.114.97.1:443
Requested byhttps://1wynyj.win/casino/list?open=register&sub1=&sub2=9191 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/infingames/ada717cd-e63b-40b2-adbf-c1009964d6f0.png@png HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:08 GMT
content-type: image/png
content-length: 68585
cache-control: public, max-age=31536000
content-disposition: inline; filename="ada717cd-e63b-40b2-adbf-c1009964d6f0.png"
content-security-policy: script-src 'none'
etag: "YivgRLogmnYHS1cXPJjS1dpZXN4A7BZ3bWbLSqbfqjQ/RIjY2MWNlZTJkLTZiYjFhIg"
x-request-id: lpiw6FoYseqVjFN4ho_8-
cf-cache-status: HIT
age: 208900
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=j0heiaG1psozfo64xsfiGOReQCOgLYT%2FH%2BzKRP1Dw60DnM1hLCtTy%2FX%2FevYhNunpOPAMvcZxrbKJEwhXU9HXRun07Irng7zNITzDXNUaBkz9Saj%2FsD0EPXEMMyRlRisEOTnUGvK5kxY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac4158d056cc-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/fundist/aac4d623-5134-4bf1-9cb3-49c6a8128b9b.jpg@png | 188.114.97.1 | 200 OK | 0 B |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/fundist/aac4d623-5134-4bf1-9cb3-49c6a8128b9b.jpg@png IP188.114.97.1:443
Requested byhttps://1wynyj.win/casino/list?open=register&sub1=&sub2=9191 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/fundist/aac4d623-5134-4bf1-9cb3-49c6a8128b9b.jpg@png HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:08 GMT
content-type: image/png
content-length: 79167
cache-control: public, max-age=31536000
content-disposition: inline; filename="aac4d623-5134-4bf1-9cb3-49c6a8128b9b.png"
content-security-policy: script-src 'none'
etag: "YivgRLogmnYHS1cXPJjS1dpZXN4A7BZ3bWbLSqbfqjQ/RIjY1ODJmMDE3LTFlMzU4Ig"
x-request-id: 2fo8UEBK1J6HocAlsCgRu
cf-cache-status: HIT
age: 138486
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hqpBzE7YhZU7I44XfSlOXrzLS%2BKym9zW%2BbQivUC2HwVqN5cxW3ySOiCPZKzquoKw1gm5ITJzirvY%2B5jhCTTmHpoYD0lj%2FuqDgACaa0xDNsFy7dqE%2FXdhaEQc0J%2BDDPpRYMLzkJS0lUs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac42296356cc-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/43097ed5-2830-494a-b011-fe3f59895a87.png@avif | 188.114.96.1 | 200 OK | 8.8 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/43097ed5-2830-494a-b011-fe3f59895a87.png@avif IP188.114.96.1:443
Requested byhttps://1wynyj.win/casino/list?open=register&sub1=&sub2=9191 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hashaaef155f89410ff2275a6c3602b9ab23 4ab672c0f009b1222e5ff53a2118256502d7f432 13e111aa3ac846bfe4f9a4354c58d2166676b0f4c5f46e7b789db866a4772f5b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/43097ed5-2830-494a-b011-fe3f59895a87.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:08 GMT
content-type: image/avif
content-length: 8780
cache-control: public, max-age=31536000
content-disposition: inline; filename="43097ed5-2830-494a-b011-fe3f59895a87.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY0OWU5Nzc1LTMxOTNlIg"
x-request-id: gfch12uZh1lGXkDehnA9j
cf-cache-status: HIT
age: 212359
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tbmhGc%2Fo%2BU4RPJLlPwXx42FNoCWdaWZlmBizZH6wmfSUvPypuiW6EAbtKcC%2FWItDcPhawu09AoN9ap1lCTs7Dipp%2FRck9g9Pb6Ncy1Kom8yhiMIWrD%2F5RzelUXTBoD1jX9ceHEdMgqQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac436faa56ca-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/igrosoft.69f8e3ca4.svg | 154.197.121.128 | 200 OK | 1.3 kB |
URL GET HTTP/21win-cdn.com/img/igrosoft.69f8e3ca4.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wynyj.win/casino/list?open=register&sub1=&sub2=9191 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hashc193a82075a3318b6b01f6652548e025 008409af9a242969c8c0205fc8052d17b61410b3 71151a1f7c348dc26ab089351320dfd6cf0ccfe3c0019c475e0917c0f9b353f8
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/igrosoft.69f8e3ca4.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:08 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: W/"663bfc40-500"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 562
expires: Fri, 10 May 2024 09:54:08 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac45eb3ab50f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/500_i18_img.22f56ee2b-1508.png | 0.0.0.0 | | 0 B |
URL GET 1win-cdn.com/img/500_i18_img.22f56ee2b-1508.png IP0.0.0.0:0
Requested byhttps://1wynyj.win/casino/list?open=register&sub1=&sub2=9191 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/500_i18_img.22f56ee2b-1508.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
|
|
| 1win-cdn.com/img/hacksaw.5f0e80ecd.svg | 154.197.121.128 | 200 OK | 841 B |
URL GET HTTP/21win-cdn.com/img/hacksaw.5f0e80ecd.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wynyj.win/casino/list?open=register&sub1=&sub2=9191 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash3371207f99abc98b9fb8ae8e13877c7c 82efe0611bab5262b245fbc98522a20bb2fc6529 ca3477693ffb8842144691591c6344d96dd368cb41b51aaf5e9e40ece7338831
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/hacksaw.5f0e80ecd.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:08 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: W/"663bfc40-349"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6527
expires: Fri, 10 May 2024 09:54:08 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac41feecb50f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/bfgames/669e5916-bed1-42b2-87c5-47099f065894.jpg@png | 0.0.0.0 | | 0 B |
URL GET imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/bfgames/669e5916-bed1-42b2-87c5-47099f065894.jpg@png IP0.0.0.0:0
Requested byhttps://1wynyj.win/casino/list?open=register&sub1=&sub2=9191 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/bfgames/669e5916-bed1-42b2-87c5-47099f065894.jpg@png HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
|
|
| 1win-cdn.com/img/elk.c0f58697d.svg | 154.197.121.128 | 200 OK | 983 B |
URL GET HTTP/21win-cdn.com/img/elk.c0f58697d.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wynyj.win/casino/list?open=register&sub1=&sub2=9191 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash58995520e7430cd69b54d08c244aacc1 3db7918420563842879038fd5b4ba2050458ddeb 5110cb34328fe32430f0ef1a8a85709a1245aa2df8d876656a6dd74c8ed5accb
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/elk.c0f58697d.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:08 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: W/"663bfc40-3d7"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 2494
expires: Fri, 10 May 2024 09:54:08 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac45cafdb50f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/flags/en.svg | 154.197.121.128 | 200 OK | 2.2 kB |
URL GET HTTP/21win-cdn.com/img/flags/en.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wynyj.win/casino/list?open=register&sub1=&sub2=9191 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash79e4258317717cae7d54221d403e28d4 85a14a9c6aa03cf4c9ec9e942a06e5987cb61d0a 0b0d98ecb898886bc24f0a6859a7a76034f960374c9914370e69d3ac7467a697
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/flags/en.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:07 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: W/"663bfc40-8ae"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 2543
expires: Fri, 10 May 2024 09:54:07 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac3c8809b50f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/lucky-jet.f927485da.svg | 154.197.121.128 | 200 OK | 4.0 kB |
URL GET HTTP/21win-cdn.com/img/lucky-jet.f927485da.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wynyj.win/casino/list?open=register&sub1=&sub2=9191 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash46387a9ff4a17ec246107df243120bfb f662dcb3e5629d8b9dcd169f73e31f95309bda40 b3cffaeaa51fa3689ab70d930776d565a90ab7caaaace2f1cac5f67cfc13205f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/lucky-jet.f927485da.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:07 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: W/"663bfc40-f8d"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 1715
expires: Fri, 10 May 2024 09:54:07 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac3cd84fb50f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/endorphina/e616b239-a47e-43b9-a050-50c3662fbce4.png@avif | 188.114.96.1 | 200 OK | 7.7 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/endorphina/e616b239-a47e-43b9-a050-50c3662fbce4.png@avif IP188.114.96.1:443
Requested byhttps://1wynyj.win/casino/list?open=register&sub1=&sub2=9191 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hash2575d269a08f870a79f69eda71b93d5c 0423437f25eacb10ab31baa05a81f5fc8eb9496d 4768d4250c6b267c70448e8153b36a1d1e25f7c84d4544c27d13852422b51dd6
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/endorphina/e616b239-a47e-43b9-a050-50c3662fbce4.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:08 GMT
content-type: image/avif
content-length: 7678
cache-control: public, max-age=31536000
content-disposition: inline; filename="e616b239-a47e-43b9-a050-50c3662fbce4.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1YjhlMTg3LTZkMmQyIg"
x-request-id: FJeRjt-nls386FlQtw3Lz
cf-cache-status: HIT
age: 221447
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FTC2ZP1%2F9G%2BtWr200Kl31cRyfwENRF9FE%2FIKbKSwgl93%2FF5Rzwv28yWcOzX6w%2BprxtC119qYZ%2FU1sfH6UszXOm%2BcnM7LwjfYnyzuPGlWJWbjJc5Kn00GoM0O8yfDLp9jMX%2BFMLk596g%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac436fa856ca-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/atmosfera.32402e33f.svg | 154.197.121.128 | 200 OK | 9.0 kB |
URL GET HTTP/21win-cdn.com/img/atmosfera.32402e33f.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wynyj.win/casino/list?open=register&sub1=&sub2=9191 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash3ba4610ae40c2d70390afaa7cba36721 01eeff20113a096675d71c018a7f109c8e53da28 815ee6469c0e9ab67b094e7e529109be7cd887973cfa0d784ac1638e9e5b5637
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/atmosfera.32402e33f.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:08 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: W/"663bfc40-230d"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6527
expires: Fri, 10 May 2024 09:54:08 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac451a42b50f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/skywind.9cd4f870b.svg | 154.197.121.128 | 200 OK | 1.5 kB |
URL GET HTTP/21win-cdn.com/img/skywind.9cd4f870b.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wynyj.win/casino/list?open=register&sub1=&sub2=9191 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash6133bd0ec680372c4b1478cca75bd999 852e07d884235f5b480657590f2cba1ce4d53d7f 6e09ca60ae8119229bdebf17f96b69ea481296cf4da7dbd9c2d27ee8111d30f0
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/skywind.9cd4f870b.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:09 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: W/"663bfc40-5e3"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5123
expires: Fri, 10 May 2024 09:54:09 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac474c97b50f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/pwa_android_en.b229a444a-690.png | 154.197.121.128 | 200 OK | 33 kB |
URL GET HTTP/21win-cdn.com/img/pwa_android_en.b229a444a-690.png IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wynyj.win/casino/list?open=register&sub1=&sub2=9191 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typePNG image data, 690 x 450, 8-bit colormap, non-interlaced Hash43e03a24e305838eac0629c5cbf85550 85c71568d1008a17b928ac548987911daf187020 368a53c990be07280c5f3d3a726f0365f24befd9da404e98c139d88d8b5bf10b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/pwa_android_en.b229a444a-690.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:07 GMT
content-type: image/png
content-length: 33278
cf-bgj: imgq:100,h2pri
cf-polished: origSize=37637
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
etag: "663bfc40-9305"
last-modified: Wed, 08 May 2024 22:27:12 GMT
cf-cache-status: HIT
age: 563
expires: Fri, 10 May 2024 09:54:07 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac3d2893b50f-OSL
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/infingames/f6079dcf-04df-4bfd-bb7c-8d454bdcb21b.png@png | 188.114.97.1 | 200 OK | 0 B |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/infingames/f6079dcf-04df-4bfd-bb7c-8d454bdcb21b.png@png IP188.114.97.1:443
Requested byhttps://1wynyj.win/casino/list?open=register&sub1=&sub2=9191 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/infingames/f6079dcf-04df-4bfd-bb7c-8d454bdcb21b.png@png HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:08 GMT
content-type: image/png
content-length: 76973
cache-control: public, max-age=31536000
content-disposition: inline; filename="f6079dcf-04df-4bfd-bb7c-8d454bdcb21b.png"
content-security-policy: script-src 'none'
etag: "YivgRLogmnYHS1cXPJjS1dpZXN4A7BZ3bWbLSqbfqjQ/RIjY0MDA5N2I1LTNiNjcxIg"
x-request-id: PFYeM0AS5_R5yxQtX2B_s
cf-cache-status: HIT
age: 134749
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vgGT8rH5zs9VXT%2FsG9g67TDbXo6FkNaL%2BsRl0PLYqblObc68VVGLkQ0Mh%2BinBJEJTlmbEGWZMhzwddy4BXMwvGBE2uzbNrUDqqZYrmEWSuy%2Fr3UdTHJct6yTCpOUBqEp3soUskOvOtA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac41a90e56cc-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/endorphina/3a74cb93-c140-47e2-b2a7-6c79fe6141a1.png@avif | 188.114.96.1 | 200 OK | 7.6 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/endorphina/3a74cb93-c140-47e2-b2a7-6c79fe6141a1.png@avif IP188.114.96.1:443
Requested byhttps://1wynyj.win/casino/list?open=register&sub1=&sub2=9191 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hash69e833418f266350c9733c499c60719d a32e6447c9fad953e53c6ecbafb842d6808a3a3a 089d20430d098cd7159674f9a6e712b1be0d02edf74da7f9b74108688bf85837
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/endorphina/3a74cb93-c140-47e2-b2a7-6c79fe6141a1.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:08 GMT
content-type: image/avif
content-length: 7585
cache-control: public, max-age=31536000
content-disposition: inline; filename="3a74cb93-c140-47e2-b2a7-6c79fe6141a1.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1NjVkMmJmLTJkMWQxIg"
x-request-id: llrRyoBvhTUqcwwtGB9xo
cf-cache-status: HIT
age: 212359
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UEaMoQM%2FqrKMfwRfVbIv3vL4HJdtLu95QM%2F3hSTsynFellb5DqfxOhF2yFE5IOB1NyDY9C2xSpLqxGtmiMiKZJxhcYryBS9qCWWpxMEWkQEeZVozbI5dmVnsff8WrzKqjYWjJq6zsJQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac437fab56ca-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/electric%20elephant%20.dd56c804d.svg | 154.197.121.128 | 200 OK | 5.2 kB |
URL GET HTTP/21win-cdn.com/img/electric%20elephant%20.dd56c804d.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wynyj.win/casino/list?open=register&sub1=&sub2=9191 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hashee4b076249d3d52c42ca2f59e03cae25 d072a4002835fbd0279757a42bed97a398e7adf7 9eeb2fb4664558d20a84cd82fb347d73ef91975eb4a5c5ee274b16f3ebd9c495
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/electric%20elephant%20.dd56c804d.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:08 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: W/"663bfc40-143b"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 562
expires: Fri, 10 May 2024 09:54:08 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac45baf6b50f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-548949LWLW&cid=358743955.1715320449>m=45je4580v894728184z8894400803za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3lPl2l1&npa=1&frm=0&z=1928505612 | 142.250.74.163 | 200 OK | 42 B |
URL GET HTTP/2www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-548949LWLW&cid=358743955.1715320449>m=45je4580v894728184z8894400803za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3lPl2l1&npa=1&frm=0&z=1928505612 IP142.250.74.163:443
Requested byhttps://1wynyj.win/casino/list?open=register&sub1=&sub2=9191 CertificateIssuerGoogle Trust Services LLC Subject*.google.no Fingerprint7D:68:6D:B1:32:34:52:51:20:C9:53:FF:B9:B7:8F:7E:05:F9:F5:97 ValidityTue, 16 Apr 2024 04:31:00 GMT - Tue, 09 Jul 2024 04:30:59 GMT
File typeGIF image data, version 89a, 1 x 1 Hashd89746888da2d9510b64a9f031eaecd5 d5fceb6532643d0d84ffe09c40c481ecdf59e15a ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-548949LWLW&cid=358743955.1715320449>m=45je4580v894728184z8894400803za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3lPl2l1&npa=1&frm=0&z=1928505612 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 10 May 2024 05:54:09 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/21758.b3eaa9414.js | 154.197.121.128 | 200 OK | 415 kB |
URL GET HTTP/21win-cdn.com/js/21758.b3eaa9414.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wynyj.win/casino/list?open=register&sub1=&sub2=9191 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Size415 kB (415100 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/21758.b3eaa9414.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:06 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: W/"663bfc40-6557c"
expires: Mon, 08 May 2034 05:54:06 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 112936
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac36e8dbb50f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/endorphina/16b695c0-a55e-4b62-a358-7f28a054f5c3.png@png | 188.114.97.1 | 200 OK | 0 B |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/endorphina/16b695c0-a55e-4b62-a358-7f28a054f5c3.png@png IP188.114.97.1:443
Requested byhttps://1wynyj.win/casino/list?open=register&sub1=&sub2=9191 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/endorphina/16b695c0-a55e-4b62-a358-7f28a054f5c3.png@png HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:08 GMT
content-type: image/png
content-length: 62237
cache-control: public, max-age=31536000
content-disposition: inline; filename="16b695c0-a55e-4b62-a358-7f28a054f5c3.png"
content-security-policy: script-src 'none'
etag: "YivgRLogmnYHS1cXPJjS1dpZXN4A7BZ3bWbLSqbfqjQ/RIjY1NmY0YzBmLTViZWY2Ig"
x-request-id: bCfaZF6a-bmB2Xw_gOv4O
cf-cache-status: HIT
age: 208837
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KJseYn1Sw0RLF0Nfn1d8JlPnlkWuItQ9wM24Uy6oLx40IVXwOQahy2gzJuraVk86UFgrKpJxfuUVcgjkkus7trS641P4hRvqNFdcLImUgb3b06ZmURwWrycuBXNK1PCDk%2BeeMiSyAbY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac4158d256cc-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/evoplay.cfa676ca9.svg | 154.197.121.128 | 200 OK | 2.6 kB |
URL GET HTTP/21win-cdn.com/img/evoplay.cfa676ca9.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wynyj.win/casino/list?open=register&sub1=&sub2=9191 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash7b4d8b1998ceae4f1e4defe0e5b322a9 b60d4fa2033a28349d7920647907368835ab514d ba06d2a9476e9302fb1576b656f6c522ada52d31d30e9461649e874207ca18bb
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/evoplay.cfa676ca9.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:08 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: W/"663bfc40-a24"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5122
expires: Fri, 10 May 2024 09:54:08 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac45cb09b50f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/gamebeat.5649e97f9.svg | 154.197.121.128 | 200 OK | 1.1 kB |
URL GET HTTP/21win-cdn.com/img/gamebeat.5649e97f9.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wynyj.win/casino/list?open=register&sub1=&sub2=9191 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hashf47237dc478a7b0d1ed4d2687cc13396 66ce5afa1722b78b22858e1ae057290f36a13c81 af0e90737145635ae2a9807d550dfc2bd2746cbc50f74b828a3aa4c0e9a8ca19
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/gamebeat.5649e97f9.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:08 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: W/"663bfc40-472"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5122
expires: Fri, 10 May 2024 09:54:08 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac45db25b50f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/6c924d76-6964-4196-b545-1cc5c1ce019e.jpg@avif | 188.114.96.1 | 200 OK | 3.3 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/6c924d76-6964-4196-b545-1cc5c1ce019e.jpg@avif IP188.114.96.1:443
Requested byhttps://1wynyj.win/casino/list?open=register&sub1=&sub2=9191 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hashb521bef6762ffadc98bae1073bc51102 d954bae917b2dbe88dd99f4861378026617c0051 5ea36ff6bcb73fe3cb477b259728a597be8b170546984eb824ec3582d1c6e207
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/infingames/6c924d76-6964-4196-b545-1cc5c1ce019e.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:08 GMT
content-type: image/avif
content-length: 3320
cache-control: public, max-age=31536000
content-disposition: inline; filename="6c924d76-6964-4196-b545-1cc5c1ce019e.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1NTIwNWFmLTEwNzYxIg"
x-request-id: xOqcr0pspglCrlGtEnLgs
cf-cache-status: HIT
age: 213319
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FvRfMTD8ujrC5BevRYimTHYVc6ODfxGJXB%2Bi%2FDN%2FQPtFLFE7KHug%2FX%2B%2BoPGK30SvckvgxlHAC3bF7GLghrPOq3KiLnjJX7i0CRqLH%2F6pbCZGsBse%2Bz8jcgSa75iovTvjBTgth9fJ6Uo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac434f7456ca-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/big%20time%20gaming.e2bd46001.svg | 154.197.121.128 | 200 OK | 5.6 kB |
URL GET HTTP/21win-cdn.com/img/big%20time%20gaming.e2bd46001.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wynyj.win/casino/list?open=register&sub1=&sub2=9191 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash736482b909f3d90f4b87845b06343f95 05501f25bbd97642449a87b6113fbb3a2cf36f41 68f08269f37245370fb3122fa2c76f755644e1a9cce3e1abb1cda283aff2de62
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/big%20time%20gaming.e2bd46001.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:08 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: W/"663bfc40-15e9"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 2494
expires: Fri, 10 May 2024 09:54:08 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac455aa2b50f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/191d39df-ec9d-4ea9-8900-dc97c6fc815f.jpg@avif | 188.114.96.1 | 200 OK | 8.9 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/191d39df-ec9d-4ea9-8900-dc97c6fc815f.jpg@avif IP188.114.96.1:443
Requested byhttps://1wynyj.win/casino/list?open=register&sub1=&sub2=9191 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hashcebc85480bbad513494cd33e7f631c54 c9eb1638c917111370d3a6f34fffe3c044cd93ba 9e9294be36b0de37fe3747da3b0e8c1c3416c04dba0ee6ed2609f91437f0692d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/fundist/191d39df-ec9d-4ea9-8900-dc97c6fc815f.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:08 GMT
content-type: image/avif
content-length: 8884
cache-control: public, max-age=31536000
content-disposition: inline; filename="191d39df-ec9d-4ea9-8900-dc97c6fc815f.avif"
content-security-policy: script-src 'none'
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY1Nzk4ZWM0LTFlNmJlIg"
x-request-id: 7HO2phq6-XPHr_5oSB8Ho
cf-cache-status: HIT
age: 211732
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XZcNe1MmXtZbMM%2ByKeagUXO2OV2ndY4P2YrCWfDXDdl9KoiCtOz7UtcB42Ywr7ftvq%2B0HsF6Jr8SB6nbwiMisTcHXvulkQtF39y8YOD%2BPituXh6lmxJWU7M7wdlBAD39rdH%2F0XAjYYM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac43e83d56ca-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/platipus.dd3b50ce6.svg | 154.197.121.128 | 200 OK | 3.7 kB |
URL GET HTTP/21win-cdn.com/img/platipus.dd3b50ce6.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wynyj.win/casino/list?open=register&sub1=&sub2=9191 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash47208726d4dd191a03af9229fc538eb2 0ef7c3f6b3788794db7709213ecaee1b7558a5c2 b27442adef75a0afbde2ad9cacddd4d871e0a302390e6e860c59d627013b32f2
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/platipus.dd3b50ce6.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:09 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: W/"663bfc40-e84"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 563
expires: Fri, 10 May 2024 09:54:09 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac46abeab50f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/spadegaming.8dc1e9a8e.svg | 154.197.121.128 | 200 OK | 3.8 kB |
URL GET HTTP/21win-cdn.com/img/spadegaming.8dc1e9a8e.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wynyj.win/casino/list?open=register&sub1=&sub2=9191 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash747a1c4577c4f0216b3c2312e11b1950 c38313a9fb030d29f16ed7bbc1dab939a874aff5 e6e69bc9af907311e8e0d47d368dc74a985349748dc05803b4717e4aa8a3f6c1
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/spadegaming.8dc1e9a8e.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:09 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: W/"663bfc40-edd"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 563
expires: Fri, 10 May 2024 09:54:09 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac475caab50f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/1win%20games.9b8574150.svg | 154.197.121.128 | 200 OK | 1.6 kB |
URL GET HTTP/21win-cdn.com/img/1win%20games.9b8574150.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wynyj.win/casino/list?open=register&sub1=&sub2=9191 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hash50dad4fc2924bcfbb1745e9351fc32bd e71c68d2d20f197e3d4645e4d791436496b4528d 98974ebbc36d921b989f19beb197990dec088ab52912315b8a7854f4a8a871a2
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/1win%20games.9b8574150.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:08 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: W/"663bfc40-643"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 5122
expires: Fri, 10 May 2024 09:54:08 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac44ea27b50f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/relax/f9d339fd-0dd6-4b11-adf4-5f5c540fe36a.png@png | 0.0.0.0 | | 0 B |
URL GET imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/relax/f9d339fd-0dd6-4b11-adf4-5f5c540fe36a.png@png IP0.0.0.0:0
Requested byhttps://1wynyj.win/casino/list?open=register&sub1=&sub2=9191
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/relax/f9d339fd-0dd6-4b11-adf4-5f5c540fe36a.png@png HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/softswiss/ce984aa3-1980-464a-a49f-9d1c7c928a57.png@png | 0.0.0.0 | | 0 B |
URL GET imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/softswiss/ce984aa3-1980-464a-a49f-9d1c7c928a57.png@png IP0.0.0.0:0
Requested byhttps://1wynyj.win/casino/list?open=register&sub1=&sub2=9191 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/softswiss/ce984aa3-1980-464a-a49f-9d1c7c928a57.png@png HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
|
|
| 1win-cdn.com/img/amusnet%20interactive.428b45c71.svg | 154.197.121.128 | 200 OK | 672 B |
URL GET HTTP/21win-cdn.com/img/amusnet%20interactive.428b45c71.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wynyj.win/casino/list?open=register&sub1=&sub2=9191 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hashdd800d25fd1fc6956949e43d9997d38d d2e3ced7d4ad91488dc8dde871b6651a01153f4a 8a010ef18c9d5777be9dbf363882bb9eadb3ded464fa63f0dd133e10a1bfef1b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/amusnet%20interactive.428b45c71.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:08 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: W/"663bfc40-2a0"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6527
expires: Fri, 10 May 2024 09:54:08 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac450a40b50f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/reelplay.06dc7f4c0.svg | 154.197.121.128 | 200 OK | 25 kB |
URL GET HTTP/21win-cdn.com/img/reelplay.06dc7f4c0.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wynyj.win/casino/list?open=register&sub1=&sub2=9191 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hashb322085b94eec118c20d5acba9ea8465 616f9440231bd629e6d2b6aea1d1baac51386151 542c8ac685d4bf37c20fe8c1b758db347c1300495f467ee0cf4d335239c42b26
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/reelplay.06dc7f4c0.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:09 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: W/"663bfc40-60b9"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 563
expires: Fri, 10 May 2024 09:54:09 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac471c69b50f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/index.65b27e7dc.js | 154.197.121.128 | 200 OK | 201 kB |
URL GET HTTP/21win-cdn.com/js/index.65b27e7dc.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wynyj.win/casino/list?open=register&sub1=&sub2=9191 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
Size201 kB (201358 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/index.65b27e7dc.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:06 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: W/"663bfc40-3128e"
expires: Mon, 08 May 2034 05:54:06 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 112937
set-cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg; path=/; expires=Fri, 10-May-24 06:24:06 GMT; domain=.1win-cdn.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac34ee6bb50f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/36775.678726ba1.js | 154.197.121.128 | 200 OK | 7.8 kB |
URL GET HTTP/21win-cdn.com/js/36775.678726ba1.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wynyj.win/casino/list?open=register&sub1=&sub2=9191 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (7992), with no line terminators Hash3fc2add4778f17303b7475f7ad3db5f1 3bf9839bd0f907bd2a36a46a91800bbdb3b33a65 c999c9060eb1b531dc59b6cf64112acc0bcf286437c6bdc127a0a541956cc36d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/36775.678726ba1.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:07 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 06 May 2024 12:32:26 GMT
etag: W/"6638cdda-1e4e"
expires: Mon, 08 May 2034 05:54:07 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 315166
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac3b4e85b50f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/spinomenal/816dc231-c8b7-4ffb-bae9-d78caff7e923.jpg@png | 188.114.97.1 | 200 OK | 76 kB |
URL GET HTTP/2imgproxy.1win-cdn.com/unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/spinomenal/816dc231-c8b7-4ffb-bae9-d78caff7e923.jpg@png IP188.114.97.1:443
Requested byhttps://1wynyj.win/casino/list?open=register&sub1=&sub2=9191 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typePNG image data, 419 x 314, 8-bit colormap, non-interlaced Hash6a8ae44f377d41f5abd06e9c3a615f3f 2837f44bbdc8f815ef9bfedd26836d79391a3fac 48a3d51667d35db0a0e6a552e2b83fe5f90b9ba0ca51cb00f9dc24b5ce948d6f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /unsafe/casino_list_big_2x/plain/https://1win-cdn.com/casino-images/spinomenal/816dc231-c8b7-4ffb-bae9-d78caff7e923.jpg@png HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:08 GMT
content-type: image/png
content-length: 75885
cache-control: public, max-age=31536000
content-disposition: inline; filename="816dc231-c8b7-4ffb-bae9-d78caff7e923.png"
content-security-policy: script-src 'none'
etag: "YivgRLogmnYHS1cXPJjS1dpZXN4A7BZ3bWbLSqbfqjQ/RIjY1YjNhOTQ4LTI4YTY3Ig"
x-request-id: oAT7t5az95HxG8lyK6KjX
cf-cache-status: HIT
age: 220379
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YVz22YQbqbFEdVOI2Xo4G02azJmoNPmSwip869po6vX9mqkmk5Hua5bAMl%2B68TCxQyVxrB8WqizGlXog6%2Bs2Np4K6CpxNTtac79bYDFgHMuUU7w9Z4Tkx5SjUrZGYU10%2B3asv3Vjs8M%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac4158c956cc-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/img/boomerang.413a98511.svg | 154.197.121.128 | 200 OK | 36 kB |
URL GET HTTP/21win-cdn.com/img/boomerang.413a98511.svg IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wynyj.win/casino/list?open=register&sub1=&sub2=9191 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typeSVG Scalable Vector Graphics image Hashd37b7a09c29c7e0179175433f4b9cff7 9c24e32b7e570cd294ee7400d7b6b96348a6a8f9 e9eaf42baf55a608a7663e6f63812bd1faf020d3d75d6c12ddec5ea4b945e53a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/boomerang.413a98511.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:08 GMT
content-type: image/svg+xml
last-modified: Wed, 08 May 2024 22:27:12 GMT
etag: W/"663bfc40-8c38"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
cf-cache-status: HIT
age: 6527
expires: Fri, 10 May 2024 09:54:08 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac456ab3b50f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1win-cdn.com/js/9726.f171d96f4.js | 154.197.121.128 | 200 OK | 550 B |
URL GET HTTP/21win-cdn.com/js/9726.f171d96f4.js IP154.197.121.128:443 ASN#328608 Africa-on-Cloud-AS
Requested byhttps://1wynyj.win/casino/list?open=register&sub1=&sub2=9191 CertificateIssuerGoogle Trust Services LLC Subject1win-cdn.com Fingerprint4D:C6:44:3C:1A:1A:11:DB:B7:6E:B5:A9:ED:81:CA:3D:DE:30:40:2A ValidityFri, 03 May 2024 12:22:54 GMT - Thu, 01 Aug 2024 12:22:53 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (584), with no line terminators Hashb0269d262b577b24e386d44e3a8a2515 0ae665ce9e9245ac8b29561292e7a208395ea49c 2182a2a1459e2e595fcf4081f7f3a428470038bbd21438c840af61d014ac55b2
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/9726.f171d96f4.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1wynyj.win/
Cookie: __cf_bm=usIT9wVFonfXpVT2yQtj1DyQ4Ve1Z4HvJjZBRnNFoi4-1715320446-1.0.1.1-dVyO6sRGEd98yDZKJzOBfdOOaC.0i9MADY.a6.p7Vyogl_s2.4HhPmh9SVNv1yxonoDA6F7VHJsMqnG3OjE8zg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 05:54:09 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 13:02:44 GMT
etag: W/"660d5374-226"
expires: Mon, 08 May 2034 05:54:09 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 820084
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ac499f30b50f-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|